package org.neo4j.server.security.auth;

import java.io.IOException;
import java.nio.file.CopyOption;
import java.nio.file.Path;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.neo4j.io.fs.DelegatingFileSystemAbstraction;
import org.neo4j.io.fs.FileSystemAbstraction;
import org.neo4j.kernel.api.exceptions.InvalidArgumentsException;
import org.neo4j.kernel.impl.security.User;
import org.neo4j.logging.AssertableLogProvider;
import org.neo4j.logging.InternalLogProvider;
import org.neo4j.logging.LogAssertions;
import org.neo4j.logging.NullLogProvider;
import org.neo4j.memory.EmptyMemoryTracker;
import org.neo4j.memory.MemoryTracker;
import org.neo4j.string.UTF8;
import org.neo4j.test.DoubleLatch;
import org.neo4j.test.extension.Inject;
import org.neo4j.test.extension.testdirectory.EphemeralTestDirectoryExtension;
import org.neo4j.test.utils.TestDirectory;

@EphemeralTestDirectoryExtension
/* loaded from: input_file:org/neo4j/server/security/auth/FileUserRepositoryTest.class */
class FileUserRepositoryTest {

    @Inject
    private FileSystemAbstraction fs;

    @Inject
    private TestDirectory testDirectory;
    private final MemoryTracker memoryTracker = EmptyMemoryTracker.INSTANCE;
    private final InternalLogProvider logProvider = NullLogProvider.getInstance();
    private Path authFile;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/neo4j/server/security/auth/FileUserRepositoryTest$HangingListSnapshot.class */
    public static class HangingListSnapshot extends ListSnapshot<User> {
        private final DoubleLatch latch;

        HangingListSnapshot(DoubleLatch doubleLatch, long j, List<User> list) {
            super(j, list);
            this.latch = doubleLatch;
        }

        public long timestamp() {
            this.latch.start();
            this.latch.finishAndWaitForAllToFinish();
            return super.timestamp();
        }
    }

    FileUserRepositoryTest() {
    }

    @BeforeEach
    void setUp() {
        this.authFile = this.testDirectory.directory("dbms").resolve("auth");
    }

    @Test
    void shouldStoreAndRetrieveUsersByName() throws Exception {
        FileUserRepository fileUserRepository = new FileUserRepository(this.fs, this.authFile, this.logProvider, this.memoryTracker);
        User build = new User.Builder("jake", LegacyCredential.INACCESSIBLE).withRequiredPasswordChange(true).build();
        fileUserRepository.create(build);
        LogAssertions.assertThat(fileUserRepository.getUserByName(build.name())).isEqualTo(build);
    }

    @Test
    void shouldPersistUserWithoutId() throws Throwable {
        FileUserRepository fileUserRepository = new FileUserRepository(this.fs, this.authFile, this.logProvider, this.memoryTracker);
        User build = new User.Builder("jake", LegacyCredential.INACCESSIBLE).withRequiredPasswordChange(true).build();
        fileUserRepository.create(build);
        FileUserRepository fileUserRepository2 = new FileUserRepository(this.fs, this.authFile, this.logProvider, this.memoryTracker);
        fileUserRepository2.start();
        LogAssertions.assertThat(fileUserRepository2.getUserByName(build.name())).isEqualTo(build);
    }

    @Test
    void shouldNotPersistIdForUserWithValidId() throws Throwable {
        FileUserRepository fileUserRepository = new FileUserRepository(this.fs, this.authFile, this.logProvider, this.memoryTracker);
        User build = new User.Builder("jake", LegacyCredential.INACCESSIBLE).withId("id").withRequiredPasswordChange(true).build();
        fileUserRepository.create(build);
        FileUserRepository fileUserRepository2 = new FileUserRepository(this.fs, this.authFile, this.logProvider, this.memoryTracker);
        fileUserRepository2.start();
        User userByName = fileUserRepository2.getUserByName(build.name());
        LogAssertions.assertThat(userByName).isEqualTo(new User.Builder("jake", LegacyCredential.INACCESSIBLE).withRequiredPasswordChange(true).build());
    }

    @Test
    void shouldNotAllowComplexNames() throws Exception {
        FileUserRepository fileUserRepository = new FileUserRepository(this.fs, this.authFile, this.logProvider, this.memoryTracker);
        fileUserRepository.assertValidUsername("neo4j");
        fileUserRepository.assertValidUsername("johnosbourne");
        fileUserRepository.assertValidUsername("john_osbourne");
        Assertions.assertThatThrownBy(() -> {
            fileUserRepository.assertValidUsername((String) null);
        }).isInstanceOf(InvalidArgumentsException.class).hasMessage("The provided username is empty.");
        Assertions.assertThatThrownBy(() -> {
            fileUserRepository.assertValidUsername("");
        }).isInstanceOf(InvalidArgumentsException.class).hasMessage("The provided username is empty.");
        Assertions.assertThatThrownBy(() -> {
            fileUserRepository.assertValidUsername(",");
        }).isInstanceOf(InvalidArgumentsException.class).hasMessage("Username ',' contains illegal characters. Use ascii characters that are not ',', ':' or whitespaces.");
        Assertions.assertThatThrownBy(() -> {
            fileUserRepository.assertValidUsername("with space");
        }).isInstanceOf(InvalidArgumentsException.class).hasMessage("Username 'with space' contains illegal characters. Use ascii characters that are not ',', ':' or whitespaces.");
        Assertions.assertThatThrownBy(() -> {
            fileUserRepository.assertValidUsername("with:colon");
        }).isInstanceOf(InvalidArgumentsException.class).hasMessage("Username 'with:colon' contains illegal characters. Use ascii characters that are not ',', ':' or whitespaces.");
        Assertions.assertThatThrownBy(() -> {
            fileUserRepository.assertValidUsername("withå");
        }).isInstanceOf(InvalidArgumentsException.class).hasMessage("Username 'withå' contains illegal characters. Use ascii characters that are not ',', ':' or whitespaces.");
    }

    @Test
    void shouldRecoverIfCrashedDuringMove() throws Throwable {
        final IOException iOException = new IOException("simulated IO Exception on create");
        DelegatingFileSystemAbstraction delegatingFileSystemAbstraction = new DelegatingFileSystemAbstraction(this.fs) { // from class: org.neo4j.server.security.auth.FileUserRepositoryTest.1
            public void renameFile(Path path, Path path2, CopyOption... copyOptionArr) throws IOException {
                if (FileUserRepositoryTest.this.authFile.getFileName().equals(path2.getFileName())) {
                    throw iOException;
                }
                super.renameFile(path, path2, copyOptionArr);
            }
        };
        FileUserRepository fileUserRepository = new FileUserRepository(delegatingFileSystemAbstraction, this.authFile, this.logProvider, this.memoryTracker);
        fileUserRepository.start();
        User build = new User.Builder("jake", LegacyCredential.INACCESSIBLE).withRequiredPasswordChange(true).build();
        org.junit.jupiter.api.Assertions.assertSame(iOException, (IOException) org.junit.jupiter.api.Assertions.assertThrows(IOException.class, () -> {
            fileUserRepository.create(build);
        }));
        org.junit.jupiter.api.Assertions.assertFalse(delegatingFileSystemAbstraction.fileExists(this.authFile));
        LogAssertions.assertThat(delegatingFileSystemAbstraction.listFiles(this.authFile.getParent()).length).isEqualTo(0);
    }

    @Test
    void shouldFailOnReadingInvalidEntries() throws Throwable {
        AssertableLogProvider assertableLogProvider = new AssertableLogProvider();
        this.fs.mkdir(this.authFile.getParent());
        FileRepositorySerializer.writeToFile(this.fs, this.authFile, UTF8.encode("admin:SHA-256,A42E541F276CF17036DB7818F8B09B1C229AAD52A17F69F4029617F3A554640F,FB7E8AE08A6A7C741F678AD22217808F:\nneo4j:fc4c600b43ffe4d5857b4439c35df88f:SHA-256,A42E541F276CF17036DB7818F8B09B1C229AAD52A17F69F4029617F3A554640F,FB7E8AE08A6A7C741F678AD22217808F:\n"));
        FileUserRepository fileUserRepository = new FileUserRepository(this.fs, this.authFile, assertableLogProvider, this.memoryTracker);
        Objects.requireNonNull(fileUserRepository);
        LogAssertions.assertThat(((IllegalStateException) org.junit.jupiter.api.Assertions.assertThrows(IllegalStateException.class, fileUserRepository::start)).getMessage()).startsWith("Failed to read authentication file: ");
        LogAssertions.assertThat(fileUserRepository.numberOfUsers()).isEqualTo(0);
        LogAssertions.assertThat(assertableLogProvider).forClass(FileUserRepository.class).forLevel(AssertableLogProvider.Level.ERROR).containsMessageWithArguments("Failed to read authentication file \"%s\" (%s)", new Object[]{this.authFile.toAbsolutePath(), "wrong number of line fields, expected 3, got 4 [line 2]"});
    }

    @Test
    void shouldProvideUserByUsernameEvenIfMidSetUsers() throws Throwable {
        FileUserRepository fileUserRepository = new FileUserRepository(this.fs, this.authFile, this.logProvider, this.memoryTracker);
        fileUserRepository.create(new User.Builder("oskar", LegacyCredential.forPassword("hidden")).build());
        DoubleLatch doubleLatch = new DoubleLatch(2);
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        try {
            Future<?> submit = newSingleThreadExecutor.submit(() -> {
                try {
                    fileUserRepository.setUsers(new HangingListSnapshot(doubleLatch, 10L, Collections.emptyList()));
                } catch (InvalidArgumentsException e) {
                    throw new RuntimeException((Throwable) e);
                }
            });
            doubleLatch.startAndWaitForAllToStart();
            org.junit.jupiter.api.Assertions.assertNotNull(fileUserRepository.getUserByName("oskar"));
            doubleLatch.finish();
            submit.get();
            newSingleThreadExecutor.shutdown();
        } catch (Throwable th) {
            newSingleThreadExecutor.shutdown();
            throw th;
        }
    }
}
