package com.arcadedb.server.security;

import com.arcadedb.ContextConfiguration;
import com.arcadedb.GlobalConfiguration;
import com.arcadedb.serializer.json.JSONObject;
import com.arcadedb.server.ArcadeDBServer;
import com.arcadedb.server.TestServerHelper;
import com.arcadedb.utility.FileUtils;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.assertj.core.api.Assertions;
import org.awaitility.Awaitility;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:com/arcadedb/server/security/ServerSecurityIT.class */
public class ServerSecurityIT {
    private static final String PASSWORD = "dD5ed08c";

    @Test
    void shouldCreateDefaultRootUserAndPersistsSecurityConfigurationFromSetting() throws IOException {
        GlobalConfiguration.SERVER_ROOT_PASSWORD.setValue(PASSWORD);
        ServerSecurity serverSecurity = new ServerSecurity((ArcadeDBServer) null, new ContextConfiguration(), "./target");
        serverSecurity.startService();
        serverSecurity.loadUsers();
        Assertions.assertThat(Path.of("./target", "server-users.jsonl").toFile().exists()).isTrue();
        List load = new SecurityUserFileRepository("./target").load();
        Assertions.assertThat(load.size()).isEqualTo(1);
        Assertions.assertThat(((JSONObject) load.getFirst()).getString("name")).isEqualTo("root");
        passwordShouldMatch(serverSecurity, PASSWORD, ((JSONObject) load.getFirst()).getString("password"));
    }

    @Test
    void shouldCreateDefaultRootUserAndPersistsSecurityConfigurationFromUserInput() throws IOException {
        Path of = Path.of("./target", "server-users.jsonl");
        Files.deleteIfExists(of);
        GlobalConfiguration.SERVER_ROOT_PASSWORD.setValue((Object) null);
        if (System.console() != null) {
            System.console().writer().println("dD5ed08c\r\ndD5ed08c\n");
        } else {
            System.setIn(new ByteArrayInputStream("dD5ed08c\r\ndD5ed08c\n".getBytes()));
        }
        ServerSecurity serverSecurity = new ServerSecurity((ArcadeDBServer) null, new ContextConfiguration(), "./target");
        serverSecurity.startService();
        serverSecurity.loadUsers();
        Assertions.assertThat(of.toFile().exists()).isTrue();
        List load = new SecurityUserFileRepository("./target").load();
        Assertions.assertThat(load.size()).isEqualTo(1);
        Assertions.assertThat(((JSONObject) load.getFirst()).getString("name")).isEqualTo("root");
        passwordShouldMatch(serverSecurity, PASSWORD, ((JSONObject) load.getFirst()).getString("password"));
    }

    @Test
    void shouldLoadProvidedSecurityConfiguration() throws IOException {
        GlobalConfiguration.SERVER_ROOT_PASSWORD.setValue(PASSWORD);
        SecurityUserFileRepository securityUserFileRepository = new SecurityUserFileRepository("./target");
        ServerSecurity serverSecurity = new ServerSecurity((ArcadeDBServer) null, new ContextConfiguration(), "./target");
        securityUserFileRepository.save(List.of(new JSONObject().put("name", "providedUser").put("password", serverSecurity.encodePassword("MyPassword12345")).put("databases", new JSONObject())));
        serverSecurity.startService();
        serverSecurity.loadUsers();
        Assertions.assertThat(serverSecurity.existsUser("providedUser")).isTrue();
        Assertions.assertThat(serverSecurity.existsUser("root")).isFalse();
        passwordShouldMatch(serverSecurity, "MyPassword12345", serverSecurity.getUser("providedUser").getPassword());
    }

    @Test
    void shouldReloadSecurityConfiguration() throws IOException {
        GlobalConfiguration.SERVER_ROOT_PASSWORD.setValue(PASSWORD);
        SecurityUserFileRepository securityUserFileRepository = new SecurityUserFileRepository("./target");
        ContextConfiguration contextConfiguration = new ContextConfiguration();
        contextConfiguration.setValue(GlobalConfiguration.SERVER_SECURITY_RELOAD_EVERY, 200);
        ServerSecurity serverSecurity = new ServerSecurity((ArcadeDBServer) null, contextConfiguration, "./target");
        securityUserFileRepository.save(List.of(new JSONObject().put("name", "providedUser").put("password", serverSecurity.encodePassword("MyPassword12345")).put("databases", new JSONObject().put("dbtest", new JSONObject()))));
        serverSecurity.startService();
        serverSecurity.loadUsers();
        Assertions.assertThat(serverSecurity.existsUser("providedUser")).isTrue();
        Assertions.assertThat(serverSecurity.getUser("providedUser").getName()).isEqualTo("providedUser");
        Assertions.assertThat(serverSecurity.existsUser("root")).isFalse();
        passwordShouldMatch(serverSecurity, "MyPassword12345", serverSecurity.getUser("providedUser").getPassword());
        securityUserFileRepository.save(SecurityUserFileRepository.createDefault());
        Awaitility.await().atMost(10L, TimeUnit.SECONDS).until(() -> {
            return Boolean.valueOf(!serverSecurity.existsUser("providedUser"));
        });
    }

    @Test
    public void checkPasswordHash() {
        ServerSecurity serverSecurity = new ServerSecurity((ArcadeDBServer) null, new ContextConfiguration(), "./target");
        serverSecurity.startService();
        Assertions.assertThat(serverSecurity.encodePassword("ThisIsATest", "ThisIsTheSalt")).isEqualTo("PBKDF2WithHmacSHA256$65536$ThisIsTheSalt$wIKUzWYH72cKJRnFZ0PTSevERtwZTNdN+W4/Fd7xBvw=");
        Assertions.assertThat(serverSecurity.encodePassword("ThisIsATest", "ThisIsTheSalt")).isEqualTo("PBKDF2WithHmacSHA256$65536$ThisIsTheSalt$wIKUzWYH72cKJRnFZ0PTSevERtwZTNdN+W4/Fd7xBvw=");
        for (int i = 0; i < 1000000; i++) {
            Assertions.assertThat(ServerSecurity.generateRandomSalt().contains("$")).isFalse();
        }
        serverSecurity.stopService();
    }

    private void passwordShouldMatch(ServerSecurity serverSecurity, String str, String str2) {
        Assertions.assertThat(serverSecurity.passwordMatch(str, str2)).isTrue();
    }

    @BeforeEach
    public void beforeAll() {
        FileUtils.deleteRecursively(new File("./target/config"));
        FileUtils.deleteRecursively(new File("./target/databases"));
        GlobalConfiguration.SERVER_DATABASE_DIRECTORY.setValue("./target/databases");
        GlobalConfiguration.SERVER_ROOT_PATH.setValue("./target");
        GlobalConfiguration.SERVER_ROOT_PASSWORD.setValue((Object) null);
    }

    @AfterEach
    public void afterAll() {
        GlobalConfiguration.SERVER_ROOT_PASSWORD.setValue((Object) null);
        FileUtils.deleteRecursively(new File("./target/config"));
        FileUtils.deleteRecursively(new File("./target/databases"));
        TestServerHelper.checkActiveDatabases();
        TestServerHelper.deleteDatabaseFolders(1);
        GlobalConfiguration.resetAll();
    }
}
