package com.zimbra.qa.unittest.prov.soap;

import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import com.zimbra.common.account.Key;
import com.zimbra.common.account.ZAttrProvisioning;
import com.zimbra.common.auth.ZAuthToken;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.AccountConstants;
import com.zimbra.common.soap.AdminConstants;
import com.zimbra.common.soap.Element;
import com.zimbra.common.soap.HeaderConstants;
import com.zimbra.common.soap.SoapFaultException;
import com.zimbra.common.soap.SoapHttpTransport;
import com.zimbra.common.soap.SoapProtocol;
import com.zimbra.common.soap.SoapTransport;
import com.zimbra.common.soap.SoapUtil;
import com.zimbra.common.util.ByteUtil;
import com.zimbra.common.util.ZimbraHttpConnectionManager;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.ldap.LdapConstants;
import com.zimbra.cs.ldap.unboundid.InMemoryLdapServer;
import com.zimbra.cs.rmgmt.RemoteMailQueue;
import com.zimbra.cs.service.PreAuthServlet;
import com.zimbra.cs.service.UserServlet;
import com.zimbra.cs.service.ZimbraOAuthProvider;
import com.zimbra.qa.unittest.TestUtil;
import com.zimbra.qa.unittest.prov.Verify;
import com.zimbra.qa.unittest.prov.soap.SoapDebugListener;
import com.zimbra.soap.account.message.AuthResponse;
import com.zimbra.soap.account.type.Attr;
import com.zimbra.soap.account.type.AuthToken;
import com.zimbra.soap.admin.message.AuthRequest;
import com.zimbra.soap.admin.message.ClearCookieRequest;
import com.zimbra.soap.admin.type.CookieSpec;
import com.zimbra.soap.type.AccountBy;
import com.zimbra.soap.type.AccountSelector;
import java.io.IOException;
import java.io.InputStreamReader;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import org.apache.commons.httpclient.Cookie;
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HostConfiguration;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpState;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.StringRequestEntity;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:com/zimbra/qa/unittest/prov/soap/TestAuth.class */
public class TestAuth extends SoapTest {
    private static SoapProvTestUtil provUtil;
    private static Provisioning prov;
    private static Domain domain;

    /* loaded from: input_file:com/zimbra/qa/unittest/prov/soap/TestAuth$AuthTokenInCookieTransport.class */
    private static class AuthTokenInCookieTransport extends SoapHttpTransport {
        private boolean isAdmin;
        private String authTokenForCookie;

        private AuthTokenInCookieTransport(String str, boolean z) {
            this(str, z, false, null);
        }

        private AuthTokenInCookieTransport(String str, boolean z, boolean z2, SoapDebugListener soapDebugListener) {
            super((String) null);
            this.isAdmin = z;
            this.authTokenForCookie = str;
            setVoidOnExpired(z2);
            setHttpDebugListener(soapDebugListener == null ? new SoapDebugListener(SoapDebugListener.Level.ALL) : soapDebugListener);
        }

        public Element invoke(Element element, boolean z, boolean z2, String str, String str2, String str3) throws ServiceException, IOException {
            String adminSoapUrl = this.isAdmin ? TestUtil.getAdminSoapUrl() : TestUtil.getSoapUrl();
            HttpClient newHttpClient = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
            Map cookieMap = new ZAuthToken(this.authTokenForCookie).cookieMap(this.isAdmin);
            PostMethod postMethod = new PostMethod(adminSoapUrl + InMemoryLdapServer.UNITTEST_BASE_DOMAIN_SEGMENT);
            try {
                Element generateSoapMessage = generateSoapMessage(element, z, z2, str, str2, str3);
                SoapUtil.addAuthTokenControl(SoapProtocol.Soap12.getHeader(generateSoapMessage, HeaderConstants.CONTEXT), voidOnExpired());
                postMethod.setRequestEntity(new StringRequestEntity(SoapProtocol.toString(generateSoapMessage, getPrettyPrint()), (String) null, "UTF-8"));
                HttpState httpState = null;
                if (cookieMap != null) {
                    for (Map.Entry entry : cookieMap.entrySet()) {
                        if (httpState == null) {
                            httpState = new HttpState();
                        }
                        httpState.addCookie(new Cookie(postMethod.getURI().getHost(), (String) entry.getKey(), (String) entry.getValue(), "/", (Date) null, false));
                    }
                }
                postMethod.getParams().setCookiePolicy(httpState == null ? "ignoreCookies" : "compatibility");
                if (getHttpDebugListener() != null) {
                    getHttpDebugListener().sendSoapMessage(postMethod, generateSoapMessage, httpState);
                }
                newHttpClient.executeMethod((HostConfiguration) null, postMethod, httpState);
                Element parseSoapResponse = parseSoapResponse(ByteUtil.getContent(new InputStreamReader(postMethod.getResponseBodyAsStream(), SoapProtocol.getCharset()), (int) postMethod.getResponseContentLength(), false), false);
                if (getHttpDebugListener() != null) {
                    getHttpDebugListener().receiveSoapMessage(postMethod, parseSoapResponse);
                }
                return parseSoapResponse;
            } finally {
                postMethod.releaseConnection();
            }
        }
    }

    /* loaded from: input_file:com/zimbra/qa/unittest/prov/soap/TestAuth$VerifyCookieExpireListener.class */
    private static class VerifyCookieExpireListener extends SoapDebugListener {
        private String cookieToVerify;

        private VerifyCookieExpireListener(String str) {
            super(SoapDebugListener.Level.ALL);
            this.cookieToVerify = str;
        }

        @Override // com.zimbra.qa.unittest.prov.soap.SoapDebugListener
        public void receiveSoapMessage(PostMethod postMethod, Element element) {
            super.receiveSoapMessage(postMethod, element);
            HashMap newHashMap = Maps.newHashMap();
            for (Header header : postMethod.getResponseHeaders()) {
                System.out.println(header.toString().trim());
                if (header.getName().equals("Set-Cookie")) {
                    newHashMap.clear();
                    for (String str : header.getValue().split(";")) {
                        String[] split = str.split(LdapConstants.FILTER_TYPE_EQUAL);
                        if (split.length == 2) {
                            newHashMap.put(split[0], split[1]);
                        } else if (split.length == 1) {
                            newHashMap.put(split[0], "is-present");
                        }
                    }
                    if (newHashMap.get(this.cookieToVerify) != null) {
                        break;
                    } else {
                        newHashMap.clear();
                    }
                }
            }
            Assert.assertNotNull(newHashMap.get(this.cookieToVerify));
            try {
                int hours = new SimpleDateFormat("EEE, dd-MMM-yyyy HH:mm:ss z").parse((String) newHashMap.get("Expires")).getHours();
                int hours2 = new Date(System.currentTimeMillis()).getHours() + 1;
                if (hours2 >= 24) {
                    hours2 -= 24;
                }
                Assert.assertEquals(hours2, hours);
            } catch (ParseException e) {
                Assert.fail();
            }
        }
    }

    @BeforeClass
    public static void init() throws Exception {
        provUtil = new SoapProvTestUtil();
        prov = provUtil.getProv();
        domain = provUtil.createDomain(baseDomainName());
    }

    @AfterClass
    public static void cleanup() throws Exception {
        Cleanup.deleteAll(baseDomainName());
    }

    private String getAuthToken(String str, boolean z) throws Exception {
        return (z ? authAdmin(str) : authUser(str)).getAuthToken().getValue();
    }

    @Test
    public void soapByCookie() throws Exception {
        String address = TestUtil.getAddress("user1");
        String authToken = getAuthToken(address, false);
        Assert.assertEquals(address, new AuthTokenInCookieTransport(authToken, false).invoke(Element.create(SoapProtocol.Soap12, AccountConstants.GET_INFO_REQUEST)).getElement("name").getText());
    }

    @Test
    public void soapByCookieAdmin() throws Exception {
        String authToken = getAuthToken(TestUtil.getAddress(PreAuthServlet.PARAM_ADMIN), true);
        Element create = Element.create(SoapProtocol.Soap12, AdminConstants.GET_CONFIG_REQUEST);
        create.addElement("a").addAttribute("n", "cn");
        Assert.assertEquals("config", new AuthTokenInCookieTransport(authToken, true).invoke(create).getElement("a").getText());
    }

    @Test
    public void authTokenCookieMaxAge() throws Exception {
        Account createGlobalAdmin = provUtil.createGlobalAdmin(genAcctNameLocalPart(PreAuthServlet.PARAM_ADMIN), domain);
        createGlobalAdmin.setAdminAuthTokenLifetime("1h");
        SoapHttpTransport soapHttpTransport = new SoapHttpTransport(TestUtil.getAdminSoapUrl());
        soapHttpTransport.setHttpDebugListener(new VerifyCookieExpireListener("ZM_ADMIN_AUTH_TOKEN"));
        AuthRequest authRequest = new AuthRequest(createGlobalAdmin.getName(), "test123");
        authRequest.setPersistAuthTokenCookie(Boolean.TRUE);
        Account createAccount = provUtil.createAccount(genAcctNameLocalPart("user"), domain);
        createAccount.setAuthTokenLifetime("1h");
        SoapHttpTransport soapHttpTransport2 = new SoapHttpTransport(TestUtil.getSoapUrl());
        soapHttpTransport2.setHttpDebugListener(new VerifyCookieExpireListener("ZM_AUTH_TOKEN"));
        com.zimbra.soap.account.message.AuthRequest authRequest2 = new com.zimbra.soap.account.message.AuthRequest(AccountSelector.fromName(createAccount.getName()), "test123");
        authRequest2.setPersistAuthTokenCookie(Boolean.TRUE);
        provUtil.deleteAccount(createGlobalAdmin);
        provUtil.deleteAccount(createAccount);
    }

    @Test
    public void clearCookie() throws Exception {
        int i = 2000 + RemoteMailQueue.MAIL_QUEUE_INDEX_FLUSH_THRESHOLD;
        Account createGlobalAdmin = provUtil.createGlobalAdmin(genAcctNameLocalPart(), domain);
        createGlobalAdmin.setAdminAuthTokenLifetime(String.valueOf(2000) + "ms");
        SoapTransport authAdmin = authAdmin(createGlobalAdmin.getName());
        Thread.sleep(i);
        boolean z = false;
        try {
        } catch (ServiceException e) {
            if ("service.AUTH_EXPIRED".equals(e.getCode())) {
                z = true;
            }
        }
        Assert.assertTrue(z);
        ClearCookieRequest clearCookieRequest = new ClearCookieRequest(Lists.newArrayList(new CookieSpec[]{new CookieSpec("ZM_ADMIN_AUTH_TOKEN")}));
        boolean z2 = false;
        try {
            invokeJaxb(authAdmin, clearCookieRequest);
        } catch (ServiceException e2) {
            if ("service.AUTH_EXPIRED".equals(e2.getCode())) {
                z2 = true;
            }
        }
        Assert.assertTrue(z2);
        String value = authAdmin.getAuthToken().getValue();
        boolean z3 = false;
        try {
            invokeJaxb(new AuthTokenInCookieTransport(value, true), clearCookieRequest);
        } catch (ServiceException e3) {
            if ("service.AUTH_EXPIRED".equals(e3.getCode())) {
                z3 = true;
            }
        }
        Assert.assertTrue(z3);
        provUtil.deleteAccount(createGlobalAdmin);
    }

    @Test
    public void accountStatusMaintenance() throws Exception {
        Account createAccount = provUtil.createAccount(genAcctNameLocalPart(), domain, Collections.singletonMap("zimbraAccountStatus", ZAttrProvisioning.AccountStatus.maintenance.name()));
        String str = null;
        try {
            authUser(createAccount.getName());
        } catch (SoapFaultException e) {
            str = e.getCode();
        }
        Assert.assertEquals(AccountServiceException.MAINTENANCE_MODE, str);
        provUtil.deleteAccount(createAccount);
    }

    @Test
    public void accountStatusMaintenanceAfterAuth() throws Exception {
        Account createAccount = provUtil.createAccount(genAcctNameLocalPart(), domain);
        SoapTransport authUser = authUser(createAccount.getName());
        prov.modifyAccountStatus(createAccount, ZAttrProvisioning.AccountStatus.maintenance.name());
        String str = null;
        try {
        } catch (SoapFaultException e) {
            str = e.getCode();
        }
        Assert.assertEquals("service.AUTH_EXPIRED", str);
        provUtil.deleteAccount(createAccount);
    }

    @Test
    public void attrsReturnedInAuthResponse() throws Exception {
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put("zimbraFeatureExternalFeedbackEnabled", LdapConstants.LDAP_TRUE);
        Account createAccount = provUtil.createAccount(genAcctNameLocalPart(), domain, newHashMap);
        SoapHttpTransport soapHttpTransport = new SoapHttpTransport(TestUtil.getSoapUrl());
        soapHttpTransport.setHttpDebugListener(new SoapDebugListener());
        com.zimbra.soap.account.message.AuthRequest authRequest = new com.zimbra.soap.account.message.AuthRequest(new AccountSelector(AccountBy.name, createAccount.getName()), "test123");
        authRequest.addAttr("zimbraFeatureExternalFeedbackEnabled");
        AuthResponse authResponse = (AuthResponse) invokeJaxb(soapHttpTransport, authRequest);
        HashSet newHashSet = Sets.newHashSet();
        for (Attr attr : authResponse.getAttrs()) {
            newHashSet.add(Verify.makeResultStr(attr.getName(), attr.getValue()));
        }
        Verify.verifyEquals(Sets.newHashSet(new String[]{Verify.makeResultStr("zimbraFeatureExternalFeedbackEnabled", LdapConstants.LDAP_TRUE)}), newHashSet);
        AuthToken authToken = new AuthToken(authResponse.getAuthToken(), Boolean.FALSE);
        com.zimbra.soap.account.message.AuthRequest authRequest2 = new com.zimbra.soap.account.message.AuthRequest();
        authRequest2.setAuthToken(authToken);
        authRequest2.addAttr("zimbraFeatureExternalFeedbackEnabled");
        SoapHttpTransport soapHttpTransport2 = new SoapHttpTransport(TestUtil.getSoapUrl());
        soapHttpTransport2.setHttpDebugListener(new SoapDebugListener());
        AuthResponse authResponse2 = (AuthResponse) invokeJaxb(soapHttpTransport2, authRequest2);
        HashSet newHashSet2 = Sets.newHashSet();
        for (Attr attr2 : authResponse2.getAttrs()) {
            newHashSet2.add(Verify.makeResultStr(attr2.getName(), attr2.getValue()));
        }
        Verify.verifyEquals(Sets.newHashSet(new String[]{Verify.makeResultStr("zimbraFeatureExternalFeedbackEnabled", LdapConstants.LDAP_TRUE)}), newHashSet2);
    }

    @Test
    public void OAuth() throws Exception {
        Account createAccount = provUtil.createAccount(genAcctNameLocalPart(), domain);
        SoapHttpTransport soapHttpTransport = new SoapHttpTransport(TestUtil.getSoapUrl());
        Element create = Element.create(soapHttpTransport.getRequestProtocol(), AccountConstants.AUTH_REQUEST);
        Element addElement = create.addElement(UserServlet.QP_AUTHTOKEN);
        addElement.addAttribute("type", ZimbraOAuthProvider.ZIMBRA_OAUTH_PROVIDER);
        Element addElement2 = addElement.addElement("a");
        addElement2.addAttribute("n", "access_token");
        addElement2.setText("whatever");
        Element addElement3 = create.addElement("account");
        addElement3.addAttribute(PreAuthServlet.PARAM_BY, Key.AccountBy.name.name());
        addElement3.setText(createAccount.getName());
        Assert.assertNotNull(soapHttpTransport.invoke(create).getElement(UserServlet.QP_AUTHTOKEN).getText());
    }
}
