package com.zimbra.qa.unittest;

import com.zimbra.common.account.Key;
import com.zimbra.common.account.ZAttrProvisioning;
import com.zimbra.common.localconfig.LC;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.SoapFaultException;
import com.zimbra.common.soap.SoapHttpTransport;
import com.zimbra.common.soap.SoapProtocol;
import com.zimbra.common.soap.SoapTransport;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AuthToken;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.PreAuthKey;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.ZimbraAuthToken;
import com.zimbra.cs.client.LmcSession;
import com.zimbra.cs.client.soap.LmcSearchRequest;
import com.zimbra.cs.mailbox.MailboxManager;
import com.zimbra.cs.service.AuthProvider;
import com.zimbra.cs.service.PreAuthServlet;
import com.zimbra.soap.JaxbUtil;
import com.zimbra.soap.account.message.AuthRequest;
import com.zimbra.soap.account.message.AuthResponse;
import com.zimbra.soap.account.type.PreAuth;
import com.zimbra.soap.type.AccountBy;
import com.zimbra.soap.type.AccountSelector;
import java.util.HashMap;
import junit.framework.Assert;
import junit.framework.TestCase;

/* loaded from: input_file:com/zimbra/qa/unittest/TestAuthentication.class */
public class TestAuthentication extends TestCase {
    private static String USER_NAME = "testauthentication";
    private static String PASSWORD = "test123";
    private Provisioning mProv;
    private Integer mMboxId;

    String setUpAndReturnDomainAuthKey() throws Exception {
        Domain domain = Provisioning.getInstance().get(Key.DomainBy.name, TestUtil.getDomain());
        String generateRandomPreAuthKey = PreAuthKey.generateRandomPreAuthKey();
        HashMap hashMap = new HashMap();
        hashMap.put("zimbraPreAuthKey", generateRandomPreAuthKey);
        Provisioning.getInstance().modifyAttrs(domain, hashMap);
        return generateRandomPreAuthKey;
    }

    public void setUp() throws Exception {
        this.mProv = Provisioning.getInstance();
        cleanUp();
        String address = TestUtil.getAddress(USER_NAME);
        HashMap hashMap = new HashMap();
        hashMap.put("zimbraMailHost", TestUtil.getDomain());
        hashMap.put("cn", "Unit test temporary user");
        hashMap.put("displayName", "Unit test temporary user");
        Account createAccount = this.mProv.createAccount(address, PASSWORD, hashMap);
        assertNotNull("Could not create account", createAccount);
        this.mMboxId = Integer.valueOf(MailboxManager.getInstance().getMailboxByAccount(createAccount).getId());
    }

    protected void tearDown() throws Exception {
        cleanUp();
    }

    private Account getAccount() throws Exception {
        return Provisioning.getInstance().get(Key.AccountBy.name, TestUtil.getAddress(USER_NAME));
    }

    public void testAccessDeletedAccount() throws Exception {
        LmcSession soapSession = TestUtil.getSoapSession(USER_NAME);
        LmcSearchRequest lmcSearchRequest = new LmcSearchRequest();
        lmcSearchRequest.setQuery("in:inbox");
        lmcSearchRequest.setSession(soapSession);
        lmcSearchRequest.invoke(TestUtil.getSoapUrl());
        Account account = getAccount();
        assertNotNull("Account does not exist", account);
        this.mProv.deleteAccount(account.getId());
        try {
            lmcSearchRequest.invoke(TestUtil.getSoapUrl());
        } catch (SoapFaultException e) {
            assertTrue("Unexpected error: " + e.getMessage(), e.getMessage().indexOf("auth credentials have expired") >= 0);
        }
    }

    public void testAccessInactiveAccount() throws Exception {
        LmcSession soapSession = TestUtil.getSoapSession(USER_NAME);
        LmcSearchRequest lmcSearchRequest = new LmcSearchRequest();
        lmcSearchRequest.setQuery("in:inbox");
        lmcSearchRequest.setSession(soapSession);
        lmcSearchRequest.invoke(TestUtil.getSoapUrl());
        this.mProv.modifyAccountStatus(getAccount(), "maintenance");
        try {
            lmcSearchRequest.invoke(TestUtil.getSoapUrl());
        } catch (SoapFaultException e) {
            assertTrue(String.format("Error message '%s' does not contain '%s'", e.getMessage(), "auth credentials have expired"), e.getMessage().contains("auth credentials have expired"));
        }
    }

    public void testSimpleAuth() throws Exception {
        String authToken = ((AuthResponse) JaxbUtil.elementToJaxb(new SoapHttpTransport(TestUtil.getSoapUrl()).invoke(JaxbUtil.jaxbToElement(new AuthRequest(new AccountSelector(AccountBy.name, TestUtil.getAccount(USER_NAME).getName()), "test123"), SoapProtocol.SoapJS.getFactory())))).getAuthToken();
        assertNotNull("should have received a new authtoken", authToken);
        AuthToken authToken2 = ZimbraAuthToken.getAuthToken(authToken);
        assertTrue("new auth token should be registered", authToken2.isRegistered());
        assertFalse("new auth token should not be expired yet", authToken2.isExpired());
    }

    public void testAdminAuth() throws Exception {
        String authToken = ((com.zimbra.soap.admin.message.AuthResponse) JaxbUtil.elementToJaxb(new SoapHttpTransport(TestUtil.getAdminSoapUrl()).invoke(JaxbUtil.jaxbToElement(new com.zimbra.soap.admin.message.AuthRequest(LC.zimbra_ldap_user.value(), LC.zimbra_ldap_password.value()), SoapProtocol.SoapJS.getFactory())))).getAuthToken();
        assertNotNull("should have received a new authtoken", authToken);
        AuthToken authToken2 = ZimbraAuthToken.getAuthToken(authToken);
        assertTrue("new auth token should be registered", authToken2.isRegistered());
        assertFalse("new auth token should not be expired yet", authToken2.isExpired());
    }

    public void testAdminAuthViaCookie() throws Exception {
        String authToken = ((com.zimbra.soap.admin.message.AuthResponse) JaxbUtil.elementToJaxb(new SoapHttpTransport(TestUtil.getAdminSoapUrl()).invoke(JaxbUtil.jaxbToElement(new com.zimbra.soap.admin.message.AuthRequest(LC.zimbra_ldap_user.value(), LC.zimbra_ldap_password.value()), SoapProtocol.SoapJS.getFactory())))).getAuthToken();
        assertNotNull("should have received a new authtoken", authToken);
        AuthToken authToken2 = ZimbraAuthToken.getAuthToken(authToken);
        assertTrue("new auth token should be registered", authToken2.isRegistered());
        assertFalse("new auth token should not be expired yet", authToken2.isExpired());
    }

    public void testAdminAuthViaSOAPToken() throws Exception {
        AuthToken adminAuthToken = AuthProvider.getAdminAuthToken();
        SoapTransport adminSoapTransport = TestUtil.getAdminSoapTransport();
        com.zimbra.soap.admin.message.AuthRequest authRequest = new com.zimbra.soap.admin.message.AuthRequest();
        authRequest.setAuthToken(adminAuthToken.getEncoded());
        String authToken = ((com.zimbra.soap.admin.message.AuthResponse) JaxbUtil.elementToJaxb(adminSoapTransport.invoke(JaxbUtil.jaxbToElement(authRequest, SoapProtocol.SoapJS.getFactory())))).getAuthToken();
        assertNotNull("should have received a new authtoken", authToken);
        AuthToken authToken2 = ZimbraAuthToken.getAuthToken(authToken);
        assertTrue("new auth token should be registered", authToken2.isRegistered());
        assertFalse("new auth token should not be expired yet", authToken2.isExpired());
    }

    public void testAuthViaPreauthToken() throws Exception {
        long currentTimeMillis = System.currentTimeMillis();
        long j = currentTimeMillis + 60000;
        String upAndReturnDomainAuthKey = setUpAndReturnDomainAuthKey();
        Account account = TestUtil.getAccount(USER_NAME);
        AccountSelector accountSelector = new AccountSelector(AccountBy.name, account.getName());
        SoapHttpTransport soapHttpTransport = new SoapHttpTransport(TestUtil.getSoapUrl());
        AuthRequest authRequest = new AuthRequest(accountSelector);
        HashMap hashMap = new HashMap();
        hashMap.put("account", account.getName());
        hashMap.put(PreAuthServlet.PARAM_BY, "name");
        hashMap.put(PreAuthServlet.PARAM_TIMESTAMP, currentTimeMillis + "");
        hashMap.put(PreAuthServlet.PARAM_EXPIRES, j + "");
        AuthResponse authResponse = (AuthResponse) JaxbUtil.elementToJaxb(soapHttpTransport.invoke(JaxbUtil.jaxbToElement(authRequest.setPreauth(new PreAuth().setExpires(Long.valueOf(j)).setTimestamp(currentTimeMillis).setValue(PreAuthKey.computePreAuth(hashMap, upAndReturnDomainAuthKey))), SoapProtocol.SoapJS.getFactory())));
        assertTrue("Lifetime is invalid", authResponse.getLifetime() < j - currentTimeMillis);
        String authToken = authResponse.getAuthToken();
        assertNotNull("should have received a new authtoken", authToken);
        assertTrue("should have a received a non-empty authtoken", authToken.length() > 0);
        AuthToken authToken2 = ZimbraAuthToken.getAuthToken(authToken);
        assertTrue("new auth token should be registered", authToken2.isRegistered());
        assertFalse("new auth token should not be expired yet", authToken2.isExpired());
    }

    public void testAccountLockout() throws Exception {
        Account account = TestUtil.getAccount(USER_NAME);
        account.setPasswordLockoutMaxFailures(2);
        account.setPasswordLockoutEnabled(true);
        SoapHttpTransport soapHttpTransport = new SoapHttpTransport(TestUtil.getSoapUrl());
        AccountSelector accountSelector = new AccountSelector(AccountBy.name, account.getName());
        AuthRequest authRequest = new AuthRequest(accountSelector, "test1234");
        try {
            soapHttpTransport.invoke(JaxbUtil.jaxbToElement(authRequest, SoapProtocol.SoapJS.getFactory()));
        } catch (ServiceException e) {
        }
        try {
            soapHttpTransport.invoke(JaxbUtil.jaxbToElement(authRequest, SoapProtocol.SoapJS.getFactory()));
        } catch (ServiceException e2) {
        }
        Assert.assertTrue("account is not lockedout", verifyLockedoutAndReactivateAccount(account, soapHttpTransport));
        account.setPasswordLockoutSuppressionProtocols(ZAttrProvisioning.PasswordLockoutSuppressionProtocols.soap);
        try {
            soapHttpTransport.invoke(JaxbUtil.jaxbToElement(authRequest, SoapProtocol.SoapJS.getFactory()));
        } catch (ServiceException e3) {
        }
        try {
            soapHttpTransport.invoke(JaxbUtil.jaxbToElement(authRequest, SoapProtocol.SoapJS.getFactory()));
        } catch (ServiceException e4) {
        }
        try {
            soapHttpTransport.invoke(JaxbUtil.jaxbToElement(authRequest, SoapProtocol.SoapJS.getFactory()));
        } catch (ServiceException e5) {
        }
        try {
            soapHttpTransport.invoke(JaxbUtil.jaxbToElement(authRequest, SoapProtocol.SoapJS.getFactory()));
        } catch (ServiceException e6) {
        }
        Assert.assertTrue("account is not active", account.getAccountStatus().equals(ZAttrProvisioning.AccountStatus.active));
        try {
            soapHttpTransport.invoke(JaxbUtil.jaxbToElement(new AuthRequest(accountSelector, "test12345"), SoapProtocol.SoapJS.getFactory()));
        } catch (ServiceException e7) {
        }
        Assert.assertTrue("account is not lockedout", verifyLockedoutAndReactivateAccount(account, soapHttpTransport));
        account.setPasswordLockoutSuppressionEnabled(false);
    }

    static boolean verifyLockedoutAndReactivateAccount(Account account, SoapHttpTransport soapHttpTransport) throws Exception {
        boolean equals = account.getAccountStatus().equals(ZAttrProvisioning.AccountStatus.lockout);
        if (equals) {
            account.setAccountStatusAsString("active");
            soapHttpTransport.invoke(JaxbUtil.jaxbToElement(new AuthRequest(new AccountSelector(AccountBy.name, account.getName()), "test123"), SoapProtocol.SoapJS.getFactory()));
        }
        return equals;
    }

    private void cleanUp() throws Exception {
        Account account = getAccount();
        if (account != null) {
            Provisioning.getInstance().deleteAccount(account.getId());
        }
        if (this.mMboxId != null) {
            MailboxManager.getInstance().getMailboxById(this.mMboxId.intValue()).deleteMailbox();
        }
    }
}
