package com.zimbra.qa.unittest;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.SoapFaultException;
import com.zimbra.common.util.StringUtil;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.accesscontrol.AdminRight;
import com.zimbra.cs.account.accesscontrol.TargetType;
import com.zimbra.cs.account.soap.SoapProvisioning;
import com.zimbra.cs.ldap.LdapConstants;
import com.zimbra.cs.mailbox.Mailbox;
import com.zimbra.cs.mailbox.MailboxManager;
import com.zimbra.cs.service.admin.LockoutMailbox;
import com.zimbra.soap.admin.message.GrantRightRequest;
import com.zimbra.soap.admin.message.GrantRightResponse;
import com.zimbra.soap.admin.message.LockoutMailboxRequest;
import com.zimbra.soap.admin.message.LockoutMailboxResponse;
import com.zimbra.soap.admin.type.CacheEntryType;
import com.zimbra.soap.admin.type.EffectiveRightsTargetSelector;
import com.zimbra.soap.admin.type.GranteeSelector;
import com.zimbra.soap.admin.type.RightModifierInfo;
import com.zimbra.soap.type.AccountNameSelector;
import com.zimbra.soap.type.GranteeType;
import com.zimbra.soap.type.TargetBy;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import junit.framework.TestCase;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:com/zimbra/qa/unittest/TestLockoutMailbox.class */
public class TestLockoutMailbox extends TestCase {
    private static final String MY_DOMAIN = "TestLockoutMailbox-mydomain.com";
    private static final String OFFLIMITS_DOMAIN = "offlimits.com";
    private static final String DELEGATED_ADMIN_NAME = "delegated-admin@TestLockoutMailbox-mydomain.com";
    private static final String MY_USER = "user1@TestLockoutMailbox-mydomain.com";
    private static final String MY_NON_EXISTING_USER = "user2@TestLockoutMailbox-mydomain.com";
    private static final String OFFLIMITS_NON_EXISTING_USER = "user2@offlimits.com";
    private static final String OFFLIMITS_USER1 = "user1@offlimits.com";
    private Account domainAdmin = null;
    private SoapProvisioning adminSoapProv = null;
    private SoapProvisioning delegatedSoapProv = null;

    @Before
    public void setUp() throws Exception {
        cleanup();
        this.adminSoapProv = TestUtil.newSoapProvisioning();
        TestJaxbProvisioning.ensureDomainExists(MY_DOMAIN);
        TestJaxbProvisioning.ensureDomainExists(OFFLIMITS_DOMAIN);
        this.adminSoapProv.createAccount(MY_USER, "test123", null);
        this.adminSoapProv.createAccount(OFFLIMITS_USER1, "test123", null);
    }

    @After
    public void tearDown() throws Exception {
        cleanup();
    }

    private void cleanup() throws Exception {
        Account account = TestUtil.getAccount(MY_USER);
        if (account != null) {
            if (MailboxManager.getInstance().isMailboxLockedOut(account.getId())) {
                MailboxManager.getInstance().undoLockout(account.getId());
            }
            TestUtil.deleteAccount(MY_USER);
        }
        if (this.domainAdmin != null) {
            this.domainAdmin.deleteAccount();
        }
        TestJaxbProvisioning.deleteAccountIfExists(OFFLIMITS_USER1);
        TestJaxbProvisioning.deleteDomainIfExists(MY_DOMAIN);
        TestJaxbProvisioning.deleteDomainIfExists(OFFLIMITS_DOMAIN);
    }

    @Test
    public void testLockout() throws Exception {
        Mailbox mailbox = TestUtil.getMailbox(MY_USER);
        TestUtil.addMessage(mailbox, "test");
        TestUtil.waitForMessage(TestUtil.getZMailbox(MY_USER), "test");
        assertFalse("mailbox should not be locked yet", MailboxManager.getInstance().isMailboxLockedOut(mailbox.getAccountId()));
        LockoutMailboxRequest create = LockoutMailboxRequest.create(AccountNameSelector.fromName(MY_USER));
        create.setOperation("start");
        assertNotNull("LockoutMailboxRequest return null response", (LockoutMailboxResponse) this.adminSoapProv.invokeJaxb(create));
        assertTrue("mailbox should be locked now", MailboxManager.getInstance().isMailboxLockedOut(mailbox.getAccountId()));
    }

    @Test
    public void testUnlock() throws Exception {
        Mailbox mailbox = TestUtil.getMailbox(MY_USER);
        TestUtil.addMessage(mailbox, "test");
        TestUtil.waitForMessage(TestUtil.getZMailbox(MY_USER), "test");
        assertFalse("mailbox should not be locked yet", MailboxManager.getInstance().isMailboxLockedOut(mailbox.getAccountId()));
        MailboxManager.getInstance().lockoutMailbox(mailbox.getAccountId());
        assertTrue("mailbox should be locked now", MailboxManager.getInstance().isMailboxLockedOut(mailbox.getAccountId()));
        LockoutMailboxRequest create = LockoutMailboxRequest.create(AccountNameSelector.fromName(MY_USER));
        create.setOperation("end");
        assertNotNull("LockoutMailboxRequest return null response", (LockoutMailboxResponse) this.adminSoapProv.invokeJaxb(create));
        assertFalse("mailbox should not be locked any more", MailboxManager.getInstance().isMailboxLockedOut(mailbox.getAccountId()));
    }

    @Test
    public void testLockAccountEnumeration() throws Exception {
        TestUtil.addMessage(TestUtil.getMailbox(MY_USER), "test");
        TestUtil.waitForMessage(TestUtil.getZMailbox(MY_USER), "test");
        ArrayList arrayList = new ArrayList();
        new LockoutMailbox().docRights(arrayList, new ArrayList());
        createDelegatedAdmin(arrayList);
        LockoutMailboxRequest create = LockoutMailboxRequest.create(AccountNameSelector.fromName(OFFLIMITS_NON_EXISTING_USER));
        create.setOperation("start");
        try {
            this.delegatedSoapProv.invokeJaxb(create);
            fail("should have caught an exception");
        } catch (SoapFaultException e) {
            assertEquals("should be getting 'Permission Denied' response", "service.PERM_DENIED", e.getCode());
        }
    }

    @Test
    public void testLockoutSufficientPermissions() throws Exception {
        TestUtil.addMessage(TestUtil.getMailbox(MY_USER), "test");
        TestUtil.waitForMessage(TestUtil.getZMailbox(MY_USER), "test");
        ArrayList arrayList = new ArrayList();
        new LockoutMailbox().docRights(arrayList, new ArrayList());
        createDelegatedAdmin(arrayList);
        LockoutMailboxRequest create = LockoutMailboxRequest.create(AccountNameSelector.fromName(MY_USER));
        create.setOperation("start");
        try {
            assertNotNull("LockoutMailboxResponse should not be null", (LockoutMailboxResponse) this.delegatedSoapProv.invokeJaxb(create));
        } catch (SoapFaultException e) {
            fail("should not be getting an exception");
        }
        LockoutMailboxRequest create2 = LockoutMailboxRequest.create(AccountNameSelector.fromName(MY_NON_EXISTING_USER));
        create2.setOperation("start");
        try {
            this.delegatedSoapProv.invokeJaxb(create2);
            fail("should have caught an exception");
        } catch (SoapFaultException e2) {
            assertEquals("should be getting 'no such account' response", AccountServiceException.NO_SUCH_ACCOUNT, e2.getCode());
        }
    }

    @Test
    public void testLockoutAsGlobalAdmin() throws Exception {
        TestUtil.addMessage(TestUtil.getMailbox(MY_USER), "test");
        TestUtil.waitForMessage(TestUtil.getZMailbox(MY_USER), "test");
        LockoutMailboxRequest create = LockoutMailboxRequest.create(AccountNameSelector.fromName(MY_USER));
        create.setOperation("start");
        try {
            assertNotNull("LockoutMailboxResponse should not be null", (LockoutMailboxResponse) this.adminSoapProv.invokeJaxb(create));
        } catch (SoapFaultException e) {
            fail("should not be getting an exception");
        }
        LockoutMailboxRequest create2 = LockoutMailboxRequest.create(AccountNameSelector.fromName(OFFLIMITS_NON_EXISTING_USER));
        create2.setOperation("start");
        try {
            this.adminSoapProv.invokeJaxb(create2);
            fail("should have caught an exception");
        } catch (SoapFaultException e2) {
            assertEquals("should be getting 'no such account' response", AccountServiceException.NO_SUCH_ACCOUNT, e2.getCode());
        }
    }

    public void createDelegatedAdmin(List<AdminRight> list) throws ServiceException {
        HashMap hashMap = new HashMap();
        StringUtil.addToMultiMap(hashMap, "zimbraIsDelegatedAdminAccount", LdapConstants.LDAP_TRUE);
        this.domainAdmin = this.adminSoapProv.createAccount(DELEGATED_ADMIN_NAME, "test123", hashMap);
        assertNotNull("failed to create domin admin account", this.domainAdmin);
        for (AdminRight adminRight : list) {
            String str = null;
            TargetType targetType = null;
            if (adminRight.getTargetType() == TargetType.domain) {
                targetType = TargetType.domain;
                str = MY_DOMAIN;
            } else if (adminRight.getTargetType() == TargetType.account || adminRight.getTargetType() == TargetType.calresource) {
                targetType = TargetType.domain;
                str = MY_DOMAIN;
            } else if (adminRight.getTargetType() == TargetType.server) {
                targetType = TargetType.server;
                str = Provisioning.getInstance().getLocalServer().getName();
            }
            grantRightToAdmin(this.adminSoapProv, com.zimbra.soap.type.TargetType.fromString(targetType.toString()), str, DELEGATED_ADMIN_NAME, adminRight.getName());
        }
        this.adminSoapProv.flushCache(CacheEntryType.acl, null);
        this.delegatedSoapProv = TestUtil.newDelegatedSoapProvisioning(DELEGATED_ADMIN_NAME, "test123");
    }

    private static void grantRightToAdmin(SoapProvisioning soapProvisioning, com.zimbra.soap.type.TargetType targetType, String str, String str2, String str3) throws ServiceException {
        GranteeSelector granteeSelector = new GranteeSelector(GranteeType.usr, GranteeSelector.GranteeBy.name, str2);
        EffectiveRightsTargetSelector effectiveRightsTargetSelector = str == null ? new EffectiveRightsTargetSelector(targetType, (TargetBy) null, (String) null) : new EffectiveRightsTargetSelector(targetType, TargetBy.name, str);
        RightModifierInfo rightModifierInfo = new RightModifierInfo(str3);
        assertNotNull("GrantRightResponse for " + rightModifierInfo.getValue(), (GrantRightResponse) soapProvisioning.invokeJaxb(new GrantRightRequest(effectiveRightsTargetSelector, granteeSelector, rightModifierInfo)));
    }
}
