package com.zimbra.qa.unittest.prov.soap;

import com.google.common.collect.Maps;
import com.zimbra.common.service.ServiceException;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.account.CalendarResource;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.accesscontrol.GranteeType;
import com.zimbra.cs.account.accesscontrol.TargetType;
import com.zimbra.cs.account.accesscontrol.generated.RightConsts;
import com.zimbra.cs.service.PreAuthServlet;
import com.zimbra.qa.unittest.prov.ProvTest;
import com.zimbra.soap.admin.type.GranteeSelector;
import com.zimbra.soap.type.TargetBy;
import java.util.HashMap;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:com/zimbra/qa/unittest/prov/soap/TestSetPassword.class */
public class TestSetPassword extends SoapTest {
    private static SoapProvTestUtil provUtil;
    private static Provisioning prov;
    private static Domain domain;
    private static final int MIN_PASSSWORD_LEN = 5;
    private static final ProvTest.Sequencer goodPassword = new ProvTest.Sequencer();
    private static final ProvTest.Sequencer badPassword = new ProvTest.Sequencer();

    @BeforeClass
    public static void init() throws Exception {
        provUtil = new SoapProvTestUtil();
        prov = provUtil.getProv();
        domain = provUtil.createDomain(baseDomainName());
    }

    @AfterClass
    public static void cleanup() throws Exception {
        Cleanup.deleteAll(baseDomainName());
    }

    private static void setPasswordPolicy(Account account) throws Exception {
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put("zimbraPasswordMinLength", "5");
        prov.modifyAttrs(account, newHashMap);
    }

    private String genGoodPassword() {
        String str = "good-" + goodPassword.next();
        Assert.assertTrue(str.length() >= 5);
        return str;
    }

    private String genBadPassword() {
        String str = "b-" + badPassword.next();
        Assert.assertTrue(str.length() < 5);
        return str;
    }

    private String setPassword(Account account, Account account2, boolean z) throws Exception {
        String genBadPassword = z ? genBadPassword() : genGoodPassword();
        return genBadPassword;
    }

    private Account createAcctAndSetPasswordpolicy() throws Exception {
        Account createAccount = provUtil.createAccount(genAcctNameLocalPart("user"), domain);
        setPasswordPolicy(createAccount);
        return createAccount;
    }

    private CalendarResource createCRAndSetPasswordpolicy() throws Exception {
        CalendarResource createCalendarResource = provUtil.createCalendarResource(genCalendarResourceNameLocalPart(), domain);
        setPasswordPolicy(createCalendarResource);
        return createCalendarResource;
    }

    private void verifyOK(Account account, Account account2, boolean z) throws Exception {
        authUser(account2.getName(), setPassword(account, account2, z));
    }

    private void verifyPermDenied(Account account, Account account2, boolean z) throws Exception {
        String str = null;
        try {
            setPassword(account, account2, z);
        } catch (ServiceException e) {
            str = e.getCode();
        }
        Assert.assertEquals("service.PERM_DENIED", str);
    }

    private void verifyInvalidPassword(Account account, Account account2, boolean z) throws Exception {
        String str = null;
        try {
            setPassword(account, account2, z);
        } catch (ServiceException e) {
            str = e.getCode();
        }
        Assert.assertEquals(AccountServiceException.INVALID_PASSWORD, str);
    }

    @Test
    public void globalAdmin() throws Exception {
        Account createAcctAndSetPasswordpolicy = createAcctAndSetPasswordpolicy();
        CalendarResource createCRAndSetPasswordpolicy = createCRAndSetPasswordpolicy();
        Account createGlobalAdmin = provUtil.createGlobalAdmin(genAcctNameLocalPart(PreAuthServlet.PARAM_ADMIN), domain);
        verifyOK(createGlobalAdmin, createAcctAndSetPasswordpolicy, true);
        verifyOK(createGlobalAdmin, createAcctAndSetPasswordpolicy, false);
        verifyOK(createGlobalAdmin, createCRAndSetPasswordpolicy, true);
        verifyOK(createGlobalAdmin, createCRAndSetPasswordpolicy, false);
        provUtil.deleteAccount(createAcctAndSetPasswordpolicy);
        provUtil.deleteAccount(createCRAndSetPasswordpolicy);
        provUtil.deleteAccount(createGlobalAdmin);
    }

    @Test
    public void delegatedAdminWithNoRight() throws Exception {
        Account createAcctAndSetPasswordpolicy = createAcctAndSetPasswordpolicy();
        CalendarResource createCRAndSetPasswordpolicy = createCRAndSetPasswordpolicy();
        Account createDelegatedAdmin = provUtil.createDelegatedAdmin(genAcctNameLocalPart(PreAuthServlet.PARAM_ADMIN), domain);
        verifyPermDenied(createDelegatedAdmin, createAcctAndSetPasswordpolicy, true);
        verifyPermDenied(createDelegatedAdmin, createAcctAndSetPasswordpolicy, false);
        verifyPermDenied(createDelegatedAdmin, createCRAndSetPasswordpolicy, true);
        verifyPermDenied(createDelegatedAdmin, createCRAndSetPasswordpolicy, false);
        provUtil.deleteAccount(createAcctAndSetPasswordpolicy);
        provUtil.deleteAccount(createCRAndSetPasswordpolicy);
        provUtil.deleteAccount(createDelegatedAdmin);
    }

    @Test
    public void delegatedAdminWithSetPasswordRight() throws Exception {
        Account createAcctAndSetPasswordpolicy = createAcctAndSetPasswordpolicy();
        CalendarResource createCRAndSetPasswordpolicy = createCRAndSetPasswordpolicy();
        Account createDelegatedAdmin = provUtil.createDelegatedAdmin(genAcctNameLocalPart(PreAuthServlet.PARAM_ADMIN), domain);
        prov.grantRight(TargetType.account.getCode(), TargetBy.name, createAcctAndSetPasswordpolicy.getName(), GranteeType.GT_USER.getCode(), GranteeSelector.GranteeBy.name, createDelegatedAdmin.getName(), null, RightConsts.RT_setAccountPassword, null);
        prov.grantRight(TargetType.calresource.getCode(), TargetBy.name, createCRAndSetPasswordpolicy.getName(), GranteeType.GT_USER.getCode(), GranteeSelector.GranteeBy.name, createDelegatedAdmin.getName(), null, RightConsts.RT_setCalendarResourcePassword, null);
        verifyOK(createDelegatedAdmin, createAcctAndSetPasswordpolicy, true);
        verifyOK(createDelegatedAdmin, createAcctAndSetPasswordpolicy, false);
        verifyOK(createDelegatedAdmin, createCRAndSetPasswordpolicy, true);
        verifyOK(createDelegatedAdmin, createCRAndSetPasswordpolicy, false);
        provUtil.deleteAccount(createAcctAndSetPasswordpolicy);
        provUtil.deleteAccount(createCRAndSetPasswordpolicy);
        provUtil.deleteAccount(createDelegatedAdmin);
    }

    @Test
    public void delegatedAdminWithChangePasswordRight() throws Exception {
        Account createAcctAndSetPasswordpolicy = createAcctAndSetPasswordpolicy();
        CalendarResource createCRAndSetPasswordpolicy = createCRAndSetPasswordpolicy();
        Account createDelegatedAdmin = provUtil.createDelegatedAdmin(genAcctNameLocalPart(PreAuthServlet.PARAM_ADMIN), domain);
        prov.grantRight(TargetType.account.getCode(), TargetBy.name, createAcctAndSetPasswordpolicy.getName(), GranteeType.GT_USER.getCode(), GranteeSelector.GranteeBy.name, createDelegatedAdmin.getName(), null, RightConsts.RT_changeAccountPassword, null);
        prov.grantRight(TargetType.calresource.getCode(), TargetBy.name, createCRAndSetPasswordpolicy.getName(), GranteeType.GT_USER.getCode(), GranteeSelector.GranteeBy.name, createDelegatedAdmin.getName(), null, RightConsts.RT_changeCalendarResourcePassword, null);
        verifyInvalidPassword(createDelegatedAdmin, createAcctAndSetPasswordpolicy, true);
        verifyOK(createDelegatedAdmin, createAcctAndSetPasswordpolicy, false);
        verifyInvalidPassword(createDelegatedAdmin, createCRAndSetPasswordpolicy, true);
        verifyOK(createDelegatedAdmin, createCRAndSetPasswordpolicy, false);
        provUtil.deleteAccount(createAcctAndSetPasswordpolicy);
        provUtil.deleteAccount(createCRAndSetPasswordpolicy);
        provUtil.deleteAccount(createDelegatedAdmin);
    }
}
