package com.zimbra.qa.unittest.prov.ldap;

import com.google.common.collect.Maps;
import com.zimbra.common.localconfig.LC;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.auth.AuthContext;
import com.zimbra.cs.account.auth.AuthMechanism;
import com.zimbra.cs.account.ldap.Check;
import com.zimbra.cs.account.ldap.LdapProv;
import com.zimbra.cs.account.ldap.entry.LdapAccount;
import com.zimbra.cs.ldap.LdapConnType;
import com.zimbra.cs.ldap.LdapConstants;
import com.zimbra.cs.ldap.unboundid.InMemoryLdapServer;
import com.zimbra.qa.unittest.prov.Names;
import com.zimbra.qa.unittest.prov.ProvTest;
import java.util.HashMap;
import java.util.Map;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:com/zimbra/qa/unittest/prov/ldap/TestLdapProvExternalLdapAuth.class */
public class TestLdapProvExternalLdapAuth extends LdapTest {
    private static LdapProvTestUtil provUtil;
    private static LdapProv prov;
    private static Domain domain;
    private static LdapConnType testConnType = LdapConnType.PLAIN;

    @BeforeClass
    public static void init() throws Exception {
        provUtil = new LdapProvTestUtil();
        prov = provUtil.getProv();
        domain = provUtil.createDomain(baseDomainName(), null);
    }

    @AfterClass
    public static void cleanup() throws Exception {
        Cleanup.deleteAll(baseDomainName());
    }

    private Account createAccount(String str) throws Exception {
        return createAccount(str, null);
    }

    private Account createAccount(String str, Map<String, Object> map) throws Exception {
        return provUtil.createAccount(str, domain, map);
    }

    private String getAccountDN(Account account) throws Exception {
        return ((LdapAccount) account).getDN();
    }

    private String getLdapURL() {
        if (LdapConnType.LDAPI != testConnType) {
            return LdapConnType.LDAPS == testConnType ? "ldaps://" + LC.zimbra_server_hostname.value() + ":636" : "ldap://" + LC.zimbra_server_hostname.value() + ":389";
        }
        Assert.fail();
        return null;
    }

    private String getWantStartTLS() {
        if (LdapConnType.STARTTLS == testConnType) {
            return LdapConstants.LDAP_TRUE;
        }
        return null;
    }

    @Test
    public void checkAuthConfigBySearch() throws Exception {
        String makeAccountNameLocalPart = Names.makeAccountNameLocalPart(genAcctNameLocalPart());
        Account createAccount = createAccount(makeAccountNameLocalPart);
        getAccountDN(createAccount);
        HashMap hashMap = new HashMap();
        hashMap.put("zimbraAuthMech", AuthMechanism.AuthMech.ldap.name());
        hashMap.put("zimbraAuthLdapURL", getLdapURL());
        hashMap.put("zimbraAuthLdapSearchBindPassword", LC.zimbra_ldap_password.value());
        hashMap.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
        hashMap.put("zimbraAuthLdapSearchFilter", "(zimbraMailDeliveryAddress=%n)");
        Provisioning.Result checkAuthConfig = prov.checkAuthConfig(hashMap, createAccount.getName(), "test123");
        Assert.assertEquals(Check.STATUS_OK, checkAuthConfig.getCode());
        Assert.assertEquals("(zimbraMailDeliveryAddress=" + createAccount.getName() + ")", checkAuthConfig.getComputedDn());
        hashMap.put("zimbraAuthLdapSearchFilter", "(uid=%u)");
        Provisioning.Result checkAuthConfig2 = prov.checkAuthConfig(hashMap, createAccount.getName(), "test123");
        Assert.assertEquals(Check.STATUS_OK, checkAuthConfig2.getCode());
        Assert.assertEquals(("(uid=" + makeAccountNameLocalPart + ")").toLowerCase(), checkAuthConfig2.getComputedDn().toLowerCase());
        hashMap.put("zimbraAuthLdapSearchFilter", "(mail=%u@%d)");
        Provisioning.Result checkAuthConfig3 = prov.checkAuthConfig(hashMap, createAccount.getName(), "test123");
        Assert.assertEquals(Check.STATUS_OK, checkAuthConfig3.getCode());
        Assert.assertEquals("(mail=" + createAccount.getName() + ")", checkAuthConfig3.getComputedDn());
        provUtil.deleteAccount(createAccount);
    }

    @Test
    public void checkAuthConfigByBindDNTemplate() throws Exception {
        Account createAccount = createAccount(Names.makeAccountNameLocalPart(genAcctNameLocalPart()));
        String accountDN = getAccountDN(createAccount);
        HashMap hashMap = new HashMap();
        hashMap.put("zimbraAuthMech", AuthMechanism.AuthMech.ldap.name());
        hashMap.put("zimbraAuthLdapURL", getLdapURL());
        hashMap.put("zimbraAuthLdapSearchBindPassword", LC.zimbra_ldap_password.value());
        hashMap.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
        hashMap.put("zimbraAuthLdapBindDn", "uid=%u,ou=people,%D");
        Provisioning.Result checkAuthConfig = prov.checkAuthConfig(hashMap, createAccount.getName(), "test123");
        Assert.assertEquals(Check.STATUS_OK, checkAuthConfig.getCode());
        Assert.assertEquals(accountDN, checkAuthConfig.getComputedDn());
        provUtil.deleteAccount(createAccount);
    }

    @Test
    public void checkAuthConfigFailures() throws Exception {
        Account createAccount = createAccount(genAcctNameLocalPart());
        getAccountDN(createAccount);
        HashMap newHashMap = Maps.newHashMap();
        try {
            SKIP_FOR_INMEM_LDAP_SERVER(ProvTest.SkipTestReason.EXTERNAL_AUTH_STATUS_UNKNOWN_HOST);
            newHashMap.put("zimbraAuthMech", AuthMechanism.AuthMech.ldap.name());
            newHashMap.put("zimbraAuthLdapURL", "ldap://bogus:389");
            newHashMap.put("zimbraAuthLdapSearchBindPassword", LC.zimbra_ldap_password.value());
            newHashMap.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
            newHashMap.put("zimbraAuthLdapSearchFilter", "(zimbraMailDeliveryAddress=%n)");
            Assert.assertEquals(Check.STATUS_UNKNOWN_HOST, prov.checkAuthConfig(newHashMap, createAccount.getName(), "test123").getCode());
        } catch (ProvTest.SkippedForInMemLdapServerException e) {
        }
        try {
            SKIP_FOR_INMEM_LDAP_SERVER(ProvTest.SkipTestReason.EXTERNAL_AUTH_STATUS_CONNECTION_REFUSED);
            newHashMap.clear();
            newHashMap.put("zimbraAuthMech", AuthMechanism.AuthMech.ldap.name());
            newHashMap.put("zimbraAuthLdapURL", "ldap://" + LC.zimbra_server_hostname.value() + ":38900");
            newHashMap.put("zimbraAuthLdapSearchBindPassword", LC.zimbra_ldap_password.value());
            newHashMap.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
            newHashMap.put("zimbraAuthLdapSearchFilter", "(zimbraMailDeliveryAddress=%n)");
            Assert.assertEquals(Check.STATUS_CONNECTION_REFUSED, prov.checkAuthConfig(newHashMap, createAccount.getName(), "test123").getCode());
        } catch (ProvTest.SkippedForInMemLdapServerException e2) {
        }
        try {
            SKIP_FOR_INMEM_LDAP_SERVER(ProvTest.SkipTestReason.EXTERNAL_AUTH_STATUS_COMMUNICATION_FAILURE);
            newHashMap.clear();
            newHashMap.put("zimbraAuthMech", AuthMechanism.AuthMech.ldap.name());
            newHashMap.put("zimbraAuthLdapURL", getLdapURL());
            newHashMap.put("zimbraAuthLdapStartTlsEnabled", LdapConstants.LDAP_TRUE);
            newHashMap.put("zimbraAuthLdapSearchBindPassword", LC.zimbra_ldap_password.value());
            newHashMap.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
            newHashMap.put("zimbraAuthLdapSearchFilter", "(zimbraMailDeliveryAddress=%n)");
            Assert.assertEquals(Check.STATUS_COMMUNICATION_FAILURE, prov.checkAuthConfig(newHashMap, createAccount.getName(), "test123").getCode());
        } catch (ProvTest.SkippedForInMemLdapServerException e3) {
        }
        try {
            SKIP_FOR_INMEM_LDAP_SERVER(ProvTest.SkipTestReason.EXTERNAL_AUTH_STATUS_AUTH_FAILED);
            newHashMap.clear();
            newHashMap.put("zimbraAuthMech", AuthMechanism.AuthMech.ldap.name());
            newHashMap.put("zimbraAuthLdapURL", getLdapURL());
            newHashMap.put("zimbraAuthLdapSearchBindPassword", "bogus");
            newHashMap.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
            newHashMap.put("zimbraAuthLdapSearchFilter", "(zimbraMailDeliveryAddress=%n)");
            Assert.assertEquals(Check.STATUS_AUTH_FAILED, prov.checkAuthConfig(newHashMap, createAccount.getName(), "test123").getCode());
        } catch (ProvTest.SkippedForInMemLdapServerException e4) {
        }
        newHashMap.clear();
        newHashMap.put("zimbraAuthMech", AuthMechanism.AuthMech.ldap.name());
        newHashMap.put("zimbraAuthLdapURL", getLdapURL());
        newHashMap.put("zimbraAuthLdapSearchBindPassword", LC.zimbra_ldap_password.value());
        newHashMap.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
        newHashMap.put("zimbraAuthLdapSearchFilter", "(zimbraMailDeliveryAddress=%n)");
        Assert.assertEquals(Check.STATUS_AUTH_FAILED, prov.checkAuthConfig(newHashMap, createAccount.getName(), "bogus").getCode());
        newHashMap.clear();
        newHashMap.put("zimbraAuthMech", AuthMechanism.AuthMech.ldap.name());
        newHashMap.put("zimbraAuthLdapURL", getLdapURL());
        newHashMap.put("zimbraAuthLdapSearchBindPassword", LC.zimbra_ldap_password.value());
        newHashMap.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
        newHashMap.put("zimbraAuthLdapSearchBase", "dc=bogus");
        newHashMap.put("zimbraAuthLdapSearchFilter", "(zimbraMailDeliveryAddress=%n)");
        Assert.assertEquals(Check.STATUS_NAME_NOT_FOUND, prov.checkAuthConfig(newHashMap, createAccount.getName(), "test123").getCode());
        newHashMap.clear();
        newHashMap.put("zimbraAuthMech", AuthMechanism.AuthMech.ldap.name());
        newHashMap.put("zimbraAuthLdapURL", getLdapURL());
        newHashMap.put("zimbraAuthLdapSearchBindPassword", LC.zimbra_ldap_password.value());
        newHashMap.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
        newHashMap.put("zimbraAuthLdapSearchFilter", "(zimbraMailDeliveryAddress=%n");
        Assert.assertEquals(Check.STATUS_INVALID_SEARCH_FILTER, prov.checkAuthConfig(newHashMap, createAccount.getName(), "test123").getCode());
        provUtil.deleteAccount(createAccount);
    }

    @Test
    public void externalLdapAuthByDNOnAccount() throws Exception {
        LdapProv ldapProv = prov;
        String makeDomainName = Names.makeDomainName(genDomainSegmentName() + "." + baseDomainName());
        String name = AuthMechanism.AuthMech.ldap.name();
        HashMap hashMap = new HashMap();
        hashMap.put("zimbraAuthMech", name);
        hashMap.put("zimbraAuthLdapURL", getLdapURL());
        hashMap.put("zimbraAuthLdapStartTlsEnabled", getWantStartTLS());
        Account createAccount = provUtil.createAccount(Names.makeAccountNameLocalPart(genAcctNameLocalPart()), provUtil.createDomain(makeDomainName, hashMap));
        String accountDN = getAccountDN(createAccount);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("zimbraAuthLdapExternalDn", accountDN);
        ldapProv.modifyAttrs(createAccount, hashMap2);
        prov.authAccount(createAccount, "test123", AuthContext.Protocol.test);
        provUtil.deleteAccount(createAccount);
    }

    @Test
    public void externalLdapAuthBySearch() throws Exception {
        LdapProv ldapProv = prov;
        String makeDomainName = Names.makeDomainName(genDomainSegmentName() + "." + baseDomainName());
        String name = AuthMechanism.AuthMech.ldap.name();
        HashMap hashMap = new HashMap();
        hashMap.put("zimbraAuthMech", name);
        hashMap.put("zimbraAuthLdapURL", getLdapURL());
        hashMap.put("zimbraAuthLdapStartTlsEnabled", getWantStartTLS());
        hashMap.put("zimbraAuthLdapSearchBindPassword", LC.zimbra_ldap_password.value());
        hashMap.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
        hashMap.put("zimbraAuthLdapSearchFilter", "(zimbraMailDeliveryAddress=%n)");
        Account createAccount = provUtil.createAccount(Names.makeAccountNameLocalPart(genAcctNameLocalPart()), provUtil.createDomain(makeDomainName, hashMap));
        prov.authAccount(createAccount, "test123", AuthContext.Protocol.test);
        provUtil.deleteAccount(createAccount);
    }

    @Test
    public void externalLdapAuthByBindDNtemplate() throws Exception {
        LdapProv ldapProv = prov;
        String makeDomainName = Names.makeDomainName(genDomainSegmentName() + "." + baseDomainName());
        String name = AuthMechanism.AuthMech.ldap.name();
        HashMap hashMap = new HashMap();
        hashMap.put("zimbraAuthMech", name);
        hashMap.put("zimbraAuthLdapURL", getLdapURL());
        hashMap.put("zimbraAuthLdapStartTlsEnabled", getWantStartTLS());
        hashMap.put("zimbraAuthLdapSearchBindPassword", LC.zimbra_ldap_password.value());
        hashMap.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
        hashMap.put("zimbraAuthLdapBindDn", "uid=%u,ou=people,%D");
        Account createAccount = provUtil.createAccount(Names.makeAccountNameLocalPart(genAcctNameLocalPart()), provUtil.createDomain(makeDomainName, hashMap));
        prov.authAccount(createAccount, "test123", AuthContext.Protocol.test);
        provUtil.deleteAccount(createAccount);
    }

    @Test
    public void zimbraAuthNonSSHA() throws Exception {
        Account createAccount = createAccount(Names.makeAccountNameLocalPart(genAcctNameLocalPart()));
        String genNonSSHAPassword = InMemoryLdapServer.Password.genNonSSHAPassword("not-ssha-blah");
        HashMap hashMap = new HashMap();
        hashMap.put("userPassword", genNonSSHAPassword);
        prov.modifyAttrs(createAccount, hashMap);
        prov.authAccount(createAccount, genNonSSHAPassword, AuthContext.Protocol.test);
        boolean z = false;
        try {
            prov.authAccount(createAccount, genNonSSHAPassword + "not", AuthContext.Protocol.test);
        } catch (AccountServiceException e) {
            if (AccountServiceException.AUTH_FAILED.equals(e.getCode())) {
                z = true;
            }
        }
        Assert.assertTrue(z);
        provUtil.deleteAccount(createAccount);
    }
}
