package com.zimbra.qa.unittest.prov.ldap;

import com.google.common.collect.Maps;
import com.zimbra.common.account.Key;
import com.zimbra.common.account.ZAttrProvisioning;
import com.zimbra.common.service.ServiceException;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.auth.AuthContext;
import com.zimbra.cs.ldap.LdapConstants;
import com.zimbra.cs.rmgmt.RemoteMailQueue;
import java.util.HashMap;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:com/zimbra/qa/unittest/prov/ldap/TestAccountLockout.class */
public class TestAccountLockout extends LdapTest {
    private final String BAD_PASSWORD = "badpasssword";
    private final String GOOD_PASSWORD = "test123";
    private final int LOCKOUT_AFTER_NUM_FAILURES = 3;
    private final int LOCKOUT_DURATION_SECONDS = 10;
    private static LdapProvTestUtil provUtil;
    private static Provisioning prov;
    private static Domain domain;

    @BeforeClass
    public static void init() throws Exception {
        provUtil = new LdapProvTestUtil();
        prov = provUtil.getProv();
        domain = provUtil.createDomain(baseDomainName());
    }

    @AfterClass
    public static void cleanup() throws Exception {
        Cleanup.deleteAll(baseDomainName());
    }

    private Account createAccount(String str) throws Exception {
        return provUtil.createAccount(str, domain);
    }

    private void deleteAccount(Account account) throws Exception {
        provUtil.deleteAccount(account);
    }

    public void lockout(Account account) throws Exception {
        String id = account.getId();
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put("zimbraPasswordLockoutEnabled", LdapConstants.LDAP_TRUE);
        newHashMap.put("zimbraPasswordLockoutDuration", "10s");
        newHashMap.put("zimbraPasswordLockoutMaxFailures", "3");
        newHashMap.put("zimbraPasswordLockoutFailureLifetime", "30s");
        newHashMap.put("zimbraAccountStatus", "active");
        newHashMap.put("zimbraPasswordLockoutLockedTime", "");
        newHashMap.put("zimbraPasswordLockoutFailureTime", "");
        prov.modifyAttrs(account, newHashMap);
        for (int i = 0; i <= 3; i++) {
            boolean z = false;
            try {
                prov.authAccount(account, "badpasssword", AuthContext.Protocol.test);
            } catch (ServiceException e) {
                if (AccountServiceException.AUTH_FAILED.equals(e.getCode())) {
                    z = true;
                }
            }
            Assert.assertTrue(z);
            account = prov.get(Key.AccountBy.id, id);
            if (i >= 2) {
                Assert.assertEquals(Provisioning.ACCOUNT_STATUS_LOCKOUT, account.getAttr("zimbraAccountStatus"));
            } else {
                Assert.assertEquals("active", account.getAttr("zimbraAccountStatus"));
            }
            Thread.sleep(2000L);
        }
    }

    @Test
    public void successfulLogin() throws Exception {
        Account createAccount = createAccount(genAcctNameLocalPart());
        lockout(createAccount);
        boolean z = false;
        try {
            prov.authAccount(createAccount, "test123", AuthContext.Protocol.test);
        } catch (ServiceException e) {
            if (AccountServiceException.AUTH_FAILED.equals(e.getCode())) {
                z = true;
            }
        }
        Assert.assertTrue(z);
        System.out.println("Sleep for 11 seconds");
        Thread.sleep(11 * RemoteMailQueue.MAIL_QUEUE_INDEX_FLUSH_THRESHOLD);
        prov.authAccount(createAccount, "test123", AuthContext.Protocol.test);
        Assert.assertEquals(ZAttrProvisioning.AccountStatus.active, createAccount.getAccountStatus());
        deleteAccount(createAccount);
    }

    @Test
    public void ssoWhenAccountIsLockedout() throws Exception {
        Account createAccount = createAccount(genAcctNameLocalPart());
        lockout(createAccount);
        boolean z = false;
        try {
            prov.ssoAuthAccount(createAccount, AuthContext.Protocol.test, null);
        } catch (AccountServiceException e) {
            if (AccountServiceException.AUTH_FAILED.equals(e.getCode())) {
                z = true;
            }
        }
        Assert.assertTrue(z);
        deleteAccount(createAccount);
    }
}
