package com.zimbra.qa.unittest;

import com.zimbra.common.account.Key;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.CliUtil;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.AccessManager;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.DistributionList;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.Entry;
import com.zimbra.cs.account.Group;
import com.zimbra.cs.account.MailTarget;
import com.zimbra.cs.account.NamedEntry;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.accesscontrol.GranteeType;
import com.zimbra.cs.account.accesscontrol.Right;
import com.zimbra.cs.account.accesscontrol.RightCommand;
import com.zimbra.cs.account.accesscontrol.RightModifier;
import com.zimbra.cs.account.accesscontrol.Rights;
import com.zimbra.cs.account.accesscontrol.generated.RightConsts;
import com.zimbra.cs.db.DbPool;
import com.zimbra.cs.memcached.MemcachedConnector;
import com.zimbra.soap.admin.type.GranteeSelector;
import com.zimbra.soap.type.TargetBy;
import java.util.HashMap;
import java.util.Locale;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TestName;

/* loaded from: input_file:com/zimbra/qa/unittest/TestDistListACL.class */
public class TestDistListACL {

    @Rule
    public TestName testInfo = new TestName();
    private static String USER_NAME = null;
    private static String USER_NAME2 = null;
    private static final String NAME_PREFIX = TestStoreManager.class.getSimpleName();
    private static final String otherDomain = "other.example.test";
    private static String listAddress;
    private static String listAddress2;
    private static String auser;
    private static String alias;
    private static String dlalias;
    private static Provisioning prov;
    private static AccessManager accessMgr;

    @Before
    public void setUp() throws Exception {
        listAddress = String.format("testdistlistacl@%s", TestUtil.getDomain());
        listAddress2 = String.format("testDLacl2@%s", TestUtil.getDomain());
        auser = String.format("userWithAlias@%s", TestUtil.getDomain());
        alias = String.format("alias@%s", otherDomain);
        dlalias = String.format("dlalias@%s", otherDomain);
        prov = Provisioning.getInstance();
        accessMgr = AccessManager.getInstance();
        String str = NAME_PREFIX + "-" + this.testInfo.getMethodName() + "-";
        USER_NAME = str + "user1";
        USER_NAME2 = str + "user2";
        tearDown();
        TestUtil.createAccount(USER_NAME);
        TestUtil.createAccount(USER_NAME2);
    }

    @After
    public void tearDown() throws Exception {
        DistributionList distributionList = prov.get(Key.DistributionListBy.name, listAddress);
        if (distributionList != null) {
            prov.deleteDistributionList(distributionList.getId());
        }
        DistributionList distributionList2 = prov.get(Key.DistributionListBy.name, listAddress2);
        if (distributionList2 != null) {
            prov.deleteDistributionList(distributionList2.getId());
        }
        Account account = prov.get(Key.AccountBy.name, auser);
        if (account != null) {
            prov.deleteAccount(account.getId());
        }
        Domain domain = prov.get(Key.DomainBy.name, otherDomain);
        if (domain != null) {
            prov.deleteDomain(domain.getId());
        }
        TestUtil.deleteAccountIfExists(USER_NAME);
        TestUtil.deleteAccountIfExists(USER_NAME2);
    }

    private void doCheckSentToDistListGuestRight(DistributionList distributionList, String str, String str2, boolean z) throws ServiceException {
        ZimbraLog.test.info("DL name %s ID %s", new Object[]{distributionList.getName(), distributionList.getId()});
        Group groupBasic = prov.getGroupBasic(Key.DistributionListBy.name, listAddress);
        Assert.assertNotNull("Unable to find Group object for DL by name", groupBasic);
        AccessManager.ViaGrant viaGrant = new AccessManager.ViaGrant();
        NamedEntry lookupGrantee = GranteeType.lookupGrantee(prov, GranteeType.GT_GUEST, GranteeSelector.GranteeBy.name, str);
        MailTarget mailTarget = null;
        if (lookupGrantee instanceof MailTarget) {
            mailTarget = (MailTarget) lookupGrantee;
        }
        boolean checkRight = RightCommand.checkRight(prov, "dl", TargetBy.name, listAddress, mailTarget, RightConsts.RT_sendToDistList, null, viaGrant);
        if (!z) {
            Assert.assertFalse(String.format("%s should NOT be able to send to DL (because not guest %s)", str, str2), accessMgr.canDo(str, (Entry) groupBasic, (Right) Rights.User.R_sendToDistList, false));
            Assert.assertFalse(String.format("%s should NOT have right to send to DL (because not guest %s)", str, str2), checkRight);
        } else {
            Assert.assertTrue(String.format("%s should be able to send to DL (as guest %s)", str, str2), accessMgr.canDo(str, (Entry) groupBasic, (Right) Rights.User.R_sendToDistList, false));
            Assert.assertTrue(String.format("%s should have right to send to DL (as guest %s)", str, str2), checkRight);
            ZimbraLog.test.info("Test for %s against dom %s Via=%s", new Object[]{str, str2, viaGrant});
        }
    }

    @Test
    public void testMilterGuestSendToDL() throws Exception {
        DistributionList createDistributionList = prov.createDistributionList(listAddress, new HashMap());
        prov.grantRight("dl", TargetBy.name, listAddress, GranteeType.GT_GUEST.getCode(), GranteeSelector.GranteeBy.name, "fred@example.test", "", RightConsts.RT_sendToDistList, (RightModifier) null);
        doCheckSentToDistListGuestRight(createDistributionList, "fred@example.test", "fred@example.test", true);
        doCheckSentToDistListGuestRight(createDistributionList, "pete@example.test", "fred@example.test", false);
        doCheckSentToDistListGuestRight(createDistributionList, "FreD@example.test", "fred@example.test", true);
    }

    private void doCheckSentToDistListEmailRight(DistributionList distributionList, String str, String str2, boolean z) throws ServiceException {
        ZimbraLog.test.info("DL name %s ID %s", new Object[]{distributionList.getName(), distributionList.getId()});
        Group groupBasic = prov.getGroupBasic(Key.DistributionListBy.name, listAddress);
        Assert.assertNotNull("Unable to find Group object for DL by name", groupBasic);
        AccessManager.ViaGrant viaGrant = new AccessManager.ViaGrant();
        NamedEntry lookupGrantee = GranteeType.lookupGrantee(prov, GranteeType.GT_EMAIL, GranteeSelector.GranteeBy.name, str);
        MailTarget mailTarget = null;
        if (lookupGrantee instanceof MailTarget) {
            mailTarget = (MailTarget) lookupGrantee;
        }
        boolean checkRight = RightCommand.checkRight(prov, "dl", TargetBy.name, listAddress, mailTarget, RightConsts.RT_sendToDistList, null, viaGrant);
        if (!z) {
            Assert.assertFalse(String.format("%s should NOT be able to send to DL (because not email %s)", str, str2), accessMgr.canDo(str, (Entry) groupBasic, (Right) Rights.User.R_sendToDistList, false));
            Assert.assertFalse(String.format("%s should NOT have right to send to DL (because not email %s)", str, str2), checkRight);
        } else {
            Assert.assertTrue(String.format("%s should be able to send to DL (using email %s)", str, str2), accessMgr.canDo(str, (Entry) groupBasic, (Right) Rights.User.R_sendToDistList, false));
            Assert.assertTrue(String.format("%s should have right to send to DL (using email %s)", str, str2), checkRight);
            ZimbraLog.test.info("Test for %s against dom %s Via=%s", new Object[]{str, str2, viaGrant});
        }
    }

    @Test
    public void testMilterEmailSendToDL() throws Exception {
        DistributionList createDistributionList = prov.createDistributionList(listAddress, new HashMap());
        prov.grantRight("dl", TargetBy.name, listAddress, GranteeType.GT_EMAIL.getCode(), GranteeSelector.GranteeBy.name, "fred@example.test", null, RightConsts.RT_sendToDistList, (RightModifier) null);
        prov.createDistributionList(listAddress2, new HashMap());
        prov.grantRight("dl", TargetBy.name, listAddress, GranteeType.GT_EMAIL.getCode(), GranteeSelector.GranteeBy.name, listAddress2, null, RightConsts.RT_sendToDistList, (RightModifier) null);
        String address = TestUtil.getAddress(USER_NAME);
        String address2 = TestUtil.getAddress(USER_NAME2);
        prov.grantRight("dl", TargetBy.name, listAddress, GranteeType.GT_EMAIL.getCode(), GranteeSelector.GranteeBy.name, address, null, RightConsts.RT_sendToDistList, (RightModifier) null);
        doCheckSentToDistListEmailRight(createDistributionList, "fred@example.test", "fred@example.test", true);
        doCheckSentToDistListEmailRight(createDistributionList, "pete@example.test", "fred@example.test", false);
        doCheckSentToDistListEmailRight(createDistributionList, "FreD@example.test", "fred@example.test", true);
        doCheckSentToDistListEmailRight(createDistributionList, listAddress2, listAddress2, true);
        doCheckSentToDistListEmailRight(createDistributionList, listAddress, listAddress2, false);
        doCheckSentToDistListEmailRight(createDistributionList, address.toUpperCase(Locale.ENGLISH), address, true);
        doCheckSentToDistListEmailRight(createDistributionList, address2, address, false);
        prov.revokeRight("dl", TargetBy.name, listAddress, GranteeType.GT_EMAIL.getCode(), GranteeSelector.GranteeBy.name, "fred@example.test", RightConsts.RT_sendToDistList, (RightModifier) null);
        prov.revokeRight("dl", TargetBy.name, listAddress, GranteeType.GT_EMAIL.getCode(), GranteeSelector.GranteeBy.name, listAddress2, RightConsts.RT_sendToDistList, (RightModifier) null);
        prov.revokeRight("dl", TargetBy.name, listAddress, GranteeType.GT_EMAIL.getCode(), GranteeSelector.GranteeBy.name, address, RightConsts.RT_sendToDistList, (RightModifier) null);
        doCheckSentToDistListEmailRight(createDistributionList, address2, "no grants in place", true);
    }

    private void doCheckSentToDistListUserRight(DistributionList distributionList, String str, String str2, boolean z) throws ServiceException {
        ZimbraLog.test.info("DL name %s ID %s", new Object[]{distributionList.getName(), distributionList.getId()});
        Group groupBasic = prov.getGroupBasic(Key.DistributionListBy.name, listAddress);
        Assert.assertNotNull("Unable to find Group object for DL by name", groupBasic);
        AccessManager.ViaGrant viaGrant = new AccessManager.ViaGrant();
        NamedEntry lookupGrantee = GranteeType.lookupGrantee(prov, GranteeType.GT_EMAIL, GranteeSelector.GranteeBy.name, str);
        MailTarget mailTarget = null;
        if (lookupGrantee instanceof MailTarget) {
            mailTarget = (MailTarget) lookupGrantee;
        }
        boolean checkRight = RightCommand.checkRight(prov, "dl", TargetBy.name, listAddress, mailTarget, RightConsts.RT_sendToDistList, null, viaGrant);
        if (!z) {
            Assert.assertFalse(String.format("%s should NOT be able to send to DL (because not user %s)", str, str2), accessMgr.canDo(str, (Entry) groupBasic, (Right) Rights.User.R_sendToDistList, false));
            Assert.assertFalse(String.format("%s should NOT have right to send to DL (because not user %s)", str, str2), checkRight);
        } else {
            Assert.assertTrue(String.format("%s should be able to send to DL (as user %s)", str, str2), accessMgr.canDo(str, (Entry) groupBasic, (Right) Rights.User.R_sendToDistList, false));
            Assert.assertTrue(String.format("%s should have right to send to DL (as user %s)", str, str2), checkRight);
            ZimbraLog.test.info("Test for %s against dom %s Via=%s", new Object[]{str, str2, viaGrant});
        }
    }

    @Test
    public void testMilterUserSendToDL() throws Exception {
        DistributionList createDistributionList = prov.createDistributionList(listAddress, new HashMap());
        String address = TestUtil.getAddress(USER_NAME);
        String address2 = TestUtil.getAddress(USER_NAME2);
        prov.grantRight("dl", TargetBy.name, listAddress, GranteeType.GT_USER.getCode(), GranteeSelector.GranteeBy.name, address, null, RightConsts.RT_sendToDistList, (RightModifier) null);
        doCheckSentToDistListUserRight(createDistributionList, address, address, true);
        doCheckSentToDistListUserRight(createDistributionList, "pete@example.test", address, false);
        doCheckSentToDistListUserRight(createDistributionList, address2, address, false);
        doCheckSentToDistListUserRight(createDistributionList, address.toUpperCase(Locale.ENGLISH), address, true);
    }

    private void doCheckSentToDistListDomRight(DistributionList distributionList, String str, String str2, boolean z) throws ServiceException {
        ZimbraLog.test.info("DL name %s ID %s", new Object[]{distributionList.getName(), distributionList.getId()});
        Group groupBasic = prov.getGroupBasic(Key.DistributionListBy.name, listAddress);
        Assert.assertNotNull("Unable to find Group object for DL by name", groupBasic);
        AccessManager.ViaGrant viaGrant = new AccessManager.ViaGrant();
        NamedEntry lookupGrantee = GranteeType.lookupGrantee(prov, GranteeType.GT_EMAIL, GranteeSelector.GranteeBy.name, str);
        MailTarget mailTarget = null;
        if (lookupGrantee instanceof MailTarget) {
            mailTarget = (MailTarget) lookupGrantee;
        }
        boolean checkRight = RightCommand.checkRight(prov, "dl", TargetBy.name, listAddress, mailTarget, RightConsts.RT_sendToDistList, null, viaGrant);
        if (!z) {
            Assert.assertFalse(String.format("%s should NOT be able to send to DL (because not in domain %s)", str, str2), accessMgr.canDo(str, (Entry) groupBasic, (Right) Rights.User.R_sendToDistList, false));
            Assert.assertFalse(String.format("%s should NOT have right to send to DL (because not in domain %s)", str, str2), checkRight);
        } else {
            Assert.assertTrue(String.format("%s should be able to send to DL (because in domain %s)", str, str2), accessMgr.canDo(str, (Entry) groupBasic, (Right) Rights.User.R_sendToDistList, false));
            Assert.assertTrue(String.format("%s should have right to send to DL (because in domain %s)", str, str2), checkRight);
            ZimbraLog.test.info("Test for %s against dom %s Via=%s", new Object[]{str, str2, viaGrant});
        }
    }

    @Test
    public void testMilterDomainSendToDL() throws Exception {
        DistributionList createDistributionList = prov.createDistributionList(listAddress, new HashMap());
        String address = TestUtil.getAddress(USER_NAME);
        Account account = TestUtil.getAccount(USER_NAME);
        prov.grantRight("dl", TargetBy.name, listAddress, GranteeType.GT_DOMAIN.getCode(), GranteeSelector.GranteeBy.name, account.getDomainName(), null, RightConsts.RT_sendToDistList, (RightModifier) null);
        doCheckSentToDistListDomRight(createDistributionList, address, account.getDomainName(), true);
        doCheckSentToDistListDomRight(createDistributionList, "pete@example.test", account.getDomainName(), false);
        doCheckSentToDistListDomRight(createDistributionList, address.toUpperCase(Locale.ENGLISH), account.getDomainName(), true);
    }

    @Test
    public void testMilterDomainSendToDLWithAcctAliasSender() throws Exception {
        prov.createDomain(otherDomain, new HashMap());
        DistributionList createDistributionList = prov.createDistributionList(listAddress, new HashMap());
        Account createAccount = prov.createAccount(auser, "test123", new HashMap());
        prov.addAlias(createAccount, alias);
        prov.grantRight("dl", TargetBy.name, listAddress, GranteeType.GT_DOMAIN.getCode(), GranteeSelector.GranteeBy.name, createAccount.getDomainName(), null, RightConsts.RT_sendToDistList, (RightModifier) null);
        doCheckSentToDistListDomRight(createDistributionList, alias, createAccount.getDomainName(), true);
    }

    @Test
    public void testMilterDomainSendToDLWithDlSender() throws Exception {
        DistributionList createDistributionList = prov.createDistributionList(listAddress, new HashMap());
        DistributionList createDistributionList2 = prov.createDistributionList(listAddress2, new HashMap());
        prov.grantRight("dl", TargetBy.name, listAddress, GranteeType.GT_DOMAIN.getCode(), GranteeSelector.GranteeBy.name, createDistributionList2.getDomainName(), null, RightConsts.RT_sendToDistList, (RightModifier) null);
        doCheckSentToDistListDomRight(createDistributionList, listAddress2, createDistributionList2.getDomainName(), true);
    }

    @Test
    public void testMilterDomainSendToDLWithDlAliasSender() throws Exception {
        prov.createDomain(otherDomain, new HashMap());
        DistributionList createDistributionList = prov.createDistributionList(listAddress, new HashMap());
        DistributionList createDistributionList2 = prov.createDistributionList(listAddress2, new HashMap());
        prov.addAlias(createDistributionList2, dlalias);
        prov.grantRight("dl", TargetBy.name, listAddress, GranteeType.GT_DOMAIN.getCode(), GranteeSelector.GranteeBy.name, createDistributionList2.getDomainName(), null, RightConsts.RT_sendToDistList, (RightModifier) null);
        doCheckSentToDistListDomRight(createDistributionList, dlalias, createDistributionList2.getDomainName(), true);
    }

    @Test
    public void testMilterExternalDomainSendToDL() throws Exception {
        DistributionList createDistributionList = prov.createDistributionList(listAddress, new HashMap());
        String address = TestUtil.getAddress(USER_NAME);
        prov.grantRight("dl", TargetBy.name, listAddress, GranteeType.GT_EXT_DOMAIN.getCode(), GranteeSelector.GranteeBy.name, "example.test", null, RightConsts.RT_sendToDistList, (RightModifier) null);
        ZimbraLog.test.info("DL name %s ID %s", new Object[]{createDistributionList.getName(), createDistributionList.getId()});
        Group groupBasic = prov.getGroupBasic(Key.DistributionListBy.name, listAddress);
        Assert.assertNotNull("Unable to find Group object for DL by name", groupBasic);
        Assert.assertTrue("pete@example.test should be able to send to DL (in domain example.test)", accessMgr.canDo("pete@example.test", (Entry) groupBasic, (Right) Rights.User.R_sendToDistList, false));
        Assert.assertFalse(String.format("%s should NOT be able to send to DL (in domain example.test)", address), accessMgr.canDo(address, (Entry) groupBasic, (Right) Rights.User.R_sendToDistList, false));
    }

    @Test
    public void testMilterEdomWithLocalDomain() throws Exception {
        DistributionList createDistributionList = prov.createDistributionList(listAddress, new HashMap());
        String address = TestUtil.getAddress(USER_NAME);
        Account account = TestUtil.getAccount(USER_NAME);
        prov.grantRight("dl", TargetBy.name, listAddress, GranteeType.GT_EXT_DOMAIN.getCode(), GranteeSelector.GranteeBy.name, account.getDomainName(), null, RightConsts.RT_sendToDistList, (RightModifier) null);
        ZimbraLog.test.info("DL name %s ID %s", new Object[]{createDistributionList.getName(), createDistributionList.getId()});
        Group groupBasic = prov.getGroupBasic(Key.DistributionListBy.name, listAddress);
        Assert.assertNotNull("Unable to find Group object for DL by name", groupBasic);
        Assert.assertTrue(String.format("%s should be able to send to DL (in domain %s)", address, account.getDomainName()), accessMgr.canDo(address, (Entry) groupBasic, (Right) Rights.User.R_sendToDistList, false));
        String str = "unconfigured@" + account.getDomainName();
        Assert.assertTrue(String.format("%s should be able to send to DL (in domain %s)", str, account.getDomainName()), accessMgr.canDo(str, (Entry) groupBasic, (Right) Rights.User.R_sendToDistList, false));
    }

    public static void main(String[] strArr) throws ServiceException {
        DbPool.startup();
        MemcachedConnector.startup();
        CliUtil.toolSetup();
        TestUtil.runTest(TestDistListACL.class);
    }
}
