package org.apache.james.user.ldap;

import org.apache.commons.configuration.ConversionException;
import org.apache.commons.configuration.HierarchicalConfiguration;
import org.apache.commons.configuration.plist.PropertyListConfiguration;
import org.apache.james.core.MailAddress;
import org.apache.james.domainlist.api.DomainList;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/james/user/ldap/ReadOnlyUsersLDAPRepositoryTest.class */
public class ReadOnlyUsersLDAPRepositoryTest {
    private static final Logger LOGGER = LoggerFactory.getLogger(ReadOnlyUsersLDAPRepositoryTest.class);
    private static final String JAMES_USER_MAIL = "james-user@james.org";
    private static final String UNKNOWN = "unknown";
    private static final String BAD_PASSWORD = "badpassword";
    private DomainList domainList;

    @Nested
    /* loaded from: input_file:org/apache/james/user/ldap/ReadOnlyUsersLDAPRepositoryTest$SupportVirtualHosting.class */
    class SupportVirtualHosting {
        SupportVirtualHosting() {
        }

        @Test
        public void supportVirtualHostingShouldReturnFalseByDefault() throws Exception {
            ReadOnlyUsersLDAPRepository readOnlyUsersLDAPRepository = new ReadOnlyUsersLDAPRepository(ReadOnlyUsersLDAPRepositoryTest.this.domainList);
            readOnlyUsersLDAPRepository.configure(ReadOnlyUsersLDAPRepositoryTest.access$100());
            Assertions.assertThat(readOnlyUsersLDAPRepository.supportVirtualHosting()).isFalse();
        }

        @Test
        public void supportVirtualHostingShouldReturnTrueWhenReportedInConfig() throws Exception {
            HierarchicalConfiguration access$100 = ReadOnlyUsersLDAPRepositoryTest.access$100();
            access$100.addProperty("supportsVirtualHosting", "true");
            ReadOnlyUsersLDAPRepository readOnlyUsersLDAPRepository = new ReadOnlyUsersLDAPRepository(ReadOnlyUsersLDAPRepositoryTest.this.domainList);
            readOnlyUsersLDAPRepository.configure(access$100);
            Assertions.assertThat(readOnlyUsersLDAPRepository.supportVirtualHosting()).isTrue();
        }

        @Test
        public void supportVirtualHostingShouldReturnFalseWhenReportedInConfig() throws Exception {
            HierarchicalConfiguration access$100 = ReadOnlyUsersLDAPRepositoryTest.access$100();
            access$100.addProperty("supportsVirtualHosting", "false");
            ReadOnlyUsersLDAPRepository readOnlyUsersLDAPRepository = new ReadOnlyUsersLDAPRepository(ReadOnlyUsersLDAPRepositoryTest.this.domainList);
            readOnlyUsersLDAPRepository.configure(access$100);
            Assertions.assertThat(readOnlyUsersLDAPRepository.supportVirtualHosting()).isFalse();
        }

        @Test
        public void configureShouldThrowOnNonBooleanValueForSupportsVirtualHosting() throws Exception {
            HierarchicalConfiguration access$100 = ReadOnlyUsersLDAPRepositoryTest.access$100();
            access$100.addProperty("supportsVirtualHosting", "bad");
            ReadOnlyUsersLDAPRepository readOnlyUsersLDAPRepository = new ReadOnlyUsersLDAPRepository(ReadOnlyUsersLDAPRepositoryTest.this.domainList);
            Assertions.assertThatThrownBy(() -> {
                readOnlyUsersLDAPRepository.configure(access$100);
            }).isInstanceOf(ConversionException.class);
        }
    }

    @Nested
    /* loaded from: input_file:org/apache/james/user/ldap/ReadOnlyUsersLDAPRepositoryTest$TestUser.class */
    class TestUser {
        TestUser() {
        }

        @Test
        public void knownUserShouldBeAbleToLogInWhenPasswordIsCorrect() throws Exception {
            Assertions.assertThat(startUsersRepository(ReadOnlyUsersLDAPRepositoryTest.access$100()).test(DockerLdapSingleton.JAMES_USER, DockerLdapSingleton.PASSWORD)).isTrue();
        }

        @Test
        public void knownUserShouldNotBeAbleToLogInWhenPasswordIsNotCorrect() throws Exception {
            Assertions.assertThat(startUsersRepository(ReadOnlyUsersLDAPRepositoryTest.access$100()).test(DockerLdapSingleton.JAMES_USER, ReadOnlyUsersLDAPRepositoryTest.BAD_PASSWORD)).isFalse();
        }

        @Test
        public void unknownUserShouldNotBeAbleToLogIn() throws Exception {
            Assertions.assertThat(startUsersRepository(ReadOnlyUsersLDAPRepositoryTest.access$100()).test(ReadOnlyUsersLDAPRepositoryTest.UNKNOWN, ReadOnlyUsersLDAPRepositoryTest.BAD_PASSWORD)).isFalse();
        }

        @Test
        public void unknownUserShouldNotBeAbleToLogInWhenPasswordIsCorrect() throws Exception {
            Assertions.assertThat(startUsersRepository(ReadOnlyUsersLDAPRepositoryTest.access$100()).test(ReadOnlyUsersLDAPRepositoryTest.UNKNOWN, DockerLdapSingleton.PASSWORD)).isFalse();
        }

        @Test
        public void knownUserShouldBeAbleToLogInWhenPasswordIsCorrectWithVirtualHosting() throws Exception {
            Assertions.assertThat(startUsersRepository(ReadOnlyUsersLDAPRepositoryTest.access$200()).test(ReadOnlyUsersLDAPRepositoryTest.JAMES_USER_MAIL, DockerLdapSingleton.PASSWORD)).isTrue();
        }

        @Test
        public void testShouldStillWorksAfterRestartingLDAP() throws Exception {
            ReadOnlyUsersLDAPRepository startUsersRepository = startUsersRepository(ReadOnlyUsersLDAPRepositoryTest.access$200());
            startUsersRepository.test(ReadOnlyUsersLDAPRepositoryTest.JAMES_USER_MAIL, DockerLdapSingleton.PASSWORD);
            DockerLdapSingleton.ldapContainer.pause();
            try {
                startUsersRepository.test(ReadOnlyUsersLDAPRepositoryTest.JAMES_USER_MAIL, DockerLdapSingleton.PASSWORD);
            } catch (Exception e) {
                ReadOnlyUsersLDAPRepositoryTest.LOGGER.info("This exception is expected as we shut down the LDAP and forced its use", e);
            }
            DockerLdapSingleton.ldapContainer.unpause();
            Assertions.assertThat(startUsersRepository.test(ReadOnlyUsersLDAPRepositoryTest.JAMES_USER_MAIL, DockerLdapSingleton.PASSWORD)).isTrue();
        }

        @Test
        public void knownUserShouldNotBeAbleToLogInWhenPasswordIsNotCorrectWithVirtualHosting() throws Exception {
            Assertions.assertThat(startUsersRepository(ReadOnlyUsersLDAPRepositoryTest.access$200()).test(DockerLdapSingleton.JAMES_USER, ReadOnlyUsersLDAPRepositoryTest.BAD_PASSWORD)).isFalse();
        }

        @Test
        public void unknownUserShouldNotBeAbleToLogInWithVirtualHosting() throws Exception {
            Assertions.assertThat(startUsersRepository(ReadOnlyUsersLDAPRepositoryTest.access$200()).test(ReadOnlyUsersLDAPRepositoryTest.UNKNOWN, ReadOnlyUsersLDAPRepositoryTest.BAD_PASSWORD)).isFalse();
        }

        @Test
        public void unknownUserShouldNotBeAbleToLogInWhenPasswordIsCorrectWithVirtualHosting() throws Exception {
            Assertions.assertThat(startUsersRepository(ReadOnlyUsersLDAPRepositoryTest.access$200()).test(ReadOnlyUsersLDAPRepositoryTest.UNKNOWN, DockerLdapSingleton.PASSWORD)).isFalse();
        }

        @Test
        public void specialCharacterInUserInputShouldBeSanitized() throws Exception {
            Assertions.assertThat(startUsersRepository(ReadOnlyUsersLDAPRepositoryTest.access$200()).test("j*", DockerLdapSingleton.PASSWORD)).isFalse();
        }

        @Test
        public void containsWithGetUserShouldBeTrue() throws Exception {
            ReadOnlyUsersLDAPRepository startUsersRepository = startUsersRepository(ReadOnlyUsersLDAPRepositoryTest.access$100());
            Assertions.assertThat(startUsersRepository.contains(startUsersRepository.getUser(new MailAddress(ReadOnlyUsersLDAPRepositoryTest.JAMES_USER_MAIL)))).isTrue();
        }

        @Test
        public void containsWithGetUserShouldBeTrueWithVirtualHosting() throws Exception {
            ReadOnlyUsersLDAPRepository startUsersRepository = startUsersRepository(ReadOnlyUsersLDAPRepositoryTest.access$200());
            Assertions.assertThat(startUsersRepository.contains(startUsersRepository.getUser(new MailAddress(ReadOnlyUsersLDAPRepositoryTest.JAMES_USER_MAIL)))).isTrue();
        }

        private ReadOnlyUsersLDAPRepository startUsersRepository(HierarchicalConfiguration hierarchicalConfiguration) throws Exception {
            ReadOnlyUsersLDAPRepository readOnlyUsersLDAPRepository = new ReadOnlyUsersLDAPRepository(ReadOnlyUsersLDAPRepositoryTest.this.domainList);
            readOnlyUsersLDAPRepository.configure(hierarchicalConfiguration);
            readOnlyUsersLDAPRepository.init();
            return readOnlyUsersLDAPRepository;
        }
    }

    @BeforeEach
    void setUp() {
        this.domainList = (DomainList) Mockito.mock(DomainList.class);
    }

    private static HierarchicalConfiguration ldapRepositoryConfiguration() {
        PropertyListConfiguration propertyListConfiguration = new PropertyListConfiguration();
        propertyListConfiguration.addProperty("[@ldapHost]", DockerLdapSingleton.ldapContainer.getLdapHost());
        propertyListConfiguration.addProperty("[@principal]", "cn=admin\\,dc=james\\,dc=org");
        propertyListConfiguration.addProperty("[@credentials]", DockerLdapSingleton.ADMIN_PASSWORD);
        propertyListConfiguration.addProperty("[@userBase]", "ou=People\\,dc=james\\,dc=org");
        propertyListConfiguration.addProperty("[@userIdAttribute]", "uid");
        propertyListConfiguration.addProperty("[@userObjectClass]", "inetOrgPerson");
        propertyListConfiguration.addProperty("[@maxRetries]", "4");
        propertyListConfiguration.addProperty("[@retryStartInterval]", "0");
        propertyListConfiguration.addProperty("[@retryMaxInterval]", "8");
        propertyListConfiguration.addProperty("[@retryIntervalScale]", "1000");
        return propertyListConfiguration;
    }

    private static HierarchicalConfiguration ldapRepositoryConfigurationWithVirtualHosting() {
        PropertyListConfiguration propertyListConfiguration = new PropertyListConfiguration();
        propertyListConfiguration.addProperty("[@ldapHost]", DockerLdapSingleton.ldapContainer.getLdapHost());
        propertyListConfiguration.addProperty("[@principal]", "cn=admin\\,dc=james\\,dc=org");
        propertyListConfiguration.addProperty("[@credentials]", DockerLdapSingleton.ADMIN_PASSWORD);
        propertyListConfiguration.addProperty("[@userBase]", "ou=People\\,dc=james\\,dc=org");
        propertyListConfiguration.addProperty("[@userIdAttribute]", "mail");
        propertyListConfiguration.addProperty("[@userObjectClass]", "inetOrgPerson");
        propertyListConfiguration.addProperty("[@maxRetries]", "4");
        propertyListConfiguration.addProperty("[@retryStartInterval]", "0");
        propertyListConfiguration.addProperty("[@retryMaxInterval]", "8");
        propertyListConfiguration.addProperty("[@retryIntervalScale]", "1000");
        propertyListConfiguration.addProperty("supportsVirtualHosting", true);
        return propertyListConfiguration;
    }

    static /* synthetic */ HierarchicalConfiguration access$100() {
        return ldapRepositoryConfiguration();
    }

    static /* synthetic */ HierarchicalConfiguration access$200() {
        return ldapRepositoryConfigurationWithVirtualHosting();
    }
}
