package org.apache.james.crowdsec;

import com.github.fge.lambdas.Throwing;
import java.io.EOFException;
import java.io.IOException;
import java.net.InetAddress;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.util.Base64;
import java.util.List;
import java.util.stream.IntStream;
import org.apache.commons.net.pop3.POP3Client;
import org.apache.commons.net.smtp.SMTPClient;
import org.apache.james.GuiceJamesServer;
import org.apache.james.JamesServerBuilder;
import org.apache.james.JamesServerExtension;
import org.apache.james.MemoryJamesConfiguration;
import org.apache.james.MemoryJamesServerMain;
import org.apache.james.crowdsec.client.CrowdsecClientConfiguration;
import org.apache.james.crowdsec.client.CrowdsecHttpClient;
import org.apache.james.crowdsec.model.CrowdsecDecision;
import org.apache.james.data.UsersRepositoryModuleChooser;
import org.apache.james.modules.protocols.ImapGuiceProbe;
import org.apache.james.modules.protocols.Pop3GuiceProbe;
import org.apache.james.modules.protocols.SmtpGuiceProbe;
import org.apache.james.utils.DataProbeImpl;
import org.apache.james.utils.TestIMAPClient;
import org.assertj.core.api.Assertions;
import org.assertj.core.api.SoftAssertions;
import org.awaitility.Awaitility;
import org.awaitility.Durations;
import org.awaitility.core.ConditionFactory;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;
import org.junit.jupiter.api.io.TempDir;
import org.testcontainers.utility.MountableFile;

/* loaded from: input_file:org/apache/james/crowdsec/CrowdsecIntegrationTest.class */
class CrowdsecIntegrationTest {

    @RegisterExtension
    public TestIMAPClient testIMAPClient = new TestIMAPClient();
    private static final String LOCALHOST_IP = "127.0.0.1";
    private static final String DOMAIN = "domain.tld";
    private static final String BOB = "bob@domain.tld";
    private static final String BOB_PASSWORD = "bobPassword";
    private static final String BAD_PASSWORD = "badPassword";
    private HAProxyExtension haProxyExtension;
    private SMTPClient smtpProtocol;
    private POP3Client pop3Client;
    private CrowdsecHttpClient crowdsecClient;

    @RegisterExtension
    static CrowdsecExtension crowdsecExtension = new CrowdsecExtension();

    @RegisterExtension
    static JamesServerExtension testExtension = new JamesServerBuilder(file -> {
        return MemoryJamesConfiguration.builder().workingDirectory(file).configurationFromClasspath().usersRepository(UsersRepositoryModuleChooser.Implementation.DEFAULT).build();
    }).server(MemoryJamesServerMain::createServer).extension(crowdsecExtension).lifeCycle(JamesServerExtension.Lifecycle.PER_TEST).build();
    private static final ConditionFactory CALMLY_AWAIT = Awaitility.with().pollInterval(Durations.ONE_HUNDRED_MILLISECONDS).and().pollDelay(Durations.ONE_HUNDRED_MILLISECONDS).await();

    @Nested
    /* loaded from: input_file:org/apache/james/crowdsec/CrowdsecIntegrationTest$IMAP.class */
    class IMAP {
        IMAP() {
        }

        @Test
        void ipShouldBeBannedByCrowdSecWhenFailingToImapLoginThreeTimes(GuiceJamesServer guiceJamesServer) {
            IntStream.range(0, 3).forEach(i -> {
                Assertions.assertThatThrownBy(() -> {
                    CrowdsecIntegrationTest.this.testIMAPClient.connect(CrowdsecIntegrationTest.LOCALHOST_IP, guiceJamesServer.getProbe(ImapGuiceProbe.class).getImapPort()).login(CrowdsecIntegrationTest.BOB, CrowdsecIntegrationTest.BAD_PASSWORD);
                }).isInstanceOf(IOException.class).hasMessage("Login failed");
            });
            CrowdsecIntegrationTest.CALMLY_AWAIT.atMost(Durations.TEN_SECONDS).untilAsserted(() -> {
                Assertions.assertThatThrownBy(() -> {
                    CrowdsecIntegrationTest.this.testIMAPClient.connect(CrowdsecIntegrationTest.LOCALHOST_IP, guiceJamesServer.getProbe(ImapGuiceProbe.class).getImapPort());
                }).isInstanceOf(EOFException.class).hasMessage("Connection closed without indication.");
            });
        }

        @Test
        void imapConnectionShouldRejectedAfterThreeFailedIMAPAuthenticationsViaProxy() {
            IntStream.range(0, 3).forEach(Throwing.intConsumer(i -> {
                Assertions.assertThatThrownBy(() -> {
                    CrowdsecIntegrationTest.this.testIMAPClient.connect(CrowdsecIntegrationTest.LOCALHOST_IP, CrowdsecIntegrationTest.this.haProxyExtension.getProxiedImapPort()).login(CrowdsecIntegrationTest.BOB, CrowdsecIntegrationTest.BAD_PASSWORD);
                }).isInstanceOf(IOException.class).hasMessage("Login failed");
            }));
            CrowdsecIntegrationTest.CALMLY_AWAIT.atMost(Durations.TEN_SECONDS).untilAsserted(() -> {
                Assertions.assertThatThrownBy(() -> {
                    CrowdsecIntegrationTest.this.testIMAPClient.connect(CrowdsecIntegrationTest.LOCALHOST_IP, CrowdsecIntegrationTest.this.haProxyExtension.getProxiedImapPort()).login(CrowdsecIntegrationTest.BOB, CrowdsecIntegrationTest.BOB_PASSWORD);
                }).isInstanceOf(EOFException.class).hasMessage("Connection closed without indication.");
            });
        }

        @Test
        void shouldBanRealClientIpAndNotProxyIp() {
            IntStream.range(0, 3).forEach(Throwing.intConsumer(i -> {
                Assertions.assertThatThrownBy(() -> {
                    CrowdsecIntegrationTest.this.testIMAPClient.connect(CrowdsecIntegrationTest.LOCALHOST_IP, CrowdsecIntegrationTest.this.haProxyExtension.getProxiedImapPort()).login(CrowdsecIntegrationTest.BOB, CrowdsecIntegrationTest.BAD_PASSWORD);
                }).isInstanceOf(IOException.class).hasMessage("Login failed");
            }));
            CrowdsecIntegrationTest.CALMLY_AWAIT.atMost(Durations.TEN_SECONDS).untilAsserted(() -> {
                Assertions.assertThatThrownBy(() -> {
                    CrowdsecIntegrationTest.this.testIMAPClient.connect(CrowdsecIntegrationTest.LOCALHOST_IP, CrowdsecIntegrationTest.this.haProxyExtension.getProxiedImapPort()).login(CrowdsecIntegrationTest.BOB, CrowdsecIntegrationTest.BOB_PASSWORD);
                }).isInstanceOf(EOFException.class).hasMessage("Connection closed without indication.");
            });
            String gateway = CrowdsecIntegrationTest.this.haProxyExtension.getHaproxyContainer().getContainerInfo().getNetworkSettings().getGateway();
            String ipAddress = CrowdsecIntegrationTest.this.haProxyExtension.getHaproxyContainer().getContainerInfo().getNetworkSettings().getIpAddress();
            List list = (List) CrowdsecIntegrationTest.this.crowdsecClient.getCrowdsecDecisions().block();
            SoftAssertions.assertSoftly(softAssertions -> {
                softAssertions.assertThat(list).hasSize(1);
                softAssertions.assertThat(((CrowdsecDecision) list.get(0)).getValue()).isEqualTo(gateway);
                softAssertions.assertThat(((CrowdsecDecision) list.get(0)).getValue()).isNotEqualTo(ipAddress);
            });
        }
    }

    @Nested
    /* loaded from: input_file:org/apache/james/crowdsec/CrowdsecIntegrationTest$POP3.class */
    class POP3 {
        POP3() {
        }

        @Test
        void shouldRejectConnectionAfterThreeFailedPop3Authentications(GuiceJamesServer guiceJamesServer) {
            IntStream.range(0, 3).forEach(Throwing.intConsumer(i -> {
                CrowdsecIntegrationTest.this.pop3Client.connect(CrowdsecIntegrationTest.LOCALHOST_IP, guiceJamesServer.getProbe(Pop3GuiceProbe.class).getPop3Port());
                CrowdsecIntegrationTest.this.pop3Client.sendCommand("user", CrowdsecIntegrationTest.BOB);
                CrowdsecIntegrationTest.this.pop3Client.sendCommand("pass", CrowdsecIntegrationTest.BAD_PASSWORD);
                CrowdsecIntegrationTest.this.pop3Client.sendCommand("noop");
                Assertions.assertThat(CrowdsecIntegrationTest.this.pop3Client.getReplyString()).startsWith("-ERR");
            }));
            CrowdsecIntegrationTest.CALMLY_AWAIT.atMost(Durations.TEN_SECONDS).untilAsserted(() -> {
                Assertions.assertThatThrownBy(() -> {
                    CrowdsecIntegrationTest.this.pop3Client.connect(CrowdsecIntegrationTest.LOCALHOST_IP, guiceJamesServer.getProbe(Pop3GuiceProbe.class).getPop3Port());
                }).isInstanceOf(EOFException.class).hasMessage("Connection closed without indication.");
            });
        }

        @Test
        void shouldRejectConnectionAfterThreeFailedPop3AuthenticationsViaProxy() {
            IntStream.range(0, 3).forEach(Throwing.intConsumer(i -> {
                CrowdsecIntegrationTest.this.pop3Client.connect(CrowdsecIntegrationTest.LOCALHOST_IP, CrowdsecIntegrationTest.this.haProxyExtension.getProxiedPop3Port());
                CrowdsecIntegrationTest.this.pop3Client.sendCommand("user", CrowdsecIntegrationTest.BOB);
                CrowdsecIntegrationTest.this.pop3Client.sendCommand("pass", CrowdsecIntegrationTest.BAD_PASSWORD);
                CrowdsecIntegrationTest.this.pop3Client.sendCommand("noop");
                Assertions.assertThat(CrowdsecIntegrationTest.this.pop3Client.getReplyString()).startsWith("-ERR");
            }));
            CrowdsecIntegrationTest.CALMLY_AWAIT.atMost(Durations.TEN_SECONDS).untilAsserted(() -> {
                Assertions.assertThatThrownBy(() -> {
                    CrowdsecIntegrationTest.this.pop3Client.connect(CrowdsecIntegrationTest.LOCALHOST_IP, CrowdsecIntegrationTest.this.haProxyExtension.getProxiedPop3Port());
                }).isInstanceOf(EOFException.class).hasMessage("Connection closed without indication.");
            });
        }

        @Test
        void shouldBanRealClientIpAndNotProxyIp() {
            IntStream.range(0, 3).forEach(Throwing.intConsumer(i -> {
                CrowdsecIntegrationTest.this.pop3Client.connect(CrowdsecIntegrationTest.LOCALHOST_IP, CrowdsecIntegrationTest.this.haProxyExtension.getProxiedPop3Port());
                CrowdsecIntegrationTest.this.pop3Client.sendCommand("user", CrowdsecIntegrationTest.BOB);
                CrowdsecIntegrationTest.this.pop3Client.sendCommand("pass", CrowdsecIntegrationTest.BAD_PASSWORD);
                CrowdsecIntegrationTest.this.pop3Client.sendCommand("noop");
                Assertions.assertThat(CrowdsecIntegrationTest.this.pop3Client.getReplyString()).startsWith("-ERR");
            }));
            CrowdsecIntegrationTest.CALMLY_AWAIT.atMost(Durations.TEN_SECONDS).untilAsserted(() -> {
                Assertions.assertThatThrownBy(() -> {
                    CrowdsecIntegrationTest.this.pop3Client.connect(CrowdsecIntegrationTest.LOCALHOST_IP, CrowdsecIntegrationTest.this.haProxyExtension.getProxiedPop3Port());
                }).isInstanceOf(EOFException.class).hasMessage("Connection closed without indication.");
            });
            String gateway = CrowdsecIntegrationTest.this.haProxyExtension.getHaproxyContainer().getContainerInfo().getNetworkSettings().getGateway();
            String ipAddress = CrowdsecIntegrationTest.this.haProxyExtension.getHaproxyContainer().getContainerInfo().getNetworkSettings().getIpAddress();
            List list = (List) CrowdsecIntegrationTest.this.crowdsecClient.getCrowdsecDecisions().block();
            SoftAssertions.assertSoftly(softAssertions -> {
                softAssertions.assertThat(list).hasSize(1);
                softAssertions.assertThat(((CrowdsecDecision) list.get(0)).getValue()).isEqualTo(gateway);
                softAssertions.assertThat(((CrowdsecDecision) list.get(0)).getValue()).isNotEqualTo(ipAddress);
            });
        }
    }

    @Nested
    /* loaded from: input_file:org/apache/james/crowdsec/CrowdsecIntegrationTest$SMTP.class */
    class SMTP {
        SMTP() {
        }

        @Test
        void ehloShouldRejectAfterThreeFailedSMTPAuthentications(GuiceJamesServer guiceJamesServer) {
            IntStream.range(0, 3).forEach(Throwing.intConsumer(i -> {
                CrowdsecIntegrationTest.this.smtpProtocol.connect(CrowdsecIntegrationTest.LOCALHOST_IP, guiceJamesServer.getProbe(SmtpGuiceProbe.class).getSmtpPort().getValue());
                CrowdsecIntegrationTest.this.smtpProtocol.sendCommand("EHLO", InetAddress.getLocalHost().toString());
                CrowdsecIntegrationTest.this.smtpProtocol.sendCommand("AUTH PLAIN");
                CrowdsecIntegrationTest.this.smtpProtocol.sendCommand(Base64.getEncoder().encodeToString("��bob@domain.tld��badPassword��".getBytes(StandardCharsets.UTF_8)));
                Assertions.assertThat(CrowdsecIntegrationTest.this.smtpProtocol.getReplyString()).contains(new CharSequence[]{"535 Authentication Failed"});
            }));
            CrowdsecIntegrationTest.CALMLY_AWAIT.atMost(Durations.TEN_SECONDS).untilAsserted(() -> {
                CrowdsecIntegrationTest.this.smtpProtocol.connect(CrowdsecIntegrationTest.LOCALHOST_IP, guiceJamesServer.getProbe(SmtpGuiceProbe.class).getSmtpPort().getValue());
                CrowdsecIntegrationTest.this.smtpProtocol.sendCommand("EHLO", InetAddress.getLocalHost().toString());
                Assertions.assertThat(CrowdsecIntegrationTest.this.smtpProtocol.getReplyString()).contains(new CharSequence[]{"554 Email rejected"});
            });
        }

        @Test
        void ehloShouldRejectAfterThreeFailedSMTPAuthenticationsViaProxy() {
            IntStream.range(0, 3).forEach(Throwing.intConsumer(i -> {
                CrowdsecIntegrationTest.this.smtpProtocol.connect(CrowdsecIntegrationTest.LOCALHOST_IP, CrowdsecIntegrationTest.this.haProxyExtension.getProxiedSmtpPort());
                CrowdsecIntegrationTest.this.smtpProtocol.sendCommand("EHLO", InetAddress.getLocalHost().toString());
                CrowdsecIntegrationTest.this.smtpProtocol.sendCommand("AUTH PLAIN");
                CrowdsecIntegrationTest.this.smtpProtocol.sendCommand(Base64.getEncoder().encodeToString("��bob@domain.tld��badPassword��".getBytes(StandardCharsets.UTF_8)));
                Assertions.assertThat(CrowdsecIntegrationTest.this.smtpProtocol.getReplyString()).contains(new CharSequence[]{"535 Authentication Failed"});
            }));
            CrowdsecIntegrationTest.CALMLY_AWAIT.atMost(Durations.TEN_SECONDS).untilAsserted(() -> {
                CrowdsecIntegrationTest.this.smtpProtocol.connect(CrowdsecIntegrationTest.LOCALHOST_IP, CrowdsecIntegrationTest.this.haProxyExtension.getProxiedSmtpPort());
                CrowdsecIntegrationTest.this.smtpProtocol.sendCommand("EHLO", InetAddress.getLocalHost().toString());
                Assertions.assertThat(CrowdsecIntegrationTest.this.smtpProtocol.getReplyString()).contains(new CharSequence[]{"554 Email rejected"});
            });
        }

        @Test
        void shouldBanRealClientIpAndNotProxyIp() {
            IntStream.range(0, 3).forEach(Throwing.intConsumer(i -> {
                CrowdsecIntegrationTest.this.smtpProtocol.connect(CrowdsecIntegrationTest.LOCALHOST_IP, CrowdsecIntegrationTest.this.haProxyExtension.getProxiedSmtpPort());
                CrowdsecIntegrationTest.this.smtpProtocol.sendCommand("EHLO", InetAddress.getLocalHost().toString());
                CrowdsecIntegrationTest.this.smtpProtocol.sendCommand("AUTH PLAIN");
                CrowdsecIntegrationTest.this.smtpProtocol.sendCommand(Base64.getEncoder().encodeToString("��bob@domain.tld��badPassword��".getBytes(StandardCharsets.UTF_8)));
                Assertions.assertThat(CrowdsecIntegrationTest.this.smtpProtocol.getReplyString()).contains(new CharSequence[]{"535 Authentication Failed"});
            }));
            CrowdsecIntegrationTest.CALMLY_AWAIT.atMost(Durations.TEN_SECONDS).untilAsserted(() -> {
                CrowdsecIntegrationTest.this.smtpProtocol.connect(CrowdsecIntegrationTest.LOCALHOST_IP, CrowdsecIntegrationTest.this.haProxyExtension.getProxiedSmtpPort());
                CrowdsecIntegrationTest.this.smtpProtocol.sendCommand("EHLO", InetAddress.getLocalHost().toString());
                Assertions.assertThat(CrowdsecIntegrationTest.this.smtpProtocol.getReplyString()).contains(new CharSequence[]{"554 Email rejected"});
            });
            String gateway = CrowdsecIntegrationTest.this.haProxyExtension.getHaproxyContainer().getContainerInfo().getNetworkSettings().getGateway();
            String ipAddress = CrowdsecIntegrationTest.this.haProxyExtension.getHaproxyContainer().getContainerInfo().getNetworkSettings().getIpAddress();
            List list = (List) CrowdsecIntegrationTest.this.crowdsecClient.getCrowdsecDecisions().block();
            SoftAssertions.assertSoftly(softAssertions -> {
                softAssertions.assertThat(list).hasSize(1);
                softAssertions.assertThat(((CrowdsecDecision) list.get(0)).getValue()).isEqualTo(gateway);
                softAssertions.assertThat(((CrowdsecDecision) list.get(0)).getValue()).isNotEqualTo(ipAddress);
            });
        }
    }

    CrowdsecIntegrationTest() {
    }

    @BeforeEach
    void setup(GuiceJamesServer guiceJamesServer, @TempDir Path path) throws Exception {
        guiceJamesServer.getProbe(DataProbeImpl.class).fluent().addDomain(DOMAIN).addUser(BOB, BOB_PASSWORD);
        this.haProxyExtension = new HAProxyExtension(MountableFile.forHostPath(createHaProxyConfigFile(guiceJamesServer, path).toString()));
        this.haProxyExtension.start();
        this.smtpProtocol = new SMTPClient();
        this.crowdsecClient = new CrowdsecHttpClient(new CrowdsecClientConfiguration(crowdsecExtension.getCrowdSecUrl(), "default_api_key"));
        this.pop3Client = new POP3Client();
    }

    private Path createHaProxyConfigFile(GuiceJamesServer guiceJamesServer, Path path) throws IOException {
        String gateway = crowdsecExtension.getCrowdsecContainer().getContainerInfo().getNetworkSettings().getGateway();
        String format = String.format("global\n  log stdout format raw local0 info\n\ndefaults\n  mode tcp\n  timeout client 1800s\n  timeout connect 5s\n  timeout server 1800s\n  log global\n  option tcplog\n\nfrontend smtp-frontend\n  bind :25\n  default_backend james-server-smtp\n\nbackend james-server-smtp\n  server james1 %s:%d send-proxy\n\nfrontend imap-frontend\n  bind :143\n  default_backend james-server-imap\n\nbackend james-server-imap\n  server james2 %s:%d send-proxy\n\nfrontend pop3-frontend\n  bind :110\n  default_backend james-server-pop3\n\nbackend james-server-pop3\n  server james3 %s:%d send-proxy\n", gateway, Integer.valueOf(guiceJamesServer.getProbe(SmtpGuiceProbe.class).getSmtpAuthRequiredPort().getValue()), gateway, Integer.valueOf(((Integer) guiceJamesServer.getProbe(ImapGuiceProbe.class).getPort(abstractConfigurableAsyncServer -> {
            return abstractConfigurableAsyncServer.getHelloName().equals("imapServerWithProxyEnabled");
        }).get()).intValue()), gateway, Integer.valueOf(((Integer) guiceJamesServer.getProbe(Pop3GuiceProbe.class).getPort(abstractConfigurableAsyncServer2 -> {
            return abstractConfigurableAsyncServer2.getHelloName().equals("pop3ServerWithProxyEnabled");
        }).get()).intValue()));
        Path resolve = path.resolve("haproxy.cfg");
        Files.write(resolve, format.getBytes(), new OpenOption[0]);
        return resolve;
    }

    @AfterEach
    void teardown() {
        this.haProxyExtension.stop();
    }
}
