package org.apache.james.transport.mailets;

import com.google.inject.Module;
import com.google.inject.util.Modules;
import io.restassured.RestAssured;
import io.restassured.specification.RequestSpecification;
import java.io.File;
import org.apache.james.MemoryJamesServerMain;
import org.apache.james.core.builder.MimeMessageBuilder;
import org.apache.james.mailets.TemporaryJamesServer;
import org.apache.james.mailets.configuration.Constants;
import org.apache.james.mailets.configuration.MailetConfiguration;
import org.apache.james.mailets.configuration.ProcessorConfiguration;
import org.apache.james.mailets.crypto.SMIMECheckSignatureIntegrationTest;
import org.apache.james.mailrepository.api.MailRepositoryUrl;
import org.apache.james.modules.protocols.ImapGuiceProbe;
import org.apache.james.modules.protocols.SmtpGuiceProbe;
import org.apache.james.transport.matchers.dlp.Dlp;
import org.apache.james.util.ClassLoaderUtils;
import org.apache.james.utils.DataProbeImpl;
import org.apache.james.utils.SMTPMessageSender;
import org.apache.james.utils.TestIMAPClient;
import org.apache.james.utils.WebAdminGuiceProbe;
import org.apache.james.webadmin.WebAdminUtils;
import org.apache.mailet.base.test.FakeMail;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;
import org.junit.jupiter.api.io.TempDir;

/* loaded from: input_file:org/apache/james/transport/mailets/DlpIntegrationTest.class */
class DlpIntegrationTest {
    public static final String REPOSITORY_PREFIX = "memory://var/mail/dlp/quarantine/";

    @RegisterExtension
    public TestIMAPClient testIMAPClient = new TestIMAPClient();

    @RegisterExtension
    public SMTPMessageSender messageSender = new SMTPMessageSender("james.org");
    private TemporaryJamesServer jamesServer;
    private RequestSpecification specification;

    DlpIntegrationTest() {
    }

    private void createJamesServer(File file, MailetConfiguration.Builder builder) throws Exception {
        this.jamesServer = TemporaryJamesServer.builder().withBase(Modules.combine(new Module[]{MemoryJamesServerMain.SMTP_AND_IMAP_MODULE, MemoryJamesServerMain.WEBADMIN_TESTING})).withMailetContainer(TemporaryJamesServer.defaultMailetContainerConfiguration().putProcessor(ProcessorConfiguration.transport().addMailet(MailetConfiguration.BCC_STRIPPER).addMailet(builder).addMailet(MailetConfiguration.LOCAL_DELIVERY))).build(file);
        this.jamesServer.start();
        this.jamesServer.getProbe(DataProbeImpl.class).fluent().addDomain("james.org").addUser("user@james.org", SMIMECheckSignatureIntegrationTest.PASSWORD).addUser("user2@james.org", SMIMECheckSignatureIntegrationTest.PASSWORD).addUser("user3@james.org", SMIMECheckSignatureIntegrationTest.PASSWORD);
        this.specification = WebAdminUtils.spec(this.jamesServer.getProbe(WebAdminGuiceProbe.class).getWebAdminPort());
    }

    @AfterEach
    void tearDown() {
        this.jamesServer.shutdown();
    }

    @Test
    void dlpShouldStoreMatchingEmails(@TempDir File file) throws Exception {
        createJamesServer(file, MailetConfiguration.builder().matcher(Dlp.class).mailet(ToSenderDomainRepository.class).addProperty("urlPrefix", REPOSITORY_PREFIX));
        RestAssured.given().spec(this.specification).body("{\"rules\":[{  \"id\": \"1\",  \"expression\": \"match me\",  \"explanation\": \"A simple DLP rule.\",  \"targetsSender\": false,  \"targetsRecipients\": false,  \"targetsContent\": true}]}").put("/dlp/rules/james.org", new Object[0]);
        this.messageSender.connect("127.0.0.1", this.jamesServer.getProbe(SmtpGuiceProbe.class).getSmtpPort()).authenticate("user@james.org", SMIMECheckSignatureIntegrationTest.PASSWORD).sendMessage(FakeMail.builder().name("name").mimeMessage(MimeMessageBuilder.mimeMessageBuilder().addToRecipient("user2@james.org").setSender("user@james.org").setText("match me")).sender("user@james.org").recipient("user2@james.org"));
        Constants.awaitAtMostOneMinute.until(() -> {
            return Boolean.valueOf(containsExactlyOneMail(MailRepositoryUrl.from("memory://var/mail/dlp/quarantine/james.org")));
        });
    }

    @Test
    void dlpShouldNotCreateRepositoryWhenNotAllowed(@TempDir File file) throws Exception {
        createJamesServer(file, MailetConfiguration.builder().matcher(Dlp.class).mailet(ToSenderDomainRepository.class).addProperty("urlPrefix", REPOSITORY_PREFIX).addProperty("allowRepositoryCreation", "false"));
        RestAssured.given().spec(this.specification).body("{\"rules\":[[{  \"id\": \"1\",  \"expression\": \"match me\",  \"explanation\": \"A simple DLP rule.\",  \"targetsSender\": false,  \"targetsRecipients\": false,  \"targetsContent\": true}]}").put("/dlp/rules/james.org", new Object[0]);
        this.messageSender.connect("127.0.0.1", this.jamesServer.getProbe(SmtpGuiceProbe.class).getSmtpPort()).authenticate("user@james.org", SMIMECheckSignatureIntegrationTest.PASSWORD).sendMessage(FakeMail.builder().name("name").mimeMessage(MimeMessageBuilder.mimeMessageBuilder().addToRecipient("user2@james.org").setSender("user@james.org").setText("match me")).sender("user@james.org").recipient("user2@james.org"));
        RestAssured.given().spec(this.specification).get("/mailRepositories/" + MailRepositoryUrl.from("memory://var/mail/dlp/quarantine/james.org").getPath().urlEncoded() + "/mails", new Object[0]).then().statusCode(404);
    }

    @Test
    void dlpShouldCreateRepositoryWhenAllowed(@TempDir File file) throws Exception {
        createJamesServer(file, MailetConfiguration.builder().matcher(Dlp.class).mailet(ToSenderDomainRepository.class).addProperty("urlPrefix", REPOSITORY_PREFIX).addProperty("allowRepositoryCreation", "true"));
        MailRepositoryUrl from = MailRepositoryUrl.from("memory://var/mail/dlp/quarantine/james.org");
        RestAssured.given().spec(this.specification).body("{\"rules\":[{  \"id\": \"1\",  \"expression\": \"match me\",  \"explanation\": \"A simple DLP rule.\",  \"targetsSender\": false,  \"targetsRecipients\": false,  \"targetsContent\": true}]}").put("/dlp/rules/james.org", new Object[0]);
        this.messageSender.connect("127.0.0.1", this.jamesServer.getProbe(SmtpGuiceProbe.class).getSmtpPort()).authenticate("user@james.org", SMIMECheckSignatureIntegrationTest.PASSWORD).sendMessage(FakeMail.builder().name("name").mimeMessage(MimeMessageBuilder.mimeMessageBuilder().addToRecipient("user2@james.org").setSender("user@james.org").setText("match me")).sender("user@james.org").recipient("user2@james.org"));
        Constants.awaitAtMostOneMinute.until(() -> {
            return Boolean.valueOf(containsExactlyOneMail(from));
        });
    }

    @Test
    void dlpShouldStoreMailWhenNotAllowedButRepositoryExists(@TempDir File file) throws Exception {
        createJamesServer(file, MailetConfiguration.builder().matcher(Dlp.class).mailet(ToSenderDomainRepository.class).addProperty("urlPrefix", REPOSITORY_PREFIX).addProperty("allowRepositoryCreation", "false"));
        MailRepositoryUrl from = MailRepositoryUrl.from("memory://var/mail/dlp/quarantine/james.org");
        RestAssured.given().spec(this.specification).param("protocol", new Object[]{from.getProtocol().getValue()}).put("/mailRepositories/" + from.getPath().urlEncoded(), new Object[0]);
        RestAssured.given().spec(this.specification).body("{\"rules\":[{  \"id\": \"1\",  \"expression\": \"match me\",  \"explanation\": \"A simple DLP rule.\",  \"targetsSender\": false,  \"targetsRecipients\": false,  \"targetsContent\": true}]}").put("/dlp/rules/james.org", new Object[0]);
        this.messageSender.connect("127.0.0.1", this.jamesServer.getProbe(SmtpGuiceProbe.class).getSmtpPort()).authenticate("user@james.org", SMIMECheckSignatureIntegrationTest.PASSWORD).sendMessage(FakeMail.builder().name("name").mimeMessage(MimeMessageBuilder.mimeMessageBuilder().addToRecipient("user2@james.org").setSender("user@james.org").setText("match me")).sender("user@james.org").recipient("user2@james.org"));
        Constants.awaitAtMostOneMinute.until(() -> {
            return Boolean.valueOf(containsExactlyOneMail(from));
        });
    }

    @Test
    void dlpShouldBeAbleToReadMailContentWithAttachments(@TempDir File file) throws Exception {
        createJamesServer(file, MailetConfiguration.builder().matcher(Dlp.class).mailet(ToSenderDomainRepository.class).addProperty("urlPrefix", REPOSITORY_PREFIX).addProperty("allowRepositoryCreation", "false"));
        MailRepositoryUrl from = MailRepositoryUrl.from("memory://var/mail/dlp/quarantine/james.org");
        RestAssured.given().spec(this.specification).param("protocol", new Object[]{from.getProtocol().getValue()}).put("/mailRepositories/" + from.getPath().urlEncoded(), new Object[0]);
        RestAssured.given().spec(this.specification).body("{\"rules\":[{  \"id\": \"1\",  \"expression\": \"matchMe\",  \"explanation\": \"\",  \"targetsSender\": false,  \"targetsRecipients\": false,  \"targetsContent\": true}]}").put("/dlp/rules/james.org", new Object[0]);
        this.messageSender.connect("127.0.0.1", this.jamesServer.getProbe(SmtpGuiceProbe.class).getSmtpAuthRequiredPort()).authenticate("user@james.org", SMIMECheckSignatureIntegrationTest.PASSWORD).sendMessageWithHeaders("user@james.org", "user2@james.org", ClassLoaderUtils.getSystemResourceAsString("eml/dlp_read_mail_with_attachment.eml"));
        this.testIMAPClient.connect("127.0.0.1", this.jamesServer.getProbe(ImapGuiceProbe.class).getImapPort()).login("user2@james.org", SMIMECheckSignatureIntegrationTest.PASSWORD).select("INBOX").awaitMessage(Constants.awaitAtMostOneMinute);
        Assertions.assertThat(this.testIMAPClient.readFirstMessage()).containsSequence(new CharSequence[]{"dlp subject"});
    }

    private boolean containsExactlyOneMail(MailRepositoryUrl mailRepositoryUrl) {
        try {
            return RestAssured.given().spec(this.specification).get("/mailRepositories/" + mailRepositoryUrl.getPath().urlEncoded() + "/mails", new Object[0]).jsonPath().getList(".").size() == 1;
        } catch (Exception e) {
            return false;
        }
    }
}
