package org.apache.james.smtpserver;

import com.google.common.collect.ImmutableList;
import java.util.Optional;
import nl.jqno.equalsverifier.EqualsVerifier;
import org.apache.commons.configuration2.BaseHierarchicalConfiguration;
import org.apache.james.core.Domain;
import org.apache.james.core.MaybeSender;
import org.apache.james.jdkim.tagvalue.SignatureRecordImpl;
import org.apache.james.protocols.smtp.hook.HookReturnCode;
import org.apache.james.smtpserver.DKIMHook;
import org.apache.mailet.base.test.FakeMail;
import org.assertj.core.api.Assertions;
import org.assertj.core.api.ThrowingConsumer;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/apache/james/smtpserver/DKIMHookTest.class */
class DKIMHookTest {
    public static final SignatureRecordImpl SIGNATURE_RECORD_1 = new SignatureRecordImpl("a=rsa-sha256; b=mPyQMaWy8a8m1H5AH/ntjNZ/bFh2l1090LieXgOqiawIAFxOoJ9PZwq/0BdBZvypfjXgg27+6TLmm/Ne59Y5X0FZq/wc8VVyWlK0JbCGu7okqbj+cQx84y4so2CuIymmLprmnWFggoNw8MaUrkDLhSKEHqLPbvvB0axy471A1ifs4CmFtNo98hk7pGzp8y/4Vxkn3wi01Dw/0cmU/cwywT7p1ut29oXsqasgsG387+d7EYxYqUqmUgohdK33gxw5RcuWz7zz5q5PMavLfOFOUh6+4v+xU3qe7ihYQC6iQyhCDHyNO6sVqcZFmK1VOMYfwV38Jf1qKiOblSVZQrRrKQ==; s=smtpoutjames; d=linagora.com; v=1; bh=GfF1eYzDvrJ9X9ZwvtyAa0qkS+FH5KN1Jj/lI0gwGzQ=; h=from : reply-to : subject : date : to : cc : resent-date : resent-from : resent-sender : resent-to : resent-cc : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive;");
    public static final SignatureRecordImpl SIGNATURE_RECORD_2 = new SignatureRecordImpl("a=rsa-sha256; b=mPyQMaWy8a8m1H5AH/ntjNZ/bFh2l1090LieXgOqiawIAFxOoJ9PZwq/0BdBZvypfjXgg27+6TLmm/Ne59Y5X0FZq/wc8VVyWlK0JbCGu7okqbj+cQx84y4so2CuIymmLprmnWFggoNw8MaUrkDLhSKEHqLPbvvB0axy471A1ifs4CmFtNo98hk7pGzp8y/4Vxkn3wi01Dw/0cmU/cwywT7p1ut29oXsqasgsG387+d7EYxYqUqmUgohdK33gxw5RcuWz7zz5q5PMavLfOFOUh6+4v+xU3qe7ihYQC6iQyhCDHyNO6sVqcZFmK1VOMYfwV38Jf1qKiOblSVZQrRrKQ==; s=smtpoutjames; d=abc.com; v=1; bh=GfF1eYzDvrJ9X9ZwvtyAa0qkS+FH5KN1Jj/lI0gwGzQ=; h=from : reply-to : subject : date : to : cc : resent-date : resent-from : resent-sender : resent-to : resent-cc : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive;");

    @Nested
    /* loaded from: input_file:org/apache/james/smtpserver/DKIMHookTest$ConfigTest.class */
    class ConfigTest {
        ConfigTest(DKIMHookTest dKIMHookTest) {
        }

        @Test
        void shouldMatchEqualsContract() {
            EqualsVerifier.forClass(DKIMHook.Config.class).verify();
        }

        @Test
        void parseShouldSpecifyDefaultValues() {
            Assertions.assertThat(DKIMHook.Config.parse(new BaseHierarchicalConfiguration())).isEqualTo(new DKIMHook.Config(true, true, Optional.empty(), Optional.empty()));
        }

        @Test
        void parseShouldPreserveSpecifiedValues() {
            BaseHierarchicalConfiguration baseHierarchicalConfiguration = new BaseHierarchicalConfiguration();
            baseHierarchicalConfiguration.addProperty("forceCRLF", false);
            baseHierarchicalConfiguration.addProperty("signatureRequired", false);
            baseHierarchicalConfiguration.addProperty("onlyForSenderDomain", "linagora.com");
            baseHierarchicalConfiguration.addProperty("expectedDToken", "apache.org");
            Assertions.assertThat(DKIMHook.Config.parse(baseHierarchicalConfiguration)).isEqualTo(new DKIMHook.Config(false, false, Optional.of(Domain.of("linagora.com")), Optional.of("apache.org")));
        }
    }

    @Nested
    /* loaded from: input_file:org/apache/james/smtpserver/DKIMHookTest$DKIMCheckNeededTest.class */
    class DKIMCheckNeededTest {
        DKIMCheckNeededTest(DKIMHookTest dKIMHookTest) {
        }

        @Test
        void onlyForSenderDomainShouldKeepWhenSenderDomainMatches() throws Exception {
            Assertions.assertThat(DKIMHook.DKIMCheckNeeded.onlyForSenderDomain(Domain.LOCALHOST).test(FakeMail.builder().name("mail").sender("bob@localhost").build())).isTrue();
        }

        @Test
        void onlyForSenderDomainShouldRejectWhenSenderDomainDoesNotMatches() throws Exception {
            Assertions.assertThat(DKIMHook.DKIMCheckNeeded.onlyForSenderDomain(Domain.LOCALHOST).test(FakeMail.builder().name("mail").sender("bob@other.com").build())).isFalse();
        }

        @Test
        void allShouldAcceptArbitrarySenderDomains() throws Exception {
            Assertions.assertThat(DKIMHook.DKIMCheckNeeded.ALL.test(FakeMail.builder().name("mail").sender("bob@other.com").build())).isTrue();
        }
    }

    @Nested
    /* loaded from: input_file:org/apache/james/smtpserver/DKIMHookTest$SignatureRecordValidationTest.class */
    class SignatureRecordValidationTest {
        SignatureRecordValidationTest(DKIMHookTest dKIMHookTest) {
        }

        @Test
        void shouldDenyWhenNoDkimRecordsWhenTrue() {
            Assertions.assertThat(DKIMHook.SignatureRecordValidation.signatureRequired(true).validate(MaybeSender.getMailSender("bob@localhost"), ImmutableList.of())).satisfies(new ThrowingConsumer[]{hookResult -> {
                Assertions.assertThat(hookResult.getResult()).isEqualTo(HookReturnCode.deny());
            }}).satisfies(new ThrowingConsumer[]{hookResult2 -> {
                Assertions.assertThat(hookResult2.getSmtpDescription()).isEqualTo("DKIM check failed. Expecting DKIM signatures. Got none.");
            }});
        }

        @Test
        void shouldDeclineWhenNoDkimRecordWhenTrue() {
            Assertions.assertThat(DKIMHook.SignatureRecordValidation.signatureRequired(false).validate(MaybeSender.getMailSender("bob@localhost"), ImmutableList.of())).satisfies(new ThrowingConsumer[]{hookResult -> {
                Assertions.assertThat(hookResult.getResult()).isEqualTo(HookReturnCode.declined());
            }});
        }

        @Test
        void shouldDeclineWhenDkimRecordWhenTrue() {
            Assertions.assertThat(DKIMHook.SignatureRecordValidation.signatureRequired(true).validate(MaybeSender.getMailSender("bob@localhost"), ImmutableList.of(DKIMHookTest.SIGNATURE_RECORD_1))).satisfies(new ThrowingConsumer[]{hookResult -> {
                Assertions.assertThat(hookResult.getResult()).isEqualTo(HookReturnCode.declined());
            }});
        }

        @Test
        void allShouldDeclineWhenNoDkimRecord() {
            Assertions.assertThat(DKIMHook.SignatureRecordValidation.ALLOW_ALL.validate(MaybeSender.getMailSender("bob@localhost"), ImmutableList.of())).satisfies(new ThrowingConsumer[]{hookResult -> {
                Assertions.assertThat(hookResult.getResult()).isEqualTo(HookReturnCode.declined());
            }});
        }

        @Test
        void allShouldDeclineWhenDkimRecord() {
            Assertions.assertThat(DKIMHook.SignatureRecordValidation.ALLOW_ALL.validate(MaybeSender.getMailSender("bob@localhost"), ImmutableList.of(DKIMHookTest.SIGNATURE_RECORD_1))).satisfies(new ThrowingConsumer[]{hookResult -> {
                Assertions.assertThat(hookResult.getResult()).isEqualTo(HookReturnCode.declined());
            }});
        }

        @Test
        void andShouldDeclineWhenBothDecline() {
            Assertions.assertThat(DKIMHook.SignatureRecordValidation.and(DKIMHook.SignatureRecordValidation.ALLOW_ALL, DKIMHook.SignatureRecordValidation.ALLOW_ALL).validate(MaybeSender.getMailSender("bob@localhost"), ImmutableList.of())).satisfies(new ThrowingConsumer[]{hookResult -> {
                Assertions.assertThat(hookResult.getResult()).isEqualTo(HookReturnCode.declined());
            }});
        }

        @Test
        void andShouldDenyWhenFirstDeny() {
            Assertions.assertThat(DKIMHook.SignatureRecordValidation.and(DKIMHook.SignatureRecordValidation.signatureRequired(true), DKIMHook.SignatureRecordValidation.ALLOW_ALL).validate(MaybeSender.getMailSender("bob@localhost"), ImmutableList.of())).satisfies(new ThrowingConsumer[]{hookResult -> {
                Assertions.assertThat(hookResult.getResult()).isEqualTo(HookReturnCode.deny());
            }}).satisfies(new ThrowingConsumer[]{hookResult2 -> {
                Assertions.assertThat(hookResult2.getSmtpDescription()).isEqualTo("DKIM check failed. Expecting DKIM signatures. Got none.");
            }});
        }

        @Test
        void andShouldDenyWhenSecondDeny() {
            Assertions.assertThat(DKIMHook.SignatureRecordValidation.and(DKIMHook.SignatureRecordValidation.ALLOW_ALL, DKIMHook.SignatureRecordValidation.signatureRequired(true)).validate(MaybeSender.getMailSender("bob@localhost"), ImmutableList.of())).satisfies(new ThrowingConsumer[]{hookResult -> {
                Assertions.assertThat(hookResult.getResult()).isEqualTo(HookReturnCode.deny());
            }}).satisfies(new ThrowingConsumer[]{hookResult2 -> {
                Assertions.assertThat(hookResult2.getSmtpDescription()).isEqualTo("DKIM check failed. Expecting DKIM signatures. Got none.");
            }});
        }

        @Test
        void andShouldKeepOnlyTheFirstSMTPDescription() {
            Assertions.assertThat(DKIMHook.SignatureRecordValidation.and(DKIMHook.SignatureRecordValidation.signatureRequired(true), DKIMHook.SignatureRecordValidation.expectedDToken("wrong.com")).validate(MaybeSender.getMailSender("bob@localhost"), ImmutableList.of())).satisfies(new ThrowingConsumer[]{hookResult -> {
                Assertions.assertThat(hookResult.getResult()).isEqualTo(HookReturnCode.deny());
            }}).satisfies(new ThrowingConsumer[]{hookResult2 -> {
                Assertions.assertThat(hookResult2.getSmtpDescription()).isEqualTo("DKIM check failed. Expecting DKIM signatures. Got none.");
            }});
        }

        @Test
        void expectedDTokenShouldDenyWhenWrongDToken() {
            Assertions.assertThat(DKIMHook.SignatureRecordValidation.expectedDToken("wrong.com").validate(MaybeSender.getMailSender("bob@localhost"), ImmutableList.of(DKIMHookTest.SIGNATURE_RECORD_1))).satisfies(new ThrowingConsumer[]{hookResult -> {
                Assertions.assertThat(hookResult.getResult()).isEqualTo(HookReturnCode.deny());
            }}).satisfies(new ThrowingConsumer[]{hookResult2 -> {
                Assertions.assertThat(hookResult2.getSmtpDescription()).isEqualTo("DKIM check failed. Wrong d token. Expecting wrong.com");
            }});
        }

        @Test
        void expectedDTokenShouldDeclineWhenGoodDToken() {
            Assertions.assertThat(DKIMHook.SignatureRecordValidation.expectedDToken("linagora.com").validate(MaybeSender.getMailSender("bob@localhost"), ImmutableList.of(DKIMHookTest.SIGNATURE_RECORD_1))).satisfies(new ThrowingConsumer[]{hookResult -> {
                Assertions.assertThat(hookResult.getResult()).isEqualTo(HookReturnCode.declined());
            }});
        }

        @Test
        void expectedDTokenShouldDeclineWhenGoodFirstDToken() {
            Assertions.assertThat(DKIMHook.SignatureRecordValidation.expectedDToken("linagora.com").validate(MaybeSender.getMailSender("bob@localhost"), ImmutableList.of(DKIMHookTest.SIGNATURE_RECORD_1, DKIMHookTest.SIGNATURE_RECORD_2))).satisfies(new ThrowingConsumer[]{hookResult -> {
                Assertions.assertThat(hookResult.getResult()).isEqualTo(HookReturnCode.declined());
            }});
        }

        @Test
        void expectedDTokenShouldDeclineWhenGoodSecondDToken() {
            Assertions.assertThat(DKIMHook.SignatureRecordValidation.expectedDToken("linagora.com").validate(MaybeSender.getMailSender("bob@localhost"), ImmutableList.of(DKIMHookTest.SIGNATURE_RECORD_2, DKIMHookTest.SIGNATURE_RECORD_1))).satisfies(new ThrowingConsumer[]{hookResult -> {
                Assertions.assertThat(hookResult.getResult()).isEqualTo(HookReturnCode.declined());
            }});
        }
    }

    DKIMHookTest() {
    }
}
