package org.apache.james;

import com.google.inject.Module;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.ByteBuffer;
import java.nio.channels.SocketChannel;
import java.nio.charset.StandardCharsets;
import org.apache.james.core.Domain;
import org.apache.james.data.UsersRepositoryModuleChooser;
import org.apache.james.modules.TestJMAPServerModule;
import org.apache.james.modules.protocols.SmtpGuiceProbe;
import org.apache.james.util.ClassLoaderUtils;
import org.apache.james.utils.DataProbeImpl;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

/* loaded from: input_file:org/apache/james/DKIMHookIntegrationTest.class */
public class DKIMHookIntegrationTest {
    private static final Domain DOMAIN = Domain.of("avocat.fr");

    @RegisterExtension
    static JamesServerExtension jamesServerExtension = new JamesServerBuilder(file -> {
        return MemoryJamesConfiguration.builder().workingDirectory(file).configurationFromClasspath().usersRepository(UsersRepositoryModuleChooser.Implementation.DEFAULT).build();
    }).server(memoryJamesConfiguration -> {
        return MemoryJamesServerMain.createServer(memoryJamesConfiguration).overrideWith(new Module[]{new TestJMAPServerModule()});
    }).build();

    @BeforeEach
    void setUp(GuiceJamesServer guiceJamesServer) throws Exception {
        guiceJamesServer.getProbe(DataProbeImpl.class).fluent().addDomain(DOMAIN.asString()).addUser("user@" + DOMAIN.asString(), "pass1");
    }

    @Test
    void shouldRejectCheckedDomainWhenNotSigned(GuiceJamesServer guiceJamesServer) throws Exception {
        SocketChannel open = SocketChannel.open();
        open.connect(new InetSocketAddress("127.0.0.1", guiceJamesServer.getProbe(SmtpGuiceProbe.class).getSmtpPort().getValue()));
        readBytes(open);
        open.write(ByteBuffer.wrap(("EHLO " + DOMAIN.asString() + "\r\n").getBytes(StandardCharsets.UTF_8)));
        readBytes(open);
        open.write(ByteBuffer.wrap(("MAIL FROM: <user@" + DOMAIN.asString() + ">\r\n").getBytes(StandardCharsets.UTF_8)));
        readBytes(open);
        open.write(ByteBuffer.wrap(("RCPT TO: <user@" + DOMAIN.asString() + ">\r\n").getBytes(StandardCharsets.UTF_8)));
        readBytes(open);
        open.write(ByteBuffer.wrap("DATA\r\n".getBytes(StandardCharsets.UTF_8)));
        readBytes(open);
        open.write(ByteBuffer.wrap("header:value\r\n\r\nbody".getBytes(StandardCharsets.UTF_8)));
        open.write(ByteBuffer.wrap("\r\n".getBytes(StandardCharsets.UTF_8)));
        open.write(ByteBuffer.wrap(".".getBytes(StandardCharsets.UTF_8)));
        open.write(ByteBuffer.wrap("\r\n".getBytes(StandardCharsets.UTF_8)));
        byte[] readBytes = readBytes(open);
        open.write(ByteBuffer.wrap("QUIT\r\n".getBytes(StandardCharsets.UTF_8)));
        Assertions.assertThat(new String(readBytes, StandardCharsets.UTF_8)).contains(new CharSequence[]{"530 DKIM check failed. Expecting DKIM signatures. Got none."});
    }

    @Test
    void shouldAcceptNotCheckedDomains(GuiceJamesServer guiceJamesServer) throws Exception {
        SocketChannel open = SocketChannel.open();
        open.connect(new InetSocketAddress("127.0.0.1", guiceJamesServer.getProbe(SmtpGuiceProbe.class).getSmtpPort().getValue()));
        readBytes(open);
        open.write(ByteBuffer.wrap("EHLO whatever.com\r\n".getBytes(StandardCharsets.UTF_8)));
        readBytes(open);
        open.write(ByteBuffer.wrap("MAIL FROM: <user@whatever.com>\r\n".getBytes(StandardCharsets.UTF_8)));
        readBytes(open);
        open.write(ByteBuffer.wrap(("RCPT TO: <user@" + DOMAIN.asString() + ">\r\n").getBytes(StandardCharsets.UTF_8)));
        readBytes(open);
        open.write(ByteBuffer.wrap("DATA\r\n".getBytes(StandardCharsets.UTF_8)));
        readBytes(open);
        open.write(ByteBuffer.wrap("header:value\r\n\r\nbody".getBytes(StandardCharsets.UTF_8)));
        open.write(ByteBuffer.wrap("\r\n".getBytes(StandardCharsets.UTF_8)));
        open.write(ByteBuffer.wrap(".".getBytes(StandardCharsets.UTF_8)));
        open.write(ByteBuffer.wrap("\r\n".getBytes(StandardCharsets.UTF_8)));
        byte[] readBytes = readBytes(open);
        open.write(ByteBuffer.wrap("QUIT\r\n".getBytes(StandardCharsets.UTF_8)));
        Assertions.assertThat(new String(readBytes, StandardCharsets.UTF_8)).contains(new CharSequence[]{"250 2.6.0 Message received"});
    }

    @Test
    void shouldAcceptEmailsForCheckedDomainsWhenSigned(GuiceJamesServer guiceJamesServer) throws Exception {
        SocketChannel open = SocketChannel.open();
        open.connect(new InetSocketAddress("127.0.0.1", guiceJamesServer.getProbe(SmtpGuiceProbe.class).getSmtpPort().getValue()));
        readBytes(open);
        open.write(ByteBuffer.wrap(("EHLO " + DOMAIN.asString() + "\r\n").getBytes(StandardCharsets.UTF_8)));
        readBytes(open);
        open.write(ByteBuffer.wrap(("MAIL FROM: <user@" + DOMAIN.asString() + ">\r\n").getBytes(StandardCharsets.UTF_8)));
        readBytes(open);
        open.write(ByteBuffer.wrap(("RCPT TO: <user@" + DOMAIN.asString() + ">\r\n").getBytes(StandardCharsets.UTF_8)));
        readBytes(open);
        open.write(ByteBuffer.wrap("DATA\r\n".getBytes(StandardCharsets.UTF_8)));
        readBytes(open);
        open.write(ByteBuffer.wrap(ClassLoaderUtils.getSystemResourceAsByteArray("eml/goodDkim.eml")));
        open.write(ByteBuffer.wrap("\r\n".getBytes(StandardCharsets.UTF_8)));
        open.write(ByteBuffer.wrap(".".getBytes(StandardCharsets.UTF_8)));
        open.write(ByteBuffer.wrap("\r\n".getBytes(StandardCharsets.UTF_8)));
        byte[] readBytes = readBytes(open);
        open.write(ByteBuffer.wrap("QUIT\r\n".getBytes(StandardCharsets.UTF_8)));
        Assertions.assertThat(new String(readBytes, StandardCharsets.UTF_8)).contains(new CharSequence[]{"250 2.6.0 Message received"});
    }

    @Test
    void shouldRejectInvalidDKIMSignatures(GuiceJamesServer guiceJamesServer) throws Exception {
        SocketChannel open = SocketChannel.open();
        open.connect(new InetSocketAddress("127.0.0.1", guiceJamesServer.getProbe(SmtpGuiceProbe.class).getSmtpPort().getValue()));
        readBytes(open);
        open.write(ByteBuffer.wrap(("EHLO " + DOMAIN.asString() + "\r\n").getBytes(StandardCharsets.UTF_8)));
        readBytes(open);
        open.write(ByteBuffer.wrap(("MAIL FROM: <user@" + DOMAIN.asString() + ">\r\n").getBytes(StandardCharsets.UTF_8)));
        readBytes(open);
        open.write(ByteBuffer.wrap(("RCPT TO: <user@" + DOMAIN.asString() + ">\r\n").getBytes(StandardCharsets.UTF_8)));
        readBytes(open);
        open.write(ByteBuffer.wrap("DATA\r\n".getBytes(StandardCharsets.UTF_8)));
        readBytes(open);
        open.write(ByteBuffer.wrap(ClassLoaderUtils.getSystemResourceAsByteArray("eml/badDkim.eml")));
        open.write(ByteBuffer.wrap("\r\n".getBytes(StandardCharsets.UTF_8)));
        open.write(ByteBuffer.wrap(".".getBytes(StandardCharsets.UTF_8)));
        open.write(ByteBuffer.wrap("\r\n".getBytes(StandardCharsets.UTF_8)));
        byte[] readBytes = readBytes(open);
        open.write(ByteBuffer.wrap("QUIT\r\n".getBytes(StandardCharsets.UTF_8)));
        Assertions.assertThat(new String(readBytes, StandardCharsets.UTF_8)).contains(new CharSequence[]{"530 DKIM check failed. Invalid signature."});
    }

    @Test
    void shouldRejectCheckedDomainsWhenSignatureOfOtherDomain(GuiceJamesServer guiceJamesServer) throws Exception {
        SocketChannel open = SocketChannel.open();
        open.connect(new InetSocketAddress("127.0.0.1", guiceJamesServer.getProbe(SmtpGuiceProbe.class).getSmtpPort().getValue()));
        readBytes(open);
        open.write(ByteBuffer.wrap(("EHLO " + DOMAIN.asString() + "\r\n").getBytes(StandardCharsets.UTF_8)));
        readBytes(open);
        open.write(ByteBuffer.wrap(("MAIL FROM: <user@" + DOMAIN.asString() + ">\r\n").getBytes(StandardCharsets.UTF_8)));
        readBytes(open);
        open.write(ByteBuffer.wrap(("RCPT TO: <user@" + DOMAIN.asString() + ">\r\n").getBytes(StandardCharsets.UTF_8)));
        readBytes(open);
        open.write(ByteBuffer.wrap("DATA\r\n".getBytes(StandardCharsets.UTF_8)));
        readBytes(open);
        open.write(ByteBuffer.wrap(ClassLoaderUtils.getSystemResourceAsByteArray("eml/otherDomainDkim.eml")));
        open.write(ByteBuffer.wrap("\r\n".getBytes(StandardCharsets.UTF_8)));
        open.write(ByteBuffer.wrap(".".getBytes(StandardCharsets.UTF_8)));
        open.write(ByteBuffer.wrap("\r\n".getBytes(StandardCharsets.UTF_8)));
        byte[] readBytes = readBytes(open);
        open.write(ByteBuffer.wrap("QUIT\r\n".getBytes(StandardCharsets.UTF_8)));
        Assertions.assertThat(new String(readBytes, StandardCharsets.UTF_8)).contains(new CharSequence[]{"530 DKIM check failed. Wrong d token. Expecting avocat.fr"});
    }

    private byte[] readBytes(SocketChannel socketChannel) throws IOException {
        ByteBuffer allocate = ByteBuffer.allocate(1024);
        socketChannel.read(allocate);
        allocate.rewind();
        byte[] bArr = new byte[allocate.remaining()];
        allocate.get(bArr);
        return bArr;
    }
}
