package org.apache.james.smtpserver;

import com.google.common.collect.ImmutableList;
import com.google.inject.TypeLiteral;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import org.apache.commons.configuration2.BaseHierarchicalConfiguration;
import org.apache.commons.configuration2.XMLConfiguration;
import org.apache.commons.net.smtp.SMTPClient;
import org.apache.commons.net.smtp.SMTPSClient;
import org.apache.james.UserEntityValidator;
import org.apache.james.core.Domain;
import org.apache.james.core.Username;
import org.apache.james.dnsservice.api.DNSService;
import org.apache.james.dnsservice.api.InMemoryDNSService;
import org.apache.james.domainlist.api.DomainList;
import org.apache.james.domainlist.lib.DomainListConfiguration;
import org.apache.james.domainlist.memory.MemoryDomainList;
import org.apache.james.filesystem.api.FileSystem;
import org.apache.james.mailbox.Authorizator;
import org.apache.james.mailrepository.api.MailRepositoryStore;
import org.apache.james.mailrepository.api.Protocol;
import org.apache.james.mailrepository.memory.MailRepositoryStoreConfiguration;
import org.apache.james.mailrepository.memory.MemoryMailRepository;
import org.apache.james.mailrepository.memory.MemoryMailRepositoryStore;
import org.apache.james.mailrepository.memory.MemoryMailRepositoryUrlStore;
import org.apache.james.mailrepository.memory.SimpleMailRepositoryLoader;
import org.apache.james.metrics.api.Metric;
import org.apache.james.metrics.api.MetricFactory;
import org.apache.james.metrics.tests.RecordingMetricFactory;
import org.apache.james.protocols.api.OIDCSASLHelper;
import org.apache.james.protocols.api.utils.BogusSslContextFactory;
import org.apache.james.protocols.api.utils.BogusTrustManagerFactory;
import org.apache.james.protocols.api.utils.ProtocolServerUtils;
import org.apache.james.protocols.lib.mock.ConfigLoader;
import org.apache.james.protocols.lib.mock.MockProtocolHandlerLoader;
import org.apache.james.queue.api.MailQueueFactory;
import org.apache.james.queue.api.RawMailQueueItemDecoratorFactory;
import org.apache.james.queue.memory.MemoryMailQueueFactory;
import org.apache.james.rrt.api.CanSendFrom;
import org.apache.james.rrt.api.RecipientRewriteTable;
import org.apache.james.rrt.api.RecipientRewriteTableConfiguration;
import org.apache.james.rrt.lib.AliasReverseResolverImpl;
import org.apache.james.rrt.lib.CanSendFromImpl;
import org.apache.james.rrt.memory.MemoryRecipientRewriteTable;
import org.apache.james.server.core.configuration.Configuration;
import org.apache.james.server.core.filesystem.FileSystemImpl;
import org.apache.james.smtpserver.SMTPServerTest;
import org.apache.james.smtpserver.netty.SMTPServer;
import org.apache.james.smtpserver.netty.SmtpMetricsImpl;
import org.apache.james.user.api.UsersRepository;
import org.apache.james.user.memory.MemoryUsersRepository;
import org.apache.james.util.ClassLoaderUtils;
import org.assertj.core.api.AbstractStringAssert;
import org.assertj.core.api.Assertions;
import org.assertj.core.api.SoftAssertions;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.mockserver.integration.ClientAndServer;
import org.mockserver.model.HttpRequest;
import org.mockserver.model.HttpResponse;

/* loaded from: input_file:org/apache/james/smtpserver/SMTPSaslTest.class */
class SMTPSaslTest {
    public static final String LOCAL_DOMAIN = "domain.org";
    public static final String PASSWORD = "userpassword";
    public static final String JWKS_URI_PATH = "/jwks";
    public static final String INTROSPECT_TOKEN_URI_PATH = "/introspect";
    public static final String USERINFO_URI_PATH = "/userinfo";
    protected MemoryDomainList domainList;
    protected MemoryUsersRepository usersRepository;
    protected SMTPServerTest.AlterableDNSServer dnsServer;
    protected MemoryMailRepositoryStore mailRepositoryStore;
    protected FileSystemImpl fileSystem;
    protected Configuration configuration;
    protected MockProtocolHandlerLoader chain;
    protected MemoryMailQueueFactory queueFactory;
    protected MemoryMailQueueFactory.MemoryCacheableMailQueue queue;
    private SMTPServer smtpServer;
    private ClientAndServer authServer;
    public static final Username USER = Username.of("user@domain.org");
    public static final Username USER2 = Username.of("user2@domain.org");
    public static final String SCOPE = "scope";
    public static final String OIDC_URL = "https://example.com/jwks";
    public static final String FAIL_RESPONSE_TOKEN = Base64.getEncoder().encodeToString(String.format("{\"status\":\"invalid_token\",\"scope\":\"%s\",\"schemes\":\"%s\"}", SCOPE, OIDC_URL).getBytes(StandardCharsets.UTF_8));
    public static final String VALID_TOKEN = OIDCSASLHelper.generateOauthBearer(USER.asString(), "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Inc4MFBzNUlhc24tYUdXbXcyVHJ4RGlOY2FocEgyc1h6NXBxZGhBbDlIWGMifQ.eyJleHAiOjM5Mzk1MDYxNjcsImlhdCI6MTYzOTUwNTg2NywiYXV0aF90aW1lIjozNjM5NTA1ODQxLCJqdGkiOiJjMjQ5ZTBkNi1jY2JiLTRmZDAtODI5Yi04OTM1MjczN2YzZGIiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvcmVhbG0xIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjIwNDUyNzFiLWMxYmItNDJiOC1hMTkwLThlYWI1MmYzYmEwOSIsInR5cCI6IkJlYXJlciIsImF6cCI6ImFjY291bnQtY29uc29sZSIsIm5vbmNlIjoiNWUyOGJjNTAtODE5NS00NjM3LThmMWEtYWUzNWFlYTk0NTc1Iiwic2Vzc2lvbl9zdGF0ZSI6ImMxYzI3MmYwLWMwMjAtNGZmMC1hMzYwLTQ3MGJlYWVlNWUwMCIsImFjciI6IjAiLCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSIsInNpZCI6ImMxYzI3MmYwLWMwMjAtNGZmMC1hMzYwLTQ3MGJlYWVlNWUwMCIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiamFtZXMiLCJlbWFpbF9hZGRyZXNzIjoidXNlckBkb21haW4ub3JnIn0.bqHsX3yngXwXyVW7LenKzHbdqZy1AmCjE3QWrp7Y1sd_zcQEu5WABwLIOAzrXiNFeGwyww8taGJBdYa0KTBCY6MYkAHAEa1vyyO1LfJgr3cIfQT6WCf3g2BJqHRjUsqNgT_Sit9druMRke01m1V0EmzqIdLLHp8Vl-u4R3JSDx1bsQ1w3WCRlcgr_k3EJ7jNiuNnklCH8_o59y4c7Rzdpl-Y8tcA07nGjeJ_7qPgNZX6lgwvr0EhpQpbVDHXwQlp2NDzkWwBLJR0-V50Q0a-L0QD69wqeEaqi1xaRAfx2Gwn2FgCgMUWzKeW_qkEBP0tnN-pzl7j31EOnmKhshlOtw");
    public static final String INVALID_TOKEN = OIDCSASLHelper.generateOauthBearer(USER.asString(), "eyJhbGciOiJSUzI1NiIsImFhYSI6MjUxfQ.eyJpc3MiOiJEaW5vQ2hpZXNhLmdpdGh1Yi5pbyIsInN1YiI6ImFzYSIsImF1ZCI6Im1pbmciLCJpYXQiOjE2Mzk2Mzk2OTUsImV4cCI6MTYzOTY0MDI5NX0.DyZDvrR62NSranW6NRsBG9s18jKrqmYR6LwwOmHNmEsWak0ijPRc3ROMMCB-v-ckDEOn_EUcaQ-YifcFzIxikqZ8TQg3wodjxfA7iTcbl-_5OKfaK4_AHUN6hvQ7DQE9EpdzPKFaH5mupWW4NCghuGRjTTz9iP0qkWmtPluSMtjmVg_62Cf2Y7RIWeLvOdEvLbUDuu_-kd1IsVReuHaoqfwejxVFMqxotre_M5G9fcXrllis4tUwY8dqUBBy9pYC3wRFaT7KTFBjtg2_CLCtg8vw9Nu1XAJwuVQmmHaVBkEX4FVgrIu0KwPWbuk1Dg9mgbAVI9osePL2QvTmqSobbQ");

    SMTPSaslTest() {
    }

    @BeforeEach
    void setUp() throws Exception {
        this.domainList = new MemoryDomainList(new InMemoryDNSService());
        this.domainList.configure(DomainListConfiguration.DEFAULT);
        this.domainList.addDomain(Domain.of(LOCAL_DOMAIN));
        this.usersRepository = MemoryUsersRepository.withVirtualHosting(this.domainList);
        this.usersRepository.addUser(USER, PASSWORD);
        this.usersRepository.addUser(USER2, PASSWORD);
        createMailRepositoryStore();
        setUpFakeLoader();
        setUpSMTPServer();
        this.authServer = ClientAndServer.startClientAndServer(new Integer[]{0});
        this.authServer.when(HttpRequest.request().withPath(JWKS_URI_PATH)).respond(HttpResponse.response().withStatusCode(200).withHeader("Content-Type", new String[]{"application/json"}).withBody("{    \"keys\": [        {            \"kid\": \"w80Ps5Iasn-aGWmw2TrxDiNcahpH2sXz5pqdhAl9HXc\",            \"kty\": \"RSA\",            \"alg\": \"RS256\",            \"use\": \"sig\",            \"n\": \"q6EiBITWGo18woLJ_sXrYI6mHP0mooWhwiI1q2tsTG5MpeNgSE0ZowRRm1MU4TBIOWL2gVwtV0Hom2rlu4CZwWbPEueCuRTMo4FFzim4x6j0cRO-r1GiGJAGaHrnwJ16LHw3_11GU0yhNsscmSYXX4FP0UhKTdfY6F37JCEFpiF5TCpCBvZRqo-3iHMqJnZRx7mMW_aMKlPpTyZS1ATvDA56IDjgF5gt8qEsHj51yy_ujS4C6e4kIK9sUefH_c30yWPQomLhDQUD0mRyGyN_zo_SQbk9S4hQghyNDb_ZJjpfoZySjNeBrVFPtpbUHy8DK9HWWOqEsv1kACyfE7rQnQ\",            \"e\": \"AQAB\",            \"x5c\": [                \"MIICmzCCAYMCBgF91kYdyzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZyZWFsbTEwHhcNMjExMjIwMDUxNTU5WhcNMzExMjIwMDUxNzM5WjARMQ8wDQYDVQQDDAZyZWFsbTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCroSIEhNYajXzCgsn+xetgjqYc/SaihaHCIjWra2xMbkyl42BITRmjBFGbUxThMEg5YvaBXC1XQeibauW7gJnBZs8S54K5FMyjgUXOKbjHqPRxE76vUaIYkAZoeufAnXosfDf/XUZTTKE2yxyZJhdfgU/RSEpN19joXfskIQWmIXlMKkIG9lGqj7eIcyomdlHHuYxb9owqU+lPJlLUBO8MDnogOOAXmC3yoSwePnXLL+6NLgLp7iQgr2xR58f9zfTJY9CiYuENBQPSZHIbI3/Oj9JBuT1LiFCCHI0Nv9kmOl+hnJKM14GtUU+2ltQfLwMr0dZY6oSy/WQALJ8TutCdAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADbwilJj3iLRyuypfYakEv42L5RDrwgImjmXvaX77Bjacr9IjaEyRAVZI7UGu62qN0lV3DxOFwdhsCoyXtufiz1nuvsuZ1M/M/RSe9iJOitQQVkS+OcDayN/GSeHZD7p8V+eY6rtvdNrxINVcuAxPYL+QLbXD5yctaOxs+HfDK9bDYyedpEbtjGnyTzioKHimM7W3PBYGpFfdAhiAcckyd+lfjBfEkjDlJBqzPgdkvTa+tZrR2kA1/QGVBuOpScHI7OlXQnuTXCJqwp8l6lI4umsosjlWw28EShDJQ6SDiNUqtpcbpAVc818PTqO1pdH269i9nqujHkPmdPOddV4nWI=\"            ],            \"x5t\": \"_LzkYFjU_do-qUGGVHGwwFNKaDQ\",            \"x5t#S256\": \"uK879e7BK9sCySdxp16FIW0M7y1-pIvbISgJo6elcHk\"        }    ]}", StandardCharsets.UTF_8));
        XMLConfiguration config = ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("smtpserver-advancedSecurity.xml"));
        config.addProperty("auth.oidc.jwksURL", String.format("http://127.0.0.1:%s%s", this.authServer.getLocalPort(), JWKS_URI_PATH));
        config.addProperty("auth.oidc.claim", "email_address");
        config.addProperty("auth.oidc.oidcConfigurationURL", OIDC_URL);
        config.addProperty("auth.oidc.scope", SCOPE);
        this.smtpServer.configure(config);
        this.smtpServer.init();
    }

    protected void createMailRepositoryStore() throws Exception {
        this.configuration = Configuration.builder().workingDirectory("../").configurationFromClasspath().build();
        this.fileSystem = new FileSystemImpl(this.configuration.directories());
        this.mailRepositoryStore = new MemoryMailRepositoryStore(new MemoryMailRepositoryUrlStore(), new SimpleMailRepositoryLoader(), MailRepositoryStoreConfiguration.forItems(new MailRepositoryStoreConfiguration.Item[]{new MailRepositoryStoreConfiguration.Item(ImmutableList.of(new Protocol("memory")), MemoryMailRepository.class.getName(), new BaseHierarchicalConfiguration())}));
        this.mailRepositoryStore.init();
    }

    protected SMTPServer createSMTPServer(SmtpMetricsImpl smtpMetricsImpl) {
        return new SMTPServer(smtpMetricsImpl);
    }

    protected void setUpSMTPServer() {
        SmtpMetricsImpl smtpMetricsImpl = (SmtpMetricsImpl) Mockito.mock(SmtpMetricsImpl.class);
        Mockito.when(smtpMetricsImpl.getCommandsMetric()).thenReturn((Metric) Mockito.mock(Metric.class));
        Mockito.when(smtpMetricsImpl.getConnectionMetric()).thenReturn((Metric) Mockito.mock(Metric.class));
        this.smtpServer = createSMTPServer(smtpMetricsImpl);
        this.smtpServer.setDnsService(this.dnsServer);
        this.smtpServer.setFileSystem(this.fileSystem);
        this.smtpServer.setProtocolHandlerLoader(this.chain);
    }

    protected void setUpFakeLoader() {
        this.dnsServer = new SMTPServerTest.AlterableDNSServer();
        MemoryRecipientRewriteTable memoryRecipientRewriteTable = new MemoryRecipientRewriteTable();
        memoryRecipientRewriteTable.setConfiguration(RecipientRewriteTableConfiguration.DEFAULT_ENABLED);
        CanSendFromImpl canSendFromImpl = new CanSendFromImpl(memoryRecipientRewriteTable, new AliasReverseResolverImpl(memoryRecipientRewriteTable));
        this.queueFactory = new MemoryMailQueueFactory(new RawMailQueueItemDecoratorFactory());
        this.queue = this.queueFactory.createQueue(MailQueueFactory.SPOOL);
        Authorizator authorizator = (username, username2) -> {
            return (username.equals(USER) && username2.equals(USER2)) ? Authorizator.AuthorizationState.ALLOWED : Authorizator.AuthorizationState.FORBIDDEN;
        };
        this.chain = MockProtocolHandlerLoader.builder().put(binder -> {
            binder.bind(DomainList.class).toInstance(this.domainList);
        }).put(binder2 -> {
            binder2.bind(new TypeLiteral<MailQueueFactory<?>>() { // from class: org.apache.james.smtpserver.SMTPSaslTest.1
            }).toInstance(this.queueFactory);
        }).put(binder3 -> {
            binder3.bind(RecipientRewriteTable.class).toInstance(memoryRecipientRewriteTable);
        }).put(binder4 -> {
            binder4.bind(CanSendFrom.class).toInstance(canSendFromImpl);
        }).put(binder5 -> {
            binder5.bind(FileSystem.class).toInstance(this.fileSystem);
        }).put(binder6 -> {
            binder6.bind(MailRepositoryStore.class).toInstance(this.mailRepositoryStore);
        }).put(binder7 -> {
            binder7.bind(DNSService.class).toInstance(this.dnsServer);
        }).put(binder8 -> {
            binder8.bind(UsersRepository.class).toInstance(this.usersRepository);
        }).put(binder9 -> {
            binder9.bind(MetricFactory.class).to(RecordingMetricFactory.class);
        }).put(binder10 -> {
            binder10.bind(UserEntityValidator.class).toInstance(UserEntityValidator.NOOP);
        }).put(binder11 -> {
            binder11.bind(Authorizator.class).toInstance(authorizator);
        }).build();
    }

    private SMTPSClient initSMTPSClient() throws IOException {
        SMTPSClient sMTPSClient = new SMTPSClient(false, BogusSslContextFactory.getClientContext());
        sMTPSClient.setTrustManager(BogusTrustManagerFactory.getTrustManagers()[0]);
        InetSocketAddress retrieveBindedAddress = new ProtocolServerUtils(this.smtpServer).retrieveBindedAddress();
        sMTPSClient.connect(retrieveBindedAddress.getAddress().getHostAddress(), retrieveBindedAddress.getPort());
        sMTPSClient.execTLS();
        return sMTPSClient;
    }

    @AfterEach
    void tearDown() {
        this.smtpServer.destroy();
        this.authServer.stop();
    }

    @Test
    void oauthShouldSuccessWhenValidToken() throws Exception {
        SMTPSClient initSMTPSClient = initSMTPSClient();
        initSMTPSClient.sendCommand("AUTH OAUTHBEARER " + VALID_TOKEN);
        Assertions.assertThat(initSMTPSClient.getReplyString()).contains(new CharSequence[]{"235 Authentication successful."});
    }

    @Test
    void oauthShouldSupportXOAUTH2Type() throws Exception {
        SMTPSClient initSMTPSClient = initSMTPSClient();
        initSMTPSClient.sendCommand("AUTH XOAUTH2 " + VALID_TOKEN);
        Assertions.assertThat(initSMTPSClient.getReplyString()).contains(new CharSequence[]{"235 Authentication successful."});
    }

    @Test
    void oauthWithNoTLSConnectShouldFail() throws Exception {
        SMTPClient sMTPClient = new SMTPClient();
        InetSocketAddress retrieveBindedAddress = new ProtocolServerUtils(this.smtpServer).retrieveBindedAddress();
        sMTPClient.connect(retrieveBindedAddress.getAddress().getHostAddress(), retrieveBindedAddress.getPort());
        sMTPClient.sendCommand("EHLO localhost");
        ((AbstractStringAssert) Assertions.assertThat(sMTPClient.getReplyString()).as("Should not advertise OAUTHBEARER when no TLS connect.", new Object[0])).doesNotContain(new CharSequence[]{"OAUTHBEARER"});
        sMTPClient.sendCommand("AUTH OAUTHBEARER " + VALID_TOKEN);
        Assertions.assertThat(sMTPClient.getReplyString()).contains(new CharSequence[]{"504 Unrecognized Authentication Type"});
    }

    @Test
    void oauthShouldFailWhenInvalidToken() throws Exception {
        SMTPSClient initSMTPSClient = initSMTPSClient();
        initSMTPSClient.sendCommand("AUTH OAUTHBEARER " + INVALID_TOKEN);
        Assertions.assertThat(initSMTPSClient.getReplyString()).contains(new CharSequence[]{"334 " + FAIL_RESPONSE_TOKEN});
        initSMTPSClient.sendCommand("AQ==");
        Assertions.assertThat(initSMTPSClient.getReplyString()).contains(new CharSequence[]{"535 Authentication Failed"});
    }

    @Test
    void sendMailShouldSuccessWhenAuthenticatedByOAuthBearer() throws Exception {
        SMTPSClient initSMTPSClient = initSMTPSClient();
        initSMTPSClient.sendCommand("EHLO localhost");
        initSMTPSClient.sendCommand("AUTH OAUTHBEARER " + VALID_TOKEN);
        initSMTPSClient.setSender(USER.asString());
        initSMTPSClient.addRecipient("mail@domain.org");
        initSMTPSClient.sendShortMessageData("Subject: test\r\n\r\nTest body testAuth\r\n");
        initSMTPSClient.quit();
        Assertions.assertThat(this.queue.getLastMail()).as("mail received by mail server", new Object[0]).isNotNull();
    }

    @Test
    void sendMailShouldFailWhenNotAuthenticated() throws Exception {
        SMTPSClient initSMTPSClient = initSMTPSClient();
        initSMTPSClient.sendCommand("EHLO localhost");
        initSMTPSClient.setSender(USER.asString());
        initSMTPSClient.addRecipient("mail@domain.org");
        initSMTPSClient.sendShortMessageData("Subject: test\r\n\r\nTest body testAuth\r\n");
        initSMTPSClient.quit();
        Assertions.assertThat(this.queue.getLastMail()).as("mail received by mail server", new Object[0]).isNull();
    }

    @Test
    void shouldNotOauthWhenAlreadyAuthenticated() throws Exception {
        SMTPSClient initSMTPSClient = initSMTPSClient();
        initSMTPSClient.sendCommand("AUTH OAUTHBEARER " + VALID_TOKEN);
        initSMTPSClient.sendCommand("AUTH OAUTHBEARER " + VALID_TOKEN);
        Assertions.assertThat(initSMTPSClient.getReplyString()).contains(new CharSequence[]{"503 5.5.0 User has previously authenticated.  Further authentication is not required!"});
    }

    @Test
    void oauthShouldFailWhenConfigIsNotProvided() throws Exception {
        this.smtpServer.destroy();
        this.smtpServer.configure(ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("smtpserver-advancedSecurity.xml")));
        this.smtpServer.init();
        SMTPSClient initSMTPSClient = initSMTPSClient();
        initSMTPSClient.sendCommand("AUTH OAUTHBEARER " + VALID_TOKEN);
        Assertions.assertThat(initSMTPSClient.getReplyString()).contains(new CharSequence[]{"504 Unrecognized Authentication Type"});
    }

    @Test
    void ehloShouldAdvertiseOAUTHBEARERWhenConfigIsProvided() throws Exception {
        SMTPSClient initSMTPSClient = initSMTPSClient();
        initSMTPSClient.sendCommand("EHLO localhost");
        SoftAssertions.assertSoftly(softAssertions -> {
            softAssertions.assertThat(initSMTPSClient.getReplyCode()).isEqualTo(250);
            softAssertions.assertThat(initSMTPSClient.getReplyString()).contains(new CharSequence[]{"250-AUTH OAUTHBEARER"});
        });
    }

    @Test
    void ehloShouldAdvertiseXOAUTH2WhenConfigIsProvided() throws Exception {
        SMTPSClient initSMTPSClient = initSMTPSClient();
        initSMTPSClient.sendCommand("EHLO localhost");
        SoftAssertions.assertSoftly(softAssertions -> {
            softAssertions.assertThat(initSMTPSClient.getReplyCode()).isEqualTo(250);
            softAssertions.assertThat(initSMTPSClient.getReplyString()).contains(new CharSequence[]{"XOAUTH2"});
        });
    }

    @Test
    void ehloShouldNotAdvertiseOAUTHBEARERWhenConfigIsNotProvided() throws Exception {
        this.smtpServer.destroy();
        this.smtpServer.configure(ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("smtpserver-advancedSecurity.xml")));
        this.smtpServer.init();
        SMTPSClient initSMTPSClient = initSMTPSClient();
        initSMTPSClient.sendCommand("EHLO localhost");
        SoftAssertions.assertSoftly(softAssertions -> {
            softAssertions.assertThat(initSMTPSClient.getReplyCode()).isEqualTo(250);
            softAssertions.assertThat(initSMTPSClient.getReplyString()).doesNotContain(new CharSequence[]{"OAUTHBEARER"});
        });
    }

    @Test
    void ehloShouldNotAdvertiseXOAUTH2WhenConfigIsNotProvided() throws Exception {
        this.smtpServer.destroy();
        this.smtpServer.configure(ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("smtpserver-advancedSecurity.xml")));
        this.smtpServer.init();
        SMTPSClient initSMTPSClient = initSMTPSClient();
        initSMTPSClient.sendCommand("EHLO localhost");
        SoftAssertions.assertSoftly(softAssertions -> {
            softAssertions.assertThat(initSMTPSClient.getReplyCode()).isEqualTo(250);
            softAssertions.assertThat(initSMTPSClient.getReplyString()).doesNotContain(new CharSequence[]{"XOAUTH2"});
        });
    }

    @Test
    void oauthShouldFailWhenIntrospectTokenReturnActiveIsFalse() throws Exception {
        this.smtpServer.destroy();
        this.authServer.when(HttpRequest.request().withPath(INTROSPECT_TOKEN_URI_PATH)).respond(HttpResponse.response().withStatusCode(200).withHeader("Content-Type", new String[]{"application/json"}).withBody("{\"active\": false}", StandardCharsets.UTF_8));
        XMLConfiguration config = ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("smtpserver-advancedSecurity.xml"));
        config.addProperty("auth.oidc.jwksURL", String.format("http://127.0.0.1:%s%s", this.authServer.getLocalPort(), JWKS_URI_PATH));
        config.addProperty("auth.oidc.claim", "email_address");
        config.addProperty("auth.oidc.oidcConfigurationURL", OIDC_URL);
        config.addProperty("auth.oidc.scope", SCOPE);
        config.addProperty("auth.oidc.introspection.url", String.format("http://127.0.0.1:%s%s", this.authServer.getLocalPort(), INTROSPECT_TOKEN_URI_PATH));
        this.smtpServer.configure(config);
        this.smtpServer.init();
        SMTPSClient initSMTPSClient = initSMTPSClient();
        initSMTPSClient.sendCommand("AUTH OAUTHBEARER " + VALID_TOKEN);
        Assertions.assertThat(initSMTPSClient.getReplyString()).contains(new CharSequence[]{"334 " + FAIL_RESPONSE_TOKEN});
        initSMTPSClient.sendCommand("AQ==");
        Assertions.assertThat(initSMTPSClient.getReplyString()).contains(new CharSequence[]{"535 Authentication Failed"});
    }

    @Test
    void oauthShouldSuccessWhenIntrospectTokenReturnActiveIsTrue() throws Exception {
        this.smtpServer.destroy();
        this.authServer.when(HttpRequest.request().withPath(INTROSPECT_TOKEN_URI_PATH)).respond(HttpResponse.response().withStatusCode(200).withHeader("Content-Type", new String[]{"application/json"}).withBody("{    \"exp\": 1669719841,    \"iat\": 1669719541,    \"aud\": \"account\",    \"sub\": \"a0d03864-12f7-4f0b-b732-699c27eff3e7\",    \"typ\": \"Bearer\",    \"session_state\": \"42799d76-be33-4f24-bcec-fc0dbb5d126d\",    \"preferred_username\": \"james\",    \"email_address\": \"user@domain.org\",    \"email\": \"user@domain.org\",    \"scope\": \"profile email\",    \"sid\": \"42799d76-be33-4f24-bcec-fc0dbb5d126d\",    \"client_id\": \"james-thunderbird\",    \"username\": \"user1\",    \"active\": true}", StandardCharsets.UTF_8));
        XMLConfiguration config = ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("smtpserver-advancedSecurity.xml"));
        config.addProperty("auth.oidc.jwksURL", String.format("http://127.0.0.1:%s%s", this.authServer.getLocalPort(), JWKS_URI_PATH));
        config.addProperty("auth.oidc.claim", "email_address");
        config.addProperty("auth.oidc.oidcConfigurationURL", OIDC_URL);
        config.addProperty("auth.oidc.scope", SCOPE);
        config.addProperty("auth.oidc.introspection.url", String.format("http://127.0.0.1:%s%s", this.authServer.getLocalPort(), INTROSPECT_TOKEN_URI_PATH));
        this.smtpServer.configure(config);
        this.smtpServer.init();
        SMTPSClient initSMTPSClient = initSMTPSClient();
        initSMTPSClient.sendCommand("AUTH OAUTHBEARER " + VALID_TOKEN);
        Assertions.assertThat(initSMTPSClient.getReplyString()).contains(new CharSequence[]{"235 Authentication successful."});
    }

    @Test
    void oauthShouldFailWhenIntrospectTokenServerError() throws Exception {
        this.smtpServer.destroy();
        this.authServer.when(HttpRequest.request().withPath("/invalidURI")).respond(HttpResponse.response().withStatusCode(503).withHeader("Content-Type", new String[]{"application/json"}));
        XMLConfiguration config = ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("smtpserver-advancedSecurity.xml"));
        config.addProperty("auth.oidc.jwksURL", String.format("http://127.0.0.1:%s%s", this.authServer.getLocalPort(), JWKS_URI_PATH));
        config.addProperty("auth.oidc.claim", "email_address");
        config.addProperty("auth.oidc.oidcConfigurationURL", OIDC_URL);
        config.addProperty("auth.oidc.scope", SCOPE);
        config.addProperty("auth.oidc.introspection.url", String.format("http://127.0.0.1:%s%s", this.authServer.getLocalPort(), "/invalidURI"));
        this.smtpServer.configure(config);
        this.smtpServer.init();
        SMTPSClient initSMTPSClient = initSMTPSClient();
        initSMTPSClient.sendCommand("AUTH OAUTHBEARER " + VALID_TOKEN);
        Assertions.assertThat(initSMTPSClient.getReplyString()).contains(new CharSequence[]{"451 Unable to process request"});
    }

    @Test
    void oauthShouldSuccessWhenCheckTokenByUserInfoIsPassed() throws Exception {
        this.smtpServer.destroy();
        this.authServer.when(HttpRequest.request().withPath(USERINFO_URI_PATH)).respond(HttpResponse.response().withStatusCode(200).withHeader("Content-Type", new String[]{"application/json"}).withBody("{    \"sub\": \"a0d03864-12f7-4f0b-b732-699c27eff3e7\",    \"email_verified\": false,    \"name\": \"User name 1\",    \"preferred_username\": \"james\",    \"email_address\": \"user@domain.org\",    \"email\": \"user@domain.org\"}", StandardCharsets.UTF_8));
        XMLConfiguration config = ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("smtpserver-advancedSecurity.xml"));
        config.addProperty("auth.oidc.jwksURL", String.format("http://127.0.0.1:%s%s", this.authServer.getLocalPort(), JWKS_URI_PATH));
        config.addProperty("auth.oidc.claim", "email_address");
        config.addProperty("auth.oidc.oidcConfigurationURL", OIDC_URL);
        config.addProperty("auth.oidc.scope", SCOPE);
        config.addProperty("auth.oidc.userinfo.url", String.format("http://127.0.0.1:%s%s", this.authServer.getLocalPort(), USERINFO_URI_PATH));
        this.smtpServer.configure(config);
        this.smtpServer.init();
        SMTPSClient initSMTPSClient = initSMTPSClient();
        initSMTPSClient.sendCommand("AUTH OAUTHBEARER " + VALID_TOKEN);
        Assertions.assertThat(initSMTPSClient.getReplyString()).contains(new CharSequence[]{"235 Authentication successful."});
    }

    @Test
    void oauthShouldFailWhenCheckTokenByUserInfoIsFailed() throws Exception {
        this.smtpServer.destroy();
        this.authServer.when(HttpRequest.request().withPath(USERINFO_URI_PATH)).respond(HttpResponse.response().withStatusCode(401).withHeader("Content-Type", new String[]{"application/json"}));
        XMLConfiguration config = ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("smtpserver-advancedSecurity.xml"));
        config.addProperty("auth.oidc.jwksURL", String.format("http://127.0.0.1:%s%s", this.authServer.getLocalPort(), JWKS_URI_PATH));
        config.addProperty("auth.oidc.claim", "email_address");
        config.addProperty("auth.oidc.oidcConfigurationURL", OIDC_URL);
        config.addProperty("auth.oidc.scope", SCOPE);
        config.addProperty("auth.oidc.userinfo.url", String.format("http://127.0.0.1:%s%s", this.authServer.getLocalPort(), USERINFO_URI_PATH));
        this.smtpServer.configure(config);
        this.smtpServer.init();
        SMTPSClient initSMTPSClient = initSMTPSClient();
        initSMTPSClient.sendCommand("AUTH OAUTHBEARER " + VALID_TOKEN);
        Assertions.assertThat(initSMTPSClient.getReplyString()).contains(new CharSequence[]{"451 Unable to process request"});
    }

    @Test
    void oauthShouldImpersonateFailWhenNOTDelegated() throws Exception {
        SMTPSClient initSMTPSClient = initSMTPSClient();
        initSMTPSClient.sendCommand("AUTH OAUTHBEARER " + OIDCSASLHelper.generateOauthBearer("another@domain.org", "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Inc4MFBzNUlhc24tYUdXbXcyVHJ4RGlOY2FocEgyc1h6NXBxZGhBbDlIWGMifQ.eyJleHAiOjM5Mzk1MDYxNjcsImlhdCI6MTYzOTUwNTg2NywiYXV0aF90aW1lIjozNjM5NTA1ODQxLCJqdGkiOiJjMjQ5ZTBkNi1jY2JiLTRmZDAtODI5Yi04OTM1MjczN2YzZGIiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvcmVhbG0xIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjIwNDUyNzFiLWMxYmItNDJiOC1hMTkwLThlYWI1MmYzYmEwOSIsInR5cCI6IkJlYXJlciIsImF6cCI6ImFjY291bnQtY29uc29sZSIsIm5vbmNlIjoiNWUyOGJjNTAtODE5NS00NjM3LThmMWEtYWUzNWFlYTk0NTc1Iiwic2Vzc2lvbl9zdGF0ZSI6ImMxYzI3MmYwLWMwMjAtNGZmMC1hMzYwLTQ3MGJlYWVlNWUwMCIsImFjciI6IjAiLCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSIsInNpZCI6ImMxYzI3MmYwLWMwMjAtNGZmMC1hMzYwLTQ3MGJlYWVlNWUwMCIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiamFtZXMiLCJlbWFpbF9hZGRyZXNzIjoidXNlckBkb21haW4ub3JnIn0.bqHsX3yngXwXyVW7LenKzHbdqZy1AmCjE3QWrp7Y1sd_zcQEu5WABwLIOAzrXiNFeGwyww8taGJBdYa0KTBCY6MYkAHAEa1vyyO1LfJgr3cIfQT6WCf3g2BJqHRjUsqNgT_Sit9druMRke01m1V0EmzqIdLLHp8Vl-u4R3JSDx1bsQ1w3WCRlcgr_k3EJ7jNiuNnklCH8_o59y4c7Rzdpl-Y8tcA07nGjeJ_7qPgNZX6lgwvr0EhpQpbVDHXwQlp2NDzkWwBLJR0-V50Q0a-L0QD69wqeEaqi1xaRAfx2Gwn2FgCgMUWzKeW_qkEBP0tnN-pzl7j31EOnmKhshlOtw"));
        Assertions.assertThat(initSMTPSClient.getReplyString()).contains(new CharSequence[]{"334 "});
        initSMTPSClient.sendCommand("AQ==");
        Assertions.assertThat(initSMTPSClient.getReplyString()).contains(new CharSequence[]{"535 Authentication Failed"});
    }

    @Test
    void oauthShouldImpersonateSuccessWhenDelegated() throws Exception {
        SMTPSClient initSMTPSClient = initSMTPSClient();
        initSMTPSClient.sendCommand("AUTH OAUTHBEARER " + OIDCSASLHelper.generateOauthBearer(USER2.asString(), "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Inc4MFBzNUlhc24tYUdXbXcyVHJ4RGlOY2FocEgyc1h6NXBxZGhBbDlIWGMifQ.eyJleHAiOjM5Mzk1MDYxNjcsImlhdCI6MTYzOTUwNTg2NywiYXV0aF90aW1lIjozNjM5NTA1ODQxLCJqdGkiOiJjMjQ5ZTBkNi1jY2JiLTRmZDAtODI5Yi04OTM1MjczN2YzZGIiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvcmVhbG0xIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjIwNDUyNzFiLWMxYmItNDJiOC1hMTkwLThlYWI1MmYzYmEwOSIsInR5cCI6IkJlYXJlciIsImF6cCI6ImFjY291bnQtY29uc29sZSIsIm5vbmNlIjoiNWUyOGJjNTAtODE5NS00NjM3LThmMWEtYWUzNWFlYTk0NTc1Iiwic2Vzc2lvbl9zdGF0ZSI6ImMxYzI3MmYwLWMwMjAtNGZmMC1hMzYwLTQ3MGJlYWVlNWUwMCIsImFjciI6IjAiLCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSIsInNpZCI6ImMxYzI3MmYwLWMwMjAtNGZmMC1hMzYwLTQ3MGJlYWVlNWUwMCIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiamFtZXMiLCJlbWFpbF9hZGRyZXNzIjoidXNlckBkb21haW4ub3JnIn0.bqHsX3yngXwXyVW7LenKzHbdqZy1AmCjE3QWrp7Y1sd_zcQEu5WABwLIOAzrXiNFeGwyww8taGJBdYa0KTBCY6MYkAHAEa1vyyO1LfJgr3cIfQT6WCf3g2BJqHRjUsqNgT_Sit9druMRke01m1V0EmzqIdLLHp8Vl-u4R3JSDx1bsQ1w3WCRlcgr_k3EJ7jNiuNnklCH8_o59y4c7Rzdpl-Y8tcA07nGjeJ_7qPgNZX6lgwvr0EhpQpbVDHXwQlp2NDzkWwBLJR0-V50Q0a-L0QD69wqeEaqi1xaRAfx2Gwn2FgCgMUWzKeW_qkEBP0tnN-pzl7j31EOnmKhshlOtw"));
        Assertions.assertThat(initSMTPSClient.getReplyString()).contains(new CharSequence[]{"235 Authentication successful."});
    }

    @Test
    void impersonationShouldWorkWhenDelegated() throws Exception {
        SMTPSClient initSMTPSClient = initSMTPSClient();
        initSMTPSClient.sendCommand("EHLO localhost");
        initSMTPSClient.sendCommand("AUTH OAUTHBEARER " + OIDCSASLHelper.generateOauthBearer(USER2.asString(), "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Inc4MFBzNUlhc24tYUdXbXcyVHJ4RGlOY2FocEgyc1h6NXBxZGhBbDlIWGMifQ.eyJleHAiOjM5Mzk1MDYxNjcsImlhdCI6MTYzOTUwNTg2NywiYXV0aF90aW1lIjozNjM5NTA1ODQxLCJqdGkiOiJjMjQ5ZTBkNi1jY2JiLTRmZDAtODI5Yi04OTM1MjczN2YzZGIiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvcmVhbG0xIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjIwNDUyNzFiLWMxYmItNDJiOC1hMTkwLThlYWI1MmYzYmEwOSIsInR5cCI6IkJlYXJlciIsImF6cCI6ImFjY291bnQtY29uc29sZSIsIm5vbmNlIjoiNWUyOGJjNTAtODE5NS00NjM3LThmMWEtYWUzNWFlYTk0NTc1Iiwic2Vzc2lvbl9zdGF0ZSI6ImMxYzI3MmYwLWMwMjAtNGZmMC1hMzYwLTQ3MGJlYWVlNWUwMCIsImFjciI6IjAiLCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSIsInNpZCI6ImMxYzI3MmYwLWMwMjAtNGZmMC1hMzYwLTQ3MGJlYWVlNWUwMCIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiamFtZXMiLCJlbWFpbF9hZGRyZXNzIjoidXNlckBkb21haW4ub3JnIn0.bqHsX3yngXwXyVW7LenKzHbdqZy1AmCjE3QWrp7Y1sd_zcQEu5WABwLIOAzrXiNFeGwyww8taGJBdYa0KTBCY6MYkAHAEa1vyyO1LfJgr3cIfQT6WCf3g2BJqHRjUsqNgT_Sit9druMRke01m1V0EmzqIdLLHp8Vl-u4R3JSDx1bsQ1w3WCRlcgr_k3EJ7jNiuNnklCH8_o59y4c7Rzdpl-Y8tcA07nGjeJ_7qPgNZX6lgwvr0EhpQpbVDHXwQlp2NDzkWwBLJR0-V50Q0a-L0QD69wqeEaqi1xaRAfx2Gwn2FgCgMUWzKeW_qkEBP0tnN-pzl7j31EOnmKhshlOtw"));
        initSMTPSClient.setSender(USER2.asString());
        initSMTPSClient.addRecipient("mail@domain.org");
        initSMTPSClient.sendShortMessageData("Subject: test\r\n\r\nTest body testAuth\r\n");
        initSMTPSClient.quit();
        Assertions.assertThat(this.queue.getLastMail()).as("mail received by mail server", new Object[0]).isNotNull();
    }
}
