package org.apache.james.smtpserver.fastfail;

import java.util.Optional;
import javax.inject.Inject;
import org.apache.commons.configuration2.Configuration;
import org.apache.commons.configuration2.ex.ConfigurationException;
import org.apache.james.core.MaybeSender;
import org.apache.james.jspf.core.DNSService;
import org.apache.james.jspf.executor.SPFResult;
import org.apache.james.jspf.impl.DefaultSPF;
import org.apache.james.jspf.impl.SPF;
import org.apache.james.protocols.api.ProtocolSession;
import org.apache.james.protocols.api.handler.ProtocolHandler;
import org.apache.james.protocols.smtp.SMTPSession;
import org.apache.james.protocols.smtp.dsn.DSNStatus;
import org.apache.james.protocols.smtp.hook.HookResult;
import org.apache.james.protocols.smtp.hook.HookReturnCode;
import org.apache.james.protocols.smtp.hook.MailHook;
import org.apache.james.smtpserver.JamesMessageHook;
import org.apache.mailet.Attribute;
import org.apache.mailet.AttributeName;
import org.apache.mailet.AttributeValue;
import org.apache.mailet.Mail;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/james/smtpserver/fastfail/SPFHandler.class */
public class SPFHandler implements JamesMessageHook, MailHook, ProtocolHandler {
    private final Logger serviceLog = FALLBACK_LOG;
    private boolean blockSoftFail = false;
    private boolean blockPermError = true;
    private SPF spf = new DefaultSPF();
    private static final Logger LOGGER = LoggerFactory.getLogger(SPFHandler.class);
    private static final Logger FALLBACK_LOG = LoggerFactory.getLogger(SPFHandler.class);
    private static final ProtocolSession.AttachmentKey<Boolean> SPF_BLOCKLISTED = ProtocolSession.AttachmentKey.of("SPF_BLOCKLISTED", Boolean.class);
    private static final ProtocolSession.AttachmentKey<String> SPF_DETAIL = ProtocolSession.AttachmentKey.of("SPF_DETAIL", String.class);
    private static final ProtocolSession.AttachmentKey<Boolean> SPF_TEMPBLOCKLISTED = ProtocolSession.AttachmentKey.of("SPF_TEMPBLOCKLISTED", Boolean.class);
    private static final ProtocolSession.AttachmentKey<String> SPF_HEADER = ProtocolSession.AttachmentKey.of("SPF_HEADER", String.class);
    private static final AttributeName SPF_HEADER_MAIL_ATTRIBUTE_NAME = AttributeName.of("org.apache.james.spf.header");

    public void setBlockSoftFail(boolean z) {
        this.blockSoftFail = z;
    }

    public void setBlockPermError(boolean z) {
        this.blockPermError = z;
    }

    @Inject
    public void setDNSService(DNSService dNSService) {
        this.spf = new SPF(dNSService);
    }

    private void doSPFCheck(SMTPSession sMTPSession, MaybeSender maybeSender) {
        Optional attachment = sMTPSession.getAttachment(SMTPSession.CURRENT_HELO_NAME, ProtocolSession.State.Connection);
        if (maybeSender.isNullSender() || !attachment.isPresent()) {
            LOGGER.info("No Sender or HELO/EHLO present");
            return;
        }
        String hostAddress = sMTPSession.getRemoteAddress().getAddress().getHostAddress();
        SPFResult checkSPF = this.spf.checkSPF(hostAddress, maybeSender.asString(), (String) attachment.get());
        String result = checkSPF.getResult();
        String str = "Blocked - see: " + checkSPF.getExplanation();
        sMTPSession.setAttachment(SPF_HEADER, checkSPF.getHeaderText(), ProtocolSession.State.Transaction);
        LOGGER.info("Result for {} - {} - {} = {}", new Object[]{hostAddress, maybeSender.asString(), attachment, result});
        if (!result.equals("fail") && ((!result.equals("softfail") || !this.blockSoftFail) && (!result.equals("permerror") || !this.blockPermError))) {
            if (result.equals("temperror")) {
                sMTPSession.setAttachment(SPF_TEMPBLOCKLISTED, true, ProtocolSession.State.Transaction);
            }
        } else {
            if (result.equals("permerror")) {
                str = "Block caused by an invalid SPF record";
            }
            sMTPSession.setAttachment(SPF_DETAIL, str, ProtocolSession.State.Transaction);
            sMTPSession.setAttachment(SPF_BLOCKLISTED, true, ProtocolSession.State.Transaction);
        }
    }

    public HookResult doMail(SMTPSession sMTPSession, MaybeSender maybeSender) {
        if (!sMTPSession.isRelayingAllowed()) {
            doSPFCheck(sMTPSession, maybeSender);
            if (sMTPSession.getAttachment(SPF_BLOCKLISTED, ProtocolSession.State.Transaction).isPresent()) {
                return HookResult.builder().hookReturnCode(HookReturnCode.deny()).smtpDescription(DSNStatus.getStatus(5, "7.1") + " " + sMTPSession.getAttachment(SPF_TEMPBLOCKLISTED, ProtocolSession.State.Transaction).orElse(false)).build();
            }
            if (sMTPSession.getAttachment(SPF_TEMPBLOCKLISTED, ProtocolSession.State.Transaction).isPresent()) {
                return HookResult.builder().hookReturnCode(HookReturnCode.denySoft()).smtpReturnCode("451").smtpDescription(DSNStatus.getStatus(4, "4.3") + " Temporarily rejected: Problem on SPF lookup").build();
            }
        }
        return HookResult.DECLINED;
    }

    @Override // org.apache.james.smtpserver.JamesMessageHook
    public HookResult onMessage(SMTPSession sMTPSession, Mail mail) {
        mail.setAttribute(new Attribute(SPF_HEADER_MAIL_ATTRIBUTE_NAME, AttributeValue.of((String) sMTPSession.getAttachment(SPF_HEADER, ProtocolSession.State.Transaction).get())));
        return null;
    }

    public void init(Configuration configuration) throws ConfigurationException {
        setBlockSoftFail(configuration.getBoolean("blockSoftFail", false));
        setBlockPermError(configuration.getBoolean("blockPermError", true));
    }
}
