package org.apache.james.adapter.mailbox;

import org.apache.commons.configuration2.BaseHierarchicalConfiguration;
import org.apache.james.core.Username;
import org.apache.james.domainlist.api.DomainList;
import org.apache.james.mailbox.Authorizator;
import org.apache.james.user.api.DelegationStore;
import org.apache.james.user.memory.MemoryDelegationStore;
import org.apache.james.user.memory.MemoryUsersRepository;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/apache/james/adapter/mailbox/DelegationStoreAuthorizatorTest.class */
class DelegationStoreAuthorizatorTest {
    private static final Username OTHER_USER = Username.of("other_user");
    private static final Username GIVEN_USER = Username.of("given_user");
    private static final Username ADMIN_USER = Username.of("admin_user");
    private static final Username NOT_GIVEN_USER = Username.of("not_given_user");
    private MemoryUsersRepository usersRepository;
    private DelegationStore delegationStore;
    private DelegationStoreAuthorizator testee;

    DelegationStoreAuthorizatorTest() {
    }

    @BeforeEach
    public void setUp() throws Exception {
        this.usersRepository = MemoryUsersRepository.withoutVirtualHosting((DomainList) null);
        BaseHierarchicalConfiguration baseHierarchicalConfiguration = new BaseHierarchicalConfiguration();
        baseHierarchicalConfiguration.addProperty("administratorId", ADMIN_USER.asString());
        this.usersRepository.configure(baseHierarchicalConfiguration);
        this.delegationStore = new MemoryDelegationStore();
        this.testee = new DelegationStoreAuthorizator(this.delegationStore, this.usersRepository);
    }

    @Test
    void canLoginAsOtherUserShouldReturnAllowedWhenGivenUserIsAdmin() throws Exception {
        this.usersRepository.addUser(OTHER_USER, "secret");
        Assertions.assertThat(this.testee.canLoginAsOtherUser(ADMIN_USER, OTHER_USER)).isEqualTo(Authorizator.AuthorizationState.ALLOWED);
    }

    @Test
    void isAdministratorShouldReturnTrueWhenAdministrator() throws Exception {
        Assertions.assertThat(this.testee.isAdministrator(ADMIN_USER)).isTrue();
    }

    @Test
    void isAdministratorShouldReturnFalseWhenNotAdministrator() throws Exception {
        Assertions.assertThat(this.testee.isAdministrator(OTHER_USER)).isFalse();
    }

    @Test
    void isAdministratorShouldReturnFalseWhenWrongVirtualHosting() throws Exception {
        Assertions.assertThat(this.testee.isAdministrator(Username.of("a@b.com"))).isFalse();
    }

    @Test
    void isAdministratorShouldReturnFalseWhenWrongVirtualHosting2() throws Exception {
        MemoryUsersRepository withVirtualHosting = MemoryUsersRepository.withVirtualHosting((DomainList) null);
        BaseHierarchicalConfiguration baseHierarchicalConfiguration = new BaseHierarchicalConfiguration();
        baseHierarchicalConfiguration.addProperty("administratorId", "admin");
        withVirtualHosting.configure(baseHierarchicalConfiguration);
        this.delegationStore = new MemoryDelegationStore();
        this.testee = new DelegationStoreAuthorizator(this.delegationStore, withVirtualHosting);
        Assertions.assertThat(this.testee.isAdministrator(OTHER_USER)).isFalse();
    }

    @Test
    void canLoginAsOtherUserShouldReturnForbiddenWhenWrongVirtualHosting() throws Exception {
        this.usersRepository.addUser(OTHER_USER, "secret");
        Assertions.assertThat(this.testee.canLoginAsOtherUser(Username.of("other_user@domain.tld"), OTHER_USER)).isEqualTo(Authorizator.AuthorizationState.FORBIDDEN);
    }

    @Test
    void canLoginAsOtherUserShouldReturnAllowedWhenGivenUserIsDelegatedByOtherUser() throws Exception {
        this.usersRepository.addUser(OTHER_USER, "secret");
        Mono.from(this.delegationStore.addAuthorizedUser(OTHER_USER, GIVEN_USER)).block();
        Assertions.assertThat(this.testee.canLoginAsOtherUser(GIVEN_USER, OTHER_USER)).isEqualTo(Authorizator.AuthorizationState.ALLOWED);
    }

    @Test
    void canLoginAsOtherUserShouldReturnAllowedWhenGivenUserIsAdminWithWrongVirtualHosting() throws Exception {
        Username of = Username.of("other_user@domain.tld");
        this.usersRepository.addUser(OTHER_USER, "secret");
        Mono.from(this.delegationStore.addAuthorizedUser(OTHER_USER, of)).block();
        Assertions.assertThat(this.testee.canLoginAsOtherUser(of, OTHER_USER)).isEqualTo(Authorizator.AuthorizationState.ALLOWED);
    }

    @Test
    void canLoginAsOtherUserShouldReturnForbiddenWhenGivenUserIsNotAdminAndNotDelegated() throws Exception {
        this.usersRepository.addUser(OTHER_USER, "secret");
        Mono.from(this.delegationStore.addAuthorizedUser(OTHER_USER, NOT_GIVEN_USER)).block();
        Assertions.assertThat(this.testee.canLoginAsOtherUser(GIVEN_USER, OTHER_USER)).isEqualTo(Authorizator.AuthorizationState.FORBIDDEN);
    }

    @Test
    void canLoginAsOtherUserShouldReturnUnknownUserWhenOtherUserDoesNotExist() throws Exception {
        Assertions.assertThat(this.testee.canLoginAsOtherUser(GIVEN_USER, OTHER_USER)).isEqualTo(Authorizator.AuthorizationState.UNKNOWN_USER);
    }
}
