package org.apache.james.mailets;

import com.google.inject.Module;
import java.io.File;
import java.util.Optional;
import javax.mail.MessagingException;
import javax.mail.internet.MimeMessage;
import org.apache.james.MemoryJamesServerMain;
import org.apache.james.core.Domain;
import org.apache.james.core.MailAddress;
import org.apache.james.dnsservice.api.DNSService;
import org.apache.james.dnsservice.api.InMemoryDNSService;
import org.apache.james.jdkim.api.PublicKeyRecordRetriever;
import org.apache.james.jdkim.exceptions.PermFailException;
import org.apache.james.jdkim.mailets.ConvertTo7Bit;
import org.apache.james.jdkim.mailets.DKIMSign;
import org.apache.james.jdkim.mailets.DKIMVerifier;
import org.apache.james.jdkim.mailets.MockPublicKeyRecordRetriever;
import org.apache.james.mailets.configuration.CommonProcessors;
import org.apache.james.mailets.configuration.Constants;
import org.apache.james.mailets.configuration.MailetConfiguration;
import org.apache.james.mailets.configuration.ProcessorConfiguration;
import org.apache.james.mailets.configuration.SmtpConfiguration;
import org.apache.james.mock.smtp.server.model.Mail;
import org.apache.james.mock.smtp.server.testing.MockSmtpServerExtension;
import org.apache.james.modules.protocols.SmtpGuiceProbe;
import org.apache.james.probe.DataProbe;
import org.apache.james.transport.matchers.All;
import org.apache.james.util.MimeMessageUtil;
import org.apache.james.utils.DataProbeImpl;
import org.apache.james.utils.SMTPMessageSender;
import org.apache.james.utils.SMTPMessageSenderExtension;
import org.apache.mailet.base.test.FakeMail;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.extension.RegisterExtension;
import org.junit.jupiter.api.io.TempDir;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.CsvSource;

/* loaded from: input_file:org/apache/james/mailets/RemoteDeliveryDKIMIntegrationTest.class */
class RemoteDeliveryDKIMIntegrationTest {
    private static final String JAMES_ANOTHER_DOMAIN = "james.com";
    private static final String FROM = "from@james.org";
    private static final String RECIPIENT = "touser@james.com";
    private static final String TESTING_PEM = "-----BEGIN RSA PRIVATE KEY-----\r\nMIICXAIBAAKBgQDYDaYKXzwVYwqWbLhmuJ66aTAN8wmDR+rfHE8HfnkSOax0oIoT\r\nM5zquZrTLo30870YMfYzxwfB6j/Nz3QdwrUD/t0YMYJiUKyWJnCKfZXHJBJ+yfRH\r\nr7oW+UW3cVo9CG2bBfIxsInwYe175g9UjyntJpWueqdEIo1c2bhv9Mp66QIDAQAB\r\nAoGBAI8XcwnZi0Sq5N89wF+gFNhnREFo3rsJDaCY8iqHdA5DDlnr3abb/yhipw0I\r\n/1HlgC6fIG2oexXOXFWl+USgqRt1kTt9jXhVFExg8mNko2UelAwFtsl8CRjVcYQO\r\ncedeH/WM/mXjg2wUqqZenBmlKlD6vNb70jFJeVaDJ/7n7j8BAkEA9NkH2D4Zgj/I\r\nOAVYccZYH74+VgO0e7VkUjQk9wtJ2j6cGqJ6Pfj0roVIMUWzoBb8YfErR8l6JnVQ\r\nbfy83gJeiQJBAOHk3ow7JjAn8XuOyZx24KcTaYWKUkAQfRWYDFFOYQF4KV9xLSEt\r\nycY0kjsdxGKDudWcsATllFzXDCQF6DTNIWECQEA52ePwTjKrVnLTfCLEG4OgHKvl\r\nZud4amthwDyJWoMEH2ChNB2je1N4JLrABOE+hk+OuoKnKAKEjWd8f3Jg/rkCQHj8\r\nmQmogHqYWikgP/FSZl518jV48Tao3iXbqvU9Mo2T6yzYNCCqIoDLFWseNVnCTZ0Q\r\nb+IfiEf1UeZVV5o4J+ECQDatNnS3V9qYUKjj/krNRD/U0+7eh8S2ylLqD3RlSn9K\r\ntYGRMgAtUXtiOEizBH6bd/orzI9V9sw8yBz+ZqIH25Q=\r\n-----END RSA PRIVATE KEY-----\r\n";
    private static final MailetConfiguration DKIMSIGN_MAILET = MailetConfiguration.builder().matcher(All.class).mailet(DKIMSign.class).addProperty("signatureTemplate", "v=1; s=selector; d=example.com; h=from:to:received:received; a=rsa-sha256; bh=; b=;").addProperty("privateKey", TESTING_PEM).build();
    private static final MailetConfiguration CONVERT_TO_7BIT_MAILET = MailetConfiguration.builder().matcher(All.class).mailet(ConvertTo7Bit.class).build();
    private static final PublicKeyRecordRetriever MOCK_PUBLIC_KEY_RECORD_RETRIEVER = new MockPublicKeyRecordRetriever("v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYDaYKXzwVYwqWbLhmuJ66aTAN8wmDR+rfHE8HfnkSOax0oIoTM5zquZrTLo30870YMfYzxwfB6j/Nz3QdwrUD/t0YMYJiUKyWJnCKfZXHJBJ+yfRHr7oW+UW3cVo9CG2bBfIxsInwYe175g9UjyntJpWueqdEIo1c2bhv9Mp66QIDAQAB;", "selector", "example.com");

    @RegisterExtension
    static MockSmtpServerExtension mockSmtpServerExtension = new MockSmtpServerExtension();

    @TempDir
    static File tempDir;

    @RegisterExtension
    SMTPMessageSenderExtension smtpSenderExtension = new SMTPMessageSenderExtension(Domain.of("james.org"));
    private TemporaryJamesServer jamesServer;
    private DataProbe dataProbe;
    private DKIMVerifier dkimVerifier;

    RemoteDeliveryDKIMIntegrationTest() {
    }

    @BeforeEach
    void setUp() {
        this.dkimVerifier = new DKIMVerifier(MOCK_PUBLIC_KEY_RECORD_RETRIEVER);
    }

    @AfterEach
    void tearDown() {
        if (this.jamesServer != null) {
            this.jamesServer.shutdown();
        }
    }

    @CsvSource({"a-mail-with-7bit-encoding, eml/message-text-only-7bit.eml", "a-mail-with-8bit-encoding, eml/message-text-only-8bit.eml"})
    @ParameterizedTest
    void remoteDeliveryCouldBreakDKIMSignWhenTextMessageWhenEnable8BitMime(String str, String str2, SMTPMessageSender sMTPMessageSender, MockSmtpServerExtension.DockerMockSmtp dockerMockSmtp) throws Exception {
        InMemoryDNSService registerMxRecord = new InMemoryDNSService().registerMxRecord(JAMES_ANOTHER_DOMAIN, dockerMockSmtp.getIPAddress());
        this.jamesServer = TemporaryJamesServer.builder().withBase(MemoryJamesServerMain.SMTP_ONLY_MODULE).withOverrides(new Module[]{binder -> {
            binder.bind(DNSService.class).toInstance(registerMxRecord);
        }}).withSmtpConfiguration(SmtpConfiguration.builder().withAutorizedAddresses("0.0.0.0/0.0.0.0")).withMailetContainer(TemporaryJamesServer.simpleMailetContainerConfiguration().putProcessor(directResolutionTransport(MailetConfiguration.remoteDeliveryBuilder().addProperty("mail.smtp.allow8bitmime", "true"))).putProcessor(CommonProcessors.bounces())).build(tempDir);
        this.jamesServer.start();
        this.dataProbe = this.jamesServer.getProbe(DataProbeImpl.class);
        this.dataProbe.addDomain("james.org");
        this.dataProbe.addUser(FROM, "secret");
        sMTPMessageSender.connect("127.0.0.1", this.jamesServer.getProbe(SmtpGuiceProbe.class).getSmtpPort()).sendMessage(FakeMail.builder().name(str).sender(new MailAddress(FROM)).recipient(new MailAddress(RECIPIENT)).mimeMessage(MimeMessageUtil.mimeMessageFromStream(ClassLoader.getSystemResourceAsStream(str2))).build());
        MimeMessage mimeMessage = toMimeMessage(getFirstRecivedMail(dockerMockSmtp));
        Assertions.assertThatThrownBy(() -> {
            this.dkimVerifier.verifyUsingCRLF(mimeMessage);
        }).isInstanceOf(PermFailException.class).hasMessageContaining("Computed bodyhash is different from the expected one");
    }

    @CsvSource({"a-mail-with-7bit-base64-encoding, eml/message-multipart-7bit.eml", "a-mail-with-8bit-base64-encoding, eml/message-multipart-8bit.eml"})
    @ParameterizedTest
    void remoteDeliveryShouldNotBreakDKIMSignWhenEnable8BitMime(String str, String str2, SMTPMessageSender sMTPMessageSender, MockSmtpServerExtension.DockerMockSmtp dockerMockSmtp) throws Exception {
        InMemoryDNSService registerMxRecord = new InMemoryDNSService().registerMxRecord(JAMES_ANOTHER_DOMAIN, dockerMockSmtp.getIPAddress());
        this.jamesServer = TemporaryJamesServer.builder().withBase(MemoryJamesServerMain.SMTP_ONLY_MODULE).withOverrides(new Module[]{binder -> {
            binder.bind(DNSService.class).toInstance(registerMxRecord);
        }}).withSmtpConfiguration(SmtpConfiguration.builder().withAutorizedAddresses("0.0.0.0/0.0.0.0")).withMailetContainer(TemporaryJamesServer.simpleMailetContainerConfiguration().putProcessor(directResolutionTransport(MailetConfiguration.remoteDeliveryBuilder().addProperty("mail.smtp.allow8bitmime", "true"))).putProcessor(CommonProcessors.bounces())).build(tempDir);
        this.jamesServer.start();
        this.dataProbe = this.jamesServer.getProbe(DataProbeImpl.class);
        this.dataProbe.addDomain("james.org");
        this.dataProbe.addUser(FROM, "secret");
        sMTPMessageSender.connect("127.0.0.1", this.jamesServer.getProbe(SmtpGuiceProbe.class).getSmtpPort()).sendMessage(FakeMail.builder().name(str).sender(new MailAddress(FROM)).recipient(new MailAddress(RECIPIENT)).mimeMessage(MimeMessageUtil.mimeMessageFromStream(ClassLoader.getSystemResourceAsStream(str2))).build());
        Assertions.assertThat(this.dkimVerifier.verifyUsingCRLF(toMimeMessage(getFirstRecivedMail(dockerMockSmtp)))).isNotEmpty();
    }

    @CsvSource({"a-mail-with-7bit-encoding, eml/message-text-only-7bit.eml", "a-mail-with-7bit-base64-encoding, eml/message-multipart-7bit.eml", "a-mail-with-8bit-encoding, eml/message-text-only-8bit.eml", "a-mail-with-8bit-base64-encoding, eml/message-multipart-8bit.eml"})
    @ParameterizedTest
    void remoteDeliveryShouldNotBreakDKIMSignWhenDisable8BitMime(String str, String str2, SMTPMessageSender sMTPMessageSender, MockSmtpServerExtension.DockerMockSmtp dockerMockSmtp) throws Exception {
        InMemoryDNSService registerMxRecord = new InMemoryDNSService().registerMxRecord(JAMES_ANOTHER_DOMAIN, dockerMockSmtp.getIPAddress());
        this.jamesServer = TemporaryJamesServer.builder().withBase(MemoryJamesServerMain.SMTP_ONLY_MODULE).withOverrides(new Module[]{binder -> {
            binder.bind(DNSService.class).toInstance(registerMxRecord);
        }}).withSmtpConfiguration(SmtpConfiguration.builder().withAutorizedAddresses("0.0.0.0/0.0.0.0")).withMailetContainer(TemporaryJamesServer.simpleMailetContainerConfiguration().putProcessor(directResolutionTransport(MailetConfiguration.remoteDeliveryBuilder())).putProcessor(CommonProcessors.bounces())).build(tempDir);
        this.jamesServer.start();
        this.dataProbe = this.jamesServer.getProbe(DataProbeImpl.class);
        this.dataProbe.addDomain("james.org");
        this.dataProbe.addUser(FROM, "secret");
        sMTPMessageSender.connect("127.0.0.1", this.jamesServer.getProbe(SmtpGuiceProbe.class).getSmtpPort()).sendMessage(FakeMail.builder().name(str).sender(new MailAddress(FROM)).recipient(new MailAddress(RECIPIENT)).mimeMessage(MimeMessageUtil.mimeMessageFromStream(ClassLoader.getSystemResourceAsStream(str2))).build());
        Assertions.assertThat(this.dkimVerifier.verifyUsingCRLF(toMimeMessage(getFirstRecivedMail(dockerMockSmtp)))).isNotEmpty();
    }

    private MimeMessage toMimeMessage(Mail mail) {
        try {
            return MimeMessageUtil.mimeMessageFromString(mail.getMessage());
        } catch (MessagingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private Mail getFirstRecivedMail(MockSmtpServerExtension.DockerMockSmtp dockerMockSmtp) {
        return (Mail) ((Optional) Constants.awaitAtMostOneMinute.until(() -> {
            return dockerMockSmtp.getConfigurationClient().listMails().stream().findFirst();
        }, (v0) -> {
            return v0.isPresent();
        })).get();
    }

    private ProcessorConfiguration.Builder directResolutionTransport(MailetConfiguration.Builder builder) {
        return ProcessorConfiguration.transport().addMailet(MailetConfiguration.BCC_STRIPPER).addMailet(CONVERT_TO_7BIT_MAILET).addMailet(DKIMSIGN_MAILET).addMailet(builder.matcher(All.class));
    }
}
