package com.zimbra.qa.unittest;

import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.ZAttrProvisioning;
import com.zimbra.cs.account.auth.AuthContext;
import java.util.HashMap;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:com/zimbra/qa/unittest/TestAccountLockout.class */
public class TestAccountLockout {
    private static final String ACCT = "testlockout";
    private static final String PASSWORD = "test123";
    private static final int LOCKOUT_AFTER_NUM_FAILURES = 3;

    @BeforeClass
    public static void init() throws Exception {
        Assert.assertNull(getAccount());
        HashMap hashMap = new HashMap();
        hashMap.put(ZAttrProvisioning.A_zimbraPasswordLockoutEnabled, "TRUE");
        hashMap.put(ZAttrProvisioning.A_zimbraPasswordLockoutDuration, "1m");
        hashMap.put(ZAttrProvisioning.A_zimbraPasswordLockoutMaxFailures, "3");
        hashMap.put(ZAttrProvisioning.A_zimbraPasswordLockoutFailureLifetime, "30s");
        Assert.assertNotNull(Provisioning.getInstance().createAccount(getAccountName(), "test123", hashMap));
    }

    @AfterClass
    public static void cleanup() throws Exception {
        Account account = getAccount();
        Assert.assertNotNull(account);
        Provisioning.getInstance().deleteAccount(account.getId());
    }

    private static String getAccountName() throws Exception {
        Provisioning.getInstance();
        return TestUtil.getAddress(ACCT, TestUtil.getDomain());
    }

    private static Account getAccount() throws Exception {
        return Provisioning.getInstance().get(Provisioning.AccountBy.name, getAccountName());
    }

    private void lockoutAccount() throws Exception {
        Provisioning provisioning = Provisioning.getInstance();
        Account account = getAccount();
        for (int i = 0; i <= 3; i++) {
            boolean z = false;
            try {
                provisioning.authAccount(account, "test123-not", AuthContext.Protocol.test, null);
            } catch (AccountServiceException e) {
                if (AccountServiceException.AUTH_FAILED.equals(e.getCode())) {
                    z = true;
                }
            }
            Assert.assertTrue(z);
        }
        Assert.assertEquals(ZAttrProvisioning.AccountStatus.lockout, account.getAccountStatus());
    }

    @Test
    public void successfulLogin() throws Exception {
        lockoutAccount();
        Provisioning provisioning = Provisioning.getInstance();
        Account account = getAccount();
        Thread.sleep(account.getPasswordLockoutDuration() + 2000);
        provisioning.authAccount(account, "test123", AuthContext.Protocol.test, null);
        Assert.assertEquals(ZAttrProvisioning.AccountStatus.active, account.getAccountStatus());
    }

    @Test
    public void ssoWhenAccountIsLockedout() throws Exception {
        lockoutAccount();
        boolean z = false;
        try {
            Provisioning.getInstance().ssoAuthAccount(getAccount(), AuthContext.Protocol.test, null);
        } catch (AccountServiceException e) {
            if (AccountServiceException.AUTH_FAILED.equals(e.getCode())) {
                z = true;
            }
        }
        Assert.assertTrue(z);
    }
}
