package net.bluemind.milter.action.delegation;

import com.google.common.base.Strings;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import net.bluemind.addressbook.api.VCard;
import net.bluemind.core.api.Regex;
import net.bluemind.core.api.fault.ErrorCode;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.api.IContainerManagement;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.core.container.model.acl.Verb;
import net.bluemind.domain.api.Domain;
import net.bluemind.mailbox.api.IMailboxAclUids;
import net.bluemind.mailflow.rbe.IClientContext;
import net.bluemind.milter.Status;
import net.bluemind.milter.SysconfHelper;
import net.bluemind.milter.action.MilterAction;
import net.bluemind.milter.action.MilterActionException;
import net.bluemind.milter.action.MilterActionsFactory;
import net.bluemind.milter.action.UpdatedMailMessage;
import net.bluemind.milter.cache.DirectoryCache;
import net.bluemind.milter.cache.DomainAliasCache;
import net.bluemind.user.api.IUser;
import org.columba.ristretto.message.Address;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/milter/action/delegation/DelegationAction.class */
public class DelegationAction implements MilterAction {
    private static final Logger logger = LoggerFactory.getLogger(DelegationAction.class);
    private static final Status SMTP_ERROR_STATUS = Status.getCustom("550", "5.7.1", new String[]{"Message cannot be delivered because of insufficient delegation rights."});

    /* loaded from: input_file:net/bluemind/milter/action/delegation/DelegationAction$DelegationActionFactory.class */
    public static class DelegationActionFactory implements MilterActionsFactory {
        public MilterAction create() {
            return new DelegationAction();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/bluemind/milter/action/delegation/DelegationAction$DelegationHeaderInfo.class */
    public static final class DelegationHeaderInfo extends Record {
        private final String sender;
        private final String from;
        private final ItemValue<Domain> senderDomain;

        private DelegationHeaderInfo(String str, String str2, ItemValue<Domain> itemValue) {
            this.sender = str;
            this.from = str2;
            this.senderDomain = itemValue;
        }

        public String sender() {
            return this.sender;
        }

        public String from() {
            return this.from;
        }

        public ItemValue<Domain> senderDomain() {
            return this.senderDomain;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, DelegationHeaderInfo.class), DelegationHeaderInfo.class, "sender;from;senderDomain", "FIELD:Lnet/bluemind/milter/action/delegation/DelegationAction$DelegationHeaderInfo;->sender:Ljava/lang/String;", "FIELD:Lnet/bluemind/milter/action/delegation/DelegationAction$DelegationHeaderInfo;->from:Ljava/lang/String;", "FIELD:Lnet/bluemind/milter/action/delegation/DelegationAction$DelegationHeaderInfo;->senderDomain:Lnet/bluemind/core/container/model/ItemValue;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, DelegationHeaderInfo.class), DelegationHeaderInfo.class, "sender;from;senderDomain", "FIELD:Lnet/bluemind/milter/action/delegation/DelegationAction$DelegationHeaderInfo;->sender:Ljava/lang/String;", "FIELD:Lnet/bluemind/milter/action/delegation/DelegationAction$DelegationHeaderInfo;->from:Ljava/lang/String;", "FIELD:Lnet/bluemind/milter/action/delegation/DelegationAction$DelegationHeaderInfo;->senderDomain:Lnet/bluemind/core/container/model/ItemValue;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, DelegationHeaderInfo.class, Object.class), DelegationHeaderInfo.class, "sender;from;senderDomain", "FIELD:Lnet/bluemind/milter/action/delegation/DelegationAction$DelegationHeaderInfo;->sender:Ljava/lang/String;", "FIELD:Lnet/bluemind/milter/action/delegation/DelegationAction$DelegationHeaderInfo;->from:Ljava/lang/String;", "FIELD:Lnet/bluemind/milter/action/delegation/DelegationAction$DelegationHeaderInfo;->senderDomain:Lnet/bluemind/core/container/model/ItemValue;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }
    }

    public String identifier() {
        return "milter.delegation";
    }

    public String description() {
        return "Milter delegation action";
    }

    public void execute(UpdatedMailMessage updatedMailMessage, Map<String, String> map, Map<String, String> map2, IClientContext iClientContext) {
        ItemValue senderDomain = iClientContext.getSenderDomain();
        if (DomainAliasCache.getDomain(((Domain) senderDomain.value).defaultAlias) == null) {
            String format = String.format("Cannot find domain/alias %s", senderDomain);
            logger.warn(format);
            throw new MilterActionException(format);
        }
        if (updatedMailMessage.getMessage().getFrom().isEmpty()) {
            return;
        }
        resolveConnectedUserAddress(updatedMailMessage, iClientContext).ifPresent(delegationHeaderInfo -> {
            verifyAclAndApplyHeader(updatedMailMessage, iClientContext, delegationHeaderInfo);
        });
    }

    private boolean isAdmin(String str) {
        return "admin0@global.virt".equals(str);
    }

    private void verifyAclAndApplyHeader(UpdatedMailMessage updatedMailMessage, IClientContext iClientContext, DelegationHeaderInfo delegationHeaderInfo) {
        try {
            DirectoryCache.getUserUidByEmail(iClientContext, delegationHeaderInfo.senderDomain.uid, delegationHeaderInfo.sender).ifPresentOrElse(str -> {
                DirectoryCache.getUserUidByEmail(iClientContext, delegationHeaderInfo.senderDomain.uid, delegationHeaderInfo.from).ifPresentOrElse(str -> {
                    if (str.equals(str)) {
                        return;
                    }
                    canSendAsOnBehalf(iClientContext, updatedMailMessage, str, delegationHeaderInfo);
                }, () -> {
                    verifySenderCanUseExternalIdentity(str, updatedMailMessage, iClientContext, delegationHeaderInfo.sender);
                });
            }, () -> {
                logger.error("User (email sender) matching to address '{}' not found", delegationHeaderInfo.sender);
            });
        } catch (ServerFault e) {
            if (e.getCode() == ErrorCode.INVALID_PARAMETER) {
                updatedMailMessage.errorStatus = SMTP_ERROR_STATUS;
                logger.error("Message cannot be delivered because one of these login email have not been found\nSender: '%s'\nFrom: '%s'\n\nReturn SMTP Status: %s\n".formatted(delegationHeaderInfo.sender, delegationHeaderInfo.from, SMTP_ERROR_STATUS));
            } else {
                updatedMailMessage.errorStatus = SMTP_ERROR_STATUS;
                logger.error("Message cannot be delivered\nSender: '%s'\nFrom: '%s'\n\nReturn SMTP Status: %s\nError message: %s\n".formatted(delegationHeaderInfo.sender, delegationHeaderInfo.from, SMTP_ERROR_STATUS, e.getMessage()));
            }
        }
    }

    private void verifySenderCanUseExternalIdentity(String str, UpdatedMailMessage updatedMailMessage, IClientContext iClientContext, String str2) {
        if (hasRole(iClientContext, str)) {
            return;
        }
        updatedMailMessage.errorStatus = SMTP_ERROR_STATUS;
        logger.error("Message cannot be delivered because '%s' has no been found as an External Identity\n\nReturn SMTP Status: %s\n".formatted(str2, SMTP_ERROR_STATUS));
    }

    private boolean hasRole(IClientContext iClientContext, String str) {
        return ((IUser) iClientContext.provider().instance(IUser.class, new String[]{iClientContext.getSenderDomain().uid})).getResolvedRoles(str).stream().anyMatch(str2 -> {
            return str2.equals("canCreateExternalIdentity");
        });
    }

    private Optional<DelegationHeaderInfo> resolveConnectedUserAddress(UpdatedMailMessage updatedMailMessage, IClientContext iClientContext) {
        Optional map = Optional.ofNullable((Collection) updatedMailMessage.properties.get("{auth_authen}")).map(collection -> {
            return (String) collection.stream().map(Strings::emptyToNull).filter((v0) -> {
                return Objects.nonNull(v0);
            }).findFirst().orElse(null);
        });
        return ((Optional) map.filter(str -> {
            return !Regex.EMAIL.validate(str);
        }).map(str2 -> {
            return (String) DomainAliasCache.getDomainFromEmail(str2).map(DomainAliasCache::getDomainAlias).orElseGet(() -> {
                return DomainAliasCache.getDomainAlias((String) SysconfHelper.defaultDomain.get());
            });
        }).map(str3 -> {
            return Optional.ofNullable(((String) map.get()).concat("@").concat(str3));
        }).orElse(map)).map(str4 -> {
            if (isAdmin(str4)) {
                return null;
            }
            String address = updatedMailMessage.getMessage().getFrom().get(0).getAddress();
            if (str4.equalsIgnoreCase(address)) {
                return null;
            }
            return new DelegationHeaderInfo(str4, address, iClientContext.getSenderDomain());
        });
    }

    private void canSendAsOnBehalf(IClientContext iClientContext, UpdatedMailMessage updatedMailMessage, String str, DelegationHeaderInfo delegationHeaderInfo) {
        logger.info("Try to send a message using delegation:\nDomain: %s\nSender Address: %s\nFrom Address: %s\n".formatted(delegationHeaderInfo.senderDomain, delegationHeaderInfo.sender, delegationHeaderInfo.from));
        List list = ((IContainerManagement) iClientContext.sudo(delegationHeaderInfo.sender).instance(IContainerManagement.class, new String[]{IMailboxAclUids.uidForMailbox(str)})).canAccessVerbs(List.of(Verb.SendOnBehalf.name(), Verb.SendAs.name())).getVerbs().stream().map(Verb::valueOf).toList();
        if (list.isEmpty()) {
            insufficientDelegationRights(updatedMailMessage, delegationHeaderInfo);
        } else if (list.stream().noneMatch(verb -> {
            return verb.can(Verb.SendAs);
        })) {
            addSenderHeader(iClientContext, updatedMailMessage, delegationHeaderInfo);
        }
    }

    private void insufficientDelegationRights(UpdatedMailMessage updatedMailMessage, DelegationHeaderInfo delegationHeaderInfo) {
        updatedMailMessage.errorStatus = SMTP_ERROR_STATUS;
        logger.error("Message cannot be delivered because of insufficient delegation rights\nSender: '%s'\nFrom: '%s'\n\nReturn SMTP Status: %s\n".formatted(delegationHeaderInfo.sender, delegationHeaderInfo.from, SMTP_ERROR_STATUS));
    }

    private void addSenderHeader(IClientContext iClientContext, UpdatedMailMessage updatedMailMessage, DelegationHeaderInfo delegationHeaderInfo) {
        try {
            DomainAliasCache.getLeftPartFromEmail(delegationHeaderInfo.sender).ifPresentOrElse(str -> {
                Optional vCard = DirectoryCache.getVCard(iClientContext, delegationHeaderInfo.senderDomain.uid, delegationHeaderInfo.sender);
                updatedMailMessage.addHeader("Sender", new Address((!vCard.isPresent() || ((VCard) vCard.get()).identification == null || ((VCard) vCard.get()).identification.formatedName == null) ? str : ((VCard) vCard.get()).identification.formatedName.value, str + "@" + ((String) DomainAliasCache.getDomainFromEmail(delegationHeaderInfo.sender).filter(str -> {
                    return !str.equals(delegationHeaderInfo.senderDomain.uid) && ((Domain) delegationHeaderInfo.senderDomain.value).aliases.contains(str);
                }).orElse(((Domain) delegationHeaderInfo.senderDomain.value).defaultAlias))).toString(), identifier());
            }, () -> {
                updatedMailMessage.addHeader("Sender", delegationHeaderInfo.sender, identifier());
            });
        } catch (Exception e) {
            throw new MilterActionException(e);
        }
    }
}
