This is an automated email from the ASF dual-hosted git repository.

chibenwa pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git

commit 19c7f4060b45fe4fa24f6cf9b41e5efd77ce636a
Author: Quan Tran <[email protected]>
AuthorDate: Thu Jun 4 14:52:08 2026 +0700

    [REFACTORING] Split IMAPServerOidcTest
---
 .../james/imapserver/netty/IMAPServerOidcTest.java | 353 +++++++++++++++++++++
 .../james/imapserver/netty/IMAPServerTest.java     | 313 ------------------
 2 files changed, 353 insertions(+), 313 deletions(-)

diff --git 
a/server/protocols/protocols-imap4/src/test/java/org/apache/james/imapserver/netty/IMAPServerOidcTest.java
 
b/server/protocols/protocols-imap4/src/test/java/org/apache/james/imapserver/netty/IMAPServerOidcTest.java
new file mode 100644
index 0000000000..033a335c89
--- /dev/null
+++ 
b/server/protocols/protocols-imap4/src/test/java/org/apache/james/imapserver/netty/IMAPServerOidcTest.java
@@ -0,0 +1,353 @@
+/****************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one   *
+ * or more contributor license agreements.  See the NOTICE file *
+ * distributed with this work for additional information        *
+ * regarding copyright ownership.  The ASF licenses this file   *
+ * to you under the Apache License, Version 2.0 (the            *
+ * "License"); you may not use this file except in compliance   *
+ * with the License.  You may obtain a copy of the License at   *
+ *                                                              *
+ *   http://www.apache.org/licenses/LICENSE-2.0                 *
+ *                                                              *
+ * Unless required by applicable law or agreed to in writing,   *
+ * software distributed under the License is distributed on an  *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY       *
+ * KIND, either express or implied.  See the License for the    *
+ * specific language governing permissions and limitations      *
+ * under the License.                                           *
+ ****************************************************************/
+
+package org.apache.james.imapserver.netty;
+
+import static org.apache.james.jwt.OidcTokenFixture.INTROSPECTION_RESPONSE;
+import static org.assertj.core.api.Assertions.assertThat;
+
+import java.nio.charset.StandardCharsets;
+
+import org.apache.commons.configuration2.HierarchicalConfiguration;
+import org.apache.commons.configuration2.tree.ImmutableNode;
+import org.apache.commons.net.imap.IMAPSClient;
+import org.apache.james.imap.processor.fetch.FetchProcessor;
+import org.apache.james.jwt.OidcTokenFixture;
+import org.apache.james.mailbox.inmemory.manager.InMemoryIntegrationResources;
+import org.apache.james.mailbox.store.FakeAuthenticator;
+import org.apache.james.mailbox.store.FakeAuthorizator;
+import org.apache.james.protocols.api.OIDCSASLHelper;
+import org.apache.james.protocols.lib.mock.ConfigLoader;
+import org.apache.james.util.ClassLoaderUtils;
+import org.apache.james.utils.TestIMAPClient;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockserver.integration.ClientAndServer;
+import org.mockserver.model.HttpRequest;
+import org.mockserver.model.HttpResponse;
+
+
+@SuppressWarnings("checkstyle:membername")
+class IMAPServerOidcTest extends AbstractIMAPServerTest {
+    String JWKS_URI_PATH = "/jwks";
+    String INTROSPECT_TOKEN_URI_PATH = "/introspect";
+    String USERINFO_URI_PATH = "/userinfo";
+    ClientAndServer authServer;
+    IMAPServer imapServer;
+    int port;
+
+    @BeforeEach
+    void authSetup() throws Exception {
+        authServer = ClientAndServer.startClientAndServer(0);
+        authServer
+            .when(HttpRequest.request().withPath(JWKS_URI_PATH))
+            .respond(HttpResponse.response().withStatusCode(200)
+                .withHeader("Content-Type", "application/json")
+                .withBody(OidcTokenFixture.JWKS_RESPONSE, 
StandardCharsets.UTF_8));
+
+        FakeAuthenticator authenticator = new FakeAuthenticator();
+        authenticator.addUser(USER, USER_PASS);
+        authenticator.addUser(USER2, USER_PASS);
+
+        InMemoryIntegrationResources integrationResources = 
InMemoryIntegrationResources.builder()
+            .authenticator(authenticator)
+            .authorizator(FakeAuthorizator.forGivenUserAndDelegatedUser(USER, 
USER2))
+            .inVmEventBus()
+            .defaultAnnotationLimits()
+            .defaultMessageParser()
+            .scanningSearchIndex()
+            .noPreDeletionHooks()
+            .storeQuotaManager()
+            .build();
+
+        HierarchicalConfiguration<ImmutableNode> config = 
ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("oauth.xml"));
+        config.addProperty("auth.oidc.jwksURL", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), 
JWKS_URI_PATH));
+        config.addProperty("auth.oidc.claim", OidcTokenFixture.CLAIM);
+        config.addProperty("auth.oidc.oidcConfigurationURL", 
"https://example.com/jwks";);
+        config.addProperty("auth.oidc.scope", "email");
+
+        imapServer = createImapServer(config, integrationResources, 
FetchProcessor.LocalCacheConfiguration.DEFAULT);
+        port = imapServer.getListenAddresses().get(0).getPort();
+    }
+
+    @AfterEach
+    void tearDown() {
+        if (imapServer != null) {
+            imapServer.destroy();
+        }
+        authServer.stop();
+    }
+
+    @Test
+    void oauthShouldSuccessWhenValidToken() throws Exception {
+        String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER.asString(), 
OidcTokenFixture.VALID_TOKEN);
+        IMAPSClient client = imapsClient(port);
+        client.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
+        assertThat(client.getReplyString()).contains("OK AUTHENTICATE 
completed.");
+    }
+
+    @Test
+    void oauthShouldFailWhenInValidToken() throws Exception {
+        IMAPSClient client = imapsClient(port);
+        client.sendCommand("AUTHENTICATE OAUTHBEARER invalidtoken");
+        assertThat(client.getReplyString()).contains("NO AUTHENTICATE 
failed.");
+    }
+
+    @Test
+    void oauthShouldFailWhenConfigIsNotProvided() throws Exception {
+        imapServer.destroy();
+        HierarchicalConfiguration<ImmutableNode> config = 
ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("imapServerRequireSSLIsTrueAndStartSSLIsTrue.xml"));
+        imapServer = createImapServer(config);
+        int port = imapServer.getListenAddresses().get(0).getPort();
+
+        IMAPSClient client = imapsClient(port);
+        client.sendCommand("AUTHENTICATE OAUTHBEARER " + 
OidcTokenFixture.VALID_TOKEN);
+        assertThat(client.getReplyString()).contains("NO AUTHENTICATE failed. 
Authentication mechanism is unsupported.");
+    }
+
+    @Test
+    void capabilityShouldAdvertiseOAUTHBEARERWhenConfigIsProvided() throws 
Exception {
+        IMAPSClient client = imapsClient(port);
+        client.capability();
+        assertThat(client.getReplyString()).contains("AUTH=OAUTHBEARER");
+    }
+
+    @Test
+    void capabilityShouldAdvertiseXOAUTH2WhenConfigIsProvided() throws 
Exception {
+        IMAPSClient client = imapsClient(port);
+        client.capability();
+        assertThat(client.getReplyString()).contains("AUTH=XOAUTH2");
+    }
+
+    @Test
+    void oauthShouldSupportOAUTH2Type() throws Exception {
+        String xoauth2 = 
OIDCSASLHelper.generateEncodedXOauth2InitialClientResponse(USER.asString(), 
OidcTokenFixture.VALID_TOKEN);
+        IMAPSClient client = imapsClient(port);
+        client.sendCommand("AUTHENTICATE XOAUTH2 " + xoauth2);
+        assertThat(client.getReplyString()).contains("OK AUTHENTICATE 
completed.");
+    }
+
+    @Test
+    void capabilityShouldNotAdvertiseOAUTHBEARERWhenConfigIsNotProvided() 
throws Exception {
+        imapServer.destroy();
+        HierarchicalConfiguration<ImmutableNode> config = 
ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("imapServerRequireSSLIsTrueAndStartSSLIsTrue.xml"));
+        imapServer = createImapServer(config);
+        int port = imapServer.getListenAddresses().get(0).getPort();
+
+        IMAPSClient client = imapsClient(port);
+        client.capability();
+        assertThat(client.getReplyString()).doesNotContain("AUTH=OAUTHBEARER");
+        assertThat(client.getReplyString()).doesNotContain("AUTH=XOAUTH2");
+    }
+
+    @Test
+    void shouldNotOauthWhenAuthIsReady() throws Exception {
+        String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER.asString(), 
OidcTokenFixture.VALID_TOKEN);
+        IMAPSClient client = imapsClient(port);
+        client.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
+        client.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
+        assertThat(client.getReplyString()).contains("NO AUTHENTICATE failed. 
Command not valid in this state.");
+    }
+
+    @Test
+    void appendShouldSuccessWhenAuthenticated() throws Exception {
+        String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER.asString(), 
OidcTokenFixture.VALID_TOKEN);
+        IMAPSClient imapsClient = imapsClient(port);
+        imapsClient.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
+        imapsClient.create("INBOX");
+        imapsClient.append("INBOX", null, null, SMALL_MESSAGE);
+
+        assertThat(imapsClient.getReplyString()).contains("APPEND completed.");
+    }
+
+    @Test
+    void appendShouldFailWhenNotAuthenticated() throws Exception {
+        IMAPSClient imapsClient = imapsClient(port);
+        imapsClient.create("INBOX");
+        assertThat(imapsClient.getReplyString()).contains("Command not valid 
in this state.");
+    }
+
+    @Test
+    void oauthShouldFailWhenIntrospectTokenReturnActiveIsFalse() throws 
Exception {
+        imapServer.destroy();
+
+        authServer
+            .when(HttpRequest.request().withPath(INTROSPECT_TOKEN_URI_PATH))
+            .respond(HttpResponse.response().withStatusCode(200)
+                .withHeader("Content-Type", "application/json")
+                .withBody("{\"active\": false}", StandardCharsets.UTF_8));
+
+        HierarchicalConfiguration<ImmutableNode> config = 
ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("oauth.xml"));
+        config.addProperty("auth.oidc.jwksURL", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), 
JWKS_URI_PATH));
+        config.addProperty("auth.oidc.claim", OidcTokenFixture.CLAIM);
+        config.addProperty("auth.oidc.oidcConfigurationURL", 
"https://example.com/jwks";);
+        config.addProperty("auth.oidc.scope", "email");
+        config.addProperty("auth.oidc.introspection.url", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), 
INTROSPECT_TOKEN_URI_PATH));
+
+        imapServer = createImapServer(config);
+
+        int port = imapServer.getListenAddresses().get(0).getPort();
+
+        String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER.asString(), 
OidcTokenFixture.VALID_TOKEN);
+        IMAPSClient client = imapsClient(port);
+        client.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
+        assertThat(client.getReplyString()).contains("NO AUTHENTICATE 
failed.");
+    }
+
+    @Test
+    void oauthShouldSuccessWhenIntrospectTokenReturnActiveIsTrue() throws 
Exception {
+        imapServer.destroy();
+
+        authServer
+            .when(HttpRequest.request().withPath(INTROSPECT_TOKEN_URI_PATH))
+            .respond(HttpResponse.response().withStatusCode(200)
+                .withHeader("Content-Type", "application/json")
+                .withBody(INTROSPECTION_RESPONSE, StandardCharsets.UTF_8));
+
+        HierarchicalConfiguration<ImmutableNode> config = 
ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("oauth.xml"));
+        config.addProperty("auth.oidc.jwksURL", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), 
JWKS_URI_PATH));
+        config.addProperty("auth.oidc.claim", OidcTokenFixture.CLAIM);
+        config.addProperty("auth.oidc.oidcConfigurationURL", 
"https://example.com/jwks";);
+        config.addProperty("auth.oidc.scope", "email");
+        config.addProperty("auth.oidc.introspection.url", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), 
INTROSPECT_TOKEN_URI_PATH));
+
+        imapServer = createImapServer(config);
+
+        int port = imapServer.getListenAddresses().get(0).getPort();
+
+        String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER.asString(), 
OidcTokenFixture.VALID_TOKEN);
+        IMAPSClient client = imapsClient(port);
+        client.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
+        assertThat(client.getReplyString()).contains("OK AUTHENTICATE 
completed.");
+    }
+
+    @Test
+    void oauthShouldFailWhenIntrospectTokenServerError() throws Exception {
+        imapServer.destroy();
+        String invalidURI = "/invalidURI";
+        authServer
+            .when(HttpRequest.request().withPath(invalidURI))
+            .respond(HttpResponse.response().withStatusCode(401));
+
+        HierarchicalConfiguration<ImmutableNode> config = 
ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("oauth.xml"));
+        config.addProperty("auth.oidc.jwksURL", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), 
JWKS_URI_PATH));
+        config.addProperty("auth.oidc.claim", OidcTokenFixture.CLAIM);
+        config.addProperty("auth.oidc.oidcConfigurationURL", 
"https://example.com/jwks";);
+        config.addProperty("auth.oidc.scope", "email");
+        config.addProperty("auth.oidc.introspection.url", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), invalidURI));
+
+        imapServer = createImapServer(config);
+
+        int port = imapServer.getListenAddresses().get(0).getPort();
+
+        String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER.asString(), 
OidcTokenFixture.VALID_TOKEN);
+        IMAPSClient client = imapsClient(port);
+        client.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
+        assertThat(client.getReplyString()).contains("NO AUTHENTICATE 
processing failed.");
+    }
+
+    @Test
+    void oauthShouldSuccessWhenCheckTokenByUserInfoIsPassed() throws Exception 
{
+        imapServer.destroy();
+
+        authServer
+            .when(HttpRequest.request().withPath(USERINFO_URI_PATH))
+            .respond(HttpResponse.response().withStatusCode(200)
+                .withHeader("Content-Type", "application/json")
+                .withBody(OidcTokenFixture.USERINFO_RESPONSE, 
StandardCharsets.UTF_8));
+
+        HierarchicalConfiguration<ImmutableNode> config = 
ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("oauth.xml"));
+        config.addProperty("auth.oidc.jwksURL", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), 
JWKS_URI_PATH));
+        config.addProperty("auth.oidc.claim", OidcTokenFixture.CLAIM);
+        config.addProperty("auth.oidc.oidcConfigurationURL", 
"https://example.com/jwks";);
+        config.addProperty("auth.oidc.scope", "email");
+        config.addProperty("auth.oidc.userinfo.url", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), 
USERINFO_URI_PATH));
+
+        imapServer = createImapServer(config);
+
+        int port = imapServer.getListenAddresses().get(0).getPort();
+
+        String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER.asString(), 
OidcTokenFixture.VALID_TOKEN);
+        IMAPSClient client = imapsClient(port);
+        client.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
+        assertThat(client.getReplyString()).contains("OK AUTHENTICATE 
completed.");
+    }
+
+    @Test
+    void oauthShouldFailWhenCheckTokenByUserInfoIsFailed() throws Exception {
+        imapServer.destroy();
+
+        authServer
+            .when(HttpRequest.request().withPath(USERINFO_URI_PATH))
+            .respond(HttpResponse.response().withStatusCode(401)
+                .withHeader("Content-Type", "application/json"));
+
+        HierarchicalConfiguration<ImmutableNode> config = 
ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("oauth.xml"));
+        config.addProperty("auth.oidc.jwksURL", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), 
JWKS_URI_PATH));
+        config.addProperty("auth.oidc.claim", OidcTokenFixture.CLAIM);
+        config.addProperty("auth.oidc.oidcConfigurationURL", 
"https://example.com/jwks";);
+        config.addProperty("auth.oidc.scope", "email");
+        config.addProperty("auth.oidc.userinfo.url", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), 
USERINFO_URI_PATH));
+
+        imapServer = createImapServer(config);
+
+        int port = imapServer.getListenAddresses().get(0).getPort();
+
+        String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER.asString(), 
OidcTokenFixture.VALID_TOKEN);
+        IMAPSClient client = imapsClient(port);
+        client.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
+        assertThat(client.getReplyString()).contains("NO AUTHENTICATE 
processing failed.");
+    }
+
+    @Test
+    void oauthShouldImpersonateFailWhenNOTDelegated() throws Exception {
+        String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER3.asString(),
 OidcTokenFixture.VALID_TOKEN);
+        IMAPSClient client = imapsClient(port);
+        client.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
+        assertThat(client.getReplyString()).contains("NO AUTHENTICATE");
+    }
+
+    @Test
+    void oauthShouldImpersonateSuccessWhenDelegated() throws Exception {
+        String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER2.asString(),
 OidcTokenFixture.VALID_TOKEN);
+        IMAPSClient client = imapsClient(port);
+        client.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
+        assertThat(client.getReplyString()).contains("OK AUTHENTICATE 
completed.");
+    }
+
+    @Test
+    void impersonationShouldWorkWhenDelegated() throws Exception {
+        // USER2: append a message
+        try (TestIMAPClient client = new TestIMAPClient(imapsClient(port))) {
+            client.login(USER2.asString(), USER_PASS)
+                .append("INBOX", SMALL_MESSAGE);
+        }
+
+        // USER1 authenticate and impersonate as USER2
+        try (TestIMAPClient client = new TestIMAPClient(imapsClient(port))) {
+            String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER2.asString(),
 OidcTokenFixture.VALID_TOKEN);
+            String authenticateResponse = client.sendCommand("AUTHENTICATE 
OAUTHBEARER " + oauthBearer);
+            assertThat(authenticateResponse).contains("OK AUTHENTICATE 
completed.");
+
+            assertThat(client.select("INBOX")
+                .readFirstMessage()).contains(SMALL_MESSAGE);
+        }
+    }
+}
diff --git 
a/server/protocols/protocols-imap4/src/test/java/org/apache/james/imapserver/netty/IMAPServerTest.java
 
b/server/protocols/protocols-imap4/src/test/java/org/apache/james/imapserver/netty/IMAPServerTest.java
index 816e55dc7f..dc3b1166f7 100644
--- 
a/server/protocols/protocols-imap4/src/test/java/org/apache/james/imapserver/netty/IMAPServerTest.java
+++ 
b/server/protocols/protocols-imap4/src/test/java/org/apache/james/imapserver/netty/IMAPServerTest.java
@@ -21,7 +21,6 @@ package org.apache.james.imapserver.netty;
 
 import static jakarta.mail.Flags.Flag.ANSWERED;
 import static org.apache.james.jmap.JMAPTestingConstants.LOCALHOST_IP;
-import static org.apache.james.jwt.OidcTokenFixture.INTROSPECTION_RESPONSE;
 import static org.apache.james.mailbox.MessageManager.FlagsUpdateMode.REPLACE;
 import static 
org.apache.james.mailbox.MessageManager.MailboxMetaData.FetchGroup.NO_COUNT;
 import static 
org.apache.james.mailbox.MessageManager.MailboxMetaData.RecentMode.IGNORE;
@@ -76,7 +75,6 @@ import 
org.apache.james.imap.encode.main.DefaultImapEncoderFactory;
 import org.apache.james.imap.main.DefaultImapDecoderFactory;
 import org.apache.james.imap.processor.fetch.FetchProcessor;
 import org.apache.james.imap.processor.main.DefaultImapProcessorFactory;
-import org.apache.james.jwt.OidcTokenFixture;
 import org.apache.james.mailbox.MailboxSession;
 import org.apache.james.mailbox.MessageManager;
 import org.apache.james.mailbox.MessageUid;
@@ -92,7 +90,6 @@ import org.apache.james.mailbox.store.FakeAuthorizator;
 import org.apache.james.mailbox.store.StoreSubscriptionManager;
 import org.apache.james.metrics.api.NoopGaugeRegistry;
 import org.apache.james.metrics.tests.RecordingMetricFactory;
-import org.apache.james.protocols.api.OIDCSASLHelper;
 import org.apache.james.protocols.api.utils.BogusSslContextFactory;
 import org.apache.james.protocols.api.utils.BogusTrustManagerFactory;
 import org.apache.james.protocols.lib.LegacyJavaEncryptionFactory;
@@ -111,9 +108,6 @@ import org.junit.jupiter.api.RepeatedTest;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.RegisterExtension;
 import org.mockito.stubbing.Answer;
-import org.mockserver.integration.ClientAndServer;
-import org.mockserver.model.HttpRequest;
-import org.mockserver.model.HttpResponse;
 import org.slf4j.LoggerFactory;
 
 import com.github.fge.lambdas.Throwing;
@@ -262,313 +256,6 @@ class IMAPServerTest {
 
 
 
-    @Nested
-    class Oidc {
-        String JWKS_URI_PATH = "/jwks";
-        String INTROSPECT_TOKEN_URI_PATH = "/introspect";
-        String USERINFO_URI_PATH = "/userinfo";
-        ClientAndServer authServer;
-        IMAPServer imapServer;
-        int port;
-
-        @BeforeEach
-        void authSetup() throws Exception {
-            authServer = ClientAndServer.startClientAndServer(0);
-            authServer
-                .when(HttpRequest.request().withPath(JWKS_URI_PATH))
-                .respond(HttpResponse.response().withStatusCode(200)
-                    .withHeader("Content-Type", "application/json")
-                    .withBody(OidcTokenFixture.JWKS_RESPONSE, 
StandardCharsets.UTF_8));
-
-            FakeAuthenticator authenticator = new FakeAuthenticator();
-            authenticator.addUser(USER, USER_PASS);
-            authenticator.addUser(USER2, USER_PASS);
-
-            InMemoryIntegrationResources integrationResources = 
InMemoryIntegrationResources.builder()
-                .authenticator(authenticator)
-                
.authorizator(FakeAuthorizator.forGivenUserAndDelegatedUser(USER, USER2))
-                .inVmEventBus()
-                .defaultAnnotationLimits()
-                .defaultMessageParser()
-                .scanningSearchIndex()
-                .noPreDeletionHooks()
-                .storeQuotaManager()
-                .build();
-
-            HierarchicalConfiguration<ImmutableNode> config = 
ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("oauth.xml"));
-            config.addProperty("auth.oidc.jwksURL", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), 
JWKS_URI_PATH));
-            config.addProperty("auth.oidc.claim", OidcTokenFixture.CLAIM);
-            config.addProperty("auth.oidc.oidcConfigurationURL", 
"https://example.com/jwks";);
-            config.addProperty("auth.oidc.scope", "email");
-
-            imapServer = createImapServer(config, integrationResources, 
FetchProcessor.LocalCacheConfiguration.DEFAULT);
-            port = imapServer.getListenAddresses().get(0).getPort();
-        }
-
-        @AfterEach
-        void tearDown() {
-            if (imapServer != null) {
-                imapServer.destroy();
-            }
-            authServer.stop();
-        }
-
-        @Test
-        void oauthShouldSuccessWhenValidToken() throws Exception {
-            String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER.asString(), 
OidcTokenFixture.VALID_TOKEN);
-            IMAPSClient client = imapsClient(port);
-            client.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
-            assertThat(client.getReplyString()).contains("OK AUTHENTICATE 
completed.");
-        }
-
-        @Test
-        void oauthShouldFailWhenInValidToken() throws Exception {
-            IMAPSClient client = imapsClient(port);
-            client.sendCommand("AUTHENTICATE OAUTHBEARER invalidtoken");
-            assertThat(client.getReplyString()).contains("NO AUTHENTICATE 
failed.");
-        }
-
-        @Test
-        void oauthShouldFailWhenConfigIsNotProvided() throws Exception {
-            imapServer.destroy();
-            HierarchicalConfiguration<ImmutableNode> config = 
ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("imapServerRequireSSLIsTrueAndStartSSLIsTrue.xml"));
-            imapServer = createImapServer(config);
-            int port = imapServer.getListenAddresses().get(0).getPort();
-
-            IMAPSClient client = imapsClient(port);
-            client.sendCommand("AUTHENTICATE OAUTHBEARER " + 
OidcTokenFixture.VALID_TOKEN);
-            assertThat(client.getReplyString()).contains("NO AUTHENTICATE 
failed. Authentication mechanism is unsupported.");
-        }
-
-        @Test
-        void capabilityShouldAdvertiseOAUTHBEARERWhenConfigIsProvided() throws 
Exception {
-            IMAPSClient client = imapsClient(port);
-            client.capability();
-            assertThat(client.getReplyString()).contains("AUTH=OAUTHBEARER");
-        }
-
-        @Test
-        void capabilityShouldAdvertiseXOAUTH2WhenConfigIsProvided() throws 
Exception {
-            IMAPSClient client = imapsClient(port);
-            client.capability();
-            assertThat(client.getReplyString()).contains("AUTH=XOAUTH2");
-        }
-
-        @Test
-        void oauthShouldSupportOAUTH2Type() throws Exception {
-            String xoauth2 = 
OIDCSASLHelper.generateEncodedXOauth2InitialClientResponse(USER.asString(), 
OidcTokenFixture.VALID_TOKEN);
-            IMAPSClient client = imapsClient(port);
-            client.sendCommand("AUTHENTICATE XOAUTH2 " + xoauth2);
-            assertThat(client.getReplyString()).contains("OK AUTHENTICATE 
completed.");
-        }
-
-        @Test
-        void capabilityShouldNotAdvertiseOAUTHBEARERWhenConfigIsNotProvided() 
throws Exception {
-            imapServer.destroy();
-            HierarchicalConfiguration<ImmutableNode> config = 
ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("imapServerRequireSSLIsTrueAndStartSSLIsTrue.xml"));
-            imapServer = createImapServer(config);
-            int port = imapServer.getListenAddresses().get(0).getPort();
-
-            IMAPSClient client = imapsClient(port);
-            client.capability();
-            
assertThat(client.getReplyString()).doesNotContain("AUTH=OAUTHBEARER");
-            assertThat(client.getReplyString()).doesNotContain("AUTH=XOAUTH2");
-        }
-
-        @Test
-        void shouldNotOauthWhenAuthIsReady() throws Exception {
-            String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER.asString(), 
OidcTokenFixture.VALID_TOKEN);
-            IMAPSClient client = imapsClient(port);
-            client.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
-            client.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
-            assertThat(client.getReplyString()).contains("NO AUTHENTICATE 
failed. Command not valid in this state.");
-        }
-
-        @Test
-        void appendShouldSuccessWhenAuthenticated() throws Exception {
-            String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER.asString(), 
OidcTokenFixture.VALID_TOKEN);
-            IMAPSClient imapsClient = imapsClient(port);
-            imapsClient.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
-            imapsClient.create("INBOX");
-            imapsClient.append("INBOX", null, null, SMALL_MESSAGE);
-
-            assertThat(imapsClient.getReplyString()).contains("APPEND 
completed.");
-        }
-
-        @Test
-        void appendShouldFailWhenNotAuthenticated() throws Exception {
-            IMAPSClient imapsClient = imapsClient(port);
-            imapsClient.create("INBOX");
-            assertThat(imapsClient.getReplyString()).contains("Command not 
valid in this state.");
-        }
-
-        @Test
-        void oauthShouldFailWhenIntrospectTokenReturnActiveIsFalse() throws 
Exception {
-            imapServer.destroy();
-
-            authServer
-                
.when(HttpRequest.request().withPath(INTROSPECT_TOKEN_URI_PATH))
-                .respond(HttpResponse.response().withStatusCode(200)
-                    .withHeader("Content-Type", "application/json")
-                    .withBody("{\"active\": false}", StandardCharsets.UTF_8));
-
-            HierarchicalConfiguration<ImmutableNode> config = 
ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("oauth.xml"));
-            config.addProperty("auth.oidc.jwksURL", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), 
JWKS_URI_PATH));
-            config.addProperty("auth.oidc.claim", OidcTokenFixture.CLAIM);
-            config.addProperty("auth.oidc.oidcConfigurationURL", 
"https://example.com/jwks";);
-            config.addProperty("auth.oidc.scope", "email");
-            config.addProperty("auth.oidc.introspection.url", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), 
INTROSPECT_TOKEN_URI_PATH));
-
-            imapServer = createImapServer(config);
-
-            int port = imapServer.getListenAddresses().get(0).getPort();
-
-            String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER.asString(), 
OidcTokenFixture.VALID_TOKEN);
-            IMAPSClient client = imapsClient(port);
-            client.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
-            assertThat(client.getReplyString()).contains("NO AUTHENTICATE 
failed.");
-        }
-
-        @Test
-        void oauthShouldSuccessWhenIntrospectTokenReturnActiveIsTrue() throws 
Exception {
-            imapServer.destroy();
-
-            authServer
-                
.when(HttpRequest.request().withPath(INTROSPECT_TOKEN_URI_PATH))
-                .respond(HttpResponse.response().withStatusCode(200)
-                    .withHeader("Content-Type", "application/json")
-                    .withBody(INTROSPECTION_RESPONSE, StandardCharsets.UTF_8));
-
-            HierarchicalConfiguration<ImmutableNode> config = 
ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("oauth.xml"));
-            config.addProperty("auth.oidc.jwksURL", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), 
JWKS_URI_PATH));
-            config.addProperty("auth.oidc.claim", OidcTokenFixture.CLAIM);
-            config.addProperty("auth.oidc.oidcConfigurationURL", 
"https://example.com/jwks";);
-            config.addProperty("auth.oidc.scope", "email");
-            config.addProperty("auth.oidc.introspection.url", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), 
INTROSPECT_TOKEN_URI_PATH));
-
-            imapServer = createImapServer(config);
-
-            int port = imapServer.getListenAddresses().get(0).getPort();
-
-            String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER.asString(), 
OidcTokenFixture.VALID_TOKEN);
-            IMAPSClient client = imapsClient(port);
-            client.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
-            assertThat(client.getReplyString()).contains("OK AUTHENTICATE 
completed.");
-        }
-
-        @Test
-        void oauthShouldFailWhenIntrospectTokenServerError() throws Exception {
-            imapServer.destroy();
-            String invalidURI = "/invalidURI";
-            authServer
-                .when(HttpRequest.request().withPath(invalidURI))
-                .respond(HttpResponse.response().withStatusCode(401));
-
-            HierarchicalConfiguration<ImmutableNode> config = 
ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("oauth.xml"));
-            config.addProperty("auth.oidc.jwksURL", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), 
JWKS_URI_PATH));
-            config.addProperty("auth.oidc.claim", OidcTokenFixture.CLAIM);
-            config.addProperty("auth.oidc.oidcConfigurationURL", 
"https://example.com/jwks";);
-            config.addProperty("auth.oidc.scope", "email");
-            config.addProperty("auth.oidc.introspection.url", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), invalidURI));
-
-            imapServer = createImapServer(config);
-
-            int port = imapServer.getListenAddresses().get(0).getPort();
-
-            String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER.asString(), 
OidcTokenFixture.VALID_TOKEN);
-            IMAPSClient client = imapsClient(port);
-            client.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
-            assertThat(client.getReplyString()).contains("NO AUTHENTICATE 
processing failed.");
-        }
-
-        @Test
-        void oauthShouldSuccessWhenCheckTokenByUserInfoIsPassed() throws 
Exception {
-            imapServer.destroy();
-
-            authServer
-                .when(HttpRequest.request().withPath(USERINFO_URI_PATH))
-                .respond(HttpResponse.response().withStatusCode(200)
-                    .withHeader("Content-Type", "application/json")
-                    .withBody(OidcTokenFixture.USERINFO_RESPONSE, 
StandardCharsets.UTF_8));
-
-            HierarchicalConfiguration<ImmutableNode> config = 
ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("oauth.xml"));
-            config.addProperty("auth.oidc.jwksURL", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), 
JWKS_URI_PATH));
-            config.addProperty("auth.oidc.claim", OidcTokenFixture.CLAIM);
-            config.addProperty("auth.oidc.oidcConfigurationURL", 
"https://example.com/jwks";);
-            config.addProperty("auth.oidc.scope", "email");
-            config.addProperty("auth.oidc.userinfo.url", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), 
USERINFO_URI_PATH));
-
-            imapServer = createImapServer(config);
-
-            int port = imapServer.getListenAddresses().get(0).getPort();
-
-            String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER.asString(), 
OidcTokenFixture.VALID_TOKEN);
-            IMAPSClient client = imapsClient(port);
-            client.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
-            assertThat(client.getReplyString()).contains("OK AUTHENTICATE 
completed.");
-        }
-
-        @Test
-        void oauthShouldFailWhenCheckTokenByUserInfoIsFailed() throws 
Exception {
-            imapServer.destroy();
-
-            authServer
-                .when(HttpRequest.request().withPath(USERINFO_URI_PATH))
-                .respond(HttpResponse.response().withStatusCode(401)
-                    .withHeader("Content-Type", "application/json"));
-
-            HierarchicalConfiguration<ImmutableNode> config = 
ConfigLoader.getConfig(ClassLoaderUtils.getSystemResourceAsSharedStream("oauth.xml"));
-            config.addProperty("auth.oidc.jwksURL", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), 
JWKS_URI_PATH));
-            config.addProperty("auth.oidc.claim", OidcTokenFixture.CLAIM);
-            config.addProperty("auth.oidc.oidcConfigurationURL", 
"https://example.com/jwks";);
-            config.addProperty("auth.oidc.scope", "email");
-            config.addProperty("auth.oidc.userinfo.url", 
String.format("http://127.0.0.1:%s%s";, authServer.getLocalPort(), 
USERINFO_URI_PATH));
-
-            imapServer = createImapServer(config);
-
-            int port = imapServer.getListenAddresses().get(0).getPort();
-
-            String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER.asString(), 
OidcTokenFixture.VALID_TOKEN);
-            IMAPSClient client = imapsClient(port);
-            client.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
-            assertThat(client.getReplyString()).contains("NO AUTHENTICATE 
processing failed.");
-        }
-
-        @Test
-        void oauthShouldImpersonateFailWhenNOTDelegated() throws Exception {
-            String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER3.asString(),
 OidcTokenFixture.VALID_TOKEN);
-            IMAPSClient client = imapsClient(port);
-            client.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
-            assertThat(client.getReplyString()).contains("NO AUTHENTICATE");
-        }
-
-        @Test
-        void oauthShouldImpersonateSuccessWhenDelegated() throws Exception {
-            String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER2.asString(),
 OidcTokenFixture.VALID_TOKEN);
-            IMAPSClient client = imapsClient(port);
-            client.sendCommand("AUTHENTICATE OAUTHBEARER " + oauthBearer);
-            assertThat(client.getReplyString()).contains("OK AUTHENTICATE 
completed.");
-        }
-
-        @Test
-        void impersonationShouldWorkWhenDelegated() throws Exception {
-            // USER2: append a message
-            try (TestIMAPClient client = new 
TestIMAPClient(imapsClient(port))) {
-                client.login(USER2.asString(), USER_PASS)
-                    .append("INBOX", SMALL_MESSAGE);
-            }
-
-            // USER1 authenticate and impersonate as USER2
-            try (TestIMAPClient client = new 
TestIMAPClient(imapsClient(port))) {
-                String oauthBearer = 
OIDCSASLHelper.generateEncodedOauthbearerInitialClientResponse(USER2.asString(),
 OidcTokenFixture.VALID_TOKEN);
-                String authenticateResponse = client.sendCommand("AUTHENTICATE 
OAUTHBEARER " + oauthBearer);
-                assertThat(authenticateResponse).contains("OK AUTHENTICATE 
completed.");
-
-                assertThat(client.select("INBOX")
-                    .readFirstMessage()).contains(SMALL_MESSAGE);
-            }
-        }
-    }
 
     private AuthenticatingIMAPClient imapsClient(int port) throws Exception {
         AuthenticatingIMAPClient client = new AuthenticatingIMAPClient(false, 
BogusSslContextFactory.getClientContext());


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]


Reply via email to