package org.apache.shiro.mgt;

import java.io.Serializable;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.UnavailableSecurityManagerException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.Ini;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.session.ExpiredSessionException;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.subject.support.DelegatingSubject;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/apache/shiro/mgt/DefaultSecurityManagerTest.class */
public class DefaultSecurityManagerTest extends AbstractSecurityManagerTest {
    DefaultSecurityManager sm;

    @BeforeEach
    public void setup() {
        this.sm = new DefaultSecurityManager();
        Ini ini = new Ini();
        Ini.Section addSection = ini.addSection("users");
        addSection.put("guest", "guest, guest");
        addSection.put("lonestarr", "vespa, goodguy");
        this.sm.setRealm(new IniRealm(ini));
        SecurityUtils.setSecurityManager(this.sm);
    }

    @Override // org.apache.shiro.mgt.AbstractSecurityManagerTest
    @AfterEach
    public void tearDown() {
        SecurityUtils.setSecurityManager((SecurityManager) null);
        this.sm.destroy();
        super.tearDown();
    }

    @Test
    void testDefaultConfig() {
        Subject subject = SecurityUtils.getSubject();
        subject.login(new UsernamePasswordToken("guest", "guest"));
        Assertions.assertTrue(subject.isAuthenticated());
        Assertions.assertEquals("guest", subject.getPrincipal());
        Assertions.assertTrue(subject.hasRole("guest"));
        Session session = subject.getSession();
        session.setAttribute("key", "value");
        Assertions.assertEquals(session.getAttribute("key"), "value");
        subject.logout();
        Assertions.assertNull(subject.getSession(false));
        Assertions.assertNull(subject.getPrincipal());
        Assertions.assertNull(subject.getPrincipals());
    }

    @Test
    void testAutoCreateSessionAfterInvalidation() {
        Session session = SecurityUtils.getSubject().getSession();
        session.setAttribute("foo", "bar");
        Assertions.assertEquals("bar", session.getAttribute("foo"));
        session.setTimeout(50L);
        try {
            Thread.sleep(150L);
        } catch (InterruptedException e) {
        }
        try {
            session.setTimeout(1800000L);
            Assertions.fail("Session should have expired.");
        } catch (ExpiredSessionException e2) {
        }
    }

    @Test
    void testSubjectReuseAfterLogout() {
        Subject subject = SecurityUtils.getSubject();
        subject.login(new UsernamePasswordToken("guest", "guest"));
        Assertions.assertTrue(subject.isAuthenticated());
        Assertions.assertEquals("guest", subject.getPrincipal());
        Assertions.assertTrue(subject.hasRole("guest"));
        Session session = subject.getSession();
        Serializable id = session.getId();
        session.setAttribute("key", "value");
        Assertions.assertEquals(session.getAttribute("key"), "value");
        subject.logout();
        Assertions.assertNull(subject.getSession(false));
        Assertions.assertNull(subject.getPrincipal());
        Assertions.assertNull(subject.getPrincipals());
        subject.login(new UsernamePasswordToken("lonestarr", "vespa"));
        Assertions.assertTrue(subject.isAuthenticated());
        Assertions.assertEquals("lonestarr", subject.getPrincipal());
        Assertions.assertTrue(subject.hasRole("goodguy"));
        Assertions.assertNotNull(subject.getSession());
        Assertions.assertNotEquals(id, subject.getSession().getId());
        subject.logout();
        Assertions.assertNull(subject.getSession(false));
        Assertions.assertNull(subject.getPrincipal());
        Assertions.assertNull(subject.getPrincipals());
    }

    @Test
    void testNewSubjectWithoutThreadSecurityManager() {
        SecurityUtils.setSecurityManager((SecurityManager) null);
        try {
            SecurityUtils.getSecurityManager();
        } catch (UnavailableSecurityManagerException e) {
            Assertions.assertTrue(e.getMessage().startsWith("No SecurityManager accessible"));
        }
        DelegatingSubject buildSubject = new Subject.Builder(this.sm).buildSubject();
        buildSubject.login(new UsernamePasswordToken("guest", "guest"));
        Assertions.assertEquals(this.sm, buildSubject.getSecurityManager());
    }
}
