package org.springframework.security.web.authentication.switchuser;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import javax.servlet.FilterChain;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.util.FieldUtils;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;

/* loaded from: input_file:org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests.class */
public class SwitchUserFilterTests {
    private static final List<GrantedAuthority> ROLES_12 = AuthorityUtils.createAuthorityList(new String[]{"ROLE_ONE", "ROLE_TWO"});

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/springframework/security/web/authentication/switchuser/SwitchUserFilterTests$MockUserDetailsService.class */
    public class MockUserDetailsService implements UserDetailsService {
        private String password;

        private MockUserDetailsService() {
            this.password = "hawaii50";
        }

        public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException {
            if ("jacklord".equals(str) || "dano".equals(str)) {
                return new User(str, this.password, true, true, true, true, SwitchUserFilterTests.ROLES_12);
            }
            if ("mcgarrett".equals(str)) {
                return new User(str, this.password, false, true, true, true, SwitchUserFilterTests.ROLES_12);
            }
            if ("wofat".equals(str)) {
                return new User(str, this.password, true, false, true, true, SwitchUserFilterTests.ROLES_12);
            }
            if ("steve".equals(str)) {
                return new User(str, this.password, true, true, false, true, SwitchUserFilterTests.ROLES_12);
            }
            throw new UsernameNotFoundException("Could not find: " + str);
        }

        public void setPassword(String str) {
            this.password = str;
        }
    }

    @Before
    public void authenticateCurrentUser() {
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("dano", "hawaii50"));
    }

    @After
    public void clearContext() {
        SecurityContextHolder.clearContext();
    }

    private MockHttpServletRequest createMockSwitchRequest() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setScheme("http");
        mockHttpServletRequest.setServerName("localhost");
        mockHttpServletRequest.setRequestURI("/j_spring_security_switch_user");
        return mockHttpServletRequest;
    }

    private Authentication switchToUser(String str) {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("j_username", str);
        SwitchUserFilter switchUserFilter = new SwitchUserFilter();
        switchUserFilter.setUserDetailsService(new MockUserDetailsService());
        return switchUserFilter.attemptSwitchUser(mockHttpServletRequest);
    }

    @Test
    public void requiresExitUserMatchesCorrectly() {
        SwitchUserFilter switchUserFilter = new SwitchUserFilter();
        switchUserFilter.setExitUserUrl("/j_spring_security_my_exit_user");
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRequestURI("/j_spring_security_my_exit_user");
        Assert.assertTrue(switchUserFilter.requiresExitUser(mockHttpServletRequest));
    }

    @Test
    public void requiresSwitchMatchesCorrectly() {
        SwitchUserFilter switchUserFilter = new SwitchUserFilter();
        switchUserFilter.setSwitchUserUrl("/j_spring_security_my_switch_user");
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRequestURI("/j_spring_security_my_switch_user");
        Assert.assertTrue(switchUserFilter.requiresSwitchUser(mockHttpServletRequest));
    }

    @Test(expected = UsernameNotFoundException.class)
    public void attemptSwitchToUnknownUserFails() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("j_username", "user-that-doesnt-exist");
        SwitchUserFilter switchUserFilter = new SwitchUserFilter();
        switchUserFilter.setUserDetailsService(new MockUserDetailsService());
        switchUserFilter.attemptSwitchUser(mockHttpServletRequest);
    }

    @Test(expected = DisabledException.class)
    public void attemptSwitchToUserThatIsDisabledFails() throws Exception {
        switchToUser("mcgarrett");
    }

    @Test(expected = AccountExpiredException.class)
    public void attemptSwitchToUserWithAccountExpiredFails() throws Exception {
        switchToUser("wofat");
    }

    @Test(expected = CredentialsExpiredException.class)
    public void attemptSwitchToUserWithExpiredCredentialsFails() throws Exception {
        switchToUser("steve");
    }

    @Test(expected = UsernameNotFoundException.class)
    public void switchUserWithNullUsernameThrowsException() throws Exception {
        switchToUser(null);
    }

    @Test
    public void attemptSwitchUserIsSuccessfulWithValidUser() throws Exception {
        Assert.assertNotNull(switchToUser("jacklord"));
    }

    @Test
    public void switchToLockedAccountCausesRedirectToSwitchFailureUrl() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRequestURI("/j_spring_security_switch_user");
        mockHttpServletRequest.addParameter("j_username", "mcgarrett");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        SwitchUserFilter switchUserFilter = new SwitchUserFilter();
        switchUserFilter.setTargetUrl("/target");
        switchUserFilter.setUserDetailsService(new MockUserDetailsService());
        switchUserFilter.afterPropertiesSet();
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        switchUserFilter.doFilter(mockHttpServletRequest, mockHttpServletResponse, filterChain);
        ((FilterChain) Mockito.verify(filterChain, Mockito.never())).doFilter(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals("Authentication Failed: User is disabled", mockHttpServletResponse.getErrorMessage());
        mockHttpServletRequest.setContextPath("/mywebapp");
        mockHttpServletRequest.setRequestURI("/mywebapp/j_spring_security_switch_user");
        SwitchUserFilter switchUserFilter2 = new SwitchUserFilter();
        switchUserFilter2.setTargetUrl("/target");
        switchUserFilter2.setUserDetailsService(new MockUserDetailsService());
        switchUserFilter2.setSwitchFailureUrl("/switchfailed");
        switchUserFilter2.afterPropertiesSet();
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        FilterChain filterChain2 = (FilterChain) Mockito.mock(FilterChain.class);
        switchUserFilter2.doFilter(mockHttpServletRequest, mockHttpServletResponse2, filterChain2);
        ((FilterChain) Mockito.verify(filterChain2, Mockito.never())).doFilter(mockHttpServletRequest, mockHttpServletResponse2);
        Assert.assertEquals("/mywebapp/switchfailed", mockHttpServletResponse2.getRedirectedUrl());
        Assert.assertEquals("/switchfailed", FieldUtils.getFieldValue(switchUserFilter2, "switchFailureUrl"));
    }

    @Test(expected = IllegalArgumentException.class)
    public void configMissingUserDetailsServiceFails() throws Exception {
        SwitchUserFilter switchUserFilter = new SwitchUserFilter();
        switchUserFilter.setSwitchUserUrl("/j_spring_security_switch_user");
        switchUserFilter.setExitUserUrl("/j_spring_security_exit_user");
        switchUserFilter.setTargetUrl("/main.jsp");
        switchUserFilter.afterPropertiesSet();
    }

    @Test(expected = IllegalArgumentException.class)
    public void testBadConfigMissingTargetUrl() throws Exception {
        SwitchUserFilter switchUserFilter = new SwitchUserFilter();
        switchUserFilter.setUserDetailsService(new MockUserDetailsService());
        switchUserFilter.setSwitchUserUrl("/j_spring_security_switch_user");
        switchUserFilter.setExitUserUrl("/j_spring_security_exit_user");
        switchUserFilter.afterPropertiesSet();
    }

    @Test
    public void defaultProcessesFilterUrlMatchesUrlWithPathParameter() {
        MockHttpServletRequest createMockSwitchRequest = createMockSwitchRequest();
        SwitchUserFilter switchUserFilter = new SwitchUserFilter();
        switchUserFilter.setSwitchUserUrl("/j_spring_security_switch_user");
        createMockSwitchRequest.setRequestURI("/webapp/j_spring_security_switch_user;jsessionid=8JHDUD723J8");
        Assert.assertTrue(switchUserFilter.requiresSwitchUser(createMockSwitchRequest));
    }

    @Test
    public void exitUserJackLordToDanoSucceeds() throws Exception {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("dano", "hawaii50", ROLES_12);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(ROLES_12);
        arrayList.add(new SwitchUserGrantedAuthority("PREVIOUS_ADMINISTRATOR", usernamePasswordAuthenticationToken));
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("jacklord", "hawaii50", arrayList));
        MockHttpServletRequest createMockSwitchRequest = createMockSwitchRequest();
        createMockSwitchRequest.setRequestURI("/j_spring_security_exit_user");
        SwitchUserFilter switchUserFilter = new SwitchUserFilter();
        switchUserFilter.setUserDetailsService(new MockUserDetailsService());
        switchUserFilter.setExitUserUrl("/j_spring_security_exit_user");
        switchUserFilter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/webapp/someOtherUrl"));
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        switchUserFilter.doFilter(createMockSwitchRequest, mockHttpServletResponse, filterChain);
        ((FilterChain) Mockito.verify(filterChain, Mockito.never())).doFilter(createMockSwitchRequest, mockHttpServletResponse);
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Assert.assertNotNull(authentication);
        Assert.assertEquals("dano", authentication.getPrincipal());
    }

    @Test(expected = AuthenticationException.class)
    public void exitUserWithNoCurrentUserFails() throws Exception {
        SecurityContextHolder.clearContext();
        MockHttpServletRequest createMockSwitchRequest = createMockSwitchRequest();
        createMockSwitchRequest.setRequestURI("/j_spring_security_exit_user");
        SwitchUserFilter switchUserFilter = new SwitchUserFilter();
        switchUserFilter.setUserDetailsService(new MockUserDetailsService());
        switchUserFilter.setExitUserUrl("/j_spring_security_exit_user");
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        switchUserFilter.doFilter(createMockSwitchRequest, mockHttpServletResponse, filterChain);
        ((FilterChain) Mockito.verify(filterChain, Mockito.never())).doFilter(createMockSwitchRequest, mockHttpServletResponse);
    }

    @Test
    public void redirectToTargetUrlIsCorrect() throws Exception {
        MockHttpServletRequest createMockSwitchRequest = createMockSwitchRequest();
        createMockSwitchRequest.setContextPath("/webapp");
        createMockSwitchRequest.addParameter("j_username", "jacklord");
        createMockSwitchRequest.setRequestURI("/webapp/j_spring_security_switch_user");
        SwitchUserFilter switchUserFilter = new SwitchUserFilter();
        switchUserFilter.setSwitchUserUrl("/j_spring_security_switch_user");
        switchUserFilter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/someOtherUrl"));
        switchUserFilter.setUserDetailsService(new MockUserDetailsService());
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        switchUserFilter.doFilter(createMockSwitchRequest, mockHttpServletResponse, filterChain);
        ((FilterChain) Mockito.verify(filterChain, Mockito.never())).doFilter(createMockSwitchRequest, mockHttpServletResponse);
        Assert.assertEquals("/webapp/someOtherUrl", mockHttpServletResponse.getRedirectedUrl());
    }

    @Test
    public void redirectOmitsContextPathIfUseRelativeContextSet() throws Exception {
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("dano", "hawaii50"));
        MockHttpServletRequest createMockSwitchRequest = createMockSwitchRequest();
        createMockSwitchRequest.setContextPath("/webapp");
        createMockSwitchRequest.addParameter("j_username", "jacklord");
        createMockSwitchRequest.setRequestURI("/webapp/j_spring_security_switch_user");
        SwitchUserFilter switchUserFilter = new SwitchUserFilter();
        switchUserFilter.setSwitchUserUrl("/j_spring_security_switch_user");
        SimpleUrlAuthenticationSuccessHandler simpleUrlAuthenticationSuccessHandler = new SimpleUrlAuthenticationSuccessHandler("/someOtherUrl");
        DefaultRedirectStrategy defaultRedirectStrategy = new DefaultRedirectStrategy();
        defaultRedirectStrategy.setContextRelative(true);
        simpleUrlAuthenticationSuccessHandler.setRedirectStrategy(defaultRedirectStrategy);
        switchUserFilter.setSuccessHandler(simpleUrlAuthenticationSuccessHandler);
        switchUserFilter.setUserDetailsService(new MockUserDetailsService());
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        switchUserFilter.doFilter(createMockSwitchRequest, mockHttpServletResponse, filterChain);
        ((FilterChain) Mockito.verify(filterChain, Mockito.never())).doFilter(createMockSwitchRequest, mockHttpServletResponse);
        Assert.assertEquals("/someOtherUrl", mockHttpServletResponse.getRedirectedUrl());
    }

    @Test
    public void testSwitchRequestFromDanoToJackLord() throws Exception {
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("dano", "hawaii50"));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRequestURI("/webapp/j_spring_security_switch_user");
        mockHttpServletRequest.addParameter("j_username", "jacklord");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        SwitchUserFilter switchUserFilter = new SwitchUserFilter();
        switchUserFilter.setUserDetailsService(new MockUserDetailsService());
        switchUserFilter.setSwitchUserUrl("/j_spring_security_switch_user");
        switchUserFilter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/webapp/someOtherUrl"));
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        switchUserFilter.doFilter(mockHttpServletRequest, mockHttpServletResponse, filterChain);
        ((FilterChain) Mockito.verify(filterChain, Mockito.never())).doFilter(mockHttpServletRequest, mockHttpServletResponse);
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Assert.assertNotNull(authentication);
        Assert.assertTrue(authentication.getPrincipal() instanceof UserDetails);
        Assert.assertEquals("jacklord", ((User) authentication.getPrincipal()).getUsername());
    }

    @Test
    public void modificationOfAuthoritiesWorks() {
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("dano", "hawaii50"));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("j_username", "jacklord");
        SwitchUserFilter switchUserFilter = new SwitchUserFilter();
        switchUserFilter.setUserDetailsService(new MockUserDetailsService());
        switchUserFilter.setSwitchUserAuthorityChanger(new SwitchUserAuthorityChanger() { // from class: org.springframework.security.web.authentication.switchuser.SwitchUserFilterTests.1
            public Collection<GrantedAuthority> modifyGrantedAuthorities(UserDetails userDetails, Authentication authentication, Collection<GrantedAuthority> collection) {
                ArrayList arrayList = new ArrayList();
                arrayList.add(new GrantedAuthorityImpl("ROLE_NEW"));
                return arrayList;
            }
        });
        Authentication attemptSwitchUser = switchUserFilter.attemptSwitchUser(mockHttpServletRequest);
        Assert.assertTrue(attemptSwitchUser != null);
        Assert.assertEquals(2L, attemptSwitchUser.getAuthorities().size());
        Assert.assertTrue(AuthorityUtils.authorityListToSet(attemptSwitchUser.getAuthorities()).contains("ROLE_NEW"));
    }
}
