package org.springframework.security.web.context;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.junit.Assert;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.MockFilterConfig;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextImpl;

/* loaded from: input_file:org/springframework/security/web/context/HttpSessionContextIntegrationFilterTests.class */
public class HttpSessionContextIntegrationFilterTests {
    private UsernamePasswordAuthenticationToken sessionPrincipal = new UsernamePasswordAuthenticationToken("someone", "password", AuthorityUtils.createAuthorityList(new String[]{"SOME_ROLE"}));

    /* loaded from: input_file:org/springframework/security/web/context/HttpSessionContextIntegrationFilterTests$MockFilterChain.class */
    private class MockFilterChain implements FilterChain {
        private Authentication changeContextHolder;
        private Authentication expectedOnContextHolder;
        private IOException toThrowDuringChain;

        public MockFilterChain(Authentication authentication, Authentication authentication2, IOException iOException) {
            this.expectedOnContextHolder = authentication;
            this.changeContextHolder = authentication2;
            this.toThrowDuringChain = iOException;
        }

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            if (this.expectedOnContextHolder != null) {
                Assert.assertEquals(this.expectedOnContextHolder, SecurityContextHolder.getContext().getAuthentication());
            }
            if (this.changeContextHolder != null) {
                SecurityContext context = SecurityContextHolder.getContext();
                context.setAuthentication(this.changeContextHolder);
                SecurityContextHolder.setContext(context);
            }
            if (this.toThrowDuringChain != null) {
                throw this.toThrowDuringChain;
            }
        }
    }

    private static void executeFilterInContainerSimulator(FilterConfig filterConfig, Filter filter, ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
        filter.doFilter(servletRequest, servletResponse, filterChain);
    }

    @Test
    public void testDetectsIncompatibleSessionProperties() throws Exception {
        HttpSessionContextIntegrationFilter httpSessionContextIntegrationFilter = new HttpSessionContextIntegrationFilter();
        try {
            httpSessionContextIntegrationFilter.setAllowSessionCreation(false);
            httpSessionContextIntegrationFilter.setForceEagerSessionCreation(true);
            httpSessionContextIntegrationFilter.afterPropertiesSet();
            Assert.fail("Shown have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            Assert.assertTrue(true);
        }
        httpSessionContextIntegrationFilter.setAllowSessionCreation(true);
        httpSessionContextIntegrationFilter.afterPropertiesSet();
        Assert.assertTrue(true);
    }

    @Test
    public void testDetectsMissingOrInvalidContext() throws Exception {
        HttpSessionContextIntegrationFilter httpSessionContextIntegrationFilter = new HttpSessionContextIntegrationFilter();
        try {
            httpSessionContextIntegrationFilter.setContextClass((Class) null);
            httpSessionContextIntegrationFilter.afterPropertiesSet();
            Assert.fail("Shown have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            Assert.assertTrue(true);
        }
        try {
            httpSessionContextIntegrationFilter.setContextClass(Integer.class);
            Assert.assertEquals(Integer.class, httpSessionContextIntegrationFilter.getContextClass());
            httpSessionContextIntegrationFilter.afterPropertiesSet();
            Assert.fail("Shown have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e2) {
            Assert.assertTrue(true);
        }
    }

    @Test
    public void testExceptionWithinFilterChainStillClearsSecurityContextHolder() throws Exception {
        SecurityContextImpl securityContextImpl = new SecurityContextImpl();
        securityContextImpl.setAuthentication(this.sessionPrincipal);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.getSession().setAttribute("SPRING_SECURITY_CONTEXT", securityContextImpl);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain(this.sessionPrincipal, null, new IOException());
        HttpSessionContextIntegrationFilter httpSessionContextIntegrationFilter = new HttpSessionContextIntegrationFilter();
        httpSessionContextIntegrationFilter.setContextClass(SecurityContextImpl.class);
        httpSessionContextIntegrationFilter.afterPropertiesSet();
        try {
            executeFilterInContainerSimulator(new MockFilterConfig(), httpSessionContextIntegrationFilter, mockHttpServletRequest, mockHttpServletResponse, mockFilterChain);
            Assert.fail("We should have received the IOException thrown inside the filter chain here");
        } catch (IOException e) {
            Assert.assertTrue(true);
        }
        Assert.assertEquals(new SecurityContextImpl(), SecurityContextHolder.getContext());
        Assert.assertNull("Should have cleared FILTER_APPLIED", mockHttpServletRequest.getAttribute("__spring_security_scpf_applied"));
    }

    @Test
    public void testExistingContextContentsCopiedIntoContextHolderFromSessionAndChangesToContextCopiedBackToSession() throws Exception {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("someone", "password", AuthorityUtils.createAuthorityList(new String[]{"SOME_DIFFERENT_ROLE"}));
        SecurityContextImpl securityContextImpl = new SecurityContextImpl();
        securityContextImpl.setAuthentication(this.sessionPrincipal);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.getSession().setAttribute("SPRING_SECURITY_CONTEXT", securityContextImpl);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain(this.sessionPrincipal, usernamePasswordAuthenticationToken, null);
        HttpSessionContextIntegrationFilter httpSessionContextIntegrationFilter = new HttpSessionContextIntegrationFilter();
        httpSessionContextIntegrationFilter.setContextClass(SecurityContextImpl.class);
        httpSessionContextIntegrationFilter.afterPropertiesSet();
        executeFilterInContainerSimulator(new MockFilterConfig(), httpSessionContextIntegrationFilter, mockHttpServletRequest, mockHttpServletResponse, mockFilterChain);
        Assert.assertEquals(usernamePasswordAuthenticationToken, ((SecurityContext) mockHttpServletRequest.getSession().getAttribute("SPRING_SECURITY_CONTEXT")).getAuthentication());
    }

    @Test
    public void testHttpSessionCreatedWhenContextHolderChanges() throws Exception {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("someone", "password", AuthorityUtils.createAuthorityList(new String[]{"SOME_ROLE"}));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain(null, usernamePasswordAuthenticationToken, null);
        HttpSessionContextIntegrationFilter httpSessionContextIntegrationFilter = new HttpSessionContextIntegrationFilter();
        httpSessionContextIntegrationFilter.setContextClass(SecurityContextImpl.class);
        executeFilterInContainerSimulator(new MockFilterConfig(), httpSessionContextIntegrationFilter, mockHttpServletRequest, mockHttpServletResponse, mockFilterChain);
        Assert.assertEquals(usernamePasswordAuthenticationToken, ((SecurityContext) mockHttpServletRequest.getSession(false).getAttribute("SPRING_SECURITY_CONTEXT")).getAuthentication());
    }

    @Test
    public void testHttpSessionEagerlyCreatedWhenDirected() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest((String) null, (String) null);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain(null, null, null);
        HttpSessionContextIntegrationFilter httpSessionContextIntegrationFilter = new HttpSessionContextIntegrationFilter();
        httpSessionContextIntegrationFilter.setContextClass(SecurityContextImpl.class);
        httpSessionContextIntegrationFilter.setForceEagerSessionCreation(true);
        httpSessionContextIntegrationFilter.afterPropertiesSet();
        executeFilterInContainerSimulator(new MockFilterConfig(), httpSessionContextIntegrationFilter, mockHttpServletRequest, mockHttpServletResponse, mockFilterChain);
        Assert.assertNotNull(mockHttpServletRequest.getSession(false));
    }

    @Test
    public void testHttpSessionNotCreatedUnlessContextHolderChanges() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest((String) null, (String) null);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain(null, null, null);
        HttpSessionContextIntegrationFilter httpSessionContextIntegrationFilter = new HttpSessionContextIntegrationFilter();
        httpSessionContextIntegrationFilter.setContextClass(SecurityContextImpl.class);
        httpSessionContextIntegrationFilter.afterPropertiesSet();
        executeFilterInContainerSimulator(new MockFilterConfig(), httpSessionContextIntegrationFilter, mockHttpServletRequest, mockHttpServletResponse, mockFilterChain);
        Assert.assertNull(mockHttpServletRequest.getSession(false));
    }

    @Test
    public void testHttpSessionWithNonContextInWellKnownLocationIsOverwritten() throws Exception {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("someone", "password", AuthorityUtils.createAuthorityList(new String[]{"SOME_DIFFERENT_ROLE"}));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.getSession().setAttribute("SPRING_SECURITY_CONTEXT", "NOT_A_CONTEXT_OBJECT");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain(null, usernamePasswordAuthenticationToken, null);
        HttpSessionContextIntegrationFilter httpSessionContextIntegrationFilter = new HttpSessionContextIntegrationFilter();
        httpSessionContextIntegrationFilter.setContextClass(SecurityContextImpl.class);
        httpSessionContextIntegrationFilter.afterPropertiesSet();
        executeFilterInContainerSimulator(new MockFilterConfig(), httpSessionContextIntegrationFilter, mockHttpServletRequest, mockHttpServletResponse, mockFilterChain);
        Assert.assertEquals(usernamePasswordAuthenticationToken, ((SecurityContext) mockHttpServletRequest.getSession().getAttribute("SPRING_SECURITY_CONTEXT")).getAuthentication());
    }
}
