package org.springframework.security.web.session;

import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.After;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Matchers;
import org.mockito.Mockito;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.session.SessionAuthenticationException;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.context.SecurityContextRepository;

/* loaded from: input_file:org/springframework/security/web/session/SessionManagementFilterTests.class */
public class SessionManagementFilterTests {
    @After
    public void clearContext() {
        SecurityContextHolder.clearContext();
    }

    @Test
    public void newSessionShouldNotBeCreatedIfSessionExistsAndUserIsNotAuthenticated() throws Exception {
        SessionManagementFilter sessionManagementFilter = new SessionManagementFilter((SecurityContextRepository) Mockito.mock(SecurityContextRepository.class));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        String id = mockHttpServletRequest.getSession().getId();
        sessionManagementFilter.doFilter(mockHttpServletRequest, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(id, mockHttpServletRequest.getSession().getId());
    }

    @Test
    public void strategyIsNotInvokedIfSecurityContextAlreadyExistsForRequest() throws Exception {
        SecurityContextRepository securityContextRepository = (SecurityContextRepository) Mockito.mock(SecurityContextRepository.class);
        SessionAuthenticationStrategy sessionAuthenticationStrategy = (SessionAuthenticationStrategy) Mockito.mock(SessionAuthenticationStrategy.class);
        Mockito.when(Boolean.valueOf(securityContextRepository.containsContext((HttpServletRequest) Matchers.any(HttpServletRequest.class)))).thenReturn(true);
        SessionManagementFilter sessionManagementFilter = new SessionManagementFilter(securityContextRepository);
        sessionManagementFilter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        authenticateUser();
        sessionManagementFilter.doFilter(mockHttpServletRequest, new MockHttpServletResponse(), new MockFilterChain());
        Mockito.verifyZeroInteractions(new Object[]{sessionAuthenticationStrategy});
    }

    @Test
    public void strategyIsNotInvokedIfAuthenticationIsNull() throws Exception {
        SecurityContextRepository securityContextRepository = (SecurityContextRepository) Mockito.mock(SecurityContextRepository.class);
        SessionAuthenticationStrategy sessionAuthenticationStrategy = (SessionAuthenticationStrategy) Mockito.mock(SessionAuthenticationStrategy.class);
        SessionManagementFilter sessionManagementFilter = new SessionManagementFilter(securityContextRepository);
        sessionManagementFilter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
        sessionManagementFilter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain());
        Mockito.verifyZeroInteractions(new Object[]{sessionAuthenticationStrategy});
    }

    @Test
    public void strategyIsInvokedIfUserIsNewlyAuthenticated() throws Exception {
        SecurityContextRepository securityContextRepository = (SecurityContextRepository) Mockito.mock(SecurityContextRepository.class);
        SessionAuthenticationStrategy sessionAuthenticationStrategy = (SessionAuthenticationStrategy) Mockito.mock(SessionAuthenticationStrategy.class);
        SessionManagementFilter sessionManagementFilter = new SessionManagementFilter(securityContextRepository);
        sessionManagementFilter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        authenticateUser();
        sessionManagementFilter.doFilter(mockHttpServletRequest, new MockHttpServletResponse(), new MockFilterChain());
        ((SessionAuthenticationStrategy) Mockito.verify(sessionAuthenticationStrategy)).onAuthentication((Authentication) Matchers.any(Authentication.class), (HttpServletRequest) Matchers.any(HttpServletRequest.class), (HttpServletResponse) Matchers.any(HttpServletResponse.class));
        sessionManagementFilter.doFilter(mockHttpServletRequest, new MockHttpServletResponse(), new MockFilterChain());
        Mockito.verifyNoMoreInteractions(new Object[]{sessionAuthenticationStrategy});
    }

    @Test
    public void strategyFailureInvokesFailureHandler() throws Exception {
        SecurityContextRepository securityContextRepository = (SecurityContextRepository) Mockito.mock(SecurityContextRepository.class);
        SessionAuthenticationStrategy sessionAuthenticationStrategy = (SessionAuthenticationStrategy) Mockito.mock(SessionAuthenticationStrategy.class);
        AuthenticationFailureHandler authenticationFailureHandler = (AuthenticationFailureHandler) Mockito.mock(AuthenticationFailureHandler.class);
        SessionManagementFilter sessionManagementFilter = new SessionManagementFilter(securityContextRepository);
        sessionManagementFilter.setAuthenticationFailureHandler(authenticationFailureHandler);
        sessionManagementFilter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        authenticateUser();
        SessionAuthenticationException sessionAuthenticationException = new SessionAuthenticationException("Failure");
        ((SessionAuthenticationStrategy) Mockito.doThrow(sessionAuthenticationException).when(sessionAuthenticationStrategy)).onAuthentication(SecurityContextHolder.getContext().getAuthentication(), mockHttpServletRequest, mockHttpServletResponse);
        sessionManagementFilter.doFilter(mockHttpServletRequest, mockHttpServletResponse, filterChain);
        Mockito.verifyZeroInteractions(new Object[]{filterChain});
        ((AuthenticationFailureHandler) Mockito.verify(authenticationFailureHandler)).onAuthenticationFailure(mockHttpServletRequest, mockHttpServletResponse, sessionAuthenticationException);
    }

    @Test
    public void responseIsRedirectedToTimeoutUrlIfSetAndSessionIsInvalid() throws Exception {
        SecurityContextRepository securityContextRepository = (SecurityContextRepository) Mockito.mock(SecurityContextRepository.class);
        SessionAuthenticationStrategy sessionAuthenticationStrategy = (SessionAuthenticationStrategy) Mockito.mock(SessionAuthenticationStrategy.class);
        SessionManagementFilter sessionManagementFilter = new SessionManagementFilter(securityContextRepository);
        sessionManagementFilter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
        sessionManagementFilter.setRedirectStrategy(new DefaultRedirectStrategy());
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRequestedSessionId("xxx");
        mockHttpServletRequest.setRequestedSessionIdValid(false);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        sessionManagementFilter.doFilter(mockHttpServletRequest, mockHttpServletResponse, new MockFilterChain());
        Assert.assertNull(mockHttpServletResponse.getRedirectedUrl());
        MockHttpServletRequest mockHttpServletRequest2 = new MockHttpServletRequest();
        mockHttpServletRequest2.setRequestedSessionId("xxx");
        mockHttpServletRequest2.setRequestedSessionIdValid(false);
        sessionManagementFilter.setInvalidSessionUrl("/timedOut");
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        sessionManagementFilter.doFilter(mockHttpServletRequest2, mockHttpServletResponse, filterChain);
        Mockito.verifyZeroInteractions(new Object[]{filterChain});
        Assert.assertEquals("/timedOut", mockHttpServletResponse.getRedirectedUrl());
    }

    private void authenticateUser() {
        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "pass"));
    }
}
