package org.springframework.security.web.authentication.rememberme;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.Assert;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.class */
public class AbstractRememberMeServicesTests {
    static User joe = new User("joe", "password", true, true, true, true, AuthorityUtils.createAuthorityList(new String[]{"ROLE_A"}));

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests$MockRememberMeServices.class */
    public class MockRememberMeServices extends AbstractRememberMeServices {
        boolean loginSuccessCalled;

        private MockRememberMeServices() {
            setKey("key");
        }

        protected void onLoginSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
            this.loginSuccessCalled = true;
        }

        protected UserDetails processAutoLoginCookie(String[] strArr, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws RememberMeAuthenticationException {
            if (strArr.length != 3) {
                throw new InvalidCookieException("deliberate exception");
            }
            return getUserDetailsService().loadUserByUsername("joe");
        }
    }

    /* loaded from: input_file:org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests$MockUserDetailsService.class */
    public static class MockUserDetailsService implements UserDetailsService {
        private UserDetails toReturn;
        private boolean throwException;

        public MockUserDetailsService(UserDetails userDetails, boolean z) {
            this.toReturn = userDetails;
            this.throwException = z;
        }

        public UserDetails loadUserByUsername(String str) {
            if (this.throwException) {
                throw new UsernameNotFoundException("as requested by mock");
            }
            return this.toReturn;
        }
    }

    @Test(expected = InvalidCookieException.class)
    public void nonBase64CookieShouldBeDetected() {
        new MockRememberMeServices().decodeCookie("nonBase64CookieValue%");
    }

    @Test
    public void cookieShouldBeCorrectlyEncodedAndDecoded() {
        MockRememberMeServices mockRememberMeServices = new MockRememberMeServices();
        String encodeCookie = mockRememberMeServices.encodeCookie(new String[]{"name", "cookie", "tokens", "blah"});
        Assert.assertFalse(encodeCookie.endsWith("="));
        String[] decodeCookie = mockRememberMeServices.decodeCookie(encodeCookie);
        Assert.assertEquals(4L, decodeCookie.length);
        Assert.assertEquals("name", decodeCookie[0]);
        Assert.assertEquals("cookie", decodeCookie[1]);
        Assert.assertEquals("tokens", decodeCookie[2]);
        Assert.assertEquals("blah", decodeCookie[3]);
    }

    @Test
    public void cookieWithOpenIDidentifierAsNameIsEncodedAndDecoded() throws Exception {
        String[] strArr = {"http://id.openid.zz", "cookie", "tokens", "blah"};
        MockRememberMeServices mockRememberMeServices = new MockRememberMeServices();
        String[] decodeCookie = mockRememberMeServices.decodeCookie(mockRememberMeServices.encodeCookie(strArr));
        Assert.assertEquals(4L, decodeCookie.length);
        Assert.assertEquals("http://id.openid.zz", decodeCookie[0]);
        strArr[0] = "https://id.openid.zz";
        String[] decodeCookie2 = mockRememberMeServices.decodeCookie(mockRememberMeServices.encodeCookie(strArr));
        Assert.assertEquals(4L, decodeCookie2.length);
        Assert.assertEquals("https://id.openid.zz", decodeCookie2[0]);
    }

    @Test
    public void autoLoginShouldReturnNullIfNoLoginCookieIsPresented() {
        MockRememberMeServices mockRememberMeServices = new MockRememberMeServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Assert.assertNull(mockRememberMeServices.autoLogin(mockHttpServletRequest, mockHttpServletResponse));
        Assert.assertNull(mockHttpServletResponse.getCookie("SPRING_SECURITY_REMEMBER_ME_COOKIE"));
        MockHttpServletRequest mockHttpServletRequest2 = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        mockHttpServletRequest2.setCookies(new Cookie[]{new Cookie("mycookie", "cookie")});
        Assert.assertNull(mockRememberMeServices.autoLogin(mockHttpServletRequest2, mockHttpServletResponse2));
        Assert.assertNull(mockHttpServletResponse2.getCookie("SPRING_SECURITY_REMEMBER_ME_COOKIE"));
    }

    @Test
    public void successfulAutoLoginReturnsExpectedAuthentication() {
        MockRememberMeServices mockRememberMeServices = new MockRememberMeServices();
        mockRememberMeServices.setUserDetailsService(new MockUserDetailsService(joe, false));
        Assert.assertNotNull(mockRememberMeServices.getUserDetailsService());
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setCookies(createLoginCookie("cookie:1:2"));
        Assert.assertNotNull(mockRememberMeServices.autoLogin(mockHttpServletRequest, new MockHttpServletResponse()));
    }

    @Test
    public void autoLoginShouldFailIfInvalidCookieExceptionIsRaised() {
        MockRememberMeServices mockRememberMeServices = new MockRememberMeServices();
        mockRememberMeServices.setUserDetailsService(new MockUserDetailsService(joe, true));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setCookies(createLoginCookie("cookie:1"));
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Assert.assertNull(mockRememberMeServices.autoLogin(mockHttpServletRequest, mockHttpServletResponse));
        assertCookieCancelled(mockHttpServletResponse);
    }

    @Test
    public void autoLoginShouldFailIfUserNotFound() {
        MockRememberMeServices mockRememberMeServices = new MockRememberMeServices();
        mockRememberMeServices.setUserDetailsService(new MockUserDetailsService(joe, true));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setCookies(createLoginCookie("cookie:1:2"));
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Assert.assertNull(mockRememberMeServices.autoLogin(mockHttpServletRequest, mockHttpServletResponse));
        assertCookieCancelled(mockHttpServletResponse);
    }

    @Test
    public void autoLoginShouldFailIfUserAccountIsLocked() {
        MockRememberMeServices mockRememberMeServices = new MockRememberMeServices();
        mockRememberMeServices.setUserDetailsService(new MockUserDetailsService(new User("joe", "password", false, true, true, true, joe.getAuthorities()), false));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setCookies(createLoginCookie("cookie:1:2"));
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Assert.assertNull(mockRememberMeServices.autoLogin(mockHttpServletRequest, mockHttpServletResponse));
        assertCookieCancelled(mockHttpServletResponse);
    }

    @Test
    public void loginFailShouldCancelCookie() {
        MockRememberMeServices mockRememberMeServices = new MockRememberMeServices();
        mockRememberMeServices.setUserDetailsService(new MockUserDetailsService(joe, true));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setContextPath("contextpath");
        mockHttpServletRequest.setCookies(createLoginCookie("cookie:1:2"));
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockRememberMeServices.loginFail(mockHttpServletRequest, mockHttpServletResponse);
        assertCookieCancelled(mockHttpServletResponse);
    }

    @Test(expected = CookieTheftException.class)
    public void cookieTheftExceptionShouldBeRethrown() {
        MockRememberMeServices mockRememberMeServices = new MockRememberMeServices() { // from class: org.springframework.security.web.authentication.rememberme.AbstractRememberMeServicesTests.1
            @Override // org.springframework.security.web.authentication.rememberme.AbstractRememberMeServicesTests.MockRememberMeServices
            protected UserDetails processAutoLoginCookie(String[] strArr, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
                throw new CookieTheftException("Pretending cookie was stolen");
            }
        };
        mockRememberMeServices.setUserDetailsService(new MockUserDetailsService(joe, false));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setCookies(createLoginCookie("cookie:1:2"));
        mockRememberMeServices.autoLogin(mockHttpServletRequest, new MockHttpServletResponse());
    }

    @Test
    public void loginSuccessCallsOnLoginSuccessCorrectly() {
        new MockRememberMeServices();
        HttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        HttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Authentication usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("joe", "password");
        MockRememberMeServices mockRememberMeServices = new MockRememberMeServices();
        mockRememberMeServices.loginSuccess(mockHttpServletRequest, mockHttpServletResponse, usernamePasswordAuthenticationToken);
        Assert.assertFalse(mockRememberMeServices.loginSuccessCalled);
        MockRememberMeServices mockRememberMeServices2 = new MockRememberMeServices();
        mockHttpServletRequest.setParameter("_spring_security_remember_me", "true");
        mockRememberMeServices2.loginSuccess(mockHttpServletRequest, mockHttpServletResponse, usernamePasswordAuthenticationToken);
        Assert.assertTrue(mockRememberMeServices2.loginSuccessCalled);
        MockRememberMeServices mockRememberMeServices3 = new MockRememberMeServices();
        mockRememberMeServices3.setParameter("my_parameter");
        mockHttpServletRequest.setParameter("my_parameter", "true");
        mockRememberMeServices3.loginSuccess(mockHttpServletRequest, mockHttpServletResponse, usernamePasswordAuthenticationToken);
        Assert.assertTrue(mockRememberMeServices3.loginSuccessCalled);
        MockRememberMeServices mockRememberMeServices4 = new MockRememberMeServices();
        mockHttpServletRequest.setParameter("_spring_security_remember_me", "false");
        mockRememberMeServices4.loginSuccess(mockHttpServletRequest, mockHttpServletResponse, usernamePasswordAuthenticationToken);
        Assert.assertFalse(mockRememberMeServices4.loginSuccessCalled);
        MockRememberMeServices mockRememberMeServices5 = new MockRememberMeServices();
        mockRememberMeServices5.setAlwaysRemember(true);
        mockRememberMeServices5.loginSuccess(mockHttpServletRequest, mockHttpServletResponse, usernamePasswordAuthenticationToken);
        Assert.assertTrue(mockRememberMeServices5.loginSuccessCalled);
    }

    @Test
    public void setCookieUsesCorrectNamePathAndValue() {
        HttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        HttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockHttpServletRequest.setContextPath("contextpath");
        MockRememberMeServices mockRememberMeServices = new MockRememberMeServices() { // from class: org.springframework.security.web.authentication.rememberme.AbstractRememberMeServicesTests.2
            protected String encodeCookie(String[] strArr) {
                return strArr[0];
            }
        };
        mockRememberMeServices.setCookieName("mycookiename");
        mockRememberMeServices.setCookie(new String[]{"mycookie"}, 1000, mockHttpServletRequest, mockHttpServletResponse);
        Cookie cookie = mockHttpServletResponse.getCookie("mycookiename");
        Assert.assertNotNull(cookie);
        Assert.assertEquals("mycookie", cookie.getValue());
        Assert.assertEquals("mycookiename", cookie.getName());
        Assert.assertEquals("contextpath", cookie.getPath());
        Assert.assertFalse(cookie.getSecure());
    }

    @Test
    public void setCookieSetsSecureFlagIfConfigured() throws Exception {
        HttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        HttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockHttpServletRequest.setContextPath("contextpath");
        MockRememberMeServices mockRememberMeServices = new MockRememberMeServices() { // from class: org.springframework.security.web.authentication.rememberme.AbstractRememberMeServicesTests.3
            protected String encodeCookie(String[] strArr) {
                return strArr[0];
            }
        };
        mockRememberMeServices.setUseSecureCookie(true);
        mockRememberMeServices.setCookie(new String[]{"mycookie"}, 1000, mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertTrue(mockHttpServletResponse.getCookie("SPRING_SECURITY_REMEMBER_ME_COOKIE").getSecure());
    }

    private Cookie[] createLoginCookie(String str) {
        return new Cookie[]{new Cookie("SPRING_SECURITY_REMEMBER_ME_COOKIE", new MockRememberMeServices().encodeCookie(StringUtils.delimitedListToStringArray(str, ":")))};
    }

    private void assertCookieCancelled(MockHttpServletResponse mockHttpServletResponse) {
        Assert.assertNotNull(mockHttpServletResponse.getCookie("SPRING_SECURITY_REMEMBER_ME_COOKIE"));
        Assert.assertEquals(0L, r0.getMaxAge());
    }
}
