package org.springframework.security.web.context;

import org.junit.Assert;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.class */
public class HttpSessionSecurityContextRepositoryTests {
    private final TestingAuthenticationToken testToken = new TestingAuthenticationToken("someone", "passwd", new String[]{"ROLE_A"});

    /* loaded from: input_file:org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests$MockContext.class */
    static class MockContext implements Cloneable, SecurityContext {
        Authentication a;

        MockContext() {
        }

        public Authentication getAuthentication() {
            return this.a;
        }

        public void setAuthentication(Authentication authentication) {
            this.a = authentication;
        }

        public Object clone() {
            MockContext mockContext = new MockContext();
            mockContext.setAuthentication(getAuthentication());
            return mockContext;
        }
    }

    @Test(expected = IllegalArgumentException.class)
    @Deprecated
    public void detectsInvalidContextClass() throws Exception {
        new HttpSessionSecurityContextRepository().setSecurityContextClass(String.class);
    }

    @Test(expected = IllegalArgumentException.class)
    @Deprecated
    public void cannotSetNullContextClass() throws Exception {
        new HttpSessionSecurityContextRepository().setSecurityContextClass((Class) null);
    }

    @Test
    public void sessionIsntCreatedIfContextDoesntChange() throws Exception {
        HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        HttpRequestResponseHolder httpRequestResponseHolder = new HttpRequestResponseHolder(mockHttpServletRequest, new MockHttpServletResponse());
        SecurityContext loadContext = httpSessionSecurityContextRepository.loadContext(httpRequestResponseHolder);
        Assert.assertNull(mockHttpServletRequest.getSession(false));
        httpSessionSecurityContextRepository.saveContext(loadContext, httpRequestResponseHolder.getRequest(), httpRequestResponseHolder.getResponse());
        Assert.assertNull(mockHttpServletRequest.getSession(false));
    }

    @Test
    public void sessionIsntCreatedIfAllowSessionCreationIsFalse() throws Exception {
        HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
        httpSessionSecurityContextRepository.setAllowSessionCreation(false);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        HttpRequestResponseHolder httpRequestResponseHolder = new HttpRequestResponseHolder(mockHttpServletRequest, new MockHttpServletResponse());
        SecurityContext loadContext = httpSessionSecurityContextRepository.loadContext(httpRequestResponseHolder);
        loadContext.setAuthentication(this.testToken);
        httpSessionSecurityContextRepository.saveContext(loadContext, httpRequestResponseHolder.getRequest(), httpRequestResponseHolder.getResponse());
        Assert.assertNull(mockHttpServletRequest.getSession(false));
    }

    @Test
    public void existingContextIsSuccessFullyLoadedFromSessionAndSavedBack() throws Exception {
        HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        SecurityContextHolder.getContext().setAuthentication(this.testToken);
        mockHttpServletRequest.getSession().setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext());
        HttpRequestResponseHolder httpRequestResponseHolder = new HttpRequestResponseHolder(mockHttpServletRequest, new MockHttpServletResponse());
        SecurityContext loadContext = httpSessionSecurityContextRepository.loadContext(httpRequestResponseHolder);
        Assert.assertNotNull(loadContext);
        Assert.assertEquals(this.testToken, loadContext.getAuthentication());
        httpSessionSecurityContextRepository.saveContext(loadContext, httpRequestResponseHolder.getRequest(), httpRequestResponseHolder.getResponse());
        Assert.assertEquals(loadContext, mockHttpServletRequest.getSession().getAttribute("SPRING_SECURITY_CONTEXT"));
    }

    @Test
    public void nonSecurityContextInSessionIsIgnored() throws Exception {
        HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        SecurityContextHolder.getContext().setAuthentication(this.testToken);
        mockHttpServletRequest.getSession().setAttribute("SPRING_SECURITY_CONTEXT", "NotASecurityContextInstance");
        SecurityContext loadContext = httpSessionSecurityContextRepository.loadContext(new HttpRequestResponseHolder(mockHttpServletRequest, new MockHttpServletResponse()));
        Assert.assertNotNull(loadContext);
        Assert.assertNull(loadContext.getAuthentication());
    }

    @Test
    public void sessionIsCreatedAndContextStoredWhenContextChanges() throws Exception {
        HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        HttpRequestResponseHolder httpRequestResponseHolder = new HttpRequestResponseHolder(mockHttpServletRequest, new MockHttpServletResponse());
        SecurityContext loadContext = httpSessionSecurityContextRepository.loadContext(httpRequestResponseHolder);
        Assert.assertNull(mockHttpServletRequest.getSession(false));
        loadContext.setAuthentication(this.testToken);
        httpSessionSecurityContextRepository.saveContext(loadContext, httpRequestResponseHolder.getRequest(), httpRequestResponseHolder.getResponse());
        Assert.assertNotNull(mockHttpServletRequest.getSession(false));
        Assert.assertEquals(loadContext, mockHttpServletRequest.getSession().getAttribute("SPRING_SECURITY_CONTEXT"));
    }

    @Test
    public void redirectCausesEarlySaveOfContext() throws Exception {
        HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        HttpRequestResponseHolder httpRequestResponseHolder = new HttpRequestResponseHolder(mockHttpServletRequest, new MockHttpServletResponse());
        SecurityContextHolder.setContext(httpSessionSecurityContextRepository.loadContext(httpRequestResponseHolder));
        SecurityContextHolder.getContext().setAuthentication(this.testToken);
        httpRequestResponseHolder.getResponse().sendRedirect("/doesntmatter");
        Assert.assertEquals(SecurityContextHolder.getContext(), mockHttpServletRequest.getSession().getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertTrue(httpRequestResponseHolder.getResponse().isContextSaved());
        httpSessionSecurityContextRepository.saveContext(SecurityContextHolder.getContext(), httpRequestResponseHolder.getRequest(), httpRequestResponseHolder.getResponse());
        Assert.assertEquals(SecurityContextHolder.getContext(), mockHttpServletRequest.getSession().getAttribute("SPRING_SECURITY_CONTEXT"));
    }

    @Test
    public void sendErrorCausesEarlySaveOfContext() throws Exception {
        HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        HttpRequestResponseHolder httpRequestResponseHolder = new HttpRequestResponseHolder(mockHttpServletRequest, new MockHttpServletResponse());
        SecurityContextHolder.setContext(httpSessionSecurityContextRepository.loadContext(httpRequestResponseHolder));
        SecurityContextHolder.getContext().setAuthentication(this.testToken);
        httpRequestResponseHolder.getResponse().sendError(404);
        Assert.assertEquals(SecurityContextHolder.getContext(), mockHttpServletRequest.getSession().getAttribute("SPRING_SECURITY_CONTEXT"));
        Assert.assertTrue(httpRequestResponseHolder.getResponse().isContextSaved());
        httpSessionSecurityContextRepository.saveContext(SecurityContextHolder.getContext(), httpRequestResponseHolder.getRequest(), httpRequestResponseHolder.getResponse());
        Assert.assertEquals(SecurityContextHolder.getContext(), mockHttpServletRequest.getSession().getAttribute("SPRING_SECURITY_CONTEXT"));
    }

    @Test
    public void noSessionIsCreatedIfSessionWasInvalidatedDuringTheRequest() throws Exception {
        HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.getSession();
        HttpRequestResponseHolder httpRequestResponseHolder = new HttpRequestResponseHolder(mockHttpServletRequest, new MockHttpServletResponse());
        SecurityContextHolder.setContext(httpSessionSecurityContextRepository.loadContext(httpRequestResponseHolder));
        SecurityContextHolder.getContext().setAuthentication(this.testToken);
        mockHttpServletRequest.getSession().invalidate();
        httpSessionSecurityContextRepository.saveContext(SecurityContextHolder.getContext(), httpRequestResponseHolder.getRequest(), httpRequestResponseHolder.getResponse());
        Assert.assertNull(mockHttpServletRequest.getSession(false));
    }

    @Test
    public void noSessionIsCreatedIfAnonymousTokenIsUsed() throws Exception {
        HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        HttpRequestResponseHolder httpRequestResponseHolder = new HttpRequestResponseHolder(mockHttpServletRequest, new MockHttpServletResponse());
        SecurityContextHolder.setContext(httpSessionSecurityContextRepository.loadContext(httpRequestResponseHolder));
        SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("key", "anon", AuthorityUtils.createAuthorityList(new String[]{"ANON"})));
        httpSessionSecurityContextRepository.saveContext(SecurityContextHolder.getContext(), httpRequestResponseHolder.getRequest(), httpRequestResponseHolder.getResponse());
        Assert.assertNull(mockHttpServletRequest.getSession(false));
    }

    @Test
    @Deprecated
    public void settingCloneFromContextLoadsClonedContextObject() throws Exception {
        HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
        httpSessionSecurityContextRepository.setCloneFromHttpSession(true);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockContext mockContext = new MockContext();
        mockHttpServletRequest.getSession().setAttribute("SPRING_SECURITY_CONTEXT", mockContext);
        mockContext.setAuthentication(this.testToken);
        SecurityContext loadContext = httpSessionSecurityContextRepository.loadContext(new HttpRequestResponseHolder(mockHttpServletRequest, new MockHttpServletResponse()));
        Assert.assertTrue(loadContext instanceof MockContext);
        Assert.assertFalse(loadContext == mockContext);
    }

    @Test
    @Deprecated
    public void generateNewContextWorksWithContextClass() throws Exception {
        HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
        httpSessionSecurityContextRepository.setSecurityContextClass(MockContext.class);
        Assert.assertTrue(httpSessionSecurityContextRepository.generateNewContext() instanceof MockContext);
    }

    @Test
    public void sessionDisableUrlRewritingPreventsSessionIdBeingWrittenToUrl() throws Exception {
        HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse() { // from class: org.springframework.security.web.context.HttpSessionSecurityContextRepositoryTests.1
            public String encodeRedirectUrl(String str) {
                return str + ";jsessionid=id";
            }

            public String encodeRedirectURL(String str) {
                return str + ";jsessionid=id";
            }

            public String encodeUrl(String str) {
                return str + ";jsessionid=id";
            }

            public String encodeURL(String str) {
                return str + ";jsessionid=id";
            }
        };
        HttpRequestResponseHolder httpRequestResponseHolder = new HttpRequestResponseHolder(mockHttpServletRequest, mockHttpServletResponse);
        httpSessionSecurityContextRepository.loadContext(httpRequestResponseHolder);
        Assert.assertEquals("/aUrl;jsessionid=id", httpRequestResponseHolder.getResponse().encodeRedirectUrl("/aUrl"));
        Assert.assertEquals("/aUrl;jsessionid=id", httpRequestResponseHolder.getResponse().encodeRedirectURL("/aUrl"));
        Assert.assertEquals("/aUrl;jsessionid=id", httpRequestResponseHolder.getResponse().encodeUrl("/aUrl"));
        Assert.assertEquals("/aUrl;jsessionid=id", httpRequestResponseHolder.getResponse().encodeURL("/aUrl"));
        httpSessionSecurityContextRepository.setDisableUrlRewriting(true);
        HttpRequestResponseHolder httpRequestResponseHolder2 = new HttpRequestResponseHolder(mockHttpServletRequest, mockHttpServletResponse);
        httpSessionSecurityContextRepository.loadContext(httpRequestResponseHolder2);
        Assert.assertEquals("/aUrl", httpRequestResponseHolder2.getResponse().encodeRedirectUrl("/aUrl"));
        Assert.assertEquals("/aUrl", httpRequestResponseHolder2.getResponse().encodeRedirectURL("/aUrl"));
        Assert.assertEquals("/aUrl", httpRequestResponseHolder2.getResponse().encodeUrl("/aUrl"));
        Assert.assertEquals("/aUrl", httpRequestResponseHolder2.getResponse().encodeURL("/aUrl"));
    }
}
