package org.springframework.security.intercept.method.aopalliance;

import java.lang.reflect.Method;
import java.util.Collection;
import junit.framework.TestCase;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.security.AccessDecisionManager;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.AfterInvocationManager;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.AuthenticationException;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.ITargetObject;
import org.springframework.security.MockAccessDecisionManager;
import org.springframework.security.MockAfterInvocationManager;
import org.springframework.security.MockAuthenticationManager;
import org.springframework.security.MockRunAsManager;
import org.springframework.security.RunAsManager;
import org.springframework.security.context.SecurityContext;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.intercept.method.MethodDefinitionSource;
import org.springframework.security.intercept.method.MockMethodDefinitionSource;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.runas.RunAsManagerImpl;

/* loaded from: input_file:spring-security-core-2.0.8.RELEASE-tests.jar:org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorTests.class */
public class MethodSecurityInterceptorTests extends TestCase {

    /* loaded from: input_file:spring-security-core-2.0.8.RELEASE-tests.jar:org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorTests$MockAccessDecisionManagerWhichOnlySupportsStrings.class */
    private class MockAccessDecisionManagerWhichOnlySupportsStrings implements AccessDecisionManager {
        private MockAccessDecisionManagerWhichOnlySupportsStrings() {
        }

        @Override // org.springframework.security.AccessDecisionManager
        public void decide(Authentication authentication, Object obj, ConfigAttributeDefinition configAttributeDefinition) throws AccessDeniedException {
            throw new UnsupportedOperationException("mock method not implemented");
        }

        @Override // org.springframework.security.AccessDecisionManager
        public boolean supports(Class cls) {
            return String.class.isAssignableFrom(cls);
        }

        @Override // org.springframework.security.AccessDecisionManager
        public boolean supports(ConfigAttribute configAttribute) {
            return true;
        }
    }

    /* loaded from: input_file:spring-security-core-2.0.8.RELEASE-tests.jar:org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorTests$MockAfterInvocationManagerWhichOnlySupportsStrings.class */
    private class MockAfterInvocationManagerWhichOnlySupportsStrings implements AfterInvocationManager {
        private MockAfterInvocationManagerWhichOnlySupportsStrings() {
        }

        @Override // org.springframework.security.AfterInvocationManager
        public Object decide(Authentication authentication, Object obj, ConfigAttributeDefinition configAttributeDefinition, Object obj2) throws AccessDeniedException {
            throw new UnsupportedOperationException("mock method not implemented");
        }

        @Override // org.springframework.security.AfterInvocationManager
        public boolean supports(Class cls) {
            return String.class.isAssignableFrom(cls);
        }

        @Override // org.springframework.security.AfterInvocationManager
        public boolean supports(ConfigAttribute configAttribute) {
            return true;
        }
    }

    /* loaded from: input_file:spring-security-core-2.0.8.RELEASE-tests.jar:org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorTests$MockObjectDefinitionSourceWhichOnlySupportsStrings.class */
    private class MockObjectDefinitionSourceWhichOnlySupportsStrings implements MethodDefinitionSource {
        private MockObjectDefinitionSourceWhichOnlySupportsStrings() {
        }

        @Override // org.springframework.security.intercept.ObjectDefinitionSource
        public Collection getConfigAttributeDefinitions() {
            return null;
        }

        @Override // org.springframework.security.intercept.method.MethodDefinitionSource
        public ConfigAttributeDefinition getAttributes(Method method, Class cls) {
            throw new UnsupportedOperationException("mock method not implemented");
        }

        @Override // org.springframework.security.intercept.ObjectDefinitionSource
        public boolean supports(Class cls) {
            return String.class.isAssignableFrom(cls);
        }

        @Override // org.springframework.security.intercept.ObjectDefinitionSource
        public ConfigAttributeDefinition getAttributes(Object obj) {
            throw new UnsupportedOperationException("mock method not implemented");
        }
    }

    /* loaded from: input_file:spring-security-core-2.0.8.RELEASE-tests.jar:org/springframework/security/intercept/method/aopalliance/MethodSecurityInterceptorTests$MockRunAsManagerWhichOnlySupportsStrings.class */
    private class MockRunAsManagerWhichOnlySupportsStrings implements RunAsManager {
        private MockRunAsManagerWhichOnlySupportsStrings() {
        }

        @Override // org.springframework.security.RunAsManager
        public Authentication buildRunAs(Authentication authentication, Object obj, ConfigAttributeDefinition configAttributeDefinition) {
            throw new UnsupportedOperationException("mock method not implemented");
        }

        @Override // org.springframework.security.RunAsManager
        public boolean supports(Class cls) {
            return String.class.isAssignableFrom(cls);
        }

        @Override // org.springframework.security.RunAsManager
        public boolean supports(ConfigAttribute configAttribute) {
            return true;
        }
    }

    public MethodSecurityInterceptorTests() {
    }

    public MethodSecurityInterceptorTests(String str) {
        super(str);
    }

    public final void setUp() throws Exception {
        super.setUp();
        SecurityContextHolder.clearContext();
    }

    protected void tearDown() throws Exception {
        super.tearDown();
        SecurityContextHolder.clearContext();
    }

    private ITargetObject makeInterceptedTarget() {
        return (ITargetObject) new ClassPathXmlApplicationContext("org/springframework/security/intercept/method/aopalliance/applicationContext.xml").getBean("target");
    }

    private ITargetObject makeInterceptedTargetRejectsAuthentication() {
        ClassPathXmlApplicationContext classPathXmlApplicationContext = new ClassPathXmlApplicationContext("org/springframework/security/intercept/method/aopalliance/applicationContext.xml");
        ((MethodSecurityInterceptor) classPathXmlApplicationContext.getBean("securityInterceptor")).setAuthenticationManager(new MockAuthenticationManager(false));
        return (ITargetObject) classPathXmlApplicationContext.getBean("target");
    }

    private ITargetObject makeInterceptedTargetWithoutAnAfterInvocationManager() {
        ClassPathXmlApplicationContext classPathXmlApplicationContext = new ClassPathXmlApplicationContext("org/springframework/security/intercept/method/aopalliance/applicationContext.xml");
        ((MethodSecurityInterceptor) classPathXmlApplicationContext.getBean("securityInterceptor")).setAfterInvocationManager(null);
        return (ITargetObject) classPathXmlApplicationContext.getBean("target");
    }

    public void testCallingAPublicMethodFacadeWillNotRepeatSecurityChecksWhenPassedToTheSecuredMethodItFronts() throws Exception {
        assertEquals("hello Authentication empty", makeInterceptedTarget().publicMakeLowerCase("HELLO"));
    }

    public void testCallingAPublicMethodWhenPresentingAnAuthenticationObjectWillNotChangeItsIsAuthenticatedProperty() throws Exception {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("Test", "Password");
        assertTrue(!usernamePasswordAuthenticationToken.isAuthenticated());
        SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
        assertEquals("hello org.springframework.security.providers.UsernamePasswordAuthenticationToken false", makeInterceptedTarget().publicMakeLowerCase("HELLO"));
    }

    public void testDeniesWhenAppropriate() throws Exception {
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("Test", "Password", new GrantedAuthority[]{new GrantedAuthorityImpl("MOCK_NO_BENEFIT_TO_THIS_GRANTED_AUTHORITY")}));
        try {
            makeInterceptedTarget().makeUpperCase("HELLO");
            fail("Should have thrown AccessDeniedException");
        } catch (AccessDeniedException e) {
            assertTrue(true);
        }
    }

    public void testGetters() {
        MockAccessDecisionManager mockAccessDecisionManager = new MockAccessDecisionManager();
        MockRunAsManager mockRunAsManager = new MockRunAsManager();
        MockAuthenticationManager mockAuthenticationManager = new MockAuthenticationManager();
        MockMethodDefinitionSource mockMethodDefinitionSource = new MockMethodDefinitionSource(false, true);
        MockAfterInvocationManager mockAfterInvocationManager = new MockAfterInvocationManager();
        MethodSecurityInterceptor methodSecurityInterceptor = new MethodSecurityInterceptor();
        methodSecurityInterceptor.setAccessDecisionManager(mockAccessDecisionManager);
        methodSecurityInterceptor.setRunAsManager(mockRunAsManager);
        methodSecurityInterceptor.setAuthenticationManager(mockAuthenticationManager);
        methodSecurityInterceptor.setObjectDefinitionSource(mockMethodDefinitionSource);
        methodSecurityInterceptor.setAfterInvocationManager(mockAfterInvocationManager);
        assertEquals(mockAccessDecisionManager, methodSecurityInterceptor.getAccessDecisionManager());
        assertEquals(mockRunAsManager, methodSecurityInterceptor.getRunAsManager());
        assertEquals(mockAuthenticationManager, methodSecurityInterceptor.getAuthenticationManager());
        assertEquals(mockMethodDefinitionSource, methodSecurityInterceptor.getObjectDefinitionSource());
        assertEquals(mockAfterInvocationManager, methodSecurityInterceptor.getAfterInvocationManager());
    }

    public void testMethodCallWithRunAsReplacement() throws Exception {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("Test", "Password", new GrantedAuthority[]{new GrantedAuthorityImpl("MOCK_UPPER")});
        SecurityContext context = SecurityContextHolder.getContext();
        context.setAuthentication(usernamePasswordAuthenticationToken);
        assertEquals("HELLO org.springframework.security.MockRunAsAuthenticationToken true", makeInterceptedTarget().makeUpperCase("hello"));
        assertSame(context, SecurityContextHolder.getContext());
        assertSame(usernamePasswordAuthenticationToken, SecurityContextHolder.getContext().getAuthentication());
    }

    public void testMethodCallWithoutRunAsReplacement() throws Exception {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("Test", "Password", new GrantedAuthority[]{new GrantedAuthorityImpl("MOCK_LOWER")});
        assertTrue(usernamePasswordAuthenticationToken.isAuthenticated());
        SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
        assertEquals("hello org.springframework.security.providers.UsernamePasswordAuthenticationToken true", makeInterceptedTargetWithoutAnAfterInvocationManager().makeLowerCase("HELLO"));
    }

    public void testRejectionOfEmptySecurityContext() throws Exception {
        try {
            makeInterceptedTarget().makeUpperCase("hello");
            fail("Should have thrown AuthenticationCredentialsNotFoundException");
        } catch (AuthenticationCredentialsNotFoundException e) {
            assertTrue(true);
        }
    }

    public void testRejectsAccessDecisionManagersThatDoNotSupportMethodInvocation() throws Exception {
        MethodSecurityInterceptor methodSecurityInterceptor = new MethodSecurityInterceptor();
        methodSecurityInterceptor.setAccessDecisionManager(new MockAccessDecisionManagerWhichOnlySupportsStrings());
        methodSecurityInterceptor.setAuthenticationManager(new MockAuthenticationManager());
        methodSecurityInterceptor.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));
        methodSecurityInterceptor.setRunAsManager(new MockRunAsManager());
        try {
            methodSecurityInterceptor.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertEquals("AccessDecisionManager does not support secure object class: interface org.aopalliance.intercept.MethodInvocation", e.getMessage());
        }
    }

    public void testRejectsCallsWhenAuthenticationIsIncorrect() throws Exception {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("Test", "Password");
        assertTrue(!usernamePasswordAuthenticationToken.isAuthenticated());
        SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
        try {
            makeInterceptedTargetRejectsAuthentication().makeLowerCase("HELLO");
            fail("Should have thrown AuthenticationException");
        } catch (AuthenticationException e) {
            assertTrue(true);
        }
    }

    public void testRejectsCallsWhenObjectDefinitionSourceDoesNotSupportObject() throws Throwable {
        MethodSecurityInterceptor methodSecurityInterceptor = new MethodSecurityInterceptor();
        methodSecurityInterceptor.setObjectDefinitionSource(new MockObjectDefinitionSourceWhichOnlySupportsStrings());
        methodSecurityInterceptor.setAccessDecisionManager(new MockAccessDecisionManager());
        methodSecurityInterceptor.setAuthenticationManager(new MockAuthenticationManager());
        methodSecurityInterceptor.setRunAsManager(new MockRunAsManager());
        try {
            methodSecurityInterceptor.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertEquals("ObjectDefinitionSource does not support secure object class: interface org.aopalliance.intercept.MethodInvocation", e.getMessage());
        }
    }

    public void testRejectsCallsWhenObjectIsNull() throws Throwable {
        try {
            new MethodSecurityInterceptor().invoke(null);
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertEquals("Object was null", e.getMessage());
        }
    }

    public void testRejectsRunAsManagersThatDoNotSupportMethodInvocation() throws Exception {
        MethodSecurityInterceptor methodSecurityInterceptor = new MethodSecurityInterceptor();
        methodSecurityInterceptor.setAccessDecisionManager(new MockAccessDecisionManager());
        methodSecurityInterceptor.setAuthenticationManager(new MockAuthenticationManager());
        methodSecurityInterceptor.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));
        methodSecurityInterceptor.setRunAsManager(new MockRunAsManagerWhichOnlySupportsStrings());
        methodSecurityInterceptor.setAfterInvocationManager(new MockAfterInvocationManager());
        try {
            methodSecurityInterceptor.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertEquals("RunAsManager does not support secure object class: interface org.aopalliance.intercept.MethodInvocation", e.getMessage());
        }
    }

    public void testStartupCheckForAccessDecisionManager() throws Exception {
        MethodSecurityInterceptor methodSecurityInterceptor = new MethodSecurityInterceptor();
        methodSecurityInterceptor.setRunAsManager(new MockRunAsManager());
        methodSecurityInterceptor.setAuthenticationManager(new MockAuthenticationManager());
        methodSecurityInterceptor.setAfterInvocationManager(new MockAfterInvocationManager());
        methodSecurityInterceptor.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));
        try {
            methodSecurityInterceptor.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertEquals("An AccessDecisionManager is required", e.getMessage());
        }
    }

    public void testStartupCheckForAuthenticationManager() throws Exception {
        MethodSecurityInterceptor methodSecurityInterceptor = new MethodSecurityInterceptor();
        methodSecurityInterceptor.setAccessDecisionManager(new MockAccessDecisionManager());
        methodSecurityInterceptor.setRunAsManager(new MockRunAsManager());
        methodSecurityInterceptor.setAfterInvocationManager(new MockAfterInvocationManager());
        methodSecurityInterceptor.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));
        try {
            methodSecurityInterceptor.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertEquals("An AuthenticationManager is required", e.getMessage());
        }
    }

    public void testStartupCheckForMethodDefinitionSource() throws Exception {
        MethodSecurityInterceptor methodSecurityInterceptor = new MethodSecurityInterceptor();
        methodSecurityInterceptor.setAccessDecisionManager(new MockAccessDecisionManager());
        methodSecurityInterceptor.setAuthenticationManager(new MockAuthenticationManager());
        try {
            methodSecurityInterceptor.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertEquals("An ObjectDefinitionSource is required", e.getMessage());
        }
    }

    public void testStartupCheckForRunAsManager() throws Exception {
        MethodSecurityInterceptor methodSecurityInterceptor = new MethodSecurityInterceptor();
        methodSecurityInterceptor.setAccessDecisionManager(new MockAccessDecisionManager());
        methodSecurityInterceptor.setAuthenticationManager(new MockAuthenticationManager());
        methodSecurityInterceptor.setRunAsManager(null);
        methodSecurityInterceptor.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));
        try {
            methodSecurityInterceptor.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertEquals("A RunAsManager is required", e.getMessage());
        }
    }

    public void testStartupCheckForValidAfterInvocationManager() throws Exception {
        MethodSecurityInterceptor methodSecurityInterceptor = new MethodSecurityInterceptor();
        methodSecurityInterceptor.setRunAsManager(new MockRunAsManager());
        methodSecurityInterceptor.setAuthenticationManager(new MockAuthenticationManager());
        methodSecurityInterceptor.setAfterInvocationManager(new MockAfterInvocationManagerWhichOnlySupportsStrings());
        methodSecurityInterceptor.setAccessDecisionManager(new MockAccessDecisionManager());
        methodSecurityInterceptor.setObjectDefinitionSource(new MockMethodDefinitionSource(false, true));
        try {
            methodSecurityInterceptor.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertTrue(e.getMessage().startsWith("AfterInvocationManager does not support secure object class:"));
        }
    }

    public void testValidationFailsIfInvalidAttributePresented() throws Exception {
        MethodSecurityInterceptor methodSecurityInterceptor = new MethodSecurityInterceptor();
        methodSecurityInterceptor.setAccessDecisionManager(new MockAccessDecisionManager());
        methodSecurityInterceptor.setAuthenticationManager(new MockAuthenticationManager());
        methodSecurityInterceptor.setRunAsManager(new RunAsManagerImpl());
        assertTrue(methodSecurityInterceptor.isValidateConfigAttributes());
        methodSecurityInterceptor.setObjectDefinitionSource(new MockMethodDefinitionSource(true, true));
        try {
            methodSecurityInterceptor.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertEquals("Unsupported configuration attributes: [ANOTHER_INVALID, INVALID_ATTRIBUTE]", e.getMessage());
        }
    }

    public void testValidationNotAttemptedIfIsValidateConfigAttributesSetToFalse() throws Exception {
        MethodSecurityInterceptor methodSecurityInterceptor = new MethodSecurityInterceptor();
        methodSecurityInterceptor.setAccessDecisionManager(new MockAccessDecisionManager());
        methodSecurityInterceptor.setAuthenticationManager(new MockAuthenticationManager());
        assertTrue(methodSecurityInterceptor.isValidateConfigAttributes());
        methodSecurityInterceptor.setValidateConfigAttributes(false);
        assertTrue(!methodSecurityInterceptor.isValidateConfigAttributes());
        methodSecurityInterceptor.setObjectDefinitionSource(new MockMethodDefinitionSource(true, true));
        methodSecurityInterceptor.afterPropertiesSet();
        assertTrue(true);
    }

    public void testValidationNotAttemptedIfMethodDefinitionSourceCannotReturnIterator() throws Exception {
        MethodSecurityInterceptor methodSecurityInterceptor = new MethodSecurityInterceptor();
        methodSecurityInterceptor.setAccessDecisionManager(new MockAccessDecisionManager());
        methodSecurityInterceptor.setRunAsManager(new MockRunAsManager());
        methodSecurityInterceptor.setAuthenticationManager(new MockAuthenticationManager());
        assertTrue(methodSecurityInterceptor.isValidateConfigAttributes());
        methodSecurityInterceptor.setObjectDefinitionSource(new MockMethodDefinitionSource(true, false));
        methodSecurityInterceptor.afterPropertiesSet();
        assertTrue(true);
    }
}
