package org.springframework.security.ui.x509;

import java.security.cert.X509Certificate;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import junit.framework.TestCase;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.BadCredentialsException;
import org.springframework.security.MockAuthenticationManager;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.x509.X509AuthenticationToken;
import org.springframework.security.providers.x509.X509TestUtils;
import org.springframework.security.ui.AbstractProcessingFilter;
import org.springframework.security.util.MockFilterChain;

/* loaded from: input_file:spring-security-core-2.0.8.RELEASE-tests.jar:org/springframework/security/ui/x509/X509ProcessingFilterTests.class */
public class X509ProcessingFilterTests extends TestCase {

    /* loaded from: input_file:spring-security-core-2.0.8.RELEASE-tests.jar:org/springframework/security/ui/x509/X509ProcessingFilterTests$MockX509AuthenticationManager.class */
    private static class MockX509AuthenticationManager implements AuthenticationManager {
        private MockX509AuthenticationManager() {
        }

        @Override // org.springframework.security.AuthenticationManager
        public Authentication authenticate(Authentication authentication) {
            if (!(authentication instanceof X509AuthenticationToken)) {
                TestCase.fail("Needed an X509Authentication token but found " + authentication);
            }
            if (authentication.getCredentials() == null) {
                throw new BadCredentialsException("Mock authentication manager rejecting null certificate");
            }
            return authentication;
        }
    }

    public X509ProcessingFilterTests() {
    }

    public X509ProcessingFilterTests(String str) {
        super(str);
    }

    public final void setUp() throws Exception {
        super.setUp();
    }

    public void tearDown() {
        SecurityContextHolder.clearContext();
    }

    public void testAuthenticationIsNullWithNoCertificate() throws Exception {
        ServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        ServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain(true);
        MockX509AuthenticationManager mockX509AuthenticationManager = new MockX509AuthenticationManager();
        X509ProcessingFilter x509ProcessingFilter = new X509ProcessingFilter();
        x509ProcessingFilter.setAuthenticationManager(mockX509AuthenticationManager);
        SecurityContextHolder.getContext().setAuthentication(null);
        x509ProcessingFilter.doFilter(mockHttpServletRequest, mockHttpServletResponse, mockFilterChain);
        Object attribute = mockHttpServletRequest.getSession().getAttribute(AbstractProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY);
        assertNull("Authentication should be null", SecurityContextHolder.getContext().getAuthentication());
        assertTrue("BadCredentialsException should have been thrown", attribute instanceof BadCredentialsException);
    }

    public void testDoFilterWithNonHttpServletRequestDetected() throws Exception {
        try {
            new X509ProcessingFilter().doFilter(null, new MockHttpServletResponse(), new MockFilterChain(false));
            fail("Should have thrown ServletException");
        } catch (ServletException e) {
            assertEquals("Can only process HttpServletRequest", e.getMessage());
        }
    }

    public void testDoFilterWithNonHttpServletResponseDetected() throws Exception {
        try {
            new X509ProcessingFilter().doFilter(new MockHttpServletRequest((String) null, (String) null), null, new MockFilterChain(false));
            fail("Should have thrown ServletException");
        } catch (ServletException e) {
            assertEquals("Can only process HttpServletResponse", e.getMessage());
        }
    }

    public void testFailedAuthentication() throws Exception {
        ServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        ServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain(true);
        mockHttpServletRequest.setAttribute("javax.servlet.request.X509Certificate", new X509Certificate[]{X509TestUtils.buildTestCertificate()});
        MockAuthenticationManager mockAuthenticationManager = new MockAuthenticationManager(false);
        SecurityContextHolder.getContext().setAuthentication(null);
        X509ProcessingFilter x509ProcessingFilter = new X509ProcessingFilter();
        x509ProcessingFilter.setAuthenticationManager(mockAuthenticationManager);
        x509ProcessingFilter.afterPropertiesSet();
        x509ProcessingFilter.init(null);
        x509ProcessingFilter.doFilter(mockHttpServletRequest, mockHttpServletResponse, mockFilterChain);
        x509ProcessingFilter.destroy();
        assertNull(SecurityContextHolder.getContext().getAuthentication());
    }

    public void testNeedsAuthenticationManager() throws Exception {
        try {
            new X509ProcessingFilter().afterPropertiesSet();
            fail("Expected IllegalArgumentException");
        } catch (IllegalArgumentException e) {
        }
    }

    public void testNormalOperation() throws Exception {
        ServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        ServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain(true);
        mockHttpServletRequest.setAttribute("javax.servlet.request.X509Certificate", new X509Certificate[]{X509TestUtils.buildTestCertificate()});
        MockX509AuthenticationManager mockX509AuthenticationManager = new MockX509AuthenticationManager();
        SecurityContextHolder.getContext().setAuthentication(null);
        X509ProcessingFilter x509ProcessingFilter = new X509ProcessingFilter();
        x509ProcessingFilter.setAuthenticationManager(mockX509AuthenticationManager);
        x509ProcessingFilter.afterPropertiesSet();
        x509ProcessingFilter.init(null);
        x509ProcessingFilter.doFilter(mockHttpServletRequest, mockHttpServletResponse, mockFilterChain);
        x509ProcessingFilter.destroy();
        assertNotNull(SecurityContextHolder.getContext().getAuthentication());
    }
}
