package org.springframework.security.web.session;

import org.junit.After;
import org.junit.Assert;
import org.junit.Test;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:org/springframework/security/web/session/SessionFixationProtectionFilterTests.class */
public class SessionFixationProtectionFilterTests {
    @After
    public void clearContext() {
        SecurityContextHolder.clearContext();
    }

    @Test
    public void newSessionShouldNotBeCreatedIfNoSessionExists() throws Exception {
        SessionFixationProtectionFilter sessionFixationProtectionFilter = new SessionFixationProtectionFilter();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        authenticateUser();
        sessionFixationProtectionFilter.doFilter(mockHttpServletRequest, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertNull(mockHttpServletRequest.getSession(false));
    }

    @Test
    public void newSessionBeCreatedIfAuthenticatedOccurredDuringRequest() throws Exception {
        SessionFixationProtectionFilter sessionFixationProtectionFilter = new SessionFixationProtectionFilter();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        String id = mockHttpServletRequest.getSession().getId();
        authenticateUser();
        sessionFixationProtectionFilter.doFilter(mockHttpServletRequest, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertFalse(id.equals(mockHttpServletRequest.getSession().getId()));
    }

    @Test
    public void newSessionShouldNotBeCreatedIfSessionExistsAndUserIsNotAuthenticated() throws Exception {
        SessionFixationProtectionFilter sessionFixationProtectionFilter = new SessionFixationProtectionFilter();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        String id = mockHttpServletRequest.getSession().getId();
        sessionFixationProtectionFilter.doFilter(mockHttpServletRequest, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(id, mockHttpServletRequest.getSession().getId());
    }

    @Test
    public void newSessionShouldNotBeCreatedIfUserIsAlreadyAuthenticated() throws Exception {
        SessionFixationProtectionFilter sessionFixationProtectionFilter = new SessionFixationProtectionFilter();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        String id = mockHttpServletRequest.getSession().getId();
        authenticateUser();
        mockHttpServletRequest.getSession().setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext());
        sessionFixationProtectionFilter.doFilter(mockHttpServletRequest, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(id, mockHttpServletRequest.getSession().getId());
    }

    private void authenticateUser() {
        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "pass"));
    }
}
