package org.jboss.internal.soa.esb.services.security;

import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.log4j.Logger;
import org.jboss.internal.soa.esb.assertion.AssertArgument;
import org.jboss.security.RunAs;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.SecurityContextFactory;
import org.jboss.soa.esb.common.Configuration;
import org.jboss.soa.esb.services.security.SecurityConfig;
import org.jboss.soa.esb.services.security.principals.User;
import org.jboss.soa.esb.util.ClassUtil;

/* loaded from: input_file:org/jboss/internal/soa/esb/services/security/JBossASContextPropagator.class */
public final class JBossASContextPropagator implements SecurityContextPropagator {
    private static final Logger LOGGER = Logger.getLogger(JBossASContextPropagator.class);
    private static final JBossASSecurityContextOperations OPERATIONS;

    /* loaded from: input_file:org/jboss/internal/soa/esb/services/security/JBossASContextPropagator$AS4SecurityContextOperations.class */
    public static class AS4SecurityContextOperations implements JBossASSecurityContextOperations {
        @Override // org.jboss.internal.soa.esb.services.security.JBossASContextPropagator.JBossASSecurityContextOperations
        public void pushSecurityContext(Principal principal, Object obj, Subject subject, String str, SecurityConfig securityConfig) {
            try {
                SecurityAssociation.pushSubjectContext(subject, principal, obj);
                if (securityConfig != null && securityConfig.hasRunAs()) {
                    SecurityAssociation.pushRunAsIdentity(new RunAsIdentity(securityConfig.getRunAs(), principal.getName()));
                }
            } catch (Exception e) {
                throw new RuntimeException("Unexpected exception creating security context", e);
            }
        }

        @Override // org.jboss.internal.soa.esb.services.security.JBossASContextPropagator.JBossASSecurityContextOperations
        public void popSecurityContext(SecurityConfig securityConfig) {
            if (securityConfig != null && securityConfig.hasRunAs()) {
                SecurityAssociation.popRunAsIdentity();
            }
            SecurityAssociation.popSubjectContext();
        }
    }

    /* loaded from: input_file:org/jboss/internal/soa/esb/services/security/JBossASContextPropagator$AS5SecurityContextOperations.class */
    public static class AS5SecurityContextOperations implements JBossASSecurityContextOperations {
        @Override // org.jboss.internal.soa.esb.services.security.JBossASContextPropagator.JBossASSecurityContextOperations
        public void pushSecurityContext(Principal principal, Object obj, Subject subject, String str, SecurityConfig securityConfig) {
            try {
                SecurityContext createSecurityContext = SecurityContextFactory.createSecurityContext(principal, obj, subject, str == null ? "other" : str);
                SecurityContextAssociation.setSecurityContext(createSecurityContext);
                if (securityConfig != null && securityConfig.hasRunAs()) {
                    createSecurityContext.setOutgoingRunAs(new RunAsIdentity(securityConfig.getRunAs(), principal.getName()));
                }
            } catch (Exception e) {
                throw new RuntimeException("Unexpected exception creating security context", e);
            }
        }

        @Override // org.jboss.internal.soa.esb.services.security.JBossASContextPropagator.JBossASSecurityContextOperations
        public void popSecurityContext(SecurityConfig securityConfig) {
            SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
            if (securityContext != null) {
                if (securityConfig != null && securityConfig.hasRunAs()) {
                    securityContext.setOutgoingRunAs((RunAs) null);
                }
                SecurityContextAssociation.clearSecurityContext();
            }
        }
    }

    /* loaded from: input_file:org/jboss/internal/soa/esb/services/security/JBossASContextPropagator$JBossASSecurityContextOperations.class */
    public interface JBossASSecurityContextOperations {
        void pushSecurityContext(Principal principal, Object obj, Subject subject, String str, SecurityConfig securityConfig);

        void popSecurityContext(SecurityConfig securityConfig);
    }

    @Override // org.jboss.internal.soa.esb.services.security.SecurityContextPropagator
    public void pushSecurityContext(org.jboss.soa.esb.services.security.SecurityContext securityContext, Set<?> set, SecurityConfig securityConfig) {
        pushSecurityContext(securityContext, set, securityConfig, OPERATIONS);
    }

    public void pushSecurityContext(org.jboss.soa.esb.services.security.SecurityContext securityContext, Set<?> set, final SecurityConfig securityConfig, JBossASSecurityContextOperations jBossASSecurityContextOperations) {
        AssertArgument.isNotNull(securityContext, "context");
        final Subject subject = securityContext.getSubject();
        final Principal principal = getPrincipal(subject);
        Object next = (set == null || set.isEmpty()) ? null : set.iterator().next();
        final JBossASSecurityContextOperations securityContextOperations = getSecurityContextOperations(jBossASSecurityContextOperations);
        final String domain = securityContext.getDomain();
        if (System.getSecurityManager() == null) {
            securityContextOperations.pushSecurityContext(principal, next, subject, domain, securityConfig);
        } else {
            final Object obj = next;
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: org.jboss.internal.soa.esb.services.security.JBossASContextPropagator.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    securityContextOperations.pushSecurityContext(principal, obj, subject, domain, securityConfig);
                    return null;
                }
            });
        }
    }

    @Override // org.jboss.internal.soa.esb.services.security.SecurityContextPropagator
    public void popSecurityContext(org.jboss.soa.esb.services.security.SecurityContext securityContext, SecurityConfig securityConfig) {
        popSecurityContext(securityContext, securityConfig, OPERATIONS);
    }

    public void popSecurityContext(org.jboss.soa.esb.services.security.SecurityContext securityContext, final SecurityConfig securityConfig, JBossASSecurityContextOperations jBossASSecurityContextOperations) {
        final JBossASSecurityContextOperations securityContextOperations = getSecurityContextOperations(jBossASSecurityContextOperations);
        if (System.getSecurityManager() == null) {
            securityContextOperations.popSecurityContext(securityConfig);
        } else {
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: org.jboss.internal.soa.esb.services.security.JBossASContextPropagator.2
                @Override // java.security.PrivilegedAction
                public Object run() {
                    securityContextOperations.popSecurityContext(securityConfig);
                    return null;
                }
            });
        }
    }

    private JBossASSecurityContextOperations getSecurityContextOperations(JBossASSecurityContextOperations jBossASSecurityContextOperations) {
        return jBossASSecurityContextOperations != null ? jBossASSecurityContextOperations : OPERATIONS;
    }

    private Principal getPrincipal(Subject subject) {
        Iterator<Principal> it = subject.getPrincipals().iterator();
        return it.hasNext() ? it.next() : new User("NullPrincipal");
    }

    private static boolean isSecurityContextAssociationPresent() {
        try {
            ClassUtil.forName("org.jboss.security.SecurityContextAssociation", JBossASContextPropagator.class);
            return true;
        } catch (ClassNotFoundException e) {
            return false;
        } catch (Throwable th) {
            LOGGER.debug("Exception checking for SecurityContextAssociation", th);
            return false;
        }
    }

    static {
        JBossASSecurityContextOperations jBossASSecurityContextOperations = null;
        String jBossASSecurityContextOperationsImplementationClass = Configuration.getJBossASSecurityContextOperationsImplementationClass();
        if (jBossASSecurityContextOperationsImplementationClass != null) {
            try {
                jBossASSecurityContextOperations = (JBossASSecurityContextOperations) ClassUtil.forName(jBossASSecurityContextOperationsImplementationClass, JBossASContextPropagator.class).newInstance();
            } catch (Throwable th) {
                LOGGER.error("Unexpected exception creating security context operations implementation, falling back to default", th);
            }
        }
        if (jBossASSecurityContextOperations == null) {
            jBossASSecurityContextOperations = isSecurityContextAssociationPresent() ? new AS5SecurityContextOperations() : new AS4SecurityContextOperations();
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Default JBossASSecurityContextOperations initialised to " + jBossASSecurityContextOperations.getClass().getName());
        }
        OPERATIONS = jBossASSecurityContextOperations;
    }
}
