package org.jboss.web.tomcat.security;

import java.security.PrivilegedActionException;
import org.apache.catalina.InstanceEvent;
import org.apache.catalina.InstanceListener;
import org.apache.catalina.Wrapper;
import org.jboss.logging.Logger;
import org.jboss.metadata.javaee.jboss.RunAsIdentityMetaData;
import org.jboss.metadata.web.jboss.JBossWebMetaData;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityUtil;

/* loaded from: input_file:org/jboss/web/tomcat/security/RunAsListener.class */
public class RunAsListener implements InstanceListener {
    public static ThreadLocal<JBossWebMetaData> metaDataLocal = new ThreadLocal<>();
    private static Logger log = Logger.getLogger(RunAsListener.class);
    private JBossWebMetaData metaData = metaDataLocal.get();

    public void instanceEvent(InstanceEvent instanceEvent) {
        Wrapper wrapper = instanceEvent.getWrapper();
        String type = instanceEvent.getType();
        if (wrapper == null || this.metaData == null) {
            return;
        }
        boolean isTraceEnabled = log.isTraceEnabled();
        String name = wrapper.getName();
        RunAsIdentityMetaData runAsIdentity = this.metaData.getRunAsIdentity(name);
        RunAsIdentity runAsIdentity2 = null;
        if (runAsIdentity != null) {
            runAsIdentity2 = new RunAsIdentity(runAsIdentity.getRoleName(), runAsIdentity.getPrincipalName(), runAsIdentity.getRunAsRoles());
        }
        if (isTraceEnabled) {
            log.trace(name + ", runAs: " + runAsIdentity);
        }
        if (type.equals("beforeInit") || type.equals("beforeDestroy") || type.equals("beforeService")) {
            ensureSecurityContext();
            SecurityAssociationActions.pushRunAsIdentity(runAsIdentity2);
        } else if (type.equals("afterInit") || type.equals("afterDestroy") || type.equals("afterService")) {
            ensureSecurityContext();
            SecurityAssociationActions.popRunAsIdentity();
        }
    }

    private void ensureSecurityContext() {
        String securityDomain = this.metaData.getSecurityDomain();
        String unprefixSecurityDomain = securityDomain == null ? "other" : SecurityUtil.unprefixSecurityDomain(securityDomain);
        if (SecurityAssociationActions.getSecurityContext() == null) {
            try {
                SecurityAssociationActions.setSecurityContext(SecurityAssociationActions.createSecurityContext(unprefixSecurityDomain));
            } catch (PrivilegedActionException e) {
                throw new RuntimeException(e);
            }
        }
    }
}
