package org.switchyard.security.context;

import java.io.Serializable;
import java.util.Set;
import java.util.UUID;
import javax.crypto.SealedObject;
import org.switchyard.Exchange;
import org.switchyard.Property;
import org.switchyard.Scope;
import org.switchyard.ServiceDomain;
import org.switchyard.label.BehaviorLabel;
import org.switchyard.security.credential.Credential;
import org.switchyard.security.crypto.PrivateCrypto;
import org.switchyard.security.service.SecureServiceDomain;
import org.switchyard.security.service.ServiceDomainSecurity;
import org.switchyard.security.system.SystemSecurity;

/* loaded from: input_file:WEB-INF/lib/switchyard-security-2.0.0.Final.jar:org/switchyard/security/context/SecurityContextManager.class */
public final class SecurityContextManager {
    private static final String FORMAT = SecurityContextManager.class.getSimpleName() + "@%s[systemSecurity=%s]";
    private static final String EXCHANGE_PROPERTY = SecurityContext.class.getName();
    private static final ThreadLocal<SecurityContext> THREAD_LOCAL = new InheritableThreadLocal();
    private SystemSecurity _systemSecurity;

    public SecurityContextManager(ServiceDomain serviceDomain) {
        ServiceDomainSecurity serviceDomainSecurity;
        this._systemSecurity = null;
        if ((serviceDomain instanceof SecureServiceDomain) && (serviceDomainSecurity = ((SecureServiceDomain) serviceDomain).getServiceDomainSecurity()) != null) {
            this._systemSecurity = serviceDomainSecurity.getSystemSecurity();
        }
        if (this._systemSecurity == null) {
            this._systemSecurity = SystemSecurity.DEFAULT;
        }
    }

    public SecurityContext getContext(Exchange exchange) {
        return getContext(exchange, true);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v31, types: [org.switchyard.security.context.SecurityContext] */
    /* JADX WARN: Type inference failed for: r0v34, types: [org.switchyard.security.context.SecurityContext] */
    public SecurityContext getContext(Exchange exchange, boolean z) {
        DefaultSecurityContext defaultSecurityContext = null;
        Property property = exchange.getContext().getProperty(EXCHANGE_PROPERTY, Scope.EXCHANGE);
        if (property != null) {
            Object value = property.getValue();
            if (value instanceof SecurityContext) {
                defaultSecurityContext = (SecurityContext) value;
            } else if (value instanceof SealedObject) {
                PrivateCrypto privateCrypto = this._systemSecurity.getPrivateCrypto();
                if (privateCrypto == null) {
                    throw new IllegalStateException("privateCrypto == null");
                }
                defaultSecurityContext = (SecurityContext) privateCrypto.unseal((SealedObject) value);
            } else if (value != null) {
                throw new IllegalArgumentException(value.getClass().getName() + " != " + EXCHANGE_PROPERTY);
            }
        }
        UUID uuid = this._systemSecurity.getUUID();
        if ((defaultSecurityContext == null || !defaultSecurityContext.isValid(uuid)) && z) {
            defaultSecurityContext = new DefaultSecurityContext(uuid, this._systemSecurity.getSecurityContextTimeoutMillis());
        }
        return defaultSecurityContext;
    }

    public void setContext(Exchange exchange, SecurityContext securityContext) {
        PrivateCrypto privateCrypto;
        THREAD_LOCAL.set(securityContext);
        Serializable serializable = securityContext;
        if (serializable != null && (privateCrypto = this._systemSecurity.getPrivateCrypto()) != null) {
            serializable = privateCrypto.seal(serializable);
        }
        Property property = exchange.getContext().setProperty(EXCHANGE_PROPERTY, serializable, Scope.EXCHANGE);
        if (property != null) {
            property.addLabels(BehaviorLabel.TRANSIENT.label());
        }
    }

    public void addCredentials(Exchange exchange, Set<Credential> set) {
        if (set == null || set.size() <= 0) {
            return;
        }
        SecurityContext context = getContext(exchange);
        context.getCredentials().addAll(set);
        setContext(exchange, context);
    }

    public void propagateContext(Exchange exchange) {
        setContext(exchange, THREAD_LOCAL.get());
    }

    public void propagateContext(Exchange exchange, Exchange exchange2) {
        setContext(exchange2, getContext(exchange, false));
    }

    public String toString() {
        return String.format(FORMAT, Integer.valueOf(System.identityHashCode(this)), this._systemSecurity);
    }
}
