package org.infinispan.security;

import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.acl.Group;
import java.util.Stack;
import javax.security.auth.Subject;
import org.infinispan.commons.jdkspecific.CallerId;
import org.infinispan.util.logging.LogFactory;

/* loaded from: input_file:m2repo/org/infinispan/infinispan-core/9.4.16.Final/infinispan-core-9.4.16.Final.jar:org/infinispan/security/Security.class */
public final class Security {
    private static final ThreadLocal<Boolean> PRIVILEGED = ThreadLocal.withInitial(() -> {
        return Boolean.FALSE;
    });
    private static final ThreadLocal<Stack<Subject>> SUBJECT = new ThreadLocal<>();

    private static boolean isTrustedClass(Class<?> cls) {
        return cls.getPackage().getName().startsWith(LogFactory.LOG_ROOT);
    }

    public static <T> T doPrivileged(PrivilegedAction<T> privilegedAction) {
        if (isPrivileged() || !isTrustedClass(CallerId.getCallerClass(3))) {
            return privilegedAction.run();
        }
        try {
            PRIVILEGED.set(true);
            T run = privilegedAction.run();
            PRIVILEGED.remove();
            return run;
        } catch (Throwable th) {
            PRIVILEGED.remove();
            throw th;
        }
    }

    public static <T> T doPrivileged(PrivilegedExceptionAction<T> privilegedExceptionAction) throws PrivilegedActionException {
        if (!isPrivileged()) {
            try {
                if (isTrustedClass(CallerId.getCallerClass(3))) {
                    try {
                        PRIVILEGED.set(true);
                        T run = privilegedExceptionAction.run();
                        PRIVILEGED.remove();
                        return run;
                    } catch (Exception e) {
                        throw new PrivilegedActionException(e);
                    }
                }
            } catch (Throwable th) {
                PRIVILEGED.remove();
                throw th;
            }
        }
        try {
            return privilegedExceptionAction.run();
        } catch (Exception e2) {
            throw new PrivilegedActionException(e2);
        }
    }

    /* JADX WARN: Finally extract failed */
    public static <T> T doAs(Subject subject, PrivilegedAction<T> privilegedAction) {
        Stack<Subject> stack = SUBJECT.get();
        if (stack == null) {
            stack = new Stack<>();
            SUBJECT.set(stack);
        }
        stack.push(subject);
        try {
            T run = privilegedAction.run();
            stack.pop();
            if (stack.isEmpty()) {
                SUBJECT.remove();
            }
            return run;
        } catch (Throwable th) {
            stack.pop();
            if (stack.isEmpty()) {
                SUBJECT.remove();
            }
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    public static <T> T doAs(Subject subject, PrivilegedExceptionAction<T> privilegedExceptionAction) throws PrivilegedActionException {
        Stack<Subject> stack = SUBJECT.get();
        if (stack == null) {
            stack = new Stack<>();
            SUBJECT.set(stack);
        }
        stack.push(subject);
        try {
            try {
                T run = privilegedExceptionAction.run();
                stack.pop();
                if (stack.isEmpty()) {
                    SUBJECT.remove();
                }
                return run;
            } catch (Exception e) {
                throw new PrivilegedActionException(e);
            }
        } catch (Throwable th) {
            stack.pop();
            if (stack.isEmpty()) {
                SUBJECT.remove();
            }
            throw th;
        }
    }

    public static void checkPermission(CachePermission cachePermission) throws AccessControlException {
        if (!isPrivileged()) {
            throw new AccessControlException("Call from unprivileged code", cachePermission);
        }
    }

    public static boolean isPrivileged() {
        return PRIVILEGED.get().booleanValue();
    }

    public static Subject getSubject() {
        if (SUBJECT.get() != null) {
            return SUBJECT.get().peek();
        }
        AccessControlContext context = AccessController.getContext();
        return System.getSecurityManager() == null ? Subject.getSubject(context) : (Subject) AccessController.doPrivileged(() -> {
            return Subject.getSubject(context);
        });
    }

    public static Principal getSubjectUserPrincipal(Subject subject) {
        if (subject == null) {
            return null;
        }
        for (Principal principal : subject.getPrincipals()) {
            if (!(principal instanceof Group)) {
                return principal;
            }
        }
        return null;
    }
}
