package org.jboss.as.domain.http.server.security;

import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import org.jboss.as.controller.security.AccessMechanismPrincipal;
import org.jboss.as.controller.security.InetAddressPrincipal;
import org.jboss.as.core.security.AccessMechanism;
import org.wildfly.security.manager.WildFlySecurityManager;

/* loaded from: input_file:org/jboss/as/domain/http/server/security/SubjectDoAsHandler.class */
public class SubjectDoAsHandler implements HttpHandler {
    private final HttpHandler wrapped;

    public SubjectDoAsHandler(HttpHandler httpHandler) {
        this.wrapped = httpHandler;
    }

    public void handleRequest(final HttpServerExchange httpServerExchange) throws Exception {
        SecurityContext securityContext = (SecurityContext) httpServerExchange.getAttachment(SecurityContext.ATTACHMENT_KEY);
        Subject subject = null;
        if (securityContext != null) {
            final Account authenticatedAccount = securityContext.getAuthenticatedAccount();
            if (authenticatedAccount instanceof SubjectAccount) {
                PrivilegedAction<Subject> privilegedAction = new PrivilegedAction<Subject>() { // from class: org.jboss.as.domain.http.server.security.SubjectDoAsHandler.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public Subject run() {
                        Subject subject2 = ((SubjectAccount) authenticatedAccount).getSubject();
                        Subject subject3 = new Subject();
                        subject3.getPrincipals().addAll(subject2.getPrincipals());
                        subject3.getPrivateCredentials().addAll(subject2.getPrivateCredentials());
                        subject3.getPublicCredentials().addAll(subject2.getPublicCredentials());
                        SocketAddress peerAddress = httpServerExchange.getConnection().getPeerAddress();
                        if (peerAddress instanceof InetSocketAddress) {
                            subject3.getPrincipals().add(new InetAddressPrincipal(((InetSocketAddress) peerAddress).getAddress()));
                        }
                        subject3.getPrincipals().add(new AccessMechanismPrincipal(AccessMechanism.HTTP));
                        subject3.setReadOnly();
                        return subject3;
                    }
                };
                subject = WildFlySecurityManager.isChecking() ? (Subject) AccessController.doPrivileged(privilegedAction) : privilegedAction.run();
            }
        }
        handleRequest(httpServerExchange, subject);
    }

    void handleRequest(final HttpServerExchange httpServerExchange, Subject subject) throws Exception {
        if (subject == null) {
            this.wrapped.handleRequest(httpServerExchange);
            return;
        }
        try {
            Subject.doAs(subject, new PrivilegedExceptionAction<Void>() { // from class: org.jboss.as.domain.http.server.security.SubjectDoAsHandler.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    SubjectDoAsHandler.this.wrapped.handleRequest(httpServerExchange);
                    return null;
                }
            });
        } catch (PrivilegedActionException e) {
            throw e.getException();
        }
    }
}
