package org.jboss.security.jacc;

import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashSet;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.PolicyContextHandler;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
import org.jboss.security.SubjectInfo;
import org.jboss.security.plugins.SecurityContextAssociation;

/* loaded from: input_file:org/jboss/security/jacc/SubjectPolicyContextHandler.class */
public class SubjectPolicyContextHandler implements PolicyContextHandler {
    public static final HashSet EMPTY_SET = new HashSet();

    /* loaded from: input_file:org/jboss/security/jacc/SubjectPolicyContextHandler$GetSubjectAction.class */
    private static class GetSubjectAction implements PrivilegedAction {
        static PrivilegedAction ACTION = new GetSubjectAction();

        private GetSubjectAction() {
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            SubjectInfo subjectInfo;
            Subject subject = null;
            SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
            if (securityContext != null && (subjectInfo = securityContext.getSubjectInfo()) != null) {
                Subject authenticatedSubject = subjectInfo.getAuthenticatedSubject();
                RunAsIdentity runAsIdentity = (RunAsIdentity) securityContext.getUtil().get(SecurityConstants.CALLER_RAI_IDENTIFIER);
                if (authenticatedSubject != null) {
                    subject = new Subject(true, runAsIdentity == null ? authenticatedSubject.getPrincipals() : runAsIdentity.getPrincipalsSet(), authenticatedSubject.getPublicCredentials(), authenticatedSubject.getPrivateCredentials());
                } else if (runAsIdentity != null) {
                    subject = new Subject(true, runAsIdentity.getPrincipalsSet(), SubjectPolicyContextHandler.EMPTY_SET, SubjectPolicyContextHandler.EMPTY_SET);
                }
            }
            return subject;
        }
    }

    public Object getContext(String str, Object obj) throws PolicyContextException {
        if (str.equalsIgnoreCase(SecurityConstants.SUBJECT_CONTEXT_KEY)) {
            return (Subject) AccessController.doPrivileged(GetSubjectAction.ACTION);
        }
        return null;
    }

    public String[] getKeys() throws PolicyContextException {
        return new String[]{SecurityConstants.SUBJECT_CONTEXT_KEY};
    }

    public boolean supports(String str) throws PolicyContextException {
        return str.equalsIgnoreCase(SecurityConstants.SUBJECT_CONTEXT_KEY);
    }
}
