package org.wildfly.elytron.web.undertow.server;

import io.undertow.security.idm.Account;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import java.util.function.BiFunction;
import org.apache.xalan.xsltc.compiler.Constants;
import org.wildfly.common.Assert;
import org.wildfly.security.auth.server.FlexibleIdentityAssociation;
import org.wildfly.security.auth.server.SecurityIdentity;

/* loaded from: input_file:m2repo/org/wildfly/security/elytron-web/undertow-server/1.0.1.Final/undertow-server-1.0.1.Final.jar:org/wildfly/elytron/web/undertow/server/ElytronRunAsHandler.class */
public class ElytronRunAsHandler implements HttpHandler {
    private final HttpHandler next;
    private final BiFunction<SecurityIdentity, HttpServerExchange, SecurityIdentity> identityTransformer;

    public ElytronRunAsHandler(HttpHandler httpHandler) {
        this(httpHandler, (securityIdentity, httpServerExchange) -> {
            return securityIdentity;
        });
    }

    public ElytronRunAsHandler(HttpHandler httpHandler, BiFunction<SecurityIdentity, HttpServerExchange, SecurityIdentity> biFunction) {
        this.next = (HttpHandler) Assert.checkNotNullParam(Constants.NEXT, httpHandler);
        this.identityTransformer = (BiFunction) Assert.checkNotNullParam("identityTransformer", biFunction);
    }

    @Override // io.undertow.server.HttpHandler
    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        SecurityContextImpl securityContextImpl = (SecurityContextImpl) httpServerExchange.getSecurityContext();
        Account authenticatedAccount = securityContextImpl != null ? securityContextImpl.getAuthenticatedAccount() : null;
        SecurityIdentity apply = this.identityTransformer.apply(authenticatedAccount instanceof ElytronAccount ? ((ElytronAccount) authenticatedAccount).getSecurityIdentity() : null, httpServerExchange);
        FlexibleIdentityAssociation flexibleIdentityAssociation = securityContextImpl.getFlexibleIdentityAssociation();
        if (flexibleIdentityAssociation != null) {
            if (apply != null) {
                flexibleIdentityAssociation.setIdentity(apply);
            }
            flexibleIdentityAssociation.runAs(() -> {
                this.next.handleRequest(httpServerExchange);
                return null;
            });
        } else if (apply != null) {
            apply.runAs(() -> {
                this.next.handleRequest(httpServerExchange);
                return null;
            });
        } else {
            this.next.handleRequest(httpServerExchange);
        }
    }
}
