package org.wildfly.extension.undertow.security;

import io.undertow.servlet.api.ThreadSetupHandler;
import java.security.PrivilegedAction;
import java.util.Map;
import java.util.Set;
import org.jboss.as.security.plugins.SecurityDomainContext;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityRolesAssociation;
import org.jboss.security.mapping.MappingContext;
import org.jboss.security.mapping.MappingManager;
import org.jboss.security.mapping.MappingType;
import org.wildfly.security.manager.WildFlySecurityManager;

/* loaded from: input_file:wildfly.zip:modules/system/layers/base/org/wildfly/extension/undertow/main/wildfly-undertow-22.0.0.Final.jar:org/wildfly/extension/undertow/security/SecurityContextThreadSetupAction.class */
public class SecurityContextThreadSetupAction implements ThreadSetupHandler {
    private final String securityDomain;
    private final SecurityDomainContext securityDomainContext;
    private final Map<String, Set<String>> principleVsRoleMap;
    private static final PrivilegedAction<Object> TEAR_DOWN_PA = new PrivilegedAction<Object>() { // from class: org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.1
        @Override // java.security.PrivilegedAction
        public Object run() {
            SecurityActions.clearSecurityContext();
            SecurityRolesAssociation.setSecurityRoles(null);
            return null;
        }
    };

    public SecurityContextThreadSetupAction(String str, SecurityDomainContext securityDomainContext, Map<String, Set<String>> map) {
        this.securityDomain = str;
        this.securityDomainContext = securityDomainContext;
        this.principleVsRoleMap = map;
    }

    @Override // io.undertow.servlet.api.ThreadSetupHandler
    public <T, C> ThreadSetupHandler.Action<T, C> create(ThreadSetupHandler.Action<T, C> action) {
        return (httpServerExchange, obj) -> {
            SecurityContext securityContext = null;
            if (httpServerExchange != null) {
                securityContext = (SecurityContext) httpServerExchange.getAttachment(UndertowSecurityAttachments.SECURITY_CONTEXT_ATTACHMENT);
            }
            if (securityContext == null) {
                securityContext = SecurityActions.createSecurityContext(this.securityDomain);
                if (httpServerExchange != null) {
                    httpServerExchange.putAttachment(UndertowSecurityAttachments.SECURITY_CONTEXT_ATTACHMENT, securityContext);
                }
            }
            SecurityActions.setSecurityContextOnAssociation(securityContext);
            final MappingManager mappingManager = this.securityDomainContext.getMappingManager();
            if (mappingManager != null) {
                if (WildFlySecurityManager.isChecking()) {
                    WildFlySecurityManager.doUnchecked(new PrivilegedAction<Object>() { // from class: org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.2
                        @Override // java.security.PrivilegedAction
                        public Object run() {
                            MappingContext mappingContext = mappingManager.getMappingContext(MappingType.ROLE.name());
                            if (mappingContext == null || !mappingContext.hasModules()) {
                                return null;
                            }
                            SecurityRolesAssociation.setSecurityRoles(SecurityContextThreadSetupAction.this.principleVsRoleMap);
                            return null;
                        }
                    });
                } else {
                    MappingContext mappingContext = mappingManager.getMappingContext(MappingType.ROLE.name());
                    if (mappingContext != null && mappingContext.hasModules()) {
                        SecurityRolesAssociation.setSecurityRoles(this.principleVsRoleMap);
                    }
                }
            }
            try {
                Object call = action.call(httpServerExchange, obj);
                if (WildFlySecurityManager.isChecking()) {
                    WildFlySecurityManager.doUnchecked(TEAR_DOWN_PA);
                } else {
                    SecurityActions.clearSecurityContext();
                    SecurityRolesAssociation.setSecurityRoles(null);
                }
                return call;
            } catch (Throwable th) {
                if (WildFlySecurityManager.isChecking()) {
                    WildFlySecurityManager.doUnchecked(TEAR_DOWN_PA);
                } else {
                    SecurityActions.clearSecurityContext();
                    SecurityRolesAssociation.setSecurityRoles(null);
                }
                throw th;
            }
        };
    }
}
