package org.wildfly.extension.undertow.security;

import io.undertow.predicate.Predicates;
import io.undertow.server.HandlerWrapper;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.PredicateHandler;
import io.undertow.servlet.handlers.ServletChain;
import io.undertow.servlet.handlers.ServletRequestContext;
import io.undertow.servlet.predicate.DispatcherTypePredicate;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Map;
import javax.servlet.ServletRequest;
import org.jboss.metadata.javaee.jboss.RunAsIdentityMetaData;
import org.jboss.security.RunAs;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityContext;
import org.wildfly.extension.undertow.logging.UndertowLogger;

/* loaded from: input_file:m2repo/org/wildfly/wildfly-undertow/18.0.1.Final/wildfly-undertow-18.0.1.Final.jar:org/wildfly/extension/undertow/security/SecurityContextAssociationHandler.class */
public class SecurityContextAssociationHandler implements HttpHandler {
    private final Map<String, RunAsIdentityMetaData> runAsIdentityMetaDataMap;
    private final HttpHandler next;
    private static final PrivilegedAction<ServletRequestContext> CURRENT_CONTEXT = new PrivilegedAction<ServletRequestContext>() { // from class: org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.1
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public ServletRequestContext run() {
            return ServletRequestContext.current();
        }
    };

    public SecurityContextAssociationHandler(Map<String, RunAsIdentityMetaData> map, HttpHandler httpHandler) {
        this.runAsIdentityMetaDataMap = map;
        this.next = httpHandler;
    }

    @Override // io.undertow.server.HttpHandler
    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        SecurityContext securityContext = (SecurityContext) httpServerExchange.getAttachment(UndertowSecurityAttachments.SECURITY_CONTEXT_ATTACHMENT);
        RunAsIdentityMetaData runAsIdentityMetaData = null;
        RunAs runAs = null;
        try {
            ServletChain currentServlet = ((ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY)).getCurrentServlet();
            runAsIdentityMetaData = this.runAsIdentityMetaDataMap.get(currentServlet.getManagedServlet().getServletInfo().getName());
            RunAsIdentity runAsIdentity = null;
            if (runAsIdentityMetaData != null) {
                UndertowLogger.ROOT_LOGGER.tracef("%s, runAs: %s", currentServlet.getManagedServlet().getServletInfo().getName(), runAsIdentityMetaData);
                runAsIdentity = new RunAsIdentity(runAsIdentityMetaData.getRoleName(), runAsIdentityMetaData.getPrincipalName(), runAsIdentityMetaData.getRunAsRoles());
            }
            runAs = SecurityActions.setRunAsIdentity(runAsIdentity, securityContext);
            this.next.handleRequest(httpServerExchange);
            if (runAsIdentityMetaData != null) {
                SecurityActions.setRunAsIdentity(runAs, securityContext);
            }
        } catch (Throwable th) {
            if (runAsIdentityMetaData != null) {
                SecurityActions.setRunAsIdentity(runAs, securityContext);
            }
            throw th;
        }
    }

    public static HandlerWrapper wrapper(final Map<String, RunAsIdentityMetaData> map) {
        return new HandlerWrapper() { // from class: org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.2
            @Override // io.undertow.server.HandlerWrapper
            public HttpHandler wrap(HttpHandler httpHandler) {
                return new PredicateHandler(Predicates.or(DispatcherTypePredicate.REQUEST, DispatcherTypePredicate.ASYNC), new SecurityContextAssociationHandler(map, httpHandler), httpHandler);
            }
        };
    }

    public static ServletRequest getActiveRequest() {
        ServletRequestContext current = System.getSecurityManager() == null ? ServletRequestContext.current() : (ServletRequestContext) AccessController.doPrivileged(CURRENT_CONTEXT);
        if (current == null) {
            return null;
        }
        return current.getServletRequest();
    }
}
