package org.wildfly.extension.undertow.security;

import io.undertow.server.HandlerWrapper;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.servlet.handlers.ServletChain;
import io.undertow.servlet.handlers.ServletRequestContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Map;
import java.util.Set;
import javax.security.jacc.PolicyContext;
import org.jboss.metadata.javaee.jboss.RunAsIdentityMetaData;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityRolesAssociation;
import org.wildfly.extension.undertow.UndertowLogger;

/* loaded from: input_file:org/wildfly/extension/undertow/security/SecurityContextAssociationHandler.class */
public class SecurityContextAssociationHandler implements HttpHandler {
    private final Map<String, Set<String>> principleVsRoleMap;
    private final Map<String, RunAsIdentityMetaData> runAsIdentityMetaDataMap;
    private final String contextId;
    private final HttpHandler next;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/extension/undertow/security/SecurityContextAssociationHandler$SetContextIDAction.class */
    public static class SetContextIDAction implements PrivilegedAction<String> {
        private String contextID;

        SetContextIDAction(String str) {
            this.contextID = str;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public String run() {
            String contextID = PolicyContext.getContextID();
            PolicyContext.setContextID(this.contextID);
            return contextID;
        }
    }

    public SecurityContextAssociationHandler(Map<String, Set<String>> map, Map<String, RunAsIdentityMetaData> map2, String str, HttpHandler httpHandler) {
        this.principleVsRoleMap = map;
        this.runAsIdentityMetaDataMap = map2;
        this.contextId = str;
        this.next = httpHandler;
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        String str = null;
        RunAsIdentityMetaData runAsIdentityMetaData = null;
        try {
            SecurityActions.setSecurityContextOnAssociation((SecurityContext) httpServerExchange.getAttachment(UndertowSecurityAttachments.SECURITY_CONTEXT_ATTACHMENT));
            ServletChain currentServlet = ((ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY)).getCurrentServlet();
            runAsIdentityMetaData = this.runAsIdentityMetaDataMap.get(currentServlet.getManagedServlet().getServletInfo().getName());
            RunAsIdentity runAsIdentity = null;
            if (runAsIdentityMetaData != null) {
                UndertowLogger.ROOT_LOGGER.tracef("%s, runAs: %s", currentServlet.getManagedServlet().getServletInfo().getName(), runAsIdentityMetaData);
                runAsIdentity = new RunAsIdentity(runAsIdentityMetaData.getRoleName(), runAsIdentityMetaData.getPrincipalName(), runAsIdentityMetaData.getRunAsRoles());
            }
            SecurityActions.pushRunAsIdentity(runAsIdentity);
            str = setContextID(this.contextId);
            this.next.handleRequest(httpServerExchange);
            if (runAsIdentityMetaData != null) {
                SecurityActions.popRunAsIdentity();
            }
            SecurityActions.clearSecurityContext();
            SecurityRolesAssociation.setSecurityRoles((Map) null);
            setContextID(str);
        } catch (Throwable th) {
            if (runAsIdentityMetaData != null) {
                SecurityActions.popRunAsIdentity();
            }
            SecurityActions.clearSecurityContext();
            SecurityRolesAssociation.setSecurityRoles((Map) null);
            setContextID(str);
            throw th;
        }
    }

    private String setContextID(String str) {
        return (String) AccessController.doPrivileged(new SetContextIDAction(str));
    }

    public static HandlerWrapper wrapper(final Map<String, Set<String>> map, final Map<String, RunAsIdentityMetaData> map2, final String str) {
        return new HandlerWrapper() { // from class: org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.1
            public HttpHandler wrap(HttpHandler httpHandler) {
                return new SecurityContextAssociationHandler(map, map2, str, httpHandler);
            }
        };
    }
}
