package org.wildfly.extension.undertow.security;

import io.undertow.predicate.Predicate;
import io.undertow.predicate.Predicates;
import io.undertow.server.HandlerWrapper;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.PredicateHandler;
import io.undertow.servlet.handlers.ServletChain;
import io.undertow.servlet.handlers.ServletRequestContext;
import io.undertow.servlet.predicate.DispatcherTypePredicate;
import java.security.PrivilegedAction;
import java.util.Map;
import javax.security.jacc.PolicyContext;
import org.jboss.metadata.javaee.jboss.RunAsIdentityMetaData;
import org.jboss.security.RunAs;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityContext;
import org.wildfly.extension.undertow.UndertowLogger;
import org.wildfly.security.manager.WildFlySecurityManager;

/* loaded from: input_file:org/wildfly/extension/undertow/security/SecurityContextAssociationHandler.class */
public class SecurityContextAssociationHandler implements HttpHandler {
    private final Map<String, RunAsIdentityMetaData> runAsIdentityMetaDataMap;
    private final String contextId;
    private final HttpHandler next;
    private final PrivilegedAction<String> setContextIdAction;

    /* loaded from: input_file:org/wildfly/extension/undertow/security/SecurityContextAssociationHandler$SetContextIDAction.class */
    private static class SetContextIDAction implements PrivilegedAction<String> {
        private final String contextID;

        SetContextIDAction(String str) {
            this.contextID = str;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public String run() {
            String contextID = PolicyContext.getContextID();
            PolicyContext.setContextID(this.contextID);
            return contextID;
        }
    }

    public SecurityContextAssociationHandler(Map<String, RunAsIdentityMetaData> map, String str, HttpHandler httpHandler) {
        this.runAsIdentityMetaDataMap = map;
        this.contextId = str;
        this.next = httpHandler;
        this.setContextIdAction = new SetContextIDAction(str);
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        SecurityContext securityContext = (SecurityContext) httpServerExchange.getAttachment(UndertowSecurityAttachments.SECURITY_CONTEXT_ATTACHMENT);
        String str = null;
        RunAsIdentityMetaData runAsIdentityMetaData = null;
        RunAs runAs = null;
        try {
            ServletChain currentServlet = ((ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY)).getCurrentServlet();
            runAsIdentityMetaData = this.runAsIdentityMetaDataMap.get(currentServlet.getManagedServlet().getServletInfo().getName());
            RunAsIdentity runAsIdentity = null;
            if (runAsIdentityMetaData != null) {
                UndertowLogger.ROOT_LOGGER.tracef("%s, runAs: %s", currentServlet.getManagedServlet().getServletInfo().getName(), runAsIdentityMetaData);
                runAsIdentity = new RunAsIdentity(runAsIdentityMetaData.getRoleName(), runAsIdentityMetaData.getPrincipalName(), runAsIdentityMetaData.getRunAsRoles());
            }
            runAs = SecurityActions.setRunAsIdentity(runAsIdentity, securityContext);
            str = setContextID(this.setContextIdAction);
            this.next.handleRequest(httpServerExchange);
            if (runAsIdentityMetaData != null) {
                SecurityActions.setRunAsIdentity(runAs, securityContext);
            }
            setContextID(new SetContextIDAction(str));
        } catch (Throwable th) {
            if (runAsIdentityMetaData != null) {
                SecurityActions.setRunAsIdentity(runAs, securityContext);
            }
            setContextID(new SetContextIDAction(str));
            throw th;
        }
    }

    private String setContextID(PrivilegedAction<String> privilegedAction) {
        return WildFlySecurityManager.isChecking() ? (String) WildFlySecurityManager.doUnchecked(privilegedAction) : privilegedAction.run();
    }

    public static HandlerWrapper wrapper(final Map<String, RunAsIdentityMetaData> map, final String str) {
        return new HandlerWrapper() { // from class: org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.1
            public HttpHandler wrap(HttpHandler httpHandler) {
                return new PredicateHandler(Predicates.or(new Predicate[]{DispatcherTypePredicate.REQUEST, DispatcherTypePredicate.ASYNC}), new SecurityContextAssociationHandler(map, str, httpHandler), httpHandler);
            }
        };
    }
}
