package org.wildfly.elytron.web.undertow.server.servlet;

import io.undertow.server.HttpServerExchange;
import io.undertow.servlet.handlers.ServletRequestContext;
import java.util.HashSet;
import java.util.function.Function;
import org.jboss.metadata.javaee.jboss.RunAsIdentityMetaData;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.authz.AuthorizationFailureException;
import org.wildfly.security.authz.RoleMapper;
import org.wildfly.security.authz.Roles;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:wildfly.zip:modules/system/layers/base/org/wildfly/security/elytron-web/undertow-server-servlet/main/undertow-server-servlet-1.9.0.Final.jar:org/wildfly/elytron/web/undertow/server/servlet/IdentityMapping.class */
public class IdentityMapping {
    private static final String ANONYMOUS_PRINCIPAL = "anonymous";
    private static final String SERVLET = "servlet";
    private static final String EJB = "ejb";

    IdentityMapping() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecurityIdentity mapIdentity(SecurityIdentity securityIdentity, SecurityDomain securityDomain, HttpServerExchange httpServerExchange, Function<String, RunAsIdentityMetaData> function) {
        return performMapping(securityIdentity, securityDomain, function.apply(((ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY)).getCurrentServlet().getManagedServlet().getServletInfo().getName()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecurityIdentity performMapping(SecurityIdentity securityIdentity, SecurityDomain securityDomain, RunAsIdentityMetaData runAsIdentityMetaData) {
        if (runAsIdentityMetaData == null) {
            return securityIdentity;
        }
        SecurityIdentity anonymousSecurityIdentity = securityIdentity != null ? securityIdentity : securityDomain.getAnonymousSecurityIdentity();
        String principalName = runAsIdentityMetaData.getPrincipalName();
        if (principalName.equals("anonymous")) {
            try {
                anonymousSecurityIdentity = anonymousSecurityIdentity.createRunAsAnonymous();
            } catch (AuthorizationFailureException e) {
                anonymousSecurityIdentity = anonymousSecurityIdentity.createRunAsAnonymous(false);
            }
        } else if (runAsPrincipalExists(securityDomain, principalName)) {
            try {
                anonymousSecurityIdentity = anonymousSecurityIdentity.createRunAsIdentity(principalName);
            } catch (AuthorizationFailureException e2) {
                anonymousSecurityIdentity = anonymousSecurityIdentity.createRunAsIdentity(principalName, false);
            }
        } else {
            anonymousSecurityIdentity = securityDomain.createAdHocIdentity(principalName);
        }
        HashSet hashSet = new HashSet(runAsIdentityMetaData.getRunAsRoles().size());
        hashSet.add(runAsIdentityMetaData.getRoleName());
        hashSet.addAll(runAsIdentityMetaData.getRunAsRoles());
        RoleMapper constant = RoleMapper.constant(Roles.fromSet(hashSet));
        Roles roles = anonymousSecurityIdentity.getRoles(SERVLET);
        SecurityIdentity withRoleMapper = anonymousSecurityIdentity.withRoleMapper(SERVLET, constant.or(roles2 -> {
            return roles;
        }));
        Roles roles3 = withRoleMapper.getRoles("ejb");
        return withRoleMapper.withRoleMapper("ejb", constant.or(roles4 -> {
            return roles3;
        }));
    }

    static boolean runAsPrincipalExists(SecurityDomain securityDomain, String str) {
        RealmIdentity realmIdentity = null;
        try {
            try {
                realmIdentity = securityDomain.getIdentity(str);
                boolean exists = realmIdentity.exists();
                if (realmIdentity != null) {
                    realmIdentity.dispose();
                }
                return exists;
            } catch (RealmUnavailableException e) {
                throw new IllegalStateException(String.format("Unable to obtain identity for name %s", str), e);
            }
        } catch (Throwable th) {
            if (realmIdentity != null) {
                realmIdentity.dispose();
            }
            throw th;
        }
    }
}
