package org.jboss.as.ejb3.security;

import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Map;
import javax.ejb.EJBAccessException;
import javax.security.jacc.PolicyContext;
import org.jboss.invocation.Interceptor;
import org.jboss.invocation.InterceptorContext;
import org.jboss.security.SecurityRolesAssociation;

/* loaded from: input_file:org/jboss/as/ejb3/security/SecurityContextInterceptor.class */
public class SecurityContextInterceptor implements Interceptor {
    private final PrivilegedAction<Void> pushAction;
    private final PrivilegedAction<Void> popAction;
    private final String policyContextID;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jboss/as/ejb3/security/SecurityContextInterceptor$SetContextIDAction.class */
    public static class SetContextIDAction implements PrivilegedAction<String> {
        private String contextID;

        SetContextIDAction(String str) {
            this.contextID = str;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public String run() {
            String contextID = PolicyContext.getContextID();
            PolicyContext.setContextID(this.contextID);
            return contextID;
        }
    }

    public SecurityContextInterceptor(final SecurityContextInterceptorHolder securityContextInterceptorHolder) {
        this.pushAction = new PrivilegedAction<Void>() { // from class: org.jboss.as.ejb3.security.SecurityContextInterceptor.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                try {
                    securityContextInterceptorHolder.securityManager.push(securityContextInterceptorHolder.securityDomain);
                    if (!securityContextInterceptorHolder.skipAuthentication) {
                        securityContextInterceptorHolder.securityManager.authenticate(securityContextInterceptorHolder.runAs, securityContextInterceptorHolder.runAsPrincipal, securityContextInterceptorHolder.extraRoles);
                    }
                    if (securityContextInterceptorHolder.principalVsRolesMap != null) {
                        SecurityRolesAssociation.setSecurityRoles(securityContextInterceptorHolder.principalVsRolesMap);
                    }
                    return null;
                } catch (SecurityException e) {
                    throw new EJBAccessException(e.getMessage());
                }
            }
        };
        this.popAction = new PrivilegedAction<Void>() { // from class: org.jboss.as.ejb3.security.SecurityContextInterceptor.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                securityContextInterceptorHolder.securityManager.pop();
                if (securityContextInterceptorHolder.principalVsRolesMap == null) {
                    return null;
                }
                SecurityRolesAssociation.setSecurityRoles((Map) null);
                return null;
            }
        };
        this.policyContextID = securityContextInterceptorHolder.policyContextID;
    }

    public Object processInvocation(InterceptorContext interceptorContext) throws Exception {
        String contextID = setContextID(this.policyContextID);
        boolean z = System.getSecurityManager() != null;
        if (z) {
            AccessController.doPrivileged(this.pushAction);
        } else {
            this.pushAction.run();
        }
        try {
            Object proceed = interceptorContext.proceed();
            setContextID(contextID);
            if (z) {
                AccessController.doPrivileged(this.popAction);
            } else {
                this.popAction.run();
            }
            return proceed;
        } catch (Throwable th) {
            setContextID(contextID);
            if (z) {
                AccessController.doPrivileged(this.popAction);
            } else {
                this.popAction.run();
            }
            throw th;
        }
    }

    protected String setContextID(String str) {
        if (System.getSecurityManager() != null) {
            return (String) AccessController.doPrivileged(new SetContextIDAction(str));
        }
        String contextID = PolicyContext.getContextID();
        PolicyContext.setContextID(str);
        return contextID;
    }
}
