package org.jboss.as.ejb3.security;

import java.security.PrivilegedActionException;
import org.jboss.as.ee.component.Component;
import org.jboss.as.ejb3.component.EJBComponent;
import org.jboss.as.ejb3.logging.EjbLogger;
import org.jboss.invocation.Interceptor;
import org.jboss.invocation.InterceptorContext;
import org.wildfly.common.Assert;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.authz.AuthorizationFailureException;

/* loaded from: input_file:m2repo/org/wildfly/wildfly-ejb3/18.0.1.Final/wildfly-ejb3-18.0.1.Final.jar:org/jboss/as/ejb3/security/RunAsPrincipalInterceptor.class */
public class RunAsPrincipalInterceptor implements Interceptor {
    public static final String ANONYMOUS_PRINCIPAL = "anonymous";
    private final String runAsPrincipal;

    public RunAsPrincipalInterceptor(String str) {
        this.runAsPrincipal = str;
    }

    @Override // org.jboss.invocation.Interceptor
    public Object processInvocation(InterceptorContext interceptorContext) throws Exception {
        SecurityIdentity createRunAsAnonymous;
        Component component = (Component) interceptorContext.getPrivateData(Component.class);
        if (!(component instanceof EJBComponent)) {
            throw EjbLogger.ROOT_LOGGER.unexpectedComponent(component, EJBComponent.class);
        }
        EJBComponent eJBComponent = (EJBComponent) component;
        SecurityDomain securityDomain = (SecurityDomain) interceptorContext.getPrivateData(SecurityDomain.class);
        Assert.checkNotNullParam("securityDomain", securityDomain);
        SecurityIdentity currentSecurityIdentity = securityDomain.getCurrentSecurityIdentity();
        SecurityIdentity incomingRunAsIdentity = eJBComponent.getIncomingRunAsIdentity();
        try {
            try {
                if (this.runAsPrincipal.equals("anonymous")) {
                    try {
                        createRunAsAnonymous = currentSecurityIdentity.createRunAsAnonymous();
                    } catch (AuthorizationFailureException e) {
                        createRunAsAnonymous = currentSecurityIdentity.createRunAsAnonymous(false);
                    }
                } else if (runAsPrincipalExists(securityDomain, this.runAsPrincipal)) {
                    try {
                        createRunAsAnonymous = currentSecurityIdentity.createRunAsIdentity(this.runAsPrincipal);
                    } catch (AuthorizationFailureException e2) {
                        createRunAsAnonymous = currentSecurityIdentity.createRunAsIdentity(this.runAsPrincipal, false);
                    }
                } else {
                    createRunAsAnonymous = securityDomain.createAdHocIdentity(this.runAsPrincipal);
                }
                eJBComponent.setIncomingRunAsIdentity(currentSecurityIdentity);
                Object runAs = createRunAsAnonymous.runAs(interceptorContext);
                eJBComponent.setIncomingRunAsIdentity(incomingRunAsIdentity);
                return runAs;
            } catch (Throwable th) {
                eJBComponent.setIncomingRunAsIdentity(incomingRunAsIdentity);
                throw th;
            }
        } catch (PrivilegedActionException e3) {
            Throwable cause = e3.getCause();
            if (cause == null) {
                throw e3;
            }
            if (cause instanceof Exception) {
                throw ((Exception) cause);
            }
            throw new RuntimeException(e3);
        }
    }

    private boolean runAsPrincipalExists(SecurityDomain securityDomain, String str) throws RealmUnavailableException {
        RealmIdentity realmIdentity = null;
        try {
            realmIdentity = securityDomain.getIdentity(str);
            boolean exists = realmIdentity.exists();
            if (realmIdentity != null) {
                realmIdentity.dispose();
            }
            return exists;
        } catch (Throwable th) {
            if (realmIdentity != null) {
                realmIdentity.dispose();
            }
            throw th;
        }
    }
}
