package org.jboss.security;

import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import javax.security.auth.Subject;
import org.jboss.logging.Logger;

/* loaded from: input_file:org/jboss/security/SecurityAssociation.class */
public final class SecurityAssociation {
    private static boolean trace;
    private static boolean server;
    private static Principal principal;
    private static Object credential;
    private static ThreadLocal<Principal> threadPrincipal;
    private static ThreadLocal<Object> threadCredential;
    private static ThreadLocal<HashMap<String, Object>> threadContextMap;
    private static RunAsThreadLocalStack threadRunAsStacks;
    private static SubjectThreadLocalStack threadSubjectStacks;
    private static Logger log = Logger.getLogger((Class<?>) SecurityAssociation.class);
    private static final RuntimePermission getPrincipalInfoPermission = new RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo");
    private static final RuntimePermission getSubjectPermission = new RuntimePermission("org.jboss.security.SecurityAssociation.getSubject");
    private static final RuntimePermission setPrincipalInfoPermission = new RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo");
    private static final RuntimePermission setServerPermission = new RuntimePermission("org.jboss.security.SecurityAssociation.setServer");
    private static final RuntimePermission setRunAsIdentity = new RuntimePermission("org.jboss.security.SecurityAssociation.setRunAsRole");
    private static final RuntimePermission getContextInfo = new RuntimePermission("org.jboss.security.SecurityAssociation.accessContextInfo", "get");
    private static final RuntimePermission setContextInfo = new RuntimePermission("org.jboss.security.SecurityAssociation.accessContextInfo", "set");

    /* loaded from: input_file:org/jboss/security/SecurityAssociation$ArrayListInheritableLocal.class */
    private static class ArrayListInheritableLocal extends InheritableThreadLocal {
        private ArrayListInheritableLocal() {
        }

        @Override // java.lang.InheritableThreadLocal
        protected Object childValue(Object obj) {
            ArrayList arrayList;
            try {
                arrayList = new ArrayList((ArrayList) obj);
            } catch (Throwable th) {
                SecurityAssociation.log.debug("Failed to copy parent list, using new list");
                arrayList = new ArrayList();
            }
            return arrayList;
        }

        @Override // java.lang.ThreadLocal
        protected Object initialValue() {
            return new ArrayList();
        }
    }

    /* loaded from: input_file:org/jboss/security/SecurityAssociation$ArrayListLocal.class */
    private static class ArrayListLocal extends ThreadLocal {
        private ArrayListLocal() {
        }

        @Override // java.lang.ThreadLocal
        protected Object initialValue() {
            return new ArrayList();
        }
    }

    /* loaded from: input_file:org/jboss/security/SecurityAssociation$HashMapInheritableLocal.class */
    private static class HashMapInheritableLocal<T> extends InheritableThreadLocal<HashMap<String, Object>> {
        private HashMapInheritableLocal() {
        }

        @Override // java.lang.InheritableThreadLocal
        protected HashMap<String, Object> childValue(HashMap<String, Object> hashMap) {
            HashMap<String, Object> hashMap2;
            try {
                hashMap2 = new HashMap<>(hashMap);
            } catch (Throwable th) {
                SecurityAssociation.log.debug("Failed to copy parent map, using new map");
                hashMap2 = new HashMap<>();
            }
            return hashMap2;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // java.lang.ThreadLocal
        public HashMap<String, Object> initialValue() {
            return new HashMap<>();
        }
    }

    /* loaded from: input_file:org/jboss/security/SecurityAssociation$RunAsThreadLocalStack.class */
    private static class RunAsThreadLocalStack {
        ThreadLocal local;

        RunAsThreadLocalStack(boolean z) {
            if (z) {
                this.local = new ArrayListLocal();
            } else {
                this.local = new ArrayListInheritableLocal();
            }
        }

        int size() {
            return ((ArrayList) this.local.get()).size();
        }

        void push(RunAsIdentity runAsIdentity) {
            ((ArrayList) this.local.get()).add(runAsIdentity);
        }

        RunAsIdentity pop() {
            ArrayList arrayList = (ArrayList) this.local.get();
            RunAsIdentity runAsIdentity = null;
            int size = arrayList.size() - 1;
            if (size >= 0) {
                runAsIdentity = (RunAsIdentity) arrayList.remove(size);
            }
            return runAsIdentity;
        }

        RunAsIdentity peek(int i) {
            ArrayList arrayList = (ArrayList) this.local.get();
            RunAsIdentity runAsIdentity = null;
            int size = arrayList.size();
            do {
                int i2 = (size - 1) - i;
                if (i2 >= 0) {
                    runAsIdentity = (RunAsIdentity) arrayList.get(i2);
                }
                i++;
                if (runAsIdentity != null) {
                    break;
                }
            } while (i <= size - 1);
            return runAsIdentity;
        }
    }

    /* loaded from: input_file:org/jboss/security/SecurityAssociation$SubjectContext.class */
    public static class SubjectContext {
        public static final int SUBJECT_WAS_SET = 1;
        public static final int PRINCIPAL_WAS_SET = 2;
        public static final int CREDENTIAL_WAS_SET = 4;
        private Subject subject;
        private Principal principal;
        private Object credential;
        private int flags = 0;

        public SubjectContext() {
        }

        public SubjectContext(Subject subject, Principal principal, Object obj) {
            this.subject = subject;
            this.principal = principal;
            this.credential = obj;
        }

        public Subject getSubject() {
            return this.subject;
        }

        public void setSubject(Subject subject) {
            this.subject = subject;
            this.flags |= 1;
        }

        public Principal getPrincipal() {
            return this.principal;
        }

        public void setPrincipal(Principal principal) {
            this.principal = principal;
            this.flags |= 2;
        }

        public Object getCredential() {
            return this.credential;
        }

        public void setCredential(Object obj) {
            this.credential = obj;
            this.flags |= 4;
        }

        public int getFlags() {
            return this.flags;
        }

        public String toString() {
            StringBuffer stringBuffer = new StringBuffer(super.toString());
            stringBuffer.append("{principal=");
            stringBuffer.append(this.principal);
            stringBuffer.append(",subject=");
            if (this.subject != null) {
                stringBuffer.append(System.identityHashCode(this.subject));
            } else {
                stringBuffer.append("null");
            }
            stringBuffer.append("}");
            return stringBuffer.toString();
        }
    }

    /* loaded from: input_file:org/jboss/security/SecurityAssociation$SubjectThreadLocalStack.class */
    private static class SubjectThreadLocalStack {
        ThreadLocal local;

        SubjectThreadLocalStack(boolean z) {
            if (z) {
                this.local = new ArrayListLocal();
            } else {
                this.local = new ArrayListInheritableLocal();
            }
        }

        int size() {
            return ((ArrayList) this.local.get()).size();
        }

        void push(SubjectContext subjectContext) {
            ((ArrayList) this.local.get()).add(subjectContext);
        }

        SubjectContext dup() {
            ArrayList arrayList = (ArrayList) this.local.get();
            SubjectContext subjectContext = null;
            int size = arrayList.size() - 1;
            if (size >= 0) {
                subjectContext = (SubjectContext) arrayList.get(size);
                arrayList.add(subjectContext);
            }
            return subjectContext;
        }

        SubjectContext pop() {
            ArrayList arrayList = (ArrayList) this.local.get();
            SubjectContext subjectContext = null;
            int size = arrayList.size() - 1;
            if (size >= 0) {
                subjectContext = (SubjectContext) arrayList.remove(size);
            }
            return subjectContext;
        }

        SubjectContext peek() {
            ArrayList arrayList = (ArrayList) this.local.get();
            SubjectContext subjectContext = null;
            int size = arrayList.size() - 1;
            if (size >= 0) {
                subjectContext = (SubjectContext) arrayList.get(size);
            }
            return subjectContext;
        }

        void clear() {
            ((ArrayList) this.local.get()).clear();
        }
    }

    public static Principal getPrincipal() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(getPrincipalInfoPermission);
        }
        Principal principal2 = principal;
        if (!server) {
            return principal;
        }
        if (trace) {
            log.trace("getPrincipal, principal=" + principal2);
        }
        SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
        if (securityContext != null) {
            if (trace) {
                log.warn("You are using deprecated api to getPrincipal. Use security context based approach");
            }
            principal2 = securityContext.getUtil().getUserPrincipal();
        }
        return principal2;
    }

    public static Principal getCallerPrincipal() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(getPrincipalInfoPermission);
        }
        if (!server) {
            return principal;
        }
        SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
        Principal principal2 = null;
        if (securityContext != null) {
            RunAs incomingRunAs = securityContext.getIncomingRunAs();
            principal2 = incomingRunAs != null ? new SimplePrincipal(incomingRunAs.getName()) : securityContext.getUtil().getUserPrincipal();
        }
        if (trace) {
            log.trace("getCallerPrincipal, principal=" + principal2);
        }
        return principal2;
    }

    public static Object getCredential() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(getPrincipalInfoPermission);
        }
        if (!server) {
            return credential;
        }
        SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
        if (securityContext != null) {
            if (trace) {
                log.warn("You are using deprecated api to getCredential. Use security context based approach");
            }
            credential = securityContext.getUtil().getCredential();
        }
        return credential;
    }

    public static Subject getSubject() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(getSubjectPermission);
        }
        SubjectContext peek = threadSubjectStacks.peek();
        if (trace) {
            log.trace("getSubject, sc=" + peek);
        }
        Subject subject = null;
        SecurityContext securityContext = SecurityAssociationActions.getSecurityContext();
        if (securityContext != null) {
            if (trace) {
                log.warn("You are using deprecated api to getSubject. Use security context based approach");
            }
            subject = securityContext.getUtil().getSubject();
        }
        return subject;
    }

    public static void setPrincipal(Principal principal2) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(setPrincipalInfoPermission);
        }
        if (trace) {
            log.trace("setPrincipal, p=" + principal2 + ", server=" + server);
        }
        SubjectContext peek = threadSubjectStacks.peek();
        if (peek == null) {
            peek = new SubjectContext();
            threadSubjectStacks.push(peek);
        } else if ((peek.getFlags() & 2) != 0) {
            peek = new SubjectContext();
            threadSubjectStacks.push(peek);
        }
        peek.setPrincipal(principal2);
        if (!server) {
            SecurityContextAssociation.setClient();
            principal = principal2;
            return;
        }
        SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
        if (securityContext == null) {
            try {
                securityContext = SecurityContextFactory.createSecurityContext("CLIENT_SIDE");
                SecurityContextAssociation.setSecurityContext(securityContext);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        if (trace) {
            log.warn("Using deprecated API. Move to a security context based approach");
        }
        securityContext.getUtil().createSubjectInfo(principal2, securityContext.getUtil().getCredential(), securityContext.getUtil().getSubject());
        if (trace) {
            log.trace("setPrincipal, sc=" + peek);
        }
    }

    public static void setCredential(Object obj) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(setPrincipalInfoPermission);
        }
        SubjectContext peek = threadSubjectStacks.peek();
        if (peek == null) {
            peek = new SubjectContext();
            threadSubjectStacks.push(peek);
        } else if ((peek.getFlags() & 4) != 0) {
            peek = new SubjectContext();
            threadSubjectStacks.push(peek);
        }
        peek.setCredential(obj);
        if (trace) {
            log.trace("setCredential, sc=" + peek);
        }
        if (!server) {
            SecurityContextAssociation.setClient();
            credential = obj;
            return;
        }
        SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
        if (securityContext == null) {
            try {
                securityContext = SecurityContextFactory.createSecurityContext("CLIENT_SIDE");
                SecurityContextAssociation.setSecurityContext(securityContext);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        if (trace) {
            log.warn("Using deprecated API. Move to a security context based approach");
        }
        securityContext.getUtil().createSubjectInfo(securityContext.getUtil().getUserPrincipal(), obj, securityContext.getUtil().getSubject());
    }

    public static void setSubject(Subject subject) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(setPrincipalInfoPermission);
        }
        if (trace) {
            log.trace("setSubject, s=" + subject + ", server=" + server);
        }
        SubjectContext peek = threadSubjectStacks.peek();
        if (peek == null) {
            peek = new SubjectContext();
            threadSubjectStacks.push(peek);
        } else if ((peek.getFlags() & 1) != 0) {
            peek = new SubjectContext();
            threadSubjectStacks.push(peek);
        }
        peek.setSubject(subject);
        if (trace) {
            log.trace("setSubject, sc=" + peek);
        }
        SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
        if (securityContext != null) {
            SubjectInfo subjectInfo = securityContext.getSubjectInfo();
            if (subjectInfo != null) {
                subjectInfo.setAuthenticatedSubject(subject);
            } else {
                securityContext.getUtil().createSubjectInfo(null, null, subject);
            }
        }
    }

    public static Object getContextInfo(String str) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(getContextInfo);
        }
        if (str == null) {
            throw new IllegalArgumentException("key is null");
        }
        HashMap<String, Object> hashMap = threadContextMap.get();
        if (hashMap != null) {
            return hashMap.get(str);
        }
        return null;
    }

    public static Object setContextInfo(String str, Object obj) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(setContextInfo);
        }
        return threadContextMap.get().put(str, obj);
    }

    public static void pushSubjectContext(Subject subject, Principal principal2, Object obj) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(setPrincipalInfoPermission);
        }
        if (server) {
            threadPrincipal.set(principal2);
            threadCredential.set(obj);
        } else {
            principal = principal2;
            credential = obj;
        }
        SubjectContext subjectContext = new SubjectContext(subject, principal2, obj);
        threadSubjectStacks.push(subjectContext);
        if (server) {
            if (trace) {
                log.trace("pushSubjectContext, subject=" + subject + ", sc=" + subjectContext);
            }
            SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
            if (securityContext == null) {
                if (trace) {
                    log.trace("WARN::Deprecated usage of SecurityAssociation. Use SecurityContext");
                }
                try {
                    securityContext = SecurityAssociationActions.createSecurityContext("FROM_SECURITY_ASSOCIATION");
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
            securityContext.getUtil().createSubjectInfo(principal2, obj, subject);
            SecurityAssociationActions.setSecurityContext(securityContext);
        }
    }

    public static void dupSubjectContext() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(setPrincipalInfoPermission);
        }
        SubjectContext dup = threadSubjectStacks.dup();
        if (trace) {
            log.trace("dupSubjectContext, sc=" + dup);
        }
    }

    public static SubjectContext popSubjectContext() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(setPrincipalInfoPermission);
        }
        SubjectContext pop = threadSubjectStacks.pop();
        if (trace) {
            log.trace("popSubjectContext, sc=" + pop);
        }
        Principal principal2 = null;
        Object obj = null;
        SubjectContext peek = threadSubjectStacks.peek();
        if (peek != null) {
            principal2 = peek.getPrincipal();
            obj = peek.getCredential();
        }
        if (server) {
            threadPrincipal.set(principal2);
            threadCredential.set(obj);
        } else {
            principal = principal2;
            credential = obj;
        }
        if (!server) {
            return peek;
        }
        if (trace) {
            log.trace("WARN::Deprecated usage of SecurityAssociation. Use SecurityContext");
        }
        SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
        if (pop == null && securityContext != null) {
            pop = new SubjectContext(securityContext.getUtil().getSubject(), securityContext.getUtil().getUserPrincipal(), securityContext.getUtil().getCredential());
        }
        if (securityContext != null) {
            securityContext.getUtil().createSubjectInfo(null, null, null);
        }
        return pop;
    }

    public static SubjectContext peekSubjectContext() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(getPrincipalInfoPermission);
        }
        if (!server) {
            return threadSubjectStacks.peek();
        }
        SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
        SubjectContext subjectContext = null;
        if (securityContext != null) {
            SecurityContextUtil util = securityContext.getUtil();
            subjectContext = new SubjectContext(util.getSubject(), util.getUserPrincipal(), util.getCredential());
        }
        return subjectContext;
    }

    public static void clear() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(setPrincipalInfoPermission);
        }
        if (trace) {
            log.trace("clear, server=" + server);
        }
        if (server) {
            threadPrincipal.set(null);
            threadCredential.set(null);
        } else {
            principal = null;
            credential = null;
        }
        threadSubjectStacks.clear();
        SecurityContextAssociation.clearSecurityContext();
    }

    public static void pushRunAsIdentity(RunAsIdentity runAsIdentity) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(setRunAsIdentity);
        }
        if (trace) {
            log.trace("pushRunAsIdentity, runAs=" + runAsIdentity);
        }
        threadRunAsStacks.push(runAsIdentity);
        SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
        if (securityContext != null) {
            securityContext.setOutgoingRunAs(runAsIdentity);
        }
    }

    public static RunAsIdentity popRunAsIdentity() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(setRunAsIdentity);
        }
        SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
        RunAsIdentity runAsIdentity = null;
        if (securityContext != null) {
            runAsIdentity = (RunAsIdentity) securityContext.getOutgoingRunAs();
            securityContext.setOutgoingRunAs(null);
        }
        return runAsIdentity;
    }

    public static RunAsIdentity peekRunAsIdentity() {
        RunAsIdentity runAsIdentity = null;
        SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
        if (securityContext != null) {
            runAsIdentity = (RunAsIdentity) securityContext.getOutgoingRunAs();
        }
        return runAsIdentity;
    }

    public static RunAsIdentity peekRunAsIdentity(int i) {
        if (i > 1) {
            throw new IllegalArgumentException("Security Context approach needs to be used. Depth upto 1");
        }
        if (i == 0) {
            return peekRunAsIdentity();
        }
        SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
        RunAsIdentity runAsIdentity = null;
        if (securityContext != null) {
            RunAs incomingRunAs = securityContext.getIncomingRunAs();
            if (incomingRunAs instanceof RunAsIdentity) {
                runAsIdentity = (RunAsIdentity) incomingRunAs;
            }
        }
        return runAsIdentity;
    }

    public static boolean isServer() {
        return server;
    }

    public static void setServer() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(setServerPermission);
        }
        server = true;
    }

    static {
        boolean booleanValue = Boolean.valueOf(SecurityActions.getProperty("org.jboss.security.SecurityAssociation.ThreadLocal", "false")).booleanValue();
        log.debug("Using ThreadLocal: " + booleanValue);
        trace = log.isTraceEnabled();
        if (booleanValue) {
            threadPrincipal = new ThreadLocal<>();
            threadCredential = new ThreadLocal<>();
            threadContextMap = new ThreadLocal<HashMap<String, Object>>() { // from class: org.jboss.security.SecurityAssociation.1
                /* JADX INFO: Access modifiers changed from: protected */
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.lang.ThreadLocal
                public HashMap<String, Object> initialValue() {
                    return new HashMap<>();
                }
            };
        } else {
            threadPrincipal = new InheritableThreadLocal();
            threadCredential = new InheritableThreadLocal();
            threadContextMap = new HashMapInheritableLocal();
        }
        threadRunAsStacks = new RunAsThreadLocalStack(booleanValue);
        threadSubjectStacks = new SubjectThreadLocalStack(booleanValue);
    }
}
