package org.jboss.security.plugins;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Policy;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.Iterator;
import java.util.LinkedList;
import org.jboss.logging.Logger;
import org.jboss.security.PushPermission;
import org.jboss.virtual.VFSUtils;
import org.jboss.virtual.VirtualFile;

/* loaded from: input_file:org/jboss/security/plugins/AccessControlContextManipulator.class */
public class AccessControlContextManipulator {
    private static final Logger log = Logger.getLogger(AccessControlContextManipulator.class);
    private static final AccessControlContext CONTEXT_EMPTY = new AccessControlContext(new ProtectionDomain[0]);
    private static final ThreadLocal<LinkedList<ProtectionDomain>> THREAD_DOMAINS = new ThreadLocal<>();
    private static final ThreadLocal<AccessControlContext> THREAD_CONTEXT = new ThreadLocal<>();

    public static void pushContext(VirtualFile virtualFile) throws MalformedURLException, IOException, URISyntaxException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager == null) {
            return;
        }
        securityManager.checkPermission(new PushPermission());
        VirtualFile parent = virtualFile.getParent();
        pushContext(VFSUtils.getRealURL((parent.getPathName().endsWith("META-INF") || parent.getPathName().endsWith("META-INF/")) ? parent.getParent() : virtualFile).toURI());
    }

    public static void pushContext(URI uri) throws IOException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager == null || Policy.getPolicy() == null) {
            return;
        }
        securityManager.checkPermission(new PushPermission());
        if (log.isTraceEnabled()) {
            log.trace("Pushing " + uri + " to context.");
        }
        initThreadLocal();
        CodeSource codeSource = new CodeSource(uri.toURL(), (Certificate[]) null);
        THREAD_DOMAINS.get().addLast(new ProtectionDomain(codeSource, Policy.getPolicy().getPermissions(codeSource)));
        THREAD_CONTEXT.set(null);
    }

    public static void popContext() {
        if (System.getSecurityManager() == null || Policy.getPolicy() == null) {
            return;
        }
        initThreadLocal();
        log.trace("Poping from context");
        if (THREAD_DOMAINS.get().isEmpty()) {
            return;
        }
        THREAD_DOMAINS.get().removeLast();
        THREAD_CONTEXT.set(null);
    }

    public static <T> T doPrivileged(PrivilegedAction<T> privilegedAction) {
        return (T) AccessController.doPrivileged(privilegedAction, getCurrentContext());
    }

    public static <T> T doPrivileged(PrivilegedExceptionAction<T> privilegedExceptionAction) throws PrivilegedActionException {
        return (T) AccessController.doPrivileged(privilegedExceptionAction, getCurrentContext());
    }

    private static AccessControlContext getCurrentContext() {
        boolean isTraceEnabled = log.isTraceEnabled();
        AccessControlContext accessControlContext = THREAD_CONTEXT.get();
        if (accessControlContext != null) {
            if (isTraceEnabled) {
                log.trace("returning context directly " + accessControlContext);
            }
            return accessControlContext;
        }
        LinkedList<ProtectionDomain> linkedList = THREAD_DOMAINS.get();
        if (linkedList == null || linkedList.isEmpty()) {
            if (isTraceEnabled) {
                log.trace("returning empty context");
            }
            return CONTEXT_EMPTY;
        }
        if (isTraceEnabled) {
            int i = 0;
            Iterator<ProtectionDomain> it = linkedList.iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                log.trace(i2 + ". PD = " + it.next());
            }
        }
        AccessControlContext accessControlContext2 = new AccessControlContext((ProtectionDomain[]) linkedList.toArray(new ProtectionDomain[linkedList.size()]));
        THREAD_CONTEXT.set(accessControlContext2);
        return accessControlContext2;
    }

    private static void initThreadLocal() {
        if (THREAD_DOMAINS.get() == null) {
            THREAD_DOMAINS.set(new LinkedList<>());
        }
    }
}
