package org.wildfly.security.auth.server;

import java.security.PermissionCollection;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.function.BiConsumer;
import java.util.function.BiFunction;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.function.Supplier;
import org.wildfly.common.Assert;
import org.wildfly.security.ParametricPrivilegedAction;
import org.wildfly.security.ParametricPrivilegedExceptionAction;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.client.PeerIdentity;
import org.wildfly.security.auth.permission.ChangeRoleMapperPermission;
import org.wildfly.security.auth.permission.RunAsPrincipalPermission;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.server.event.RealmIdentityFailedAuthorizationEvent;
import org.wildfly.security.auth.server.event.RealmIdentitySuccessfulAuthorizationEvent;
import org.wildfly.security.authz.Attributes;
import org.wildfly.security.authz.AuthorizationException;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.authz.RoleMapper;

/* loaded from: input_file:org/wildfly/security/auth/server/SecurityIdentity.class */
public final class SecurityIdentity {
    static final PeerIdentity[] NO_PEER_IDENTITIES = new PeerIdentity[0];
    private final SecurityDomain securityDomain;
    private final Principal principal;
    private final AuthorizationIdentity authorizationIdentity;
    private final RealmInfo realmInfo;
    private final Map<String, RoleMapper> roleMappers;
    private final PeerIdentity[] peerIdentities;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityIdentity(SecurityDomain securityDomain, Principal principal, RealmInfo realmInfo, AuthorizationIdentity authorizationIdentity, Map<String, RoleMapper> map) {
        this.securityDomain = securityDomain;
        this.principal = principal;
        this.realmInfo = realmInfo;
        this.authorizationIdentity = authorizationIdentity;
        this.roleMappers = map;
        this.peerIdentities = NO_PEER_IDENTITIES;
    }

    SecurityIdentity(SecurityIdentity securityIdentity, PeerIdentity[] peerIdentityArr) {
        this.securityDomain = securityIdentity.securityDomain;
        this.principal = securityIdentity.principal;
        this.realmInfo = securityIdentity.realmInfo;
        this.authorizationIdentity = securityIdentity.authorizationIdentity;
        this.roleMappers = securityIdentity.roleMappers;
        this.peerIdentities = peerIdentityArr;
    }

    SecurityIdentity(SecurityIdentity securityIdentity, Map<String, RoleMapper> map) {
        this.securityDomain = securityIdentity.securityDomain;
        this.principal = securityIdentity.principal;
        this.realmInfo = securityIdentity.realmInfo;
        this.authorizationIdentity = securityIdentity.authorizationIdentity;
        this.roleMappers = map;
        this.peerIdentities = securityIdentity.peerIdentities;
    }

    SecurityDomain getSecurityDomain() {
        return this.securityDomain;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RealmInfo getRealmInfo() {
        return this.realmInfo;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorizationIdentity getAuthorizationIdentity() {
        return this.authorizationIdentity;
    }

    public void runAs(Runnable runnable) {
        if (runnable == null) {
            return;
        }
        SecurityDomain securityDomain = this.securityDomain;
        SecurityIdentity andSetCurrentSecurityIdentity = securityDomain.getAndSetCurrentSecurityIdentity(this);
        try {
            PeerIdentity.runAsAll(runnable, this.peerIdentities);
            securityDomain.setCurrentSecurityIdentity(andSetCurrentSecurityIdentity);
        } catch (Throwable th) {
            securityDomain.setCurrentSecurityIdentity(andSetCurrentSecurityIdentity);
            throw th;
        }
    }

    public <T> T runAs(Callable<T> callable) throws Exception {
        if (callable == null) {
            return null;
        }
        SecurityDomain securityDomain = this.securityDomain;
        SecurityIdentity andSetCurrentSecurityIdentity = securityDomain.getAndSetCurrentSecurityIdentity(this);
        try {
            T t = (T) PeerIdentity.runAsAll(callable, this.peerIdentities);
            securityDomain.setCurrentSecurityIdentity(andSetCurrentSecurityIdentity);
            return t;
        } catch (Throwable th) {
            securityDomain.setCurrentSecurityIdentity(andSetCurrentSecurityIdentity);
            throw th;
        }
    }

    public <T> T runAs(PrivilegedAction<T> privilegedAction) {
        if (privilegedAction == null) {
            return null;
        }
        SecurityDomain securityDomain = this.securityDomain;
        SecurityIdentity andSetCurrentSecurityIdentity = securityDomain.getAndSetCurrentSecurityIdentity(this);
        try {
            T t = (T) PeerIdentity.runAsAll(privilegedAction, this.peerIdentities);
            securityDomain.setCurrentSecurityIdentity(andSetCurrentSecurityIdentity);
            return t;
        } catch (Throwable th) {
            securityDomain.setCurrentSecurityIdentity(andSetCurrentSecurityIdentity);
            throw th;
        }
    }

    public <T> T runAs(PrivilegedExceptionAction<T> privilegedExceptionAction) throws PrivilegedActionException {
        if (privilegedExceptionAction == null) {
            return null;
        }
        SecurityDomain securityDomain = this.securityDomain;
        SecurityIdentity andSetCurrentSecurityIdentity = securityDomain.getAndSetCurrentSecurityIdentity(this);
        try {
            try {
                try {
                    T t = (T) PeerIdentity.runAsAll(privilegedExceptionAction, this.peerIdentities);
                    securityDomain.setCurrentSecurityIdentity(andSetCurrentSecurityIdentity);
                    return t;
                } catch (Exception e) {
                    throw new PrivilegedActionException(e);
                }
            } catch (RuntimeException | PrivilegedActionException e2) {
                throw e2;
            }
        } catch (Throwable th) {
            securityDomain.setCurrentSecurityIdentity(andSetCurrentSecurityIdentity);
            throw th;
        }
    }

    public <T, P> T runAs(P p, ParametricPrivilegedAction<T, P> parametricPrivilegedAction) {
        if (parametricPrivilegedAction == null) {
            return null;
        }
        SecurityDomain securityDomain = this.securityDomain;
        SecurityIdentity andSetCurrentSecurityIdentity = securityDomain.getAndSetCurrentSecurityIdentity(this);
        try {
            T t = (T) PeerIdentity.runAsAll(p, parametricPrivilegedAction, this.peerIdentities);
            securityDomain.setCurrentSecurityIdentity(andSetCurrentSecurityIdentity);
            return t;
        } catch (Throwable th) {
            securityDomain.setCurrentSecurityIdentity(andSetCurrentSecurityIdentity);
            throw th;
        }
    }

    public <T, P> T runAs(P p, ParametricPrivilegedExceptionAction<T, P> parametricPrivilegedExceptionAction) throws PrivilegedActionException {
        if (parametricPrivilegedExceptionAction == null) {
            return null;
        }
        SecurityDomain securityDomain = this.securityDomain;
        SecurityIdentity andSetCurrentSecurityIdentity = securityDomain.getAndSetCurrentSecurityIdentity(this);
        try {
            try {
                T t = (T) PeerIdentity.runAsAll(p, parametricPrivilegedExceptionAction, this.peerIdentities);
                securityDomain.setCurrentSecurityIdentity(andSetCurrentSecurityIdentity);
                return t;
            } catch (RuntimeException | PrivilegedActionException e) {
                throw e;
            } catch (Exception e2) {
                throw new PrivilegedActionException(e2);
            }
        } catch (Throwable th) {
            securityDomain.setCurrentSecurityIdentity(andSetCurrentSecurityIdentity);
            throw th;
        }
    }

    public <T, R> R runAsFunction(Function<T, R> function, T t) {
        if (function == null) {
            return null;
        }
        return (R) runAsFunction((v0, v1) -> {
            return v0.apply(v1);
        }, function, t);
    }

    public <T, U, R> R runAsFunction(BiFunction<T, U, R> biFunction, T t, U u) {
        if (biFunction == null) {
            return null;
        }
        SecurityDomain securityDomain = this.securityDomain;
        SecurityIdentity andSetCurrentSecurityIdentity = securityDomain.getAndSetCurrentSecurityIdentity(this);
        try {
            R r = (R) PeerIdentity.runAsAllFunction(t, u, biFunction, this.peerIdentities);
            securityDomain.setCurrentSecurityIdentity(andSetCurrentSecurityIdentity);
            return r;
        } catch (Throwable th) {
            securityDomain.setCurrentSecurityIdentity(andSetCurrentSecurityIdentity);
            throw th;
        }
    }

    public <T> void runAsConsumer(Consumer<T> consumer, T t) {
        if (consumer == null) {
            return;
        }
        runAsConsumer((v0, v1) -> {
            v0.accept(v1);
        }, consumer, t);
    }

    public <T, U> void runAsConsumer(BiConsumer<T, U> biConsumer, T t, U u) {
        if (biConsumer == null) {
            return;
        }
        SecurityDomain securityDomain = this.securityDomain;
        SecurityIdentity andSetCurrentSecurityIdentity = securityDomain.getAndSetCurrentSecurityIdentity(this);
        try {
            PeerIdentity.runAsAllConsumer(t, u, biConsumer, this.peerIdentities);
            securityDomain.setCurrentSecurityIdentity(andSetCurrentSecurityIdentity);
        } catch (Throwable th) {
            securityDomain.setCurrentSecurityIdentity(andSetCurrentSecurityIdentity);
            throw th;
        }
    }

    public <T> T runAsSupplier(Supplier<T> supplier) {
        if (supplier == null) {
            return null;
        }
        SecurityDomain securityDomain = this.securityDomain;
        SecurityIdentity andSetCurrentSecurityIdentity = securityDomain.getAndSetCurrentSecurityIdentity(this);
        try {
            T t = (T) PeerIdentity.runAsAllSupplier(supplier, this.peerIdentities);
            securityDomain.setCurrentSecurityIdentity(andSetCurrentSecurityIdentity);
            return t;
        } catch (Throwable th) {
            securityDomain.setCurrentSecurityIdentity(andSetCurrentSecurityIdentity);
            throw th;
        }
    }

    public Set<String> getRoles() {
        return this.securityDomain.mapRoles(this);
    }

    public Set<String> getRoles(String str) {
        RoleMapper roleMapper = this.roleMappers.get(str);
        return roleMapper == null ? Collections.emptySet() : roleMapper.mapRoles(this.securityDomain.mapRoles(this));
    }

    public SecurityIdentity withRoleMapper(String str, RoleMapper roleMapper) {
        Map singletonMap;
        Assert.checkNotNullParam("category", str);
        Assert.checkNotNullParam("roleMapper", roleMapper);
        Map<String, RoleMapper> map = this.roleMappers;
        if (map.get(str) == roleMapper) {
            return this;
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(new ChangeRoleMapperPermission(str));
        }
        if (map.isEmpty() || (map.size() == 1 && map.keySet().iterator().next().equals(str))) {
            singletonMap = Collections.singletonMap(str, roleMapper);
        } else {
            singletonMap = new HashMap(map);
            singletonMap.put(str, roleMapper);
        }
        return new SecurityIdentity(this, (Map<String, RoleMapper>) singletonMap);
    }

    public SecurityIdentity createRunAsIdentity(String str) throws AuthorizationException {
        Assert.checkNotNullParam("name", str);
        SecurityDomain securityDomain = this.securityDomain;
        String rewriteName = securityDomain.getPreRealmRewriter().rewriteName(str);
        if (rewriteName == null) {
            throw ElytronMessages.log.invalidName();
        }
        String mapRealmName = securityDomain.mapRealmName(rewriteName);
        NamePrincipal namePrincipal = new NamePrincipal(rewriteName);
        if (this.principal.equals(namePrincipal)) {
            return this;
        }
        RealmInfo realmInfo = securityDomain.getRealmInfo(mapRealmName);
        String rewriteName2 = securityDomain.getPostRealmRewriter().rewriteName(rewriteName);
        if (rewriteName2 == null) {
            throw ElytronMessages.log.invalidName();
        }
        String rewriteName3 = realmInfo.getNameRewriter().rewriteName(rewriteName2);
        if (rewriteName3 == null) {
            throw ElytronMessages.log.invalidName();
        }
        RunAsPrincipalPermission runAsPrincipalPermission = new RunAsPrincipalPermission(rewriteName3);
        if (!getPermissions().implies(runAsPrincipalPermission)) {
            SecurityRealm.safeHandleRealmEvent(realmInfo.getSecurityRealm(), new RealmIdentityFailedAuthorizationEvent(this.authorizationIdentity, this.principal, namePrincipal));
            throw ElytronMessages.log.unauthorizedRunAs(this.principal, namePrincipal, runAsPrincipalPermission);
        }
        try {
            SecurityRealm securityRealm = realmInfo.getSecurityRealm();
            RealmIdentity realmIdentity = securityRealm.getRealmIdentity(rewriteName3);
            AuthorizationIdentity authorizationIdentity = realmIdentity.getAuthorizationIdentity();
            SecurityRealm.safeHandleRealmEvent(securityRealm, new RealmIdentitySuccessfulAuthorizationEvent(this.authorizationIdentity, this.principal, namePrincipal));
            try {
                SecurityIdentity securityIdentity = new SecurityIdentity(securityDomain, namePrincipal, realmInfo, authorizationIdentity, this.roleMappers);
                realmIdentity.dispose();
                return securityIdentity;
            } catch (Throwable th) {
                realmIdentity.dispose();
                throw th;
            }
        } catch (RealmUnavailableException e) {
            throw ElytronMessages.log.runAsAuthorizationFailed(this.principal, namePrincipal, e);
        }
    }

    public SecurityIdentity withPeerIdentity(PeerIdentity peerIdentity) {
        if (peerIdentity == null) {
            return this;
        }
        PeerIdentity[] peerIdentityArr = this.peerIdentities;
        int length = peerIdentityArr.length;
        for (int i = 0; i < length; i++) {
            if (peerIdentityArr[i].isSamePeerIdentityContext(peerIdentity)) {
                PeerIdentity[] peerIdentityArr2 = (PeerIdentity[]) peerIdentityArr.clone();
                peerIdentityArr2[i] = peerIdentity;
                return new SecurityIdentity(this, peerIdentityArr2);
            }
        }
        PeerIdentity[] peerIdentityArr3 = (PeerIdentity[]) Arrays.copyOf(peerIdentityArr, length + 1);
        peerIdentityArr3[length] = peerIdentity;
        return new SecurityIdentity(this, peerIdentityArr3);
    }

    public PermissionCollection getPermissions() {
        return this.securityDomain.mapPermissions(this);
    }

    public Attributes getAttributes() {
        return this.authorizationIdentity.getAttributes().asReadOnly();
    }

    public Principal getPrincipal() {
        return this.principal;
    }
}
