package org.apache.geronimo.connector.wrapper.work;

import java.util.Stack;
import javax.resource.spi.work.SecurityContext;
import javax.resource.spi.work.WorkCompletedException;
import javax.resource.spi.work.WorkContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginException;
import org.apache.geronimo.connector.work.WorkContextHandler;
import org.apache.geronimo.gbean.annotation.GBean;
import org.apache.geronimo.gbean.annotation.ParamAttribute;
import org.apache.geronimo.gbean.annotation.ParamReference;
import org.apache.geronimo.security.Callers;
import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.security.credentialstore.CredentialStore;
import org.apache.geronimo.security.jaas.ConfigurationFactory;
import org.apache.geronimo.security.jaspi.IdentityService;
import org.apache.geronimo.security.jaspi.impl.GeronimoIdentityService;
import org.apache.geronimo.security.jaspi.impl.GeronimoLoginService;
import org.apache.geronimo.security.jaspi.impl.JaspicCallbackHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@GBean
/* loaded from: input_file:org/apache/geronimo/connector/wrapper/work/SecurityContextHandler.class */
public class SecurityContextHandler implements WorkContextHandler<SecurityContext> {
    private static final Logger log = LoggerFactory.getLogger(SecurityContextHandler.class);
    private final String m_realm;
    private final Subject defaultSubject;
    private final Subject serviceSubject;
    private final ThreadLocal<Stack<Callers>> callers = new ThreadLocal<Stack<Callers>>() { // from class: org.apache.geronimo.connector.wrapper.work.SecurityContextHandler.1
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.ThreadLocal
        public Stack<Callers> initialValue() {
            return new Stack<>();
        }
    };
    private final CallbackHandler callbackHandler;
    private final IdentityService identityService;

    public SecurityContextHandler(@ParamAttribute(name = "realm") String str, @ParamAttribute(name = "defaultSubjectRealm") String str2, @ParamAttribute(name = "defaultSubjectId") String str3, @ParamReference(name = "DefaultCredentialStore") CredentialStore credentialStore, @ParamAttribute(name = "serviceSubjectRealm") String str4, @ParamAttribute(name = "serviceSubjectId") String str5, @ParamReference(name = "ServiceCredentialStore") CredentialStore credentialStore2) throws LoginException {
        log.info("SecurityContextHandler set up with\n realm: {}\n defaultSubjectRealm: {}\n defaultSubjectId {}\n DefaultCredentialStore {}\n serviceSubjectRealm {}\n serviceSubjectId {}\n ServiceCredentialStore {}", new Object[]{str, str2, str3, credentialStore, str4, str5, credentialStore2});
        if (credentialStore == null || str2 == null || str3 == null) {
            this.defaultSubject = ContextManager.EMPTY;
        } else {
            this.defaultSubject = credentialStore.getSubject(str2, str3);
        }
        if (credentialStore2 == null || str4 == null || str5 == null) {
            this.serviceSubject = null;
        } else {
            this.serviceSubject = credentialStore2.getSubject(str4, str5);
        }
        this.m_realm = str;
        this.identityService = new GeronimoIdentityService(this.defaultSubject);
        this.callbackHandler = new JaspicCallbackHandler(new GeronimoLoginService(new ConfigurationFactory() { // from class: org.apache.geronimo.connector.wrapper.work.SecurityContextHandler.2
            public String getConfigurationName() {
                return SecurityContextHandler.this.m_realm;
            }

            public Configuration getConfiguration() {
                return null;
            }
        }, this.identityService));
    }

    public void before(SecurityContext securityContext) throws WorkCompletedException {
        Subject subject;
        if (securityContext == null) {
            subject = this.defaultSubject;
        } else {
            subject = new Subject();
            securityContext.setupSecurityContext(this.callbackHandler, subject, this.serviceSubject);
            this.identityService.newUserIdentity(subject);
        }
        this.callers.get().push(ContextManager.getCallers());
        ContextManager.setCallers(subject, subject);
    }

    public void after(SecurityContext securityContext) throws WorkCompletedException {
        Subject currentCaller = ContextManager.getCurrentCaller();
        ContextManager.popCallers(this.callers.get().pop());
        ContextManager.unregisterSubject(currentCaller);
    }

    public boolean supports(Class<? extends WorkContext> cls) {
        return SecurityContext.class.isAssignableFrom(cls);
    }

    public boolean required() {
        return true;
    }
}
