package org.ancoron.sudo.glassfish;

import com.sun.enterprise.security.SecurityContext;
import com.sun.enterprise.security.auth.login.common.PasswordCredential;
import com.sun.enterprise.security.auth.login.common.X509CertificateCredential;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashSet;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.ancoron.sudo.LoginType;
import org.ancoron.sudo.SudoAction;
import org.ancoron.sudo.SudoService;

/* loaded from: input_file:org/ancoron/sudo/glassfish/SudoServiceGlassFish.class */
public class SudoServiceGlassFish implements SudoService {
    private Logger log = Logger.getLogger(SudoService.class.getName());

    /* renamed from: org.ancoron.sudo.glassfish.SudoServiceGlassFish$2, reason: invalid class name */
    /* loaded from: input_file:org/ancoron/sudo/glassfish/SudoServiceGlassFish$2.class */
    static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$ancoron$sudo$LoginType = new int[LoginType.values().length];

        static {
            try {
                $SwitchMap$org$ancoron$sudo$LoginType[LoginType.USERNAME_PASSWORD.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$ancoron$sudo$LoginType[LoginType.CLIENT_CERT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public <T> T sudo(final SudoAction<T> sudoAction) throws LoginException {
        HashSet hashSet = new HashSet();
        switch (AnonymousClass2.$SwitchMap$org$ancoron$sudo$LoginType[sudoAction.getType().ordinal()]) {
            case 1:
                if (this.log.isLoggable(Level.FINE)) {
                    this.log.log(Level.FINE, "[SUDO] Request: {0} (username={1}, password=********, realm={2})", new Object[]{sudoAction.getType().name(), sudoAction.getUsername(), sudoAction.getRealm()});
                }
                hashSet.add(new PasswordCredential(sudoAction.getUsername(), sudoAction.getPassword(), sudoAction.getRealm()));
                break;
            case 2:
                if (this.log.isLoggable(Level.FINE)) {
                    this.log.log(Level.FINE, "[SUDO] Request: {0} (cert-chain-length={1}, alias={2}, realm={3})", new Object[]{sudoAction.getType().name(), Integer.valueOf(sudoAction.getCertChain().length), sudoAction.getAlias(), sudoAction.getRealm()});
                }
                hashSet.add(new X509CertificateCredential(sudoAction.getCertChain(), sudoAction.getAlias(), sudoAction.getRealm()));
                break;
            default:
                throw new IllegalArgumentException("[SUDO] Illegal return value for SudoAction.getType() --> " + sudoAction.getType());
        }
        final Subject subject = new Subject(false, new HashSet(), new HashSet(), hashSet);
        new LoginContext(sudoAction.getRealm(), subject).login();
        SecurityContext current = SecurityContext.getCurrent();
        try {
            SecurityContext.setCurrent((SecurityContext) AccessController.doPrivileged(new PrivilegedAction<SecurityContext>() { // from class: org.ancoron.sudo.glassfish.SudoServiceGlassFish.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public SecurityContext run() {
                    return new SecurityContext(sudoAction.getUsername(), subject);
                }
            }));
            if (this.log.isLoggable(Level.FINE)) {
                this.log.fine("[SUDO] New SecurityContext established");
            }
            T t = (T) sudoAction.run();
            SecurityContext.setCurrent(current);
            if (this.log.isLoggable(Level.FINE)) {
                this.log.fine("[SUDO] Original SecurityContext restored");
            }
            return t;
        } catch (Throwable th) {
            SecurityContext.setCurrent(current);
            if (this.log.isLoggable(Level.FINE)) {
                this.log.fine("[SUDO] Original SecurityContext restored");
            }
            throw th;
        }
    }
}
