package org.ancoron.sudo.glassfish;

import com.sun.enterprise.security.SecurityContext;
import com.sun.enterprise.security.auth.login.common.PasswordCredential;
import com.sun.enterprise.security.auth.login.common.X509CertificateCredential;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.LinkedHashSet;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.ancoron.sudo.LoginType;
import org.ancoron.sudo.SudoAction;
import org.ancoron.sudo.SudoExecutionException;
import org.ancoron.sudo.SudoService;

/* loaded from: input_file:org/ancoron/sudo/glassfish/SudoServiceGlassFish.class */
public class SudoServiceGlassFish implements SudoService {
    private static final Logger log = Logger.getLogger(SudoService.class.getName());

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.ancoron.sudo.glassfish.SudoServiceGlassFish$2, reason: invalid class name */
    /* loaded from: input_file:org/ancoron/sudo/glassfish/SudoServiceGlassFish$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$ancoron$sudo$LoginType = new int[LoginType.values().length];

        static {
            try {
                $SwitchMap$org$ancoron$sudo$LoginType[LoginType.USERNAME_PASSWORD.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$ancoron$sudo$LoginType[LoginType.CLIENT_CERT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    protected <T> Subject createSubject(SudoAction<T> sudoAction) {
        Subject subject = sudoAction.getSubject();
        if (subject == null) {
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            LinkedHashSet linkedHashSet2 = new LinkedHashSet();
            LinkedHashSet linkedHashSet3 = new LinkedHashSet();
            if (sudoAction.getCallerPrincipal() != null) {
                linkedHashSet3.add(sudoAction.getCallerPrincipal());
            }
            if (sudoAction.getGroups() != null) {
                linkedHashSet3.addAll(Arrays.asList(sudoAction.getGroups()));
            }
            switch (AnonymousClass2.$SwitchMap$org$ancoron$sudo$LoginType[sudoAction.getType().ordinal()]) {
                case 1:
                    if (log.isLoggable(Level.FINE)) {
                        log.log(Level.FINE, "[SUDO] Request: {0} (username={1}, password=********, realm={2})", new Object[]{sudoAction.getType().name(), sudoAction.getUsername(), sudoAction.getRealm()});
                    }
                    linkedHashSet.add(new PasswordCredential(sudoAction.getUsername(), sudoAction.getPassword(), sudoAction.getRealm()));
                    break;
                case 2:
                    if (log.isLoggable(Level.FINE)) {
                        log.log(Level.FINE, "[SUDO] Request: {0} (cert-chain-length={1}, alias={2}, realm={3})", new Object[]{sudoAction.getType().name(), Integer.valueOf(sudoAction.getCertChain().length), sudoAction.getAlias(), sudoAction.getRealm()});
                    }
                    linkedHashSet.add(new X509CertificateCredential(sudoAction.getCertChain(), sudoAction.getAlias(), sudoAction.getRealm()));
                    break;
                default:
                    throw new IllegalArgumentException("[SUDO] Illegal return value for SudoAction.getType() --> " + sudoAction.getType());
            }
            subject = new Subject(false, linkedHashSet3, linkedHashSet2, linkedHashSet);
        }
        return subject;
    }

    public <T> T sudo(SudoAction<T> sudoAction) throws LoginException, SudoExecutionException {
        LoginContext loginContext;
        final Subject createSubject = createSubject(sudoAction);
        SecurityContext current = SecurityContext.getCurrent();
        if (sudoAction.getType() != LoginType.NO_LOGIN) {
            loginContext = new LoginContext(sudoAction.getRealm(), createSubject);
            loginContext.login();
        } else {
            loginContext = null;
        }
        try {
            SecurityContext.setCurrent((SecurityContext) AccessController.doPrivileged(new PrivilegedAction<SecurityContext>() { // from class: org.ancoron.sudo.glassfish.SudoServiceGlassFish.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public SecurityContext run() {
                    return new SecurityContext(createSubject);
                }
            }));
            if (log.isLoggable(Level.FINE)) {
                log.fine("[SUDO] New SecurityContext established");
            }
            try {
                return (T) sudoAction.run();
            } catch (Exception e) {
                throw new SudoExecutionException(current.getCallerPrincipal(), e);
            }
        } finally {
            if (loginContext != null) {
                try {
                    loginContext.logout();
                } catch (LoginException e2) {
                    e2.printStackTrace(System.err);
                }
            }
            SecurityContext.setCurrent(current);
            if (log.isLoggable(Level.FINE)) {
                log.fine("[SUDO] Original SecurityContext restored");
            }
        }
    }
}
