package com.ibm.ws.security.util;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtension;
import com.ibm.ws.security.auth.j2c.WSLoginLocalOSExtensionFactory;
import com.ibm.ws.security.config.ServerStatusHelper;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;

/* loaded from: input_file:lib/com.ibm.ws.runtime.jar:com/ibm/ws/security/util/ServerIdentityHelper.class */
public final class ServerIdentityHelper {
    private WSLoginLocalOSExtension _extension;
    private static final TraceComponent tc = Tr.register((Class<?>) ServerIdentityHelper.class, "Security", AdminConstants.MSG_BUNDLE_NAME);
    private static final ServerIdentityHelper helper = new ServerIdentityHelper();

    public static ServerIdentityHelper getServerIdentityHelper() {
        return helper;
    }

    private ServerIdentityHelper() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>");
        }
        try {
            this._extension = (WSLoginLocalOSExtension) AccessController.doPrivileged(new PrivilegedExceptionAction<WSLoginLocalOSExtension>() { // from class: com.ibm.ws.security.util.ServerIdentityHelper.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public WSLoginLocalOSExtension run() throws Exception {
                    return WSLoginLocalOSExtensionFactory.getInstance();
                }
            });
        } catch (PrivilegedActionException e) {
            Manager.Ffdc.log(e, this, "com.ibm.ws.security.util.ServerIdentityHelper.<init>", "82", new Object[]{this});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to acquire local OS extension helper", e);
            }
            this._extension = null;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    public Object push() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "push");
        }
        Object obj = null;
        if (isApplicationSyncEnabled() || (ServerStatusHelper.isServer() && isRunAsEnabled())) {
            try {
                obj = AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.security.util.ServerIdentityHelper.2
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        Object appLocalOSThreadID;
                        Subject serverSubject = ContextManagerFactory.getInstance().getServerSubject();
                        boolean isApplicationSyncEnabled = ServerIdentityHelper.this.isApplicationSyncEnabled();
                        synchronized (this) {
                            appLocalOSThreadID = isApplicationSyncEnabled ? ServerIdentityHelper.this._extension.setAppLocalOSThreadID(serverSubject) : ServerIdentityHelper.this._extension.setLocalOSThreadID(serverSubject);
                        }
                        return appLocalOSThreadID;
                    }
                });
            } catch (PrivilegedActionException e) {
                SecurityException securityException = new SecurityException("Unable to associate server subject with OS thread");
                securityException.initCause(securityException.getCause());
                Manager.Ffdc.log(securityException, this, "com.ibm.ws.security.util.ServerIdentityHelper.push", "121", new Object[]{this});
                throw securityException;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "push", obj);
        }
        return obj;
    }

    public void pop(final Object obj) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "pop", obj);
        }
        if (obj != null) {
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.security.util.ServerIdentityHelper.3
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        synchronized (this) {
                            ServerIdentityHelper.this._extension.restoreLocalOSThreadID(obj);
                        }
                        return null;
                    }
                });
            } catch (PrivilegedActionException e) {
                SecurityException securityException = new SecurityException("Unable to disassociate server subject from the OS thread");
                securityException.initCause(securityException.getCause());
                Manager.Ffdc.log(securityException, this, "com.ibm.ws.security.util.ServerIdentityHelper.pop", "155", new Object[]{this});
                throw securityException;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "pop");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isApplicationSyncEnabled() {
        boolean z = this._extension != null && this._extension.isThreadLocalApplicationSyncEnabled();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Application sync enabled: " + z);
        }
        return z;
    }

    private boolean isRunAsEnabled() {
        boolean z = this._extension != null && this._extension.isSyncToThreadEnabled();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Connection manager RunAs thread identity enabled: " + z);
        }
        return z;
    }
}
