package weblogic.connector.work;

import java.security.AccessController;
import javax.resource.spi.work.SecurityContext;
import javax.resource.spi.work.WorkContext;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import weblogic.connector.common.Debug;
import weblogic.connector.security.SubjectStack;
import weblogic.connector.security.layer.SecurityContextImpl;
import weblogic.connector.security.layer.WorkContextWrapper;
import weblogic.connector.security.work.CallbackHandlerFactory;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.container.jca.jaspic.ConnectorCallbackHandler;
import weblogic.security.service.PrivilegedActions;

/* loaded from: input_file:weblogic/connector/work/SecurityContextProcessor.class */
public class SecurityContextProcessor extends BaseWorkContextProcessor {
    private SubjectStack stack;
    private CallbackHandlerFactory callbackHandlerFactory;
    AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());

    public SecurityContextProcessor(SubjectStack subjectStack, CallbackHandlerFactory callbackHandlerFactory) {
        this.stack = subjectStack;
        this.callbackHandlerFactory = callbackHandlerFactory;
    }

    public CallbackHandlerFactory getCallbackHandlerFactory() {
        return this.callbackHandlerFactory;
    }

    @Override // weblogic.connector.work.WorkContextProcessor
    public Class<? extends WorkContext> getSupportedContextClass() {
        return SecurityContext.class;
    }

    @Override // weblogic.connector.work.WorkContextProcessor
    public void setupContext(WorkContextWrapper workContextWrapper, WorkRuntimeMetadata workRuntimeMetadata) throws LoginException {
        ConnectorCallbackHandler connectorCallbackHandler = (ConnectorCallbackHandler) this.callbackHandlerFactory.getCallBackHandler();
        Subject subject = new Subject();
        ((SecurityContextImpl) workContextWrapper).setupSecurityContext(connectorCallbackHandler, subject, null);
        if (Debug.isWorkEnabled()) {
            Debug.work("SecurityContextProcessor: setupContext: new executionSubject:" + subject);
        }
        AuthenticatedSubject authenticatedSubject = connectorCallbackHandler.setupExecutionSubject(subject);
        if (Debug.isWorkEnabled()) {
            Debug.work("SecurityContextProcessor: setupContext: use WLS Subject:" + authenticatedSubject);
        }
        this.stack.pushGivenSubject(this.kernelId, authenticatedSubject);
        workRuntimeMetadata.setEstablishedSubject(authenticatedSubject);
    }

    @Override // weblogic.connector.work.BaseWorkContextProcessor, weblogic.connector.work.WorkContextProcessor
    public void cleanupContext(WorkContextWrapper workContextWrapper, boolean z, WorkRuntimeMetadata workRuntimeMetadata) {
        if (Debug.isWorkEnabled()) {
            Debug.work("SecurityContextProcessor: cleanupContext: will clean up established subject: " + workRuntimeMetadata.getEstablishedSubject());
        }
        if (workRuntimeMetadata.getEstablishedSubject() != null) {
            workRuntimeMetadata.setEstablishedSubject(null);
            this.stack.popSubject(this.kernelId);
        }
    }

    @Override // weblogic.connector.work.WorkContextProcessor
    public WorkContextWrapper createWrapper(WorkContext workContext, SubjectStack subjectStack, AuthenticatedSubject authenticatedSubject) {
        return new SecurityContextImpl((SecurityContext) workContext, subjectStack, authenticatedSubject);
    }
}
