package com.ibm.ws.objectgrid.util.security;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.objectgrid.ObjectGridRuntimeException;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.ws.objectgrid.Constants;
import com.ibm.ws.objectgrid.runtime.RuntimeInfo;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.xs.thread.RunAsType;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;

/* loaded from: input_file:com/ibm/ws/objectgrid/util/security/SecurityContextRunnableFactory.class */
public class SecurityContextRunnableFactory {
    static final String CLASS_NAME = SecurityContextRunnableFactory.class.getName();
    static final TraceComponent tc = Tr.register(SecurityContextRunnableFactory.class, Constants.TR_SECURITY_GROUP_NAME, "com.ibm.ws.objectgrid.resources.ObjectGridMessages");
    private static volatile boolean isCellSecurityEnabledSet = false;
    private static volatile boolean isCellSecurityEnabled = false;
    private static volatile ContextManager contextManager;

    public static Runnable getRunnable(Runnable runnable, Subject subject, RunAsType runAsType) {
        if ((RuntimeInfo.instance().isWASServerProcess() || RuntimeInfo.instance().isWASClientProcess()) && !(runnable instanceof SecurityContextRunnable)) {
            if (!isCellSecurityEnabledSet) {
                init();
            }
            return isCellSecurityEnabled ? runAsType == RunAsType.SYSTEM_SUBJECT ? RuntimeInfo.instance().isWASServerProcess() ? new SecurityContextRunnable(runnable) : new SecurityContextRunnable(runnable, getInvocationSubject()) : runAsType == RunAsType.CALLER_SUBJECT ? new SecurityContextRunnable(runnable, getInvocationSubject()) : new SecurityContextRunnable(runnable, subject) : runnable;
        }
        return runnable;
    }

    public static Runnable getRunnable(Runnable runnable) {
        return getRunnable(runnable, null, RunAsType.SYSTEM_SUBJECT);
    }

    private static final void init() {
        if (contextManager == null) {
            contextManager = ContextManagerFactory.getInstance();
        }
        if (contextManager.isSecurityServiceStarted()) {
            isCellSecurityEnabled = contextManager.isCellSecurityEnabled();
            isCellSecurityEnabledSet = true;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, (RuntimeInfo.instance().isWASServerProcess() ? "WAS Server, " : "") + (RuntimeInfo.instance().isWASClientProcess() ? "WAS Client, " : "") + "isCellSecurityEnabled=" + isCellSecurityEnabled);
            }
        }
    }

    private static final Subject getInvocationSubject() {
        try {
            return (Subject) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.objectgrid.util.security.SecurityContextRunnableFactory.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws WSSecurityException {
                    return SecurityContextRunnableFactory.contextManager.getInvocationSubject();
                }
            });
        } catch (PrivilegedActionException e) {
            throw new ObjectGridRuntimeException(e.getException());
        }
    }
}
