package _ss_com.streamsets.datacollector.security;

import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.DomainCombiner;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import javax.security.auth.AuthPermission;
import javax.security.auth.Subject;
import javax.security.auth.SubjectDomainCombiner;

/* loaded from: input_file:_ss_com/streamsets/datacollector/security/SecurityUtil.class */
public class SecurityUtil {
    private static final AuthPermission DO_AS_PERMISSION = new AuthPermission("doAs");

    /* loaded from: input_file:_ss_com/streamsets/datacollector/security/SecurityUtil$CustomCombiner.class */
    public static class CustomCombiner extends SubjectDomainCombiner {
        private DomainCombiner combiner;
        private Subject subject;

        public CustomCombiner(DomainCombiner domainCombiner, Subject subject) {
            super(subject);
            this.combiner = domainCombiner;
            this.subject = subject;
        }

        @Override // javax.security.auth.SubjectDomainCombiner, java.security.DomainCombiner
        public ProtectionDomain[] combine(ProtectionDomain[] protectionDomainArr, ProtectionDomain[] protectionDomainArr2) {
            ProtectionDomain[] combine;
            synchronized (this.subject.getPrincipals()) {
                combine = this.combiner.combine(protectionDomainArr, protectionDomainArr2);
            }
            return combine;
        }
    }

    private static AccessControlContext createContext(Subject subject, AccessControlContext accessControlContext) {
        return (AccessControlContext) AccessController.doPrivileged(() -> {
            return subject == null ? new AccessControlContext(accessControlContext, null) : new AccessControlContext(accessControlContext, new CustomCombiner(new SubjectDomainCombiner(subject), subject));
        });
    }

    private static void checkDoAsPermission() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(DO_AS_PERMISSION);
        }
    }

    public static <T> T doAs(Subject subject, PrivilegedExceptionAction<T> privilegedExceptionAction) throws PrivilegedActionException {
        checkDoAsPermission();
        if (privilegedExceptionAction == null) {
            throw new RuntimeException("No privileged exception action provided");
        }
        return (T) AccessController.doPrivileged(privilegedExceptionAction, createContext(subject, AccessController.getContext()));
    }

    public static <T> T doAs(Subject subject, PrivilegedAction<T> privilegedAction) {
        checkDoAsPermission();
        if (privilegedAction == null) {
            throw new RuntimeException("No privileged action provided");
        }
        return (T) AccessController.doPrivileged(privilegedAction, createContext(subject, AccessController.getContext()));
    }
}
