package org.apache.geronimo.security.jaspi.impl;

import java.security.Principal;
import javax.security.auth.Subject;
import org.apache.geronimo.security.Callers;
import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.security.jaspi.IdentityService;
import org.apache.geronimo.security.jaspi.UserIdentity;
import org.apache.geronimo.security.realm.providers.GeronimoCallerPrincipal;

/* loaded from: input_file:org/apache/geronimo/security/jaspi/impl/GeronimoIdentityService.class */
public class GeronimoIdentityService implements IdentityService {
    private final Subject defaultSubject;

    public GeronimoIdentityService(Subject subject) {
        this.defaultSubject = subject;
    }

    @Override // org.apache.geronimo.security.jaspi.IdentityService
    public Object associate(UserIdentity userIdentity) {
        Subject subject = userIdentity == null ? this.defaultSubject : userIdentity.getSubject();
        Callers callers = ContextManager.getCallers();
        ContextManager.setCallers(subject, subject);
        return callers;
    }

    @Override // org.apache.geronimo.security.jaspi.IdentityService
    public void dissociate(Object obj) {
        ContextManager.popCallers((Callers) obj);
    }

    @Override // org.apache.geronimo.security.jaspi.IdentityService
    public UserIdentity newUserIdentity(Subject subject) {
        Principal principal = null;
        for (GeronimoCallerPrincipal geronimoCallerPrincipal : subject.getPrincipals(GeronimoCallerPrincipal.class)) {
            principal = geronimoCallerPrincipal instanceof WrappingCallerPrincipal ? ((WrappingCallerPrincipal) geronimoCallerPrincipal).getWrapped() : geronimoCallerPrincipal;
        }
        return new JACCUserIdentity(subject, principal, ContextManager.registerSubjectShort(subject, principal));
    }
}
