package io.quarkus.kafka.client.runtime.graal;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.oracle.svm.core.annotate.Substitute;
import com.oracle.svm.core.annotate.TargetClass;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.concurrent.TimeUnit;
import java.util.function.BooleanSupplier;
import javax.security.auth.AuthPermission;
import javax.security.auth.Subject;
import javax.security.auth.SubjectDomainCombiner;
import org.graalvm.home.Version;

/* compiled from: SubjectSubstitution.java */
@TargetClass(className = "javax.security.auth.Subject", onlyWith = {Graal22_0OrEarlier.class})
/* loaded from: input_file:io/quarkus/kafka/client/runtime/graal/Target_javax_security_auth_Subject.class */
final class Target_javax_security_auth_Subject {

    /* compiled from: SubjectSubstitution.java */
    /* loaded from: input_file:io/quarkus/kafka/client/runtime/graal/Target_javax_security_auth_Subject$AuthPermissionHolder.class */
    static final class AuthPermissionHolder {
        static final AuthPermission DO_AS_PERMISSION = new AuthPermission("doAs");
        static final AuthPermission DO_AS_PRIVILEGED_PERMISSION = new AuthPermission("doAsPrivileged");
        static final AuthPermission SET_READ_ONLY_PERMISSION = new AuthPermission("setReadOnly");
        static final AuthPermission GET_SUBJECT_PERMISSION = new AuthPermission("getSubject");
        static final AuthPermission MODIFY_PRINCIPALS_PERMISSION = new AuthPermission("modifyPrincipals");
        static final AuthPermission MODIFY_PUBLIC_CREDENTIALS_PERMISSION = new AuthPermission("modifyPublicCredentials");
        static final AuthPermission MODIFY_PRIVATE_CREDENTIALS_PERMISSION = new AuthPermission("modifyPrivateCredentials");

        AuthPermissionHolder() {
        }
    }

    /* compiled from: SubjectSubstitution.java */
    /* loaded from: input_file:io/quarkus/kafka/client/runtime/graal/Target_javax_security_auth_Subject$Graal22_0OrEarlier.class */
    public static final class Graal22_0OrEarlier implements BooleanSupplier {
        @Override // java.util.function.BooleanSupplier
        public boolean getAsBoolean() {
            return Version.getCurrent().compareTo(new int[]{22, 1}) < 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: SubjectSubstitution.java */
    /* loaded from: input_file:io/quarkus/kafka/client/runtime/graal/Target_javax_security_auth_Subject$SubjectHolder.class */
    public static final class SubjectHolder {
        static final Cache<AccessControlContext, Subject> subjects = Caffeine.newBuilder().initialCapacity(20).maximumSize(1000).expireAfterWrite(1, TimeUnit.MINUTES).expireAfterAccess(1, TimeUnit.SECONDS).build();

        SubjectHolder() {
        }
    }

    Target_javax_security_auth_Subject() {
    }

    @Substitute
    public static <T> T doAs(Subject subject, PrivilegedExceptionAction<T> privilegedExceptionAction) throws PrivilegedActionException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION);
        }
        if (privilegedExceptionAction == null) {
            throw new NullPointerException("Invalid null action provided");
        }
        AccessControlContext context = AccessController.getContext();
        SubjectHolder.subjects.put(context, subject);
        return (T) AccessController.doPrivileged(privilegedExceptionAction, createContext(subject, context));
    }

    @Substitute
    public static Subject getSubject(final AccessControlContext accessControlContext) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(AuthPermissionHolder.GET_SUBJECT_PERMISSION);
        }
        if (accessControlContext == null) {
            throw new NullPointerException("Invalid null AccessControlContext provided");
        }
        return (Subject) AccessController.doPrivileged(new PrivilegedAction<Subject>() { // from class: io.quarkus.kafka.client.runtime.graal.Target_javax_security_auth_Subject.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Subject run() {
                return (Subject) SubjectHolder.subjects.getIfPresent(accessControlContext);
            }
        });
    }

    @Substitute
    private static AccessControlContext createContext(final Subject subject, final AccessControlContext accessControlContext) {
        return (AccessControlContext) AccessController.doPrivileged(new PrivilegedAction<AccessControlContext>() { // from class: io.quarkus.kafka.client.runtime.graal.Target_javax_security_auth_Subject.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public AccessControlContext run() {
                return subject == null ? new AccessControlContext(accessControlContext, null) : new AccessControlContext(accessControlContext, new SubjectDomainCombiner(subject));
            }
        });
    }
}
