package com.sun.jmx.remote.opt.security;

import com.sun.jmx.remote.opt.util.CacheMap;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import javax.management.remote.SubjectDelegationPermission;
import javax.security.auth.Subject;

/* loaded from: input_file:WEB-INF/lib/jppf-jmxremote_optional-1.2.1.jar:com/sun/jmx/remote/opt/security/SubjectDelegator.class */
public class SubjectDelegator {
    private static final int PRINCIPALS_CACHE_SIZE = 10;
    private static final int ACC_CACHE_SIZE = 10;
    private CacheMap<Subject, Principal[]> principalsCache;
    private CacheMap<Subject, AccessControlContext> accCache;

    public synchronized AccessControlContext delegatedContext(AccessControlContext accessControlContext, Subject subject) throws SecurityException {
        if (this.principalsCache == null || this.accCache == null) {
            this.principalsCache = new CacheMap<>(10);
            this.accCache = new CacheMap<>(10);
        }
        Principal[] principalArr = this.principalsCache.get(subject);
        if (principalArr == null) {
            principalArr = (Principal[]) subject.getPrincipals().toArray(new Principal[0]);
            this.principalsCache.put(subject, principalArr);
        }
        AccessControlContext accessControlContext2 = this.accCache.get(subject);
        if (accessControlContext2 == null) {
            accessControlContext2 = new AccessControlContext(AccessController.getContext(), new JMXSubjectDomainCombiner(subject));
            this.accCache.put(subject, accessControlContext2);
        }
        final Principal[] principalArr2 = principalArr;
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.sun.jmx.remote.opt.security.SubjectDelegator.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                for (int i = 0; i < principalArr2.length; i++) {
                    AccessController.checkPermission(new SubjectDelegationPermission(principalArr2[i].getClass().getName() + "." + principalArr2[i].getName()));
                }
                return null;
            }
        }, accessControlContext);
        return accessControlContext2;
    }
}
