package org.springframework.security.messaging.context;

import java.util.Stack;
import org.springframework.messaging.Message;
import org.springframework.messaging.MessageChannel;
import org.springframework.messaging.MessageHandler;
import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
import org.springframework.messaging.support.ExecutorChannelInterceptor;
import org.springframework.messaging.support.MessageBuilder;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.config.Elements;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextHolderStrategy;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/spring-security-messaging-6.2.2.jar:org/springframework/security/messaging/context/SecurityContextPropagationChannelInterceptor.class */
public final class SecurityContextPropagationChannelInterceptor implements ExecutorChannelInterceptor {
    private static final ThreadLocal<Stack<SecurityContext>> originalContext = new ThreadLocal<>();
    private SecurityContextHolderStrategy securityContextHolderStrategy;
    private SecurityContext empty;
    private final String authenticationHeaderName;
    private Authentication anonymous;

    public SecurityContextPropagationChannelInterceptor() {
        this(SimpMessageHeaderAccessor.USER_HEADER);
    }

    public SecurityContextPropagationChannelInterceptor(String str) {
        this.securityContextHolderStrategy = SecurityContextHolder.getContextHolderStrategy();
        this.empty = this.securityContextHolderStrategy.createEmptyContext();
        this.anonymous = new AnonymousAuthenticationToken("key", Elements.ANONYMOUS, AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
        Assert.notNull(str, "authenticationHeaderName cannot be null");
        this.authenticationHeaderName = str;
    }

    public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) {
        this.securityContextHolderStrategy = securityContextHolderStrategy;
        this.empty = this.securityContextHolderStrategy.createEmptyContext();
    }

    public void setAnonymousAuthentication(Authentication authentication) {
        Assert.notNull(authentication, "authentication cannot be null");
        this.anonymous = authentication;
    }

    @Override // org.springframework.messaging.support.ChannelInterceptor
    public Message<?> preSend(Message<?> message, MessageChannel messageChannel) {
        Authentication authentication = this.securityContextHolderStrategy.getContext().getAuthentication();
        if (authentication == null) {
            authentication = this.anonymous;
        }
        return MessageBuilder.fromMessage(message).setHeader(this.authenticationHeaderName, authentication).build();
    }

    @Override // org.springframework.messaging.support.ExecutorChannelInterceptor
    public Message<?> beforeHandle(Message<?> message, MessageChannel messageChannel, MessageHandler messageHandler) {
        return postReceive(message, messageChannel);
    }

    @Override // org.springframework.messaging.support.ChannelInterceptor
    public Message<?> postReceive(Message<?> message, MessageChannel messageChannel) {
        setup(message);
        return message;
    }

    @Override // org.springframework.messaging.support.ExecutorChannelInterceptor
    public void afterMessageHandled(Message<?> message, MessageChannel messageChannel, MessageHandler messageHandler, Exception exc) {
        cleanup();
    }

    private void setup(Message<?> message) {
        Authentication authentication = (Authentication) message.getHeaders().get(this.authenticationHeaderName, Authentication.class);
        SecurityContext context = this.securityContextHolderStrategy.getContext();
        Stack<SecurityContext> stack = originalContext.get();
        if (stack == null) {
            stack = new Stack<>();
            originalContext.set(stack);
        }
        stack.push(context);
        SecurityContext createEmptyContext = this.securityContextHolderStrategy.createEmptyContext();
        createEmptyContext.setAuthentication(authentication);
        this.securityContextHolderStrategy.setContext(createEmptyContext);
    }

    private void cleanup() {
        Stack<SecurityContext> stack = originalContext.get();
        if (stack == null || stack.isEmpty()) {
            this.securityContextHolderStrategy.clearContext();
            originalContext.remove();
            return;
        }
        SecurityContext pop = stack.pop();
        try {
            if (this.empty.equals(pop)) {
                this.securityContextHolderStrategy.clearContext();
                originalContext.remove();
            } else {
                this.securityContextHolderStrategy.setContext(pop);
            }
        } catch (Throwable th) {
            this.securityContextHolderStrategy.clearContext();
        }
    }
}
