package org.forgerock.openam.sso.providers.stateless;

import com.iplanet.dpro.session.SessionException;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.authentication.service.AuthD;
import org.forgerock.openam.sdk.javax.inject.Inject;
import org.forgerock.openam.sdk.org.forgerock.util.Reject;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.2.jar:org/forgerock/openam/sso/providers/stateless/StatelessAdminRestriction.class */
public class StatelessAdminRestriction {
    private final SuperUserDelegate delegate;
    private final StatelessSessionManager factory;

    /* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.2.jar:org/forgerock/openam/sso/providers/stateless/StatelessAdminRestriction$SuperUserDelegate.class */
    public interface SuperUserDelegate {
        boolean isSuperUser(String str);

        boolean isSpecialUser(String str);
    }

    @Inject
    public StatelessAdminRestriction(SuperUserDelegate superUserDelegate, StatelessSessionManager statelessSessionManager) {
        this.delegate = superUserDelegate;
        this.factory = statelessSessionManager;
    }

    public boolean isRestricted(SSOToken sSOToken) throws SessionException {
        Reject.ifNull(sSOToken);
        if (!this.factory.containsJwt(sSOToken.toString())) {
            throw new SessionException("Not a Stateless Session");
        }
        try {
            return isRestricted(sSOToken.getPrincipal().getName());
        } catch (SSOException e) {
            throw new SessionException(e);
        }
    }

    public boolean isRestricted(String str) {
        Reject.ifNull(str);
        return this.delegate.isSuperUser(str) || this.delegate.isSpecialUser(str);
    }

    public static SuperUserDelegate createAuthDDelegate() {
        return new SuperUserDelegate() { // from class: org.forgerock.openam.sso.providers.stateless.StatelessAdminRestriction.1
            private AuthD authD;

            private AuthD getAuthD() {
                if (this.authD == null) {
                    this.authD = AuthD.getAuth();
                }
                return this.authD;
            }

            @Override // org.forgerock.openam.sso.providers.stateless.StatelessAdminRestriction.SuperUserDelegate
            public boolean isSuperUser(String str) {
                return getAuthD().isSuperUser(str);
            }

            @Override // org.forgerock.openam.sso.providers.stateless.StatelessAdminRestriction.SuperUserDelegate
            public boolean isSpecialUser(String str) {
                return getAuthD().isSpecialUser(str);
            }
        };
    }
}
