package org.forgerock.openam.sts.rest.token.validator;

import com.iplanet.sso.SSOToken;
import com.sun.identity.security.AdminTokenAction;
import java.security.AccessController;
import java.security.PrivilegedAction;
import org.forgerock.openam.sts.TokenIdGenerationException;
import org.forgerock.openam.sts.TokenType;
import org.forgerock.openam.sts.TokenTypeId;
import org.forgerock.openam.sts.TokenValidationException;
import org.forgerock.openam.sts.token.CTSTokenIdGenerator;
import org.forgerock.openam.sts.token.provider.TokenServiceConsumer;
import org.forgerock.openam.sts.user.invocation.SAML2TokenState;

/* loaded from: input_file:org/forgerock/openam/sts/rest/token/validator/RestSAML2IssuedTokenValidator.class */
public class RestSAML2IssuedTokenValidator implements RestIssuedTokenValidator<SAML2TokenState> {
    protected final CTSTokenIdGenerator ctsTokenIdGenerator;
    protected final TokenServiceConsumer tokenServiceConsumer;

    public RestSAML2IssuedTokenValidator(CTSTokenIdGenerator cTSTokenIdGenerator, TokenServiceConsumer tokenServiceConsumer) {
        this.ctsTokenIdGenerator = cTSTokenIdGenerator;
        this.tokenServiceConsumer = tokenServiceConsumer;
    }

    @Override // org.forgerock.openam.sts.rest.token.validator.RestIssuedTokenValidator
    public boolean canValidateToken(TokenTypeId tokenTypeId) {
        return TokenType.SAML2.getId().equals(tokenTypeId.getId());
    }

    @Override // org.forgerock.openam.sts.rest.token.validator.RestIssuedTokenValidator
    public boolean validateToken(RestIssuedTokenValidatorParameters<SAML2TokenState> restIssuedTokenValidatorParameters) throws TokenValidationException {
        return this.tokenServiceConsumer.validateToken(generateIdFromValidateTarget(restIssuedTokenValidatorParameters.getInputToken()), getAdminToken());
    }

    private String generateIdFromValidateTarget(SAML2TokenState sAML2TokenState) throws TokenValidationException {
        try {
            return this.ctsTokenIdGenerator.generateTokenId(TokenType.SAML2, sAML2TokenState.getSAML2TokenValue());
        } catch (TokenIdGenerationException e) {
            throw new TokenValidationException(e.getCode(), e.getMessage(), e);
        }
    }

    protected String getAdminToken() {
        return ((SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance())).getTokenID().toString();
    }
}
