package org.forgerock.openam.forgerockrest.utils;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdType;
import com.sun.identity.idm.IdUtils;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceConfig;
import com.sun.identity.sm.ServiceConfigManager;
import java.security.AccessController;
import java.security.PrivilegedAction;
import javax.inject.Inject;
import javax.inject.Named;

/* loaded from: input_file:org/forgerock/openam/forgerockrest/utils/AgentIdentityImpl.class */
public class AgentIdentityImpl implements AgentIdentity {
    private static final String AGENT_SERVICE_NAME = "AgentService";
    private static final String SOAP_STS_SCHEMA_NAME = "SoapSTSAgent";
    private final Debug debug;

    @Inject
    AgentIdentityImpl(@Named("frRest") Debug debug) {
        this.debug = debug;
    }

    @Override // org.forgerock.openam.forgerockrest.utils.AgentIdentity
    public boolean isAgent(SSOToken sSOToken) {
        return getAgentServiceConfig(sSOToken) != null;
    }

    @Override // org.forgerock.openam.forgerockrest.utils.AgentIdentity
    public boolean isSoapSTSAgent(SSOToken sSOToken) {
        ServiceConfig agentServiceConfig = getAgentServiceConfig(sSOToken);
        return agentServiceConfig != null && SOAP_STS_SCHEMA_NAME.equals(agentServiceConfig.getSchemaID());
    }

    private ServiceConfig getAgentServiceConfig(SSOToken sSOToken) {
        try {
            AMIdentity identity = IdUtils.getIdentity(sSOToken);
            if (!IdType.AGENT.equals(identity.getType())) {
                this.debug.message("Not an agent");
                return null;
            }
            try {
                try {
                    return new ServiceConfigManager(AGENT_SERVICE_NAME, getAdminToken()).getOrganizationConfig(identity.getRealm(), (String) null).getSubConfig(identity.getName());
                } catch (SSOException | SMSException e) {
                    this.debug.error("Exception while obtaining AgentService SubConfig {}: {}", new Object[]{identity.getName(), e, e});
                    return null;
                }
            } catch (Exception e2) {
                this.debug.error("Exception while obtaining base AgentService ServiceConfig instance: {}", new Object[]{e2, e2});
                return null;
            }
        } catch (IdRepoException | SSOException e3) {
            this.debug.error("Exception while obtaining identity corresponding to SSOToken: {}", new Object[]{e3, e3});
            return null;
        }
    }

    private SSOToken getAdminToken() {
        return (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance());
    }
}
