package com.sun.identity.delegation;

import com.iplanet.am.util.Debug;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.delegation.interfaces.DelegationInterface;
import com.sun.identity.sm.DNMapper;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:120954-03/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/delegation/DelegationEvaluator.class */
public class DelegationEvaluator {
    static final Debug debug = DelegationManager.debug;
    static String privilegedUserName;
    private DelegationInterface pluginInstance;

    public DelegationEvaluator() throws DelegationException {
        this.pluginInstance = null;
        this.pluginInstance = DelegationManager.getDelegationPlugin();
        if (debug.messageEnabled()) {
            debug.message("Instantiated a DelegationEvaluator.");
        }
    }

    public boolean isAllowed(SSOToken sSOToken, DelegationPermission delegationPermission, Map map) throws SSOException, DelegationException {
        boolean z = false;
        if (delegationPermission != null && sSOToken != null) {
            if (sSOToken.getPrincipal().getName().equalsIgnoreCase(privilegedUserName)) {
                z = true;
            } else {
                if (this.pluginInstance == null) {
                    throw new DelegationException(ResBundleUtils.rbName, "no_plugin_specified", null, null);
                }
                z = this.pluginInstance.isAllowed(sSOToken, delegationPermission, map);
            }
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("isAllowed() returns ").append(z).append(" for user: ").append(sSOToken.getPrincipal().getName()).append(" for permission ").append(delegationPermission).toString());
        }
        return z;
    }

    public Set getPermissions(SSOToken sSOToken, String str) throws SSOException, DelegationException {
        if (this.pluginInstance == null) {
            throw new DelegationException(ResBundleUtils.rbName, "no_plugin_specified", null, null);
        }
        return this.pluginInstance.getPermissions(sSOToken, DNMapper.orgNameToDN(str));
    }

    static {
        try {
            privilegedUserName = DelegationManager.getAdminToken().getPrincipal().getName();
        } catch (Exception e) {
            debug.error("DelegationEvaluator:", e);
        }
    }
}
