package org.forgerock.opendj.rest2ldap.authz;

import org.forgerock.http.Filter;
import org.forgerock.http.Handler;
import org.forgerock.http.protocol.Headers;
import org.forgerock.http.protocol.Request;
import org.forgerock.http.protocol.Response;
import org.forgerock.opendj.ldap.EntryNotFoundException;
import org.forgerock.opendj.ldap.LdapException;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.services.context.Context;
import org.forgerock.services.context.SecurityContext;
import org.forgerock.util.AsyncFunction;
import org.forgerock.util.Function;
import org.forgerock.util.Pair;
import org.forgerock.util.Reject;
import org.forgerock.util.promise.NeverThrowsException;
import org.forgerock.util.promise.Promise;

/* loaded from: input_file:org/forgerock/opendj/rest2ldap/authz/HttpBasicAuthenticationFilter.class */
final class HttpBasicAuthenticationFilter implements Filter {
    private final AuthenticationStrategy authenticationStrategy;
    private final Function<Headers, Pair<String, String>, NeverThrowsException> credentialsExtractor;

    public HttpBasicAuthenticationFilter(AuthenticationStrategy authenticationStrategy, Function<Headers, Pair<String, String>, NeverThrowsException> function) {
        this.authenticationStrategy = (AuthenticationStrategy) Reject.checkNotNull(authenticationStrategy, "authenticationStrategy cannot be null");
        this.credentialsExtractor = (Function) Reject.checkNotNull(function, "credentialsExtractor cannot be null");
    }

    @Override // org.forgerock.http.Filter
    public Promise<Response, NeverThrowsException> filter(Context context, final Request request, final Handler handler) {
        Pair<String, String> apply = this.credentialsExtractor.apply(request.getHeaders());
        return apply == null ? Utils.asErrorResponse(LdapException.newLdapException(ResultCode.INVALID_CREDENTIALS)) : this.authenticationStrategy.authenticate(apply.getFirst(), apply.getSecond(), context).thenAsync(new AsyncFunction<SecurityContext, Response, NeverThrowsException>() { // from class: org.forgerock.opendj.rest2ldap.authz.HttpBasicAuthenticationFilter.1
            @Override // org.forgerock.util.Function
            public Promise<Response, NeverThrowsException> apply(SecurityContext securityContext) {
                return handler.handle(securityContext, request);
            }
        }, new AsyncFunction<LdapException, Response, NeverThrowsException>() { // from class: org.forgerock.opendj.rest2ldap.authz.HttpBasicAuthenticationFilter.2
            @Override // org.forgerock.util.Function
            public Promise<? extends Response, ? extends NeverThrowsException> apply(LdapException ldapException) {
                return Utils.asErrorResponse(ldapException instanceof EntryNotFoundException ? LdapException.newLdapException(ResultCode.INVALID_CREDENTIALS) : ldapException);
            }
        });
    }
}
