package org.forgerock.opendj.rest2ldap.authz;

import java.util.concurrent.atomic.AtomicReference;
import org.forgerock.http.Filter;
import org.forgerock.http.Handler;
import org.forgerock.http.protocol.Request;
import org.forgerock.http.protocol.Response;
import org.forgerock.opendj.ldap.Connection;
import org.forgerock.opendj.ldap.ConnectionFactory;
import org.forgerock.opendj.ldap.IntermediateResponseHandler;
import org.forgerock.opendj.ldap.LdapException;
import org.forgerock.opendj.ldap.LdapPromise;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchResultHandler;
import org.forgerock.opendj.ldap.controls.Control;
import org.forgerock.opendj.ldap.controls.ProxiedAuthV2RequestControl;
import org.forgerock.opendj.ldap.requests.AddRequest;
import org.forgerock.opendj.ldap.requests.CompareRequest;
import org.forgerock.opendj.ldap.requests.DeleteRequest;
import org.forgerock.opendj.ldap.requests.ExtendedRequest;
import org.forgerock.opendj.ldap.requests.ModifyDNRequest;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.forgerock.opendj.ldap.requests.SearchRequest;
import org.forgerock.opendj.ldap.responses.CompareResult;
import org.forgerock.opendj.ldap.responses.ExtendedResult;
import org.forgerock.opendj.ldap.responses.Result;
import org.forgerock.opendj.rest2ldap.AuthenticatedConnectionContext;
import org.forgerock.services.context.Context;
import org.forgerock.services.context.SecurityContext;
import org.forgerock.util.AsyncFunction;
import org.forgerock.util.Function;
import org.forgerock.util.Reject;
import org.forgerock.util.promise.NeverThrowsException;
import org.forgerock.util.promise.Promise;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/forgerock/opendj/rest2ldap/authz/ProxiedAuthV2Filter.class */
public final class ProxiedAuthV2Filter implements Filter {
    private final ConnectionFactory connectionFactory;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/forgerock/opendj/rest2ldap/authz/ProxiedAuthV2Filter$ProxiedAuthConnectionDecorator.class */
    public static final class ProxiedAuthConnectionDecorator extends AbstractAsynchronousConnectionDecorator {
        private final Control proxiedAuthzControl;

        ProxiedAuthConnectionDecorator(Connection connection, Control control) {
            super(connection);
            this.proxiedAuthzControl = control;
        }

        @Override // org.forgerock.opendj.rest2ldap.authz.AbstractAsynchronousConnectionDecorator, org.forgerock.opendj.ldap.Connection
        public LdapPromise<Result> addAsync(AddRequest addRequest, IntermediateResponseHandler intermediateResponseHandler) {
            return this.delegate.addAsync(addRequest.addControl(this.proxiedAuthzControl), intermediateResponseHandler);
        }

        @Override // org.forgerock.opendj.rest2ldap.authz.AbstractAsynchronousConnectionDecorator, org.forgerock.opendj.ldap.Connection
        public LdapPromise<CompareResult> compareAsync(CompareRequest compareRequest, IntermediateResponseHandler intermediateResponseHandler) {
            return this.delegate.compareAsync(compareRequest.addControl(this.proxiedAuthzControl), intermediateResponseHandler);
        }

        @Override // org.forgerock.opendj.rest2ldap.authz.AbstractAsynchronousConnectionDecorator, org.forgerock.opendj.ldap.Connection
        public LdapPromise<Result> deleteAsync(DeleteRequest deleteRequest, IntermediateResponseHandler intermediateResponseHandler) {
            return this.delegate.deleteAsync(deleteRequest.addControl(this.proxiedAuthzControl), intermediateResponseHandler);
        }

        @Override // org.forgerock.opendj.rest2ldap.authz.AbstractAsynchronousConnectionDecorator, org.forgerock.opendj.ldap.Connection
        public <R extends ExtendedResult> LdapPromise<R> extendedRequestAsync(ExtendedRequest<R> extendedRequest, IntermediateResponseHandler intermediateResponseHandler) {
            return this.delegate.extendedRequestAsync(extendedRequest.addControl(this.proxiedAuthzControl), intermediateResponseHandler);
        }

        @Override // org.forgerock.opendj.rest2ldap.authz.AbstractAsynchronousConnectionDecorator, org.forgerock.opendj.ldap.Connection
        public LdapPromise<Result> modifyAsync(ModifyRequest modifyRequest, IntermediateResponseHandler intermediateResponseHandler) {
            return this.delegate.modifyAsync(modifyRequest.addControl(this.proxiedAuthzControl), intermediateResponseHandler);
        }

        @Override // org.forgerock.opendj.rest2ldap.authz.AbstractAsynchronousConnectionDecorator, org.forgerock.opendj.ldap.Connection
        public LdapPromise<Result> modifyDNAsync(ModifyDNRequest modifyDNRequest, IntermediateResponseHandler intermediateResponseHandler) {
            return this.delegate.modifyDNAsync(modifyDNRequest.addControl(this.proxiedAuthzControl), intermediateResponseHandler);
        }

        @Override // org.forgerock.opendj.rest2ldap.authz.AbstractAsynchronousConnectionDecorator, org.forgerock.opendj.ldap.Connection
        public LdapPromise<Result> searchAsync(SearchRequest searchRequest, IntermediateResponseHandler intermediateResponseHandler, SearchResultHandler searchResultHandler) {
            return this.delegate.searchAsync(searchRequest.addControl(this.proxiedAuthzControl), intermediateResponseHandler, searchResultHandler);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProxiedAuthV2Filter(ConnectionFactory connectionFactory) {
        this.connectionFactory = (ConnectionFactory) Reject.checkNotNull(connectionFactory, "connectionFactory cannot be null");
    }

    @Override // org.forgerock.http.Filter
    public Promise<Response, NeverThrowsException> filter(final Context context, final Request request, final Handler handler) {
        final AtomicReference atomicReference = new AtomicReference();
        return this.connectionFactory.getConnectionAsync().then(new Function<Connection, Connection, LdapException>() { // from class: org.forgerock.opendj.rest2ldap.authz.ProxiedAuthV2Filter.2
            @Override // org.forgerock.util.Function
            public Connection apply(Connection connection) throws LdapException {
                atomicReference.set(connection);
                Connection newProxiedConnection = ProxiedAuthV2Filter.this.newProxiedConnection(connection, ProxiedAuthV2Filter.this.resolveAuthorizationId((SecurityContext) context.asContext(SecurityContext.class)));
                atomicReference.set(newProxiedConnection);
                return newProxiedConnection;
            }
        }).thenAsync(new AsyncFunction<Connection, Response, NeverThrowsException>() { // from class: org.forgerock.opendj.rest2ldap.authz.ProxiedAuthV2Filter.1
            @Override // org.forgerock.util.AsyncFunction, org.forgerock.util.Function
            public Promise<Response, NeverThrowsException> apply(Connection connection) {
                return handler.handle(new AuthenticatedConnectionContext(context, connection), request);
            }
        }, Utils.handleConnectionFailure()).thenFinally(Utils.close(atomicReference));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String resolveAuthorizationId(SecurityContext securityContext) throws LdapException {
        Object obj = securityContext.getAuthorization().get(SecurityContext.AUTHZID_DN);
        if (obj != null) {
            return "dn:" + obj;
        }
        Object obj2 = securityContext.getAuthorization().get("id");
        if (obj2 != null) {
            return "u:" + obj2;
        }
        throw LdapException.newLdapException(ResultCode.AUTH_METHOD_NOT_SUPPORTED);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Connection newProxiedConnection(Connection connection, String str) {
        return new CachedReadConnectionDecorator(new ProxiedAuthConnectionDecorator(connection, ProxiedAuthV2RequestControl.newControl(str)));
    }
}
