package org.opends.server.protocols.http.authz;

import java.io.Closeable;
import java.util.Map;
import org.forgerock.http.Filter;
import org.forgerock.http.Handler;
import org.forgerock.http.protocol.Request;
import org.forgerock.http.protocol.Response;
import org.forgerock.http.protocol.Status;
import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.json.resource.ResourceException;
import org.forgerock.opendj.ldap.Connection;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.LdapException;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.schema.Schema;
import org.forgerock.opendj.rest2ldap.AuthenticatedConnectionContext;
import org.forgerock.opendj.rest2ldap.Rest2Ldap;
import org.forgerock.services.context.Context;
import org.forgerock.services.context.SecurityContext;
import org.forgerock.util.Reject;
import org.forgerock.util.Utils;
import org.forgerock.util.promise.NeverThrowsException;
import org.forgerock.util.promise.Promise;
import org.forgerock.util.promise.Promises;
import org.opends.server.api.IdentityMapper;
import org.opends.server.core.DirectoryServer;
import org.opends.server.protocols.http.HttpLogContext;
import org.opends.server.protocols.http.LDAPContext;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/opends/server/protocols/http/authz/InternalProxyAuthzFilter.class */
public final class InternalProxyAuthzFilter implements Filter {
    private final IdentityMapper<?> identityMapper;
    private final Schema schema;

    /* JADX INFO: Access modifiers changed from: package-private */
    public InternalProxyAuthzFilter(IdentityMapper<?> identityMapper, Schema schema) {
        this.identityMapper = (IdentityMapper) Reject.checkNotNull(identityMapper, "identityMapper cannot be null");
        this.schema = (Schema) Reject.checkNotNull(schema, "schema cannot be null");
    }

    public final Promise<Response, NeverThrowsException> filter(Context context, Request request, Handler handler) {
        SecurityContext securityContext = (SecurityContext) context.asContext(SecurityContext.class);
        context.asContext(HttpLogContext.class).setAuthUser(securityContext.getAuthenticationId());
        final Connection connection = null;
        try {
            connection = context.asContext(LDAPContext.class).getInternalConnectionFactory().getAuthenticatedConnection(getUserEntry(securityContext));
            return handler.handle(new AuthenticatedConnectionContext(context, connection), request).thenFinally(new Runnable() { // from class: org.opends.server.protocols.http.authz.InternalProxyAuthzFilter.1
                @Override // java.lang.Runnable
                public void run() {
                    Utils.closeSilently(new Closeable[]{connection});
                }
            });
        } catch (LdapException | DirectoryException e) {
            Utils.closeSilently(new Closeable[]{connection});
            return asErrorResponse(e);
        }
    }

    private Entry getUserEntry(SecurityContext securityContext) throws LdapException, DirectoryException {
        Map authorization = securityContext.getAuthorization();
        if (authorization.containsKey("dn")) {
            try {
                return DirectoryServer.getEntry(DN.valueOf(authorization.get("dn").toString(), this.schema));
            } catch (LocalizedIllegalArgumentException e) {
                throw LdapException.newLdapException(ResultCode.INVALID_DN_SYNTAX, e);
            }
        }
        if (!authorization.containsKey("id")) {
            throw LdapException.newLdapException(ResultCode.AUTHORIZATION_DENIED);
        }
        Entry entryForID = this.identityMapper.getEntryForID(authorization.get("id").toString());
        if (entryForID == null) {
            throw LdapException.newLdapException(ResultCode.INVALID_CREDENTIALS);
        }
        return entryForID;
    }

    static Promise<Response, NeverThrowsException> asErrorResponse(Throwable th) {
        ResourceException asResourceException = Rest2Ldap.asResourceException(th);
        return Promises.newResultPromise(new Response(Status.valueOf(asResourceException.getCode())).setEntity(asResourceException.toJsonValue().getObject()));
    }
}
