package org.forgerock.opendj.rest2ldap.authz;

import java.util.LinkedHashMap;
import java.util.concurrent.atomic.AtomicReference;
import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.opendj.ldap.Connection;
import org.forgerock.opendj.ldap.ConnectionFactory;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.DecodeException;
import org.forgerock.opendj.ldap.DecodeOptions;
import org.forgerock.opendj.ldap.LdapException;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.controls.AuthorizationIdentityRequestControl;
import org.forgerock.opendj.ldap.controls.AuthorizationIdentityResponseControl;
import org.forgerock.opendj.ldap.controls.Control;
import org.forgerock.opendj.ldap.requests.Requests;
import org.forgerock.opendj.ldap.responses.BindResult;
import org.forgerock.opendj.ldap.schema.Schema;
import org.forgerock.services.context.Context;
import org.forgerock.services.context.SecurityContext;
import org.forgerock.util.AsyncFunction;
import org.forgerock.util.Function;
import org.forgerock.util.Reject;
import org.forgerock.util.promise.Promise;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:embedded-opendj/opendj.zip:opendj/lib/org.openidentityplatform.opendj.opendj-rest2ldap.jar:org/forgerock/opendj/rest2ldap/authz/SaslPlainStrategy.class */
public final class SaslPlainStrategy implements AuthenticationStrategy {
    private final ConnectionFactory connectionFactory;
    private final Function<String, String, LdapException> formatter;

    public SaslPlainStrategy(ConnectionFactory connectionFactory, final Schema schema, final String str) {
        this.connectionFactory = (ConnectionFactory) Reject.checkNotNull(connectionFactory, "connectionFactory cannot be null");
        Reject.checkNotNull(schema, "schema cannot be null");
        Reject.checkNotNull(str, "authcIdTemplate cannot be null");
        if (str.startsWith("dn:")) {
            this.formatter = new Function<String, String, LdapException>() { // from class: org.forgerock.opendj.rest2ldap.authz.SaslPlainStrategy.1
                @Override // org.forgerock.util.Function
                public String apply(String str2) throws LdapException {
                    try {
                        return DN.format(str, schema, str2).toString();
                    } catch (LocalizedIllegalArgumentException e) {
                        throw LdapException.newLdapException(ResultCode.INVALID_DN_SYNTAX, e.getMessageObject(), e);
                    }
                }
            };
        } else {
            this.formatter = new Function<String, String, LdapException>() { // from class: org.forgerock.opendj.rest2ldap.authz.SaslPlainStrategy.2
                @Override // org.forgerock.util.Function
                public String apply(String str2) throws LdapException {
                    return String.format(str, str2);
                }
            };
        }
    }

    @Override // org.forgerock.opendj.rest2ldap.authz.AuthenticationStrategy
    public Promise<SecurityContext, LdapException> authenticate(final String str, final String str2, final Context context) {
        final AtomicReference atomicReference = new AtomicReference();
        return this.connectionFactory.getConnectionAsync().thenAsync(new AsyncFunction<Connection, SecurityContext, LdapException>() { // from class: org.forgerock.opendj.rest2ldap.authz.SaslPlainStrategy.3
            @Override // org.forgerock.util.Function
            public Promise<SecurityContext, LdapException> apply(Connection connection) throws LdapException {
                atomicReference.set(connection);
                return SaslPlainStrategy.this.doSaslPlainBind(connection, context, str, str2);
            }
        }).thenFinally(Utils.close(atomicReference));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Promise<SecurityContext, LdapException> doSaslPlainBind(Connection connection, final Context context, final String str, String str2) throws LdapException {
        final String apply = this.formatter.apply(str);
        return connection.bindAsync(Requests.newPlainSASLBindRequest(apply, str2.toCharArray()).addControl((Control) AuthorizationIdentityRequestControl.newControl(true))).then((Function<? super BindResult, VOUT, LdapException>) new Function<BindResult, SecurityContext, LdapException>() { // from class: org.forgerock.opendj.rest2ldap.authz.SaslPlainStrategy.4
            @Override // org.forgerock.util.Function
            public SecurityContext apply(BindResult bindResult) throws LdapException {
                LinkedHashMap linkedHashMap = new LinkedHashMap(2);
                try {
                    AuthorizationIdentityResponseControl authorizationIdentityResponseControl = (AuthorizationIdentityResponseControl) bindResult.getControl(AuthorizationIdentityResponseControl.DECODER, new DecodeOptions());
                    if (authorizationIdentityResponseControl != null) {
                        String authorizationID = authorizationIdentityResponseControl.getAuthorizationID();
                        if (authorizationID.startsWith("dn:")) {
                            linkedHashMap.put(SecurityContext.AUTHZID_DN, authorizationID.substring(3));
                        }
                    }
                } catch (DecodeException e) {
                }
                linkedHashMap.put("id", str);
                return new SecurityContext(context, apply, linkedHashMap);
            }
        });
    }
}
