package org.forgerock.opendj.rest2ldap.authz;

import java.io.IOException;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import org.forgerock.http.oauth2.AccessTokenException;
import org.forgerock.http.oauth2.AccessTokenInfo;
import org.forgerock.http.oauth2.AccessTokenResolver;
import org.forgerock.http.oauth2.OAuth2Error;
import org.forgerock.http.util.Json;
import org.forgerock.json.JsonValue;
import org.forgerock.json.JsonValueFunctions;
import org.forgerock.opendj.ldap.Connection;
import org.forgerock.opendj.ldap.ConnectionFactory;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.Filter;
import org.forgerock.opendj.ldap.LdapException;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.requests.Requests;
import org.forgerock.opendj.ldap.responses.SearchResultEntry;
import org.forgerock.opendj.rest2ldap.Rest2ldapMessages;
import org.forgerock.services.context.Context;
import org.forgerock.util.AsyncFunction;
import org.forgerock.util.Function;
import org.forgerock.util.Reject;
import org.forgerock.util.promise.Promise;
import org.opends.server.util.ServerConstants;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/forgerock/opendj/rest2ldap/authz/CtsAccessTokenResolver.class */
public final class CtsAccessTokenResolver implements AccessTokenResolver {
    private static final Filter FR_CORE_TOKEN_OC_FILTER = Filter.equality(ServerConstants.OBJECTCLASS_ATTRIBUTE_TYPE_NAME, "frCoreToken");
    private final ConnectionFactory connectionFactory;
    private final DN ctsBaseDN;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CtsAccessTokenResolver(ConnectionFactory connectionFactory, String str) {
        this.connectionFactory = (ConnectionFactory) Reject.checkNotNull(connectionFactory, "connectionFactory cannot be null");
        this.ctsBaseDN = DN.valueOf((String) Reject.checkNotNull(str, "ctsBaseDN cannot be null"));
    }

    @Override // org.forgerock.http.oauth2.AccessTokenResolver
    public Promise<AccessTokenInfo, AccessTokenException> resolve(Context context, final String str) {
        final AtomicReference atomicReference = new AtomicReference();
        return this.connectionFactory.getConnectionAsync().thenAsync(new AsyncFunction<Connection, SearchResultEntry, LdapException>() { // from class: org.forgerock.opendj.rest2ldap.authz.CtsAccessTokenResolver.4
            @Override // org.forgerock.util.AsyncFunction, org.forgerock.util.Function
            public Promise<SearchResultEntry, LdapException> apply(Connection connection) throws LdapException {
                atomicReference.set(connection);
                return connection.searchSingleEntryAsync(Requests.newSingleEntrySearchRequest(CtsAccessTokenResolver.this.ctsBaseDN.child("coreTokenId", str), SearchScope.BASE_OBJECT, CtsAccessTokenResolver.FR_CORE_TOKEN_OC_FILTER, "coreTokenObject"));
            }
        }).then(new Function<SearchResultEntry, AccessTokenInfo, AccessTokenException>() { // from class: org.forgerock.opendj.rest2ldap.authz.CtsAccessTokenResolver.2
            @Override // org.forgerock.util.Function
            public AccessTokenInfo apply(SearchResultEntry searchResultEntry) throws AccessTokenException {
                JsonValue parseJson = CtsAccessTokenResolver.this.parseJson(searchResultEntry.getAttribute("coreTokenObject").firstValueAsString(), str);
                String requiredFirstValue = CtsAccessTokenResolver.this.getRequiredFirstValue(parseJson.get("tokenName"));
                if (requiredFirstValue.equals("access_token")) {
                    return new AccessTokenInfo(parseJson, str, (Set) parseJson.get(OAuth2Error.F_SCOPE).required().as(JsonValueFunctions.setOf(String.class)), Long.parseLong(CtsAccessTokenResolver.this.getRequiredFirstValue(parseJson.get("expireTime"))));
                }
                throw Utils.newAccessTokenException(Rest2ldapMessages.ERR_OAUTH2_CTS_INVALID_TOKEN_TYPE.get(str, requiredFirstValue));
            }
        }, new Function<LdapException, AccessTokenInfo, AccessTokenException>() { // from class: org.forgerock.opendj.rest2ldap.authz.CtsAccessTokenResolver.3
            @Override // org.forgerock.util.Function
            public AccessTokenInfo apply(LdapException ldapException) throws AccessTokenException {
                throw Utils.newAccessTokenException(Rest2ldapMessages.ERR_OAUTH2_CTS_TOKEN_NOT_FOUND.get(str, ldapException.getMessage()), ldapException);
            }
        }).thenCatchRuntimeException(new Function<RuntimeException, AccessTokenInfo, AccessTokenException>() { // from class: org.forgerock.opendj.rest2ldap.authz.CtsAccessTokenResolver.1
            @Override // org.forgerock.util.Function
            public AccessTokenInfo apply(RuntimeException runtimeException) throws AccessTokenException {
                throw Utils.newAccessTokenException(Rest2ldapMessages.ERR_OAUTH2_CTS_TOKEN_RESOLUTION.get(str, runtimeException.getMessage()), runtimeException);
            }
        }).thenFinally(Utils.close(atomicReference));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getRequiredFirstValue(JsonValue jsonValue) {
        return (String) jsonValue.required().asList(String.class).get(0);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public JsonValue parseJson(String str, String str2) throws AccessTokenException {
        try {
            return new JsonValue(Json.readJson(str));
        } catch (IOException e) {
            throw Utils.newAccessTokenException(Rest2ldapMessages.ERR_OAUTH2_CTS_INVALID_JSON_TOKEN.get(str2));
        }
    }
}
