package org.forgerock.opendj.rest2ldap;

import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.forgerock.json.resource.ForbiddenException;
import org.forgerock.json.resource.ResourceException;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.schema.Schema;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/forgerock/opendj/rest2ldap/AuthzIdTemplate.class */
public final class AuthzIdTemplate {
    private static final Impl DN_IMPL = new Impl() { // from class: org.forgerock.opendj.rest2ldap.AuthzIdTemplate.1
        @Override // org.forgerock.opendj.rest2ldap.AuthzIdTemplate.Impl
        public String formatAsAuthzId(AuthzIdTemplate authzIdTemplate, Object[] objArr, Schema schema) throws ResourceException {
            String format = String.format(Locale.ENGLISH, authzIdTemplate.formatString, objArr);
            try {
                DN.valueOf(format.substring(3), schema);
                return format;
            } catch (IllegalArgumentException e) {
                throw new ForbiddenException(Utils.i18n("The request could not be authorized because the required security principal was not a valid LDAP DN", new Object[0]));
            }
        }
    };
    private static final Pattern DN_PATTERN = Pattern.compile("^dn:\\{[^}]+\\}$");
    private static final Impl DN_TEMPLATE_IMPL = new Impl() { // from class: org.forgerock.opendj.rest2ldap.AuthzIdTemplate.2
        @Override // org.forgerock.opendj.rest2ldap.AuthzIdTemplate.Impl
        public String formatAsAuthzId(AuthzIdTemplate authzIdTemplate, Object[] objArr, Schema schema) throws ResourceException {
            return "dn:" + DN.format(authzIdTemplate.dnFormatString, schema, objArr);
        }
    };
    private static final Pattern KEY_RE = Pattern.compile("\\{([^}]+)\\}");
    private static final Impl UID_TEMPLATE_IMPL = new Impl() { // from class: org.forgerock.opendj.rest2ldap.AuthzIdTemplate.3
        @Override // org.forgerock.opendj.rest2ldap.AuthzIdTemplate.Impl
        public String formatAsAuthzId(AuthzIdTemplate authzIdTemplate, Object[] objArr, Schema schema) throws ResourceException {
            return String.format(Locale.ENGLISH, authzIdTemplate.formatString, objArr);
        }
    };
    private final String dnFormatString;
    private final String formatString;
    private final List<String> keys = new ArrayList();
    private final Impl pimpl;
    private final String template;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/forgerock/opendj/rest2ldap/AuthzIdTemplate$Impl.class */
    public interface Impl {
        String formatAsAuthzId(AuthzIdTemplate authzIdTemplate, Object[] objArr, Schema schema) throws ResourceException;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthzIdTemplate(String str) {
        if (!str.startsWith("u:") && !str.startsWith("dn:")) {
            throw new IllegalArgumentException("Invalid authorization ID template: " + str);
        }
        Matcher matcher = KEY_RE.matcher(str);
        StringBuffer stringBuffer = new StringBuffer(str.length());
        while (matcher.find()) {
            matcher.appendReplacement(stringBuffer, "%s");
            this.keys.add(matcher.group(1));
        }
        matcher.appendTail(stringBuffer);
        this.formatString = stringBuffer.toString();
        this.template = str;
        if (str.startsWith("dn:")) {
            this.pimpl = DN_PATTERN.matcher(str).matches() ? DN_IMPL : DN_TEMPLATE_IMPL;
            this.dnFormatString = this.formatString.substring(3);
        } else {
            this.pimpl = UID_TEMPLATE_IMPL;
            this.dnFormatString = null;
        }
    }

    public String toString() {
        return this.template;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String formatAsAuthzId(Map<String, Object> map, Schema schema) throws ResourceException {
        return this.pimpl.formatAsAuthzId(this, getPrincipalsForFormatting(map), schema);
    }

    private String[] getPrincipalsForFormatting(Map<String, Object> map) throws ForbiddenException {
        String[] strArr = new String[this.keys.size()];
        for (int i = 0; i < strArr.length; i++) {
            String str = this.keys.get(i);
            Object obj = map.get(str);
            if (!Utils.isJSONPrimitive(obj)) {
                if (obj != null) {
                    throw new ForbiddenException(Utils.i18n("The request could not be authorized because the required security principal '%s' had an invalid data type", str));
                }
                throw new ForbiddenException(Utils.i18n("The request could not be authorized because the required security principal '%s' could not be determined", str));
            }
            strArr[i] = String.valueOf(obj);
        }
        return strArr;
    }
}
