package org.apache.james.jmap.http;

import com.google.common.annotations.VisibleForTesting;
import java.util.Objects;
import javax.inject.Inject;
import org.apache.james.jmap.api.access.AccessToken;
import org.apache.james.jmap.api.access.exceptions.InvalidAccessToken;
import org.apache.james.jmap.api.access.exceptions.NotAnAccessTokenException;
import org.apache.james.jmap.draft.api.AccessTokenManager;
import org.apache.james.jmap.exceptions.UnauthorizedException;
import org.apache.james.mailbox.MailboxManager;
import org.apache.james.mailbox.MailboxSession;
import reactor.core.publisher.Mono;
import reactor.netty.http.server.HttpServerRequest;

/* loaded from: input_file:org/apache/james/jmap/http/AccessTokenAuthenticationStrategy.class */
public class AccessTokenAuthenticationStrategy implements AuthenticationStrategy {
    private final AccessTokenManager accessTokenManager;
    private final MailboxManager mailboxManager;

    @Inject
    @VisibleForTesting
    AccessTokenAuthenticationStrategy(AccessTokenManager accessTokenManager, MailboxManager mailboxManager) {
        this.accessTokenManager = accessTokenManager;
        this.mailboxManager = mailboxManager;
    }

    public Mono<MailboxSession> createMailboxSession(HttpServerRequest httpServerRequest) {
        Mono flatMap = Mono.fromCallable(() -> {
            return authHeaders(httpServerRequest);
        }).filter(str -> {
            return !str.startsWith("Bearer");
        }).map(AccessToken::fromString).flatMap(accessToken -> {
            return Mono.from(this.accessTokenManager.mo3getUsernameFromToken(accessToken));
        });
        MailboxManager mailboxManager = this.mailboxManager;
        Objects.requireNonNull(mailboxManager);
        return flatMap.map(mailboxManager::createSystemSession).onErrorResume(InvalidAccessToken.class, invalidAccessToken -> {
            return Mono.error(new UnauthorizedException("Invalid access token", invalidAccessToken));
        }).onErrorResume(NotAnAccessTokenException.class, notAnAccessTokenException -> {
            return Mono.error(new UnauthorizedException("Not an access token", notAnAccessTokenException));
        });
    }
}
