package com.centit.framework.users.controller;

import com.centit.framework.model.adapter.PlatformEnvironment;
import com.centit.framework.system.po.UserSyncDirectory;
import com.centit.framework.system.service.UserSyncDirectoryManager;
import com.centit.support.algorithm.StringBaseOpt;
import com.centit.support.common.ObjectException;
import com.centit.support.compiler.Pretreatment;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.servlet.http.HttpServletResponse;
import oracle.jdbc.OracleConnection;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.view.UrlBasedViewResolver;

@RequestMapping({"/ldap"})
@Api(value = "ldap登录相关接口", tags = {"ldap登录相关接口"})
@Controller
/* loaded from: input_file:WEB-INF/lib/centit-ip-users-register-5.2-SNAPSHOT.jar:com/centit/framework/users/controller/LdapLogin.class */
public class LdapLogin {
    private static Logger logger = LoggerFactory.getLogger((Class<?>) LdapLogin.class);

    @Autowired
    private PlatformEnvironment platformEnvironment;

    @Autowired
    private UserSyncDirectoryManager userSyncDirectoryManager;

    @PostMapping({DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL})
    @ApiOperation(value = "ldap登录", notes = "ldap登录")
    public String login(@RequestParam("username") String str, @RequestParam("password") String str2, @RequestParam("returnUrl") String str3, HttpServletResponse httpServletResponse) throws Exception {
        Map<String, Object> searchLdapUserByloginName = searchLdapUserByloginName(str);
        if (searchLdapUserByloginName == null || searchLdapUserByloginName.isEmpty()) {
            throw new ObjectException(500, "用户找不到！");
        }
        try {
            if (!checkUserPasswordByDn(Pretreatment.mapTemplateString("CN={name},CN=Users,DC=centit,DC=com", searchLdapUserByloginName), str2)) {
                throw new ObjectException(500, "用户名密码不匹配。");
            }
            SecurityContextHolder.getContext().setAuthentication(this.platformEnvironment.loadUserDetailsByLoginName(searchLdapUserByloginName.get("sAMAccountName") + ""));
            return UrlBasedViewResolver.REDIRECT_URL_PREFIX + str3;
        } catch (NamingException e) {
            throw new ObjectException(500, "系统错误");
        }
    }

    public Map<String, Object> searchLdapUserByloginName(String str) {
        List<UserSyncDirectory> listObjects = this.userSyncDirectoryManager.listObjects();
        UserSyncDirectory userSyncDirectory = new UserSyncDirectory();
        if (listObjects != null && listObjects.size() > 0) {
            for (UserSyncDirectory userSyncDirectory2 : listObjects) {
                if (userSyncDirectory2.getType().equalsIgnoreCase("LDAP")) {
                    userSyncDirectory = userSyncDirectory2;
                }
            }
        }
        Properties properties = new Properties();
        properties.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        properties.put(OracleConnection.CONNECTION_PROPERTY_THIN_NAMING_SECURITY_AUTHENTICATION, "simple");
        properties.put("java.naming.security.principal", userSyncDirectory.getUser());
        properties.put("java.naming.security.credentials", userSyncDirectory.getUserPwd());
        properties.put("java.naming.provider.url", userSyncDirectory.getUrl());
        HashMap hashMap = new HashMap(20);
        LdapContext ldapContext = null;
        try {
            ldapContext = new InitialLdapContext(properties, (Control[]) null);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            ArrayList arrayList = new ArrayList();
            arrayList.add("(&(objectCategory=person)(objectClass=user)(sAMAccountName={0}))");
            arrayList.add("(distinguishedName=CN={0},CN=Users,DC=centit,DC=com)");
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                String format = MessageFormat.format((String) it.next(), str);
                searchControls.setReturningAttributes(new String[]{"displayName", "name", "sAMAccountName", "mail", "distinguishedName", "jobNo", "idCard", "mobilePhone", "description", "memberOf"});
                NamingEnumeration search = ldapContext.search("CN=Users,DC=centit,DC=com", format, searchControls);
                if (search.hasMoreElements()) {
                    Attributes attributes = ((SearchResult) search.next()).getAttributes();
                    if (StringUtils.isNotBlank(getAttributeString(attributes, "sAMAccountName"))) {
                        NamingEnumeration all = attributes.getAll();
                        while (all.hasMore()) {
                            Attribute attribute = (Attribute) all.next();
                            hashMap.put(attribute.getID(), attribute.get());
                        }
                        ldapContext.close();
                    }
                }
            }
            ldapContext.close();
        } catch (NamingException e) {
            if (ldapContext != null) {
                try {
                    ldapContext.close();
                } catch (NamingException e2) {
                    e2.printStackTrace();
                }
            }
        }
        return hashMap;
    }

    public static String getAttributeString(Attributes attributes, String str) {
        Attribute attribute = attributes.get(str);
        if (attribute == null) {
            return null;
        }
        try {
            return StringBaseOpt.objectToString(attribute.get());
        } catch (NamingException e) {
            logger.error(e.getMessage());
            return null;
        }
    }

    public boolean checkUserPasswordByDn(String str, String str2) throws NamingException {
        Properties properties = new Properties();
        properties.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        properties.put(OracleConnection.CONNECTION_PROPERTY_THIN_NAMING_SECURITY_AUTHENTICATION, "simple");
        properties.put("java.naming.security.principal", str);
        properties.put("java.naming.security.credentials", str2);
        properties.put("java.naming.provider.url", "LDAP://192.168.128.5:389");
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = new InitialLdapContext(properties, (Control[]) null);
                if (ldapContext != null) {
                    ldapContext.close();
                }
                return true;
            } catch (Exception e) {
                logger.error(e.getMessage());
                if (ldapContext != null) {
                    ldapContext.close();
                }
                return false;
            }
        } catch (Throwable th) {
            if (ldapContext != null) {
                ldapContext.close();
            }
            throw th;
        }
    }
}
