package com.centit.framework.cas.handler;

import com.centit.framework.cas.audit.JdbcLoginLogger;
import com.centit.framework.cas.config.LdapProperties;
import com.centit.framework.cas.model.LdapCredential;
import com.centit.support.algorithm.StringBaseOpt;
import com.centit.support.compiler.Pretreatment;
import java.security.GeneralSecurityException;
import java.text.MessageFormat;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Properties;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.HandlerResult;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/centit-cas-login-plugin-1.1-SNAPSHOT.jar:com/centit/framework/cas/handler/LdapAuthenticationHandler.class */
public class LdapAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler {
    private static Logger logger = LoggerFactory.getLogger((Class<?>) JdbcLoginLogger.class);
    private LdapProperties ldapProperties;

    public LdapAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer num) {
        super(str, servicesManager, principalFactory, num);
    }

    public boolean checkUserPasswordByDn(String str, String str2) throws NamingException {
        Properties properties = new Properties();
        properties.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        properties.put("java.naming.security.authentication", "simple");
        properties.put("java.naming.security.principal", str);
        properties.put("java.naming.security.credentials", str2);
        properties.put("java.naming.provider.url", this.ldapProperties.getUrl());
        LdapContext ldapContext = null;
        try {
            ldapContext = new InitialLdapContext(properties, (Control[]) null);
            if (ldapContext != null) {
                ldapContext.close();
            }
            return true;
        } catch (Throwable th) {
            if (ldapContext != null) {
                ldapContext.close();
            }
            throw th;
        }
    }

    public static String getAttributeString(Attributes attributes, String str) {
        Attribute attribute = attributes.get(str);
        if (attribute == null) {
            return null;
        }
        try {
            return StringBaseOpt.objectToString(attribute.get());
        } catch (NamingException e) {
            logger.error(e.getMessage());
            return null;
        }
    }

    public Principal searchPrincipalByCredential(Credential credential) {
        Properties properties = new Properties();
        properties.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        properties.put("java.naming.security.authentication", "simple");
        properties.put("java.naming.security.principal", this.ldapProperties.getUsername());
        properties.put("java.naming.security.credentials", this.ldapProperties.getPassword());
        properties.put("java.naming.provider.url", this.ldapProperties.getUrl());
        LdapContext ldapContext = null;
        try {
            InitialLdapContext initialLdapContext = new InitialLdapContext(properties, (Control[]) null);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            Iterator<String> it = this.ldapProperties.getSearchFilter().iterator();
            while (it.hasNext()) {
                String format = MessageFormat.format(it.next(), credential.getId());
                searchControls.setReturningAttributes(this.ldapProperties.getPrincipalAttributesAsArray());
                NamingEnumeration search = initialLdapContext.search(this.ldapProperties.getSearchBase(), format, searchControls);
                if (search.hasMoreElements()) {
                    Attributes attributes = ((SearchResult) search.next()).getAttributes();
                    String attributeString = getAttributeString(attributes, this.ldapProperties.getPrincipalIdField());
                    if (StringUtils.isNotBlank(attributeString)) {
                        HashMap hashMap = new HashMap(20);
                        NamingEnumeration all = attributes.getAll();
                        while (all.hasMore()) {
                            Attribute attribute = (Attribute) all.next();
                            hashMap.put(attribute.getID(), attribute.get());
                        }
                        initialLdapContext.close();
                        return this.principalFactory.createPrincipal(attributeString, hashMap);
                    }
                }
            }
            initialLdapContext.close();
            return null;
        } catch (NamingException e) {
            if (0 == 0) {
                return null;
            }
            try {
                ldapContext.close();
                return null;
            } catch (NamingException e2) {
                e2.printStackTrace();
                return null;
            }
        }
    }

    @Override // org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler
    protected HandlerResult doAuthentication(Credential credential) throws GeneralSecurityException, PreventedException {
        LdapCredential ldapCredential = (LdapCredential) credential;
        Principal searchPrincipalByCredential = searchPrincipalByCredential(credential);
        if (searchPrincipalByCredential == null) {
            throw new AccountNotFoundException("用户找不到！");
        }
        try {
            if (checkUserPasswordByDn(Pretreatment.mapTemplateString(this.ldapProperties.getDnFormat(), searchPrincipalByCredential.getAttributes()), ldapCredential.getPassword())) {
                return createHandlerResult(credential, searchPrincipalByCredential, null);
            }
            throw new FailedLoginException("用户名密码不匹配。");
        } catch (NamingException e) {
            throw new FailedLoginException(e.getLocalizedMessage());
        }
    }

    @Override // org.apereo.cas.authentication.AuthenticationHandler
    public boolean supports(Credential credential) {
        return credential instanceof LdapCredential;
    }

    public void setLdapProperties(LdapProperties ldapProperties) {
        this.ldapProperties = ldapProperties;
    }
}
