package com.fr.fs.privilege.auth;

import com.fr.base.FRContext;
import com.fr.fs.FSConfig;
import com.fr.fs.auth.LdapAuthenticateObjectType;
import com.fr.general.GeneralUtils;
import com.fr.privilege.Authentication;
import com.fr.stable.StringUtils;
import java.util.Properties;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;

/* loaded from: input_file:com/fr/fs/privilege/auth/LdapAuthenticationProvider.class */
public class LdapAuthenticationProvider {
    private String url;
    private LdapContext ctx;
    private Control[] connCtls;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/fr/fs/privilege/auth/LdapAuthenticationProvider$LdapAuthenticationProviderHelper.class */
    public static class LdapAuthenticationProviderHelper {
        public static LdapAuthenticationProvider helper = new LdapAuthenticationProvider();

        private LdapAuthenticationProviderHelper() {
        }
    }

    private LdapAuthenticationProvider() {
        this.url = "ldap://ip:389";
        this.connCtls = null;
    }

    public static LdapAuthenticationProvider getInstance() {
        return LdapAuthenticationProviderHelper.helper;
    }

    public boolean ldapAuthentication(Authentication authentication) {
        try {
            connectLdap();
            boolean authenticate = authenticate(GeneralUtils.objectToString(authentication.getPrincipal()), GeneralUtils.objectToString(authentication.getCredentials()));
            closeContext(this.ctx);
            return authenticate;
        } catch (Exception e) {
            closeContext(this.ctx);
            return false;
        } catch (Throwable th) {
            closeContext(this.ctx);
            throw th;
        }
    }

    private void connectLdap() {
        Properties properties = new Properties();
        LdapAuthenticateObjectType ldapAuthenticateObjectType = (LdapAuthenticateObjectType) FSConfig.getProviderInstance().getAuthenticateObjectType(LdapAuthenticateObjectType.class);
        if (ldapAuthenticateObjectType == null) {
            return;
        }
        properties.put("java.naming.factory.initial", ldapAuthenticateObjectType.getContextFactory());
        String ldapUrl = ldapAuthenticateObjectType.getLdapUrl();
        if (StringUtils.isNotBlank(ldapUrl) && !ldapUrl.endsWith("/")) {
            ldapUrl = ldapUrl + "/";
        }
        properties.put("java.naming.provider.url", ldapUrl + ldapAuthenticateObjectType.getLdapSearchBase());
        properties.put("java.naming.security.authentication", ldapAuthenticateObjectType.getAuthentication());
        properties.put("java.naming.referral", ldapAuthenticateObjectType.getReferral());
        if (StringUtils.isNotBlank(ldapAuthenticateObjectType.getLdapSystemName()) && StringUtils.isNotBlank(ldapAuthenticateObjectType.getLdapSystemPassword())) {
            properties.put("java.naming.security.principal", ldapAuthenticateObjectType.getLdapSystemName());
            properties.put("java.naming.security.credentials", ldapAuthenticateObjectType.getLdapSystemPassword());
        }
        try {
            this.ctx = new InitialLdapContext(properties, this.connCtls);
        } catch (javax.naming.AuthenticationException e) {
            FRContext.getLogger().error("AuthenticationException，Authentication faild: " + e.toString());
        } catch (Exception e2) {
            FRContext.getLogger().error("Exception,Something wrong while authenticating: " + e2.toString());
        }
    }

    private String recurseGetUserDN(String str) {
        String str2 = "";
        for (String str3 : new String[]{"sAMAccountName", "cn", "userPrincipalName", "uid", "displayName", "name", "sn"}) {
            str2 = getUserDN(str, str3);
            if (StringUtils.isNotBlank(str2)) {
                break;
            }
        }
        return str2;
    }

    private String getUserDN(String str, String str2) {
        String str3 = "";
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            NamingEnumeration search = this.ctx.search("", "(&(" + str2 + "=" + str + "))", searchControls);
            while (search != null) {
                if (!search.hasMoreElements()) {
                    break;
                }
                if (search.hasMoreElements()) {
                    str3 = ((SearchResult) search.nextElement()).getNameInNamespace();
                    if (StringUtils.isNotBlank(str3) && str3.contains(str)) {
                        break;
                    }
                }
            }
        } catch (Exception e) {
            FRContext.getLogger().error(e.getMessage());
        }
        return str3;
    }

    private boolean authenticate(String str, String str2) {
        boolean z = true;
        String recurseGetUserDN = recurseGetUserDN(str);
        if (StringUtils.isEmpty(recurseGetUserDN)) {
            recurseGetUserDN = str;
        }
        try {
            this.ctx.addToEnvironment("java.naming.security.principal", recurseGetUserDN);
            this.ctx.addToEnvironment("java.naming.security.credentials", str2);
            this.ctx.reconnect(this.connCtls);
        } catch (NamingException e) {
            FRContext.getLogger().error(e.getMessage());
            z = false;
        } catch (javax.naming.AuthenticationException e2) {
            FRContext.getLogger().error(e2.getMessage());
            z = false;
        }
        return z;
    }

    private void closeContext(LdapContext ldapContext) {
        if (ldapContext != null) {
            try {
                ldapContext.close();
            } catch (NamingException e) {
                FRContext.getLogger().error(e.getMessage());
            }
        }
    }
}
