package com.centit.framework.users.controller;

import com.alibaba.fastjson2.JSON;
import com.centit.framework.common.ResponseData;
import com.centit.framework.core.controller.BaseController;
import com.centit.framework.core.controller.WrapUpResponseBody;
import com.centit.framework.model.adapter.PlatformEnvironment;
import com.centit.framework.model.basedata.UserSyncDirectory;
import com.centit.framework.model.security.CentitUserDetails;
import com.centit.framework.operationlog.RecordOperationLog;
import com.centit.framework.security.SecurityContextUtils;
import com.centit.framework.system.service.UserSyncDirectoryManager;
import com.centit.support.algorithm.BooleanBaseOpt;
import com.centit.support.algorithm.CollectionsOpt;
import com.centit.support.algorithm.StringBaseOpt;
import com.centit.support.common.ObjectException;
import com.centit.support.compiler.Pretreatment;
import com.centit.support.image.CaptchaImageUtil;
import com.centit.support.security.SecurityOptUtils;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import java.util.Properties;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.text.StringEscapeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;

@RequestMapping({"/ldap"})
@Api(value = "ldap登录相关接口", tags = {"ldap登录相关接口"})
@Controller
/* loaded from: input_file:com/centit/framework/users/controller/LdapLogin.class */
public class LdapLogin extends BaseController {
    private static final String LDAP_USER_ID = "ldapUserURI";
    private static Logger logger = LoggerFactory.getLogger(LdapLogin.class);

    @Autowired
    private PlatformEnvironment platformEnvironment;

    @Autowired
    private UserSyncDirectoryManager userSyncDirectoryManager;

    @Value("${security.disable.user}")
    private String disableUser;

    public String getOptId() {
        return "LDAPLOGIN";
    }

    @PostMapping({"/login"})
    @WrapUpResponseBody
    @ApiOperation(value = "ldap登录", notes = "ldap登录")
    @RecordOperationLog(content = "用户{username}使用ldap登录,操作IP地址:{loginIp}", newValue = "ldap登录")
    public ResponseData login(@RequestParam("username") String str, @RequestParam("password") String str2, HttpServletRequest httpServletRequest) throws Exception {
        if (!BooleanBaseOpt.castObjectToBoolean(httpServletRequest.getSession().getAttribute(SecurityContextUtils.AJAX_CHECK_CAPTCHA_RESULT), false).booleanValue()) {
            String parameter = httpServletRequest.getParameter("j_checkcode");
            String castObjectToString = StringBaseOpt.castObjectToString(httpServletRequest.getSession().getAttribute("session_checkcode"));
            httpServletRequest.getSession().removeAttribute("session_checkcode");
            if (!StringBaseOpt.isNvl(castObjectToString) && !CaptchaImageUtil.checkcodeMatch(castObjectToString, parameter)) {
                throw new AuthenticationServiceException("验证码输入有误，请检查后重新输入！");
            }
        }
        httpServletRequest.getSession().setAttribute(SecurityContextUtils.AJAX_CHECK_CAPTCHA_RESULT, false);
        String decodeSecurityString = SecurityOptUtils.decodeSecurityString(StringEscapeUtils.unescapeHtml4(str));
        String decodeSecurityString2 = SecurityOptUtils.decodeSecurityString(StringEscapeUtils.unescapeHtml4(str2));
        if (StringUtils.isNotBlank(this.disableUser)) {
            this.disableUser = StringUtils.deleteWhitespace(this.disableUser);
            for (String str3 : this.disableUser.split(",")) {
                if (decodeSecurityString.contains(str3)) {
                    return ResponseData.makeErrorMessage("禁用的用户账号");
                }
            }
        }
        for (UserSyncDirectory userSyncDirectory : this.userSyncDirectoryManager.listLdapDirectory()) {
            if (!StringUtils.isBlank(userSyncDirectory.getUrl()) && checkUserPasswordByDn(userSyncDirectory, decodeSecurityString, decodeSecurityString2)) {
                CentitUserDetails loadUserDetailsByLoginName = this.platformEnvironment.loadUserDetailsByLoginName(decodeSecurityString);
                if (loadUserDetailsByLoginName == null) {
                    throw new ObjectException(710, "user not found--" + decodeSecurityString);
                }
                SecurityContextHolder.getContext().setAuthentication(loadUserDetailsByLoginName);
                SecurityContextUtils.fetchAndSetLocalParams(loadUserDetailsByLoginName, httpServletRequest, this.platformEnvironment);
                return SecurityContextUtils.makeLoginSuccessResponse(loadUserDetailsByLoginName, httpServletRequest);
            }
        }
        return ResponseData.makeErrorMessage("用户名或密码错误");
    }

    public static boolean checkUserPasswordByDn(UserSyncDirectory userSyncDirectory, String str, String str2) {
        String string = JSON.parseObject(userSyncDirectory.getSearchBase()).getString("userURIFormat");
        if (StringUtils.isBlank(string)) {
            string = "{loginName}";
        }
        String mapTemplateString = Pretreatment.mapTemplateString(string, CollectionsOpt.createHashMap(new Object[]{"loginName", str, "topUnit", userSyncDirectory.getTopUnit()}));
        Properties properties = new Properties();
        properties.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        properties.put("java.naming.security.authentication", "simple");
        properties.put("java.naming.security.principal", mapTemplateString);
        properties.put("java.naming.security.credentials", str2);
        properties.put("java.naming.provider.url", userSyncDirectory.getUrl());
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = new InitialLdapContext(properties, (Control[]) null);
                if (ldapContext != null) {
                    try {
                        ldapContext.close();
                    } catch (Exception e) {
                        logger.error(e.getMessage());
                    }
                }
                return true;
            } catch (Exception e2) {
                logger.error(e2.getMessage());
                if (ldapContext != null) {
                    try {
                        ldapContext.close();
                    } catch (Exception e3) {
                        logger.error(e3.getMessage());
                    }
                }
                return false;
            }
        } catch (Throwable th) {
            if (ldapContext != null) {
                try {
                    ldapContext.close();
                } catch (Exception e4) {
                    logger.error(e4.getMessage());
                }
            }
            throw th;
        }
    }
}
