package com.seeyon.apps.ldap.login;

import com.seeyon.apps.ldap.config.LDAPConfig;
import com.seeyon.apps.ldap.sso.ADSSOHandShake;
import com.seeyon.apps.ldap.util.LDAPTool;
import com.seeyon.ctp.common.AppContext;
import com.seeyon.ctp.common.SystemEnvironment;
import com.seeyon.ctp.common.constants.LoginResult;
import com.seeyon.ctp.common.exceptions.BusinessException;
import com.seeyon.ctp.common.po.usermapper.CtpOrgUserMapper;
import com.seeyon.ctp.common.usermapper.dao.UserMapperDao;
import com.seeyon.ctp.login.AbstractLoginAuthentication;
import com.seeyon.ctp.login.LoginAuthenticationException;
import com.seeyon.ctp.organization.bo.V3xOrgMember;
import com.seeyon.ctp.organization.manager.OrgManager;
import com.seeyon.ctp.organization.principal.NoSuchPrincipalException;
import com.seeyon.ctp.organization.principal.PrincipalManager;
import com.seeyon.ctp.util.Strings;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/seeyon/apps/ldap/login/LDAPLoginAuthentication.class */
public class LDAPLoginAuthentication extends AbstractLoginAuthentication {
    private static final Log log = LogFactory.getLog(LDAPLoginAuthentication.class);
    private UserMapperDao userMapperDao;
    private PrincipalManager principalManager;
    private OrgManager orgManager;

    public LDAPLoginAuthentication() {
        this.principalManager = null;
        this.orgManager = null;
        if (this.userMapperDao == null) {
            this.userMapperDao = (UserMapperDao) AppContext.getBean("userMapperDao");
        }
        if (this.principalManager == null) {
            this.principalManager = (PrincipalManager) AppContext.getBean("principalManager");
        }
        if (this.orgManager == null) {
            this.orgManager = (OrgManager) AppContext.getBean("orgManager");
        }
    }

    public String[] authenticate(String str, String str2) throws LoginAuthenticationException {
        V3xOrgMember memberById;
        V3xOrgMember memberById2;
        if (LDAPTool.canLocalAuth()) {
            return null;
        }
        if (str2 == null) {
            CtpOrgUserMapper loginName = this.userMapperDao.getLoginName(str, LDAPTool.catchLDAPConfig().getType());
            if (loginName == null) {
                throw new LoginAuthenticationException(LoginResult.ERROR_AD_ACCOUNT_BINDING);
            }
            try {
                memberById2 = this.orgManager.getMemberById(loginName.getMemberId());
            } catch (BusinessException unused) {
            }
            if (memberById2 == null) {
                return null;
            }
            if (!memberById2.isValid()) {
                return null;
            }
            return new String[]{loginName.getLoginName(), str2};
        }
        try {
            memberById = this.orgManager.getMemberById(Long.valueOf(this.principalManager.getMemberIdByLoginName(str)));
        } catch (NoSuchPrincipalException unused2) {
        } catch (Exception e) {
            log.error("LDAP ERROR:", e);
        }
        if (memberById == null) {
            return null;
        }
        if (memberById.getIsAdmin().booleanValue()) {
            return null;
        }
        CtpOrgUserMapper auth = LDAPTool.createAuthenticator(this.userMapperDao).auth(str, str2);
        if (auth != null) {
            return new String[]{auth.getLoginName(), str2};
        }
        throw new LoginAuthenticationException(LoginResult.ERROR_UNKNOWN_USER);
    }

    public String[] authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws LoginAuthenticationException {
        if (!SystemEnvironment.hasPlugin("ldap") || !LDAPConfig.getInstance().getIsEnableLdap()) {
            return null;
        }
        String header = Strings.isBlank(httpServletRequest.getHeader("authorization")) ? httpServletRequest.getHeader("Authorization") : httpServletRequest.getHeader("authorization");
        if (Strings.isBlank(header)) {
            header = httpServletRequest.getParameter("authorization");
        }
        log.info("AD单点登录:" + header);
        String parameter = httpServletRequest.getParameter("login_username");
        String parameter2 = httpServletRequest.getParameter("login_password");
        if (!StringUtils.isNotBlank(header) || !StringUtils.isBlank(parameter) || !StringUtils.isBlank(parameter2)) {
            if (StringUtils.isBlank(parameter) || StringUtils.isBlank(parameter2)) {
                return null;
            }
            return authenticate(parameter, parameter2);
        }
        String userName = ADSSOHandShake.getInstance().getUserName(header);
        log.info("AD单点登录adLoginName:" + userName);
        if (StringUtils.isBlank(userName)) {
            throw new LoginAuthenticationException(LoginResult.ERROR_AD_ACCOUNT_ERROR);
        }
        return authenticate(userName, (String) null);
    }
}
