package com.seeyon.apps.ldap.sso;

import com.seeyon.apps.ldap.config.LDAPConfig;
import com.seeyon.ctp.organization.bo.V3xOrgEntity;
import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import sun.misc.BASE64Decoder;

/* loaded from: input_file:com/seeyon/apps/ldap/sso/ADSSOHandShake.class */
public class ADSSOHandShake {
    private static final String keyPsName = "A8Server.keymap";
    private static final Log log = LogFactory.getLog(ADSSOHandShake.class);
    private static ADSSOHandShake event = null;
    private boolean inited = false;
    private GSContextpool pool = new GSContextpool();

    private ADSSOHandShake() {
    }

    public static ADSSOHandShake getInstance() {
        if (event == null) {
            event = new ADSSOHandShake();
            try {
                event.init();
            } catch (IOException e) {
                log.error(e.getMessage(), e);
            }
        }
        return event;
    }

    private void testInited() {
        if (this.inited) {
            return;
        }
        GSSContext gSSContext = null;
        try {
            try {
                gSSContext = this.pool.getContext();
                this.inited = true;
                if (gSSContext != null) {
                    try {
                        gSSContext.dispose();
                    } catch (Exception e) {
                        log.error(e.getMessage(), e);
                    }
                }
            } catch (Exception e2) {
                log.error(e2.getMessage(), e2);
                if (gSSContext != null) {
                    try {
                        gSSContext.dispose();
                    } catch (Exception e3) {
                        log.error(e3.getMessage(), e3);
                    }
                }
            }
        } catch (Throwable th) {
            if (gSSContext != null) {
                try {
                    gSSContext.dispose();
                } catch (Exception e4) {
                    log.error(e4.getMessage(), e4);
                }
            }
            throw th;
        }
    }

    public void init() throws IOException {
        try {
            setConfig();
            this.pool.init();
            testInited();
        } catch (Exception e) {
            log.error(e.getMessage(), e);
        }
    }

    public String getADLoginName(String str) {
        if (str.startsWith("Negotiate ")) {
            String substring = str.substring("Negotiate ".length());
            if (substring.startsWith("TlRMTVNTUA")) {
                log.warn("TlRMTVNTUA 方式登录");
                return null;
            }
            try {
                byte[] decodeBuffer = new BASE64Decoder().decodeBuffer(substring);
                GSSContext context = this.pool.getContext();
                try {
                    context.acceptSecContext(decodeBuffer, 0, decodeBuffer.length);
                    if (context.isEstablished()) {
                        return context.getSrcName().toString();
                    }
                    context.dispose();
                } finally {
                    context.dispose();
                }
            } catch (Exception e) {
                log.error(V3xOrgEntity.DEFAULT_EMPTY_STRING, e);
            }
        }
        return str;
    }

    public String getUserName(String str) {
        if (!str.startsWith("Negotiate ")) {
            return null;
        }
        String substring = str.substring("Negotiate ".length());
        if (substring.startsWith("TlRMTVNTUA")) {
            return null;
        }
        try {
            return readKerberosUserName(new BASE64Decoder().decodeBuffer(substring));
        } catch (Exception e) {
            e.printStackTrace();
            log.error(V3xOrgEntity.DEFAULT_EMPTY_STRING, e);
            return null;
        }
    }

    private void setConfig() throws GSSException {
        System.setProperty("java.security.auth.login.config", "krb5Login.config");
        System.setProperty("java.security.krb5.realm", LDAPConfig.getInstance().getAdDomainName());
        System.setProperty("java.security.krb5.kdc", LDAPConfig.getInstance().getIp());
        log.debug("java.security.krb5.realm:" + LDAPConfig.getInstance().getAdDomainName());
        log.debug("java.security.krb5.kdc:" + LDAPConfig.getInstance().getPrincipal());
        log.debug(" principal:" + LDAPConfig.getInstance().getIp());
        if (log.isDebugEnabled()) {
            System.setProperty("sun.security.krb5.debug", "true");
        } else {
            System.setProperty("sun.security.krb5.debug", "false");
        }
        System.setProperty("sun.security.jgss.native", "true");
        System.setProperty("sun.security.spnego.msinterop", "true");
        if (log.isDebugEnabled()) {
            System.setProperty("sun.security.spnego.debug", "true");
        } else {
            System.setProperty("sun.security.spnego.debug", "false");
        }
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
        try {
            PrintWriter printWriter = new PrintWriter(new File("krb5Login.config"));
            try {
                printWriter.println("com.sun.security.jgss.initiate {");
                printWriter.println("        com.sun.security.auth.module.Krb5LoginModule required");
                printWriter.println("        principal=\"" + LDAPConfig.getInstance().getPrincipal() + "\" useKeyTab=true");
                printWriter.println("        keyTab=A8Server.keymap storeKey=true;");
                printWriter.println("};");
                printWriter.println("com.sun.security.jgss.accept {");
                printWriter.println("        com.sun.security.auth.module.Krb5LoginModule required");
                printWriter.println("        principal=\"" + LDAPConfig.getInstance().getPrincipal() + "\" useKeyTab=true");
                printWriter.println("        keyTab=A8Server.keymap storeKey=true;");
                printWriter.println("};");
                printWriter.println("logina6{");
                printWriter.println("        com.sun.security.auth.module.Krb5LoginModule required");
                printWriter.println("        principal=\"" + LDAPConfig.getInstance().getPrincipal() + "\" useKeyTab=true");
                printWriter.println("        keyTab=A8Server.keymap storeKey=true;");
                printWriter.println("};");
                printWriter.flush();
                printWriter.close();
            } catch (Throwable th) {
                printWriter.close();
                throw th;
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
        }
    }

    public String readKerberosUserName(byte[] bArr) throws GSSException {
        GSSContext context = this.pool.getContext();
        try {
            context.acceptSecContext(bArr, 0, bArr.length);
            if (context.isEstablished()) {
                return StringUtils.substring(context.getSrcName().toString(), 0, context.getSrcName().toString().indexOf("@"));
            }
            context.dispose();
            return null;
        } finally {
            context.dispose();
        }
    }
}
