package net.sinodawn.framework.security.sso.impl;

import java.util.Hashtable;
import java.util.List;
import javax.naming.AuthenticationException;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.servlet.http.HttpServletRequest;
import net.sinodawn.framework.context.ApplicationContextHelper;
import net.sinodawn.framework.database.sql.Order;
import net.sinodawn.framework.exception.UnexpectedException;
import net.sinodawn.framework.security.authentication.AuthenticationHelper;
import net.sinodawn.framework.security.bean.LoginUser;
import net.sinodawn.framework.security.sso.SsoAuthenticator;
import net.sinodawn.framework.support.table.TableConstant;
import net.sinodawn.framework.utils.ServletUtils;
import net.sinodawn.framework.utils.StringUtils;
import net.sinodawn.module.mdm.user.bean.CoreUserBean;
import net.sinodawn.module.mdm.user.service.CoreUserService;
import net.sinodawn.module.sys.addomain.bean.CoreAdDomainUserBean;
import net.sinodawn.module.sys.addomain.service.CoreAdDomainUserService;
import net.sinodawn.module.sys.config.bean.CoreLoginConfigBean;
import net.sinodawn.module.sys.config.service.CoreLoginConfigService;
import org.springframework.security.authentication.BadCredentialsException;

/* loaded from: input_file:net/sinodawn/framework/security/sso/impl/AdDomainSsoAuthenticator.class */
public class AdDomainSsoAuthenticator implements SsoAuthenticator {
    private static final String ADDOMAIN_PROVIDER_URL_PREFIX = "ldap://";

    protected Hashtable<String, String> buildAdDomainAuthEnv(CoreLoginConfigBean coreLoginConfigBean) {
        if (StringUtils.isEmpty(coreLoginConfigBean.getAdDomainServer())) {
            throw new BadCredentialsException("CORE.MODULE.SYS.LOGIN_CONFIGS.AD_DOMAIN_SERVER_NOT_NULL");
        }
        if (coreLoginConfigBean.getAdDomainPort() == null) {
            throw new BadCredentialsException("CORE.MODULE.SYS.LOGIN_CONFIGS.AD_DOMAIN_PORT_NOT_NULL");
        }
        Hashtable<String, String> hashtable = new Hashtable<>();
        String adDomainUpnSuffix = StringUtils.isBlank(coreLoginConfigBean.getAdDomainUpnSuffix()) ? "" : coreLoginConfigBean.getAdDomainUpnSuffix();
        HttpServletRequest currentRequest = ServletUtils.getCurrentRequest();
        String str = "1".equals(coreLoginConfigBean.getAdUserIdIgnoreCase()) ? StringUtils.lowerCase(currentRequest.getParameter(TableConstant.PIVOT_EXT_ID)) + adDomainUpnSuffix : currentRequest.getParameter(TableConstant.PIVOT_EXT_ID) + adDomainUpnSuffix;
        String rawPassword = AuthenticationHelper.getRawPassword(currentRequest.getParameter("password"));
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", str);
        hashtable.put("java.naming.security.credentials", rawPassword);
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("com.sun.jndi.ldap.connect.timeout", "3000");
        hashtable.put("java.naming.provider.url", "ldap://" + coreLoginConfigBean.getAdDomainServer() + ":" + coreLoginConfigBean.getAdDomainPort());
        return hashtable;
    }

    protected LoginUser postAuthSuccessWithoutUser(CoreUserBean coreUserBean) {
        throw new BadCredentialsException("CORE.SECURITY.AD_LOGIN.NO_USER_EXISTS");
    }

    /* JADX WARN: Finally extract failed */
    @Override // net.sinodawn.framework.security.sso.SsoAuthenticator
    public LoginUser authenticate() {
        CoreLoginConfigBean selectLoginConfig = ((CoreLoginConfigService) ApplicationContextHelper.getBean(CoreLoginConfigService.class)).selectLoginConfig();
        InitialLdapContext initialLdapContext = null;
        try {
            try {
                try {
                    initialLdapContext = new InitialLdapContext(buildAdDomainAuthEnv(selectLoginConfig), (Control[]) null);
                    if (initialLdapContext != null) {
                        try {
                            initialLdapContext.close();
                        } catch (Exception e) {
                        }
                    }
                    String parameter = ServletUtils.getCurrentRequest().getParameter(TableConstant.PIVOT_EXT_ID);
                    if ("1".equals(selectLoginConfig.getAdUserIdIgnoreCase())) {
                        parameter = StringUtils.lowerCase(parameter);
                    }
                    CoreAdDomainUserService coreAdDomainUserService = (CoreAdDomainUserService) ApplicationContextHelper.getBean(CoreAdDomainUserService.class);
                    CoreAdDomainUserBean coreAdDomainUserBean = new CoreAdDomainUserBean();
                    coreAdDomainUserBean.setAdUserId(parameter);
                    List<CoreAdDomainUserBean> selectList = coreAdDomainUserService.selectList(coreAdDomainUserBean, new Order[0]);
                    if (selectList.isEmpty()) {
                        CoreUserBean coreUserBean = new CoreUserBean();
                        coreUserBean.setId(parameter);
                        postAuthSuccessWithoutUser(coreUserBean);
                        return null;
                    }
                    CoreUserBean selectByIdIfPresent = ((CoreUserService) ApplicationContextHelper.getBean(CoreUserService.class)).selectByIdIfPresent(selectList.get(0).getId());
                    LoginUser loginUser = new LoginUser(selectByIdIfPresent.getId(), selectByIdIfPresent.getPassword());
                    loginUser.setAdditionalCheck(false);
                    return loginUser;
                } catch (Exception e2) {
                    throw new UnexpectedException(e2);
                }
            } catch (AuthenticationException e3) {
                throw new BadCredentialsException("SINO.SECURITY.LOGIN.INCORRECT_USER_OR_PASSWORD");
            }
        } catch (Throwable th) {
            if (initialLdapContext != null) {
                try {
                    initialLdapContext.close();
                } catch (Exception e4) {
                }
            }
            throw th;
        }
    }
}
