package com.elitescloud.boot.auth.provider.security.grant.ldap;

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.lang.Assert;
import cn.hutool.core.text.CharSequenceUtil;
import com.elitescloud.boot.auth.client.common.AuthorizationException;
import com.elitescloud.boot.auth.provider.config.properties.LdapProperties;
import com.elitescloud.boot.auth.provider.security.grant.AbstractCustomAuthenticationProvider;
import com.elitescloud.cloudt.security.entity.GeneralUserDetails;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.PropertyMapper;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:com/elitescloud/boot/auth/provider/security/grant/ldap/LdapAuthenticationProvider.class */
public class LdapAuthenticationProvider extends AbstractCustomAuthenticationProvider<LdapAuthenticationToken> implements InitializingBean {
    private static final Logger logger = LoggerFactory.getLogger(LdapAuthenticationProvider.class);
    private LdapProperties ldapProperties;
    private LdapTemplate ldapTemplate;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.elitescloud.boot.auth.provider.security.grant.AbstractCustomAuthenticationProvider
    public GeneralUserDetails retrieveUser(LdapAuthenticationToken ldapAuthenticationToken) throws AuthenticationException {
        if (!authenticateByLdap(ldapAuthenticationToken)) {
            throw new AuthorizationException(CharSequenceUtil.blankToDefault(this.ldapProperties.getAuthenticatedFailMsg(), "LDAP认证失败"));
        }
        switch (this.ldapProperties.getLoginAccountType()) {
            case ID:
                return this.userDetailManager.loadUserById((String) ldapAuthenticationToken.getPrincipal());
            case USERNAME:
                return this.userDetailManager.loadUserByUsername((String) ldapAuthenticationToken.getPrincipal());
            case MOBILE:
                return this.userDetailManager.loadUserByMobile((String) ldapAuthenticationToken.getPrincipal());
            case EMAIL:
                return this.userDetailManager.loadUserByEmail((String) ldapAuthenticationToken.getPrincipal());
            default:
                throw new AuthorizationException("认证失败，暂不支持的账号类型");
        }
    }

    public void afterPropertiesSet() throws Exception {
        if (this.ldapProperties == null || !this.ldapProperties.isEnabled()) {
            return;
        }
        logger.info("LDAP is enabled, the server is：{}", Arrays.toString(this.ldapProperties.getUrls()));
        initLdapTemplate();
    }

    @Autowired
    public void setLdapProperties(LdapProperties ldapProperties) {
        this.ldapProperties = ldapProperties;
    }

    private boolean authenticateByLdap(LdapAuthenticationToken ldapAuthenticationToken) {
        if (CharSequenceUtil.isBlank((String) ldapAuthenticationToken.getPrincipal())) {
            throw new AuthorizationException("账号为空");
        }
        HashMap hashMap = new HashMap(8);
        if (CollUtil.isNotEmpty(this.ldapProperties.getLoginAttributes())) {
            hashMap.putAll(this.ldapProperties.getLoginAttributes());
        }
        if (CollUtil.isNotEmpty(ldapAuthenticationToken.getAttributes())) {
            hashMap.putAll(ldapAuthenticationToken.getAttributes());
        }
        AndFilter and = new AndFilter().and(new EqualsFilter(this.ldapProperties.getLoginAttributeName(), (String) ldapAuthenticationToken.getPrincipal()));
        for (Map.Entry entry : hashMap.entrySet()) {
            and.and(entry.getValue() instanceof Integer ? new EqualsFilter((String) entry.getKey(), ((Integer) entry.getValue()).intValue()) : new EqualsFilter((String) entry.getKey(), entry.getValue().toString()));
        }
        try {
            return this.ldapTemplate.authenticate(this.ldapProperties.getBase(), and.encode(), (String) ldapAuthenticationToken.getCredentials());
        } catch (Exception e) {
            throw new AuthorizationException("LDAP认证失败," + e.getMessage(), e);
        }
    }

    private void initLdapTemplate() {
        LdapContextSource buildLdapContextSource = buildLdapContextSource();
        LdapProperties.Template template = this.ldapProperties.getTemplate();
        PropertyMapper alwaysApplyingWhenNonNull = PropertyMapper.get().alwaysApplyingWhenNonNull();
        this.ldapTemplate = new LdapTemplate(buildLdapContextSource);
        PropertyMapper.Source from = alwaysApplyingWhenNonNull.from(Boolean.valueOf(template.isIgnorePartialResultException()));
        LdapTemplate ldapTemplate = this.ldapTemplate;
        Objects.requireNonNull(ldapTemplate);
        from.to((v1) -> {
            r1.setIgnorePartialResultException(v1);
        });
        PropertyMapper.Source from2 = alwaysApplyingWhenNonNull.from(Boolean.valueOf(template.isIgnoreNameNotFoundException()));
        LdapTemplate ldapTemplate2 = this.ldapTemplate;
        Objects.requireNonNull(ldapTemplate2);
        from2.to((v1) -> {
            r1.setIgnoreNameNotFoundException(v1);
        });
        PropertyMapper.Source from3 = alwaysApplyingWhenNonNull.from(Boolean.valueOf(template.isIgnoreSizeLimitExceededException()));
        LdapTemplate ldapTemplate3 = this.ldapTemplate;
        Objects.requireNonNull(ldapTemplate3);
        from3.to((v1) -> {
            r1.setIgnoreSizeLimitExceededException(v1);
        });
    }

    private LdapContextSource buildLdapContextSource() {
        Assert.notEmpty(this.ldapProperties.getUrls(), "LDAP url未配置", new Object[0]);
        LdapContextSource ldapContextSource = new LdapContextSource();
        PropertyMapper alwaysApplyingWhenNonNull = PropertyMapper.get().alwaysApplyingWhenNonNull();
        PropertyMapper.Source from = alwaysApplyingWhenNonNull.from(this.ldapProperties.getUsername());
        Objects.requireNonNull(ldapContextSource);
        from.to(ldapContextSource::setUserDn);
        PropertyMapper.Source from2 = alwaysApplyingWhenNonNull.from(this.ldapProperties.getPassword());
        Objects.requireNonNull(ldapContextSource);
        from2.to(ldapContextSource::setPassword);
        PropertyMapper.Source from3 = alwaysApplyingWhenNonNull.from(this.ldapProperties.getAnonymousReadOnly());
        Objects.requireNonNull(ldapContextSource);
        from3.to((v1) -> {
            r1.setAnonymousReadOnly(v1);
        });
        PropertyMapper.Source from4 = alwaysApplyingWhenNonNull.from(this.ldapProperties.getBase());
        Objects.requireNonNull(ldapContextSource);
        from4.to(ldapContextSource::setBase);
        PropertyMapper.Source from5 = alwaysApplyingWhenNonNull.from(this.ldapProperties.getUrls());
        Objects.requireNonNull(ldapContextSource);
        from5.to(ldapContextSource::setUrls);
        alwaysApplyingWhenNonNull.from(this.ldapProperties.getBaseEnvironment()).to(map -> {
            ldapContextSource.setBaseEnvironmentProperties(Collections.unmodifiableMap(map));
        });
        return ldapContextSource;
    }
}
