package com.elitescloud.boot.auth.provider.sso2.support.convert;

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.lang.Assert;
import cn.hutool.core.text.CharSequenceUtil;
import cn.hutool.core.util.ArrayUtil;
import com.elitescloud.boot.auth.client.common.AuthorizationException;
import com.elitescloud.boot.auth.provider.security.grant.InternalAuthenticationGranter;
import com.elitescloud.boot.auth.provider.sso2.common.SsoConvertProperty;
import com.elitescloud.boot.auth.provider.sso2.common.SsoTypeEnum;
import com.elitescloud.boot.auth.provider.sso2.support.convert.properties.LdapSsoConvertProperty;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jetbrains.annotations.Nullable;
import org.springframework.boot.context.properties.PropertyMapper;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;

/* loaded from: input_file:com/elitescloud/boot/auth/provider/sso2/support/convert/LdapSsoAuthenticationConvert.class */
public class LdapSsoAuthenticationConvert extends BasePlainSsoAuthenticationConvert {
    @Override // com.elitescloud.boot.auth.provider.sso2.common.SsoAuthenticationConvert
    public SsoTypeEnum supportType() {
        return SsoTypeEnum.LDAP;
    }

    @Override // com.elitescloud.boot.auth.provider.sso2.common.SsoAuthenticationConvert
    public <T extends SsoConvertProperty> Class<T> propertyType() {
        return LdapSsoConvertProperty.class;
    }

    @Override // com.elitescloud.boot.auth.provider.sso2.common.SsoAuthenticationConvert
    @Nullable
    public <T extends SsoConvertProperty> InternalAuthenticationGranter.InternalAuthenticationToken convert(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, T t) {
        LdapSsoConvertProperty ldapSsoConvertProperty = (LdapSsoConvertProperty) t;
        String param = getParam(httpServletRequest, ldapSsoConvertProperty.getParamName(), ldapSsoConvertProperty.getParamIn());
        if (CharSequenceUtil.isBlank(param)) {
            throw new IllegalArgumentException("参数为空:" + ldapSsoConvertProperty.getParamName());
        }
        String[] decodeBasicAuth = decodeBasicAuth(param);
        if (ArrayUtil.isEmpty(decodeBasicAuth) || CharSequenceUtil.isBlank(decodeBasicAuth[0])) {
            throw new IllegalArgumentException("授权账户为空");
        }
        if (authenticateByLdap(decodeBasicAuth[0], decodeBasicAuth[1], ldapSsoConvertProperty)) {
            return new InternalAuthenticationGranter.InternalAuthenticationToken(ldapSsoConvertProperty.getIdType(), decodeBasicAuth[0]);
        }
        throw new AuthorizationException("认证失败, 请确认账户密码一致");
    }

    private String[] decodeBasicAuth(String str) {
        if (str.startsWith("Basic ") || str.startsWith("basic ")) {
            str = str.substring(6);
        }
        String[] split = new String(Base64.getDecoder().decode(str.getBytes(StandardCharsets.UTF_8))).split(":");
        return split.length == 1 ? new String[]{URLDecoder.decode(split[0], StandardCharsets.UTF_8)} : new String[]{URLDecoder.decode(split[0], StandardCharsets.UTF_8), URLDecoder.decode(split[1], StandardCharsets.UTF_8)};
    }

    private boolean authenticateByLdap(String str, String str2, LdapSsoConvertProperty ldapSsoConvertProperty) {
        HashMap hashMap = new HashMap(8);
        if (CollUtil.isNotEmpty(ldapSsoConvertProperty.getLoginAttributes())) {
            hashMap.putAll(ldapSsoConvertProperty.getLoginAttributes());
        }
        AndFilter and = new AndFilter().and(new EqualsFilter(ldapSsoConvertProperty.getLoginAttributeName(), str));
        for (Map.Entry entry : hashMap.entrySet()) {
            and.and(entry.getValue() instanceof Integer ? new EqualsFilter((String) entry.getKey(), ((Integer) entry.getValue()).intValue()) : new EqualsFilter((String) entry.getKey(), entry.getValue().toString()));
        }
        try {
            return buildLdapTemplate(ldapSsoConvertProperty).authenticate(ldapSsoConvertProperty.getBase(), and.encode(), str2);
        } catch (Exception e) {
            throw new AuthorizationException("LDAP认证失败," + e.getMessage(), e);
        }
    }

    private LdapTemplate buildLdapTemplate(LdapSsoConvertProperty ldapSsoConvertProperty) {
        LdapContextSource buildLdapContextSource = buildLdapContextSource(ldapSsoConvertProperty);
        LdapSsoConvertProperty.Template template = ldapSsoConvertProperty.getTemplate();
        PropertyMapper alwaysApplyingWhenNonNull = PropertyMapper.get().alwaysApplyingWhenNonNull();
        LdapTemplate ldapTemplate = new LdapTemplate(buildLdapContextSource);
        PropertyMapper.Source from = alwaysApplyingWhenNonNull.from(Boolean.valueOf(template.isIgnorePartialResultException()));
        Objects.requireNonNull(ldapTemplate);
        from.to((v1) -> {
            r1.setIgnorePartialResultException(v1);
        });
        PropertyMapper.Source from2 = alwaysApplyingWhenNonNull.from(Boolean.valueOf(template.isIgnoreNameNotFoundException()));
        Objects.requireNonNull(ldapTemplate);
        from2.to((v1) -> {
            r1.setIgnoreNameNotFoundException(v1);
        });
        PropertyMapper.Source from3 = alwaysApplyingWhenNonNull.from(Boolean.valueOf(template.isIgnoreSizeLimitExceededException()));
        Objects.requireNonNull(ldapTemplate);
        from3.to((v1) -> {
            r1.setIgnoreSizeLimitExceededException(v1);
        });
        return ldapTemplate;
    }

    private LdapContextSource buildLdapContextSource(LdapSsoConvertProperty ldapSsoConvertProperty) {
        Assert.notEmpty(ldapSsoConvertProperty.getUrls(), "LDAP url未配置", new Object[0]);
        LdapContextSource ldapContextSource = new LdapContextSource();
        PropertyMapper alwaysApplyingWhenNonNull = PropertyMapper.get().alwaysApplyingWhenNonNull();
        PropertyMapper.Source from = alwaysApplyingWhenNonNull.from(ldapSsoConvertProperty.getUsername());
        Objects.requireNonNull(ldapContextSource);
        from.to(ldapContextSource::setUserDn);
        PropertyMapper.Source from2 = alwaysApplyingWhenNonNull.from(ldapSsoConvertProperty.getPassword());
        Objects.requireNonNull(ldapContextSource);
        from2.to(ldapContextSource::setPassword);
        PropertyMapper.Source from3 = alwaysApplyingWhenNonNull.from(ldapSsoConvertProperty.getAnonymousReadOnly());
        Objects.requireNonNull(ldapContextSource);
        from3.to((v1) -> {
            r1.setAnonymousReadOnly(v1);
        });
        PropertyMapper.Source from4 = alwaysApplyingWhenNonNull.from(ldapSsoConvertProperty.getBase());
        Objects.requireNonNull(ldapContextSource);
        from4.to(ldapContextSource::setBase);
        PropertyMapper.Source from5 = alwaysApplyingWhenNonNull.from(ldapSsoConvertProperty.getUrls());
        Objects.requireNonNull(ldapContextSource);
        from5.to(ldapContextSource::setUrls);
        alwaysApplyingWhenNonNull.from(ldapSsoConvertProperty.getBaseEnvironment()).to(map -> {
            ldapContextSource.setBaseEnvironmentProperties(Collections.unmodifiableMap(map));
        });
        return ldapContextSource;
    }
}
