package io.choerodon.core.ldap;

import io.choerodon.core.util.BaseConstants;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/choerodon/core/ldap/LdapUtil.class */
public class LdapUtil {
    private static final String INITIAL_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
    private static final String SECURITY_AUTHENTICATION = "simple";
    private static final Logger LOGGER = LoggerFactory.getLogger(LdapUtil.class);

    private LdapUtil() {
    }

    public static LdapContext authenticate(Ldap ldap) {
        String account = ldap.getAccount();
        String password = ldap.getPassword();
        String directoryType = ldap.getDirectoryType();
        LdapContext ldapConnect = ldapConnect(ldap);
        if (ldapConnect == null) {
            return null;
        }
        if (directoryType.equals(DirectoryType.OPEN_LDAP.value())) {
            String userDn = getUserDn(ldapConnect, ldap, account);
            if (userDn.length() == 0 || !ldapAuthenticate(ldapConnect, userDn, password)) {
                return null;
            }
            return ldapConnect;
        }
        if (!directoryType.equals(DirectoryType.MICROSOFT_ACTIVE_DIRECTORY.value())) {
            LOGGER.error("not support directory type : {}", directoryType);
            return null;
        }
        try {
            ldapConnect.addToEnvironment("java.naming.security.principal", account);
            ldapConnect.addToEnvironment("java.naming.security.credentials", password);
            ldapConnect.reconnect((Control[]) null);
            return ldapConnect;
        } catch (NamingException e) {
            LOGGER.error("Microsoft Active Directory authenticate failed, exception : {}", e);
            return null;
        }
    }

    public static LdapContext ldapConnect(Ldap ldap) {
        String serverAddress = ldap.getServerAddress();
        String baseDn = ldap.getBaseDn();
        String port = ldap.getPort();
        HashMap hashMap = new HashMap(10);
        hashMap.put("java.naming.factory.initial", INITIAL_CONTEXT_FACTORY);
        hashMap.put("java.naming.provider.url", serverAddress + ":" + port + BaseConstants.FORWARD_SLASH + baseDn);
        hashMap.put("java.naming.security.authentication", SECURITY_AUTHENTICATION);
        if (ldap.getUseSSL().booleanValue()) {
            hashMap.put("java.naming.security.protocol", "ssl");
        }
        try {
            return new InitialLdapContext(new Hashtable(hashMap), (Control[]) null);
        } catch (NamingException e) {
            LOGGER.info("ldap connect fail: {}", e);
            return null;
        }
    }

    public static String getUserDn(LdapContext ldapContext, Ldap ldap, String str) {
        Set<String> initAttributeSet = initAttributeSet(ldap);
        if (initAttributeSet.contains("")) {
            initAttributeSet.remove("");
        }
        if (initAttributeSet.contains(null)) {
            initAttributeSet.remove(null);
        }
        NamingEnumeration namingEnumeration = getNamingEnumeration(ldapContext, str, initAttributeSet);
        StringBuilder sb = new StringBuilder();
        while (namingEnumeration != null && namingEnumeration.hasMoreElements()) {
            Object nextElement = namingEnumeration.nextElement();
            if (nextElement instanceof SearchResult) {
                sb.append(((SearchResult) nextElement).getName()).append(",").append(ldap.getBaseDn());
            }
        }
        return sb.toString();
    }

    private static Set<String> initAttributeSet(Ldap ldap) {
        HashSet hashSet = new HashSet(Arrays.asList("employeeNumber", "mail", "mobile"));
        if (ldap.getLoginNameField() != null) {
            hashSet.add(ldap.getLoginNameField());
        }
        if (ldap.getRealNameField() != null) {
            hashSet.add(ldap.getRealNameField());
        }
        if (ldap.getEmailField() != null) {
            hashSet.add(ldap.getEmailField());
        }
        if (ldap.getPhoneField() != null) {
            hashSet.add(ldap.getPhoneField());
        }
        return hashSet;
    }

    public static NamingEnumeration getNamingEnumeration(LdapContext ldapContext, String str, Set<String> set) {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration namingEnumeration = null;
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            try {
                namingEnumeration = ldapContext.search("", it.next() + "=" + str, searchControls);
            } catch (NamingException e) {
                LOGGER.error("ldap search fail: {}", e);
            }
            if (namingEnumeration.hasMoreElements()) {
                break;
            }
        }
        return namingEnumeration;
    }

    public static boolean ldapAuthenticate(LdapContext ldapContext, String str, String str2) {
        try {
            ldapContext.addToEnvironment("java.naming.security.principal", str);
            ldapContext.addToEnvironment("java.naming.security.credentials", str2);
            ldapContext.reconnect((Control[]) null);
            return true;
        } catch (NamingException e) {
            LOGGER.info("ldap authenticate fail: {}", e);
            return false;
        }
    }

    public static Attributes anonymousUserGetByObjectClass(Ldap ldap, LdapContext ldapContext) {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        try {
            NamingEnumeration search = ldapContext.search("", "objectClass=*", searchControls);
            while (search != null) {
                if (!search.hasMoreElements()) {
                    break;
                }
                Attributes attributes = ((SearchResult) search.nextElement()).getAttributes();
                if (attributes.get("objectClass") != null && attributes.get("objectClass").contains(ldap.getObjectClass())) {
                    return attributes;
                }
            }
            return null;
        } catch (NamingException e) {
            LOGGER.info("ldap search fail: {}", e);
            return null;
        }
    }
}
