package com.bingkun.biz.authentication;

import ch.qos.logback.core.net.ssl.SSL;
import com.bingkun.biz.constant.TdaConstants;
import com.bingkun.biz.utils.Assert;
import com.bingkun.biz.utils.CypherUtils;
import java.util.Hashtable;
import javax.naming.NamingException;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/olya-buycoor-biz-1.0-SNAPSHOT.jar:com/bingkun/biz/authentication/MyAuthenticationProvider.class */
public class MyAuthenticationProvider implements AuthenticationProvider {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) MyAuthenticationProvider.class);

    @Value("${profiles.active}")
    private String profilesActive;

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String name = authentication.getName();
        String str = (String) authentication.getCredentials();
        log.debug("登录---user:{}", name);
        Assert.assertNotBank(str, new BadCredentialsException("密码不能为空"));
        Assert.assertNotBank(name, new BadCredentialsException("账号不能为空"));
        if (this.profilesActive.equalsIgnoreCase("dev") || this.profilesActive.equalsIgnoreCase("test") || this.profilesActive.equalsIgnoreCase("uat")) {
            log.warn("模拟登录");
        } else {
            if (authentication.getCredentials() == null) {
                throw new BadCredentialsException("登录名或密码错误");
            }
            if (!ldapAuthenticate(name, str)) {
                throw new BadCredentialsException("登录名或密码错误");
            }
        }
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(name, CypherUtils.encode(CypherUtils.encrypt(str, CypherUtils.THIRD_KEY)), null);
        usernamePasswordAuthenticationToken.setDetails(authentication.getDetails());
        return usernamePasswordAuthenticationToken;
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return true;
    }

    public boolean ldapAuthenticate(String str, String str2) {
        String str3 = "AP\\" + str;
        boolean authenticate = authenticate(TdaConstants.TDA_LDAPS_URL, str3, str2);
        log.info("Authentication user: {} result: {}", str3, Boolean.valueOf(authenticate));
        return authenticate;
    }

    private boolean authenticate(String str, String str2, String str3) {
        try {
            Hashtable hashtable = new Hashtable();
            hashtable.put("java.naming.security.authentication", "simple");
            hashtable.put("java.naming.security.principal", str2);
            hashtable.put("java.naming.security.credentials", str3);
            hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
            hashtable.put("java.naming.security.protocol", "ssl");
            hashtable.put("java.naming.provider.url", str);
            System.setProperty("javax.net.ssl.trustStore", "/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security");
            System.setProperty("javax.net.ssl.keyStorePassword", SSL.DEFAULT_KEYSTORE_PASSWORD);
            System.setProperty("com.sun.jndi.ldap.object.disableEndpointIdentification", "true");
            new InitialLdapContext(hashtable, (Control[]) null).close();
            return true;
        } catch (NamingException e) {
            log.error("ldaps认证失败：", e);
            return false;
        }
    }
}
