package com.fr.decision.privilege.auth;

import com.fr.decision.authorize.impl.LdapPassport;
import com.fr.decision.copyright.CopyrightConstant;
import com.fr.decision.webservice.exception.general.LdapTooManyLoginException;
import com.fr.general.ComparatorUtils;
import com.fr.log.FineLoggerFactory;
import com.fr.stable.StringUtils;
import com.fr.third.javax.annotation.Nullable;
import java.util.Properties;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.FutureTask;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.RejectedExecutionException;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;

/* loaded from: input_file:com/fr/decision/privilege/auth/LdapService.class */
public class LdapService {
    private static final int DEFAULT_EXECUTE_WAY = 0;
    private Control[] connCtls;
    private ThreadLocal<String> threadLocal;
    private static int currentMaxThreadPoolSize;
    private LdapPassport ldap;
    private String lastTimeMatchWord;

    /* loaded from: input_file:com/fr/decision/privilege/auth/LdapService$LdapAuthenticationProviderHelper.class */
    private static class LdapAuthenticationProviderHelper {
        public static final LdapService HELPER = new LdapService();

        private LdapAuthenticationProviderHelper() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/fr/decision/privilege/auth/LdapService$ThreadPoolHelper.class */
    public static class ThreadPoolHelper {
        private static final int CORE_POOL_SIZE = 10;
        private static final int KEEP_ALIVE_TIME = 30;
        private static final int QUEUE_SIZE = 200;
        private static int maxPoolSize;
        private static volatile ExecutorService threadPool;

        private ThreadPoolHelper() {
        }

        public static ExecutorService getInstance(int i) {
            if (threadPool == null || (threadPool != null && threadPool.isShutdown())) {
                synchronized (ThreadPoolHelper.class) {
                    if (threadPool == null || (threadPool != null && threadPool.isShutdown())) {
                        maxPoolSize = i > 10 ? i : 10;
                        int unused = LdapService.currentMaxThreadPoolSize = maxPoolSize;
                        threadPool = new ThreadPoolExecutor(10, maxPoolSize, 30L, TimeUnit.SECONDS, new LinkedBlockingQueue(QUEUE_SIZE));
                    }
                }
            }
            return threadPool;
        }

        public static void shutdown() {
            if (threadPool == null || threadPool.isShutdown()) {
                return;
            }
            synchronized (ThreadPoolHelper.class) {
                if (threadPool != null && !threadPool.isShutdown()) {
                    threadPool.shutdown();
                }
            }
        }
    }

    private LdapService() {
        this.connCtls = null;
        this.threadLocal = new ThreadLocal<>();
        this.lastTimeMatchWord = "";
    }

    public LdapPassport getLdap() {
        return this.ldap;
    }

    public void setLdap(LdapPassport ldapPassport) {
        this.ldap = ldapPassport;
    }

    public static LdapService getInstance() {
        return LdapAuthenticationProviderHelper.HELPER;
    }

    private void execute(FutureTask futureTask, int i) {
        if (i <= 0) {
            if (currentMaxThreadPoolSize > 0) {
                currentMaxThreadPoolSize = 0;
                ThreadPoolHelper.shutdown();
            }
            futureTask.run();
            return;
        }
        if (i != currentMaxThreadPoolSize && i > 10) {
            ThreadPoolHelper.shutdown();
        }
        try {
            ThreadPoolHelper.getInstance(i).execute(futureTask);
        } catch (RejectedExecutionException e) {
            throw new LdapTooManyLoginException();
        }
    }

    public boolean connect(final String str, final String str2, LdapPassport ldapPassport) {
        setLdap(ldapPassport);
        FutureTask futureTask = new FutureTask(new Callable<Boolean>() { // from class: com.fr.decision.privilege.auth.LdapService.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Boolean call() {
                LdapContext ldapContext = null;
                try {
                    try {
                        LdapService.this.threadLocal.set(LdapService.this.lastTimeMatchWord);
                        ldapContext = LdapService.this.connectLdap();
                        boolean authenticate = LdapService.this.authenticate(ldapContext, str, str2);
                        LdapService.this.closeContext(ldapContext);
                        LdapService.this.threadLocal.remove();
                        return Boolean.valueOf(authenticate);
                    } catch (Exception e) {
                        LdapService.this.closeContext(ldapContext);
                        LdapService.this.threadLocal.remove();
                        return false;
                    }
                } catch (Throwable th) {
                    LdapService.this.closeContext(ldapContext);
                    LdapService.this.threadLocal.remove();
                    throw th;
                }
            }
        });
        execute(futureTask, ldapPassport.getLdapMaxPoolSize());
        try {
            return ((Boolean) futureTask.get()).booleanValue();
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            return false;
        } catch (ExecutionException e2) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nullable
    public LdapContext connectLdap() {
        Properties properties = new Properties();
        if (this.ldap == null) {
            return null;
        }
        properties.put("java.naming.factory.initial", this.ldap.getContextFactory());
        String ldapUrl = this.ldap.getLdapUrl();
        if (StringUtils.isNotBlank(ldapUrl) && !ldapUrl.endsWith("/")) {
            ldapUrl = ldapUrl + "/";
        }
        if (this.ldap.isRetrieveLocAsBaseDN()) {
            ldapUrl = ldapUrl + this.ldap.getLdapSearchBase();
        }
        properties.put("java.naming.provider.url", ldapUrl);
        properties.put("java.naming.security.authentication", this.ldap.getAuthentication());
        properties.put("java.naming.referral", this.ldap.getReferral());
        String decryptedLdapSystemPassword = this.ldap.getDecryptedLdapSystemPassword();
        if (StringUtils.isNotBlank(this.ldap.getLdapSystemName()) && StringUtils.isNotBlank(decryptedLdapSystemPassword)) {
            properties.put("java.naming.security.principal", this.ldap.getLdapSystemName());
            properties.put("java.naming.security.credentials", decryptedLdapSystemPassword);
        }
        try {
            return new InitialLdapContext(properties, this.connCtls);
        } catch (AuthenticationException e) {
            FineLoggerFactory.getLogger().error("AuthenticationException，Authentication faild: " + e.toString());
            return null;
        } catch (Exception e2) {
            FineLoggerFactory.getLogger().error("Exception,Something wrong while authenticating: " + e2.toString());
            return null;
        }
    }

    private String recurseGetUserDN(LdapContext ldapContext, String str) {
        String str2 = this.threadLocal.get();
        if (StringUtils.isNotEmpty(str2)) {
            FineLoggerFactory.getLogger().debug("LDAP: Using cached word " + str2);
            String userDN = getUserDN(ldapContext, str, str2);
            if (StringUtils.isNotBlank(userDN)) {
                return userDN;
            }
        }
        for (String str3 : new String[]{"sAMAccountName", "cn", "userPrincipalName", "uid", "displayName", "name", "sn"}) {
            if (!StringUtils.isNotEmpty(str2) || !ComparatorUtils.equals(str2, str3)) {
                String userDN2 = getUserDN(ldapContext, str, str3);
                if (StringUtils.isNotBlank(userDN2)) {
                    FineLoggerFactory.getLogger().debug("LDAP: Cached word updated to " + str3);
                    this.lastTimeMatchWord = str3;
                    return userDN2;
                }
            }
        }
        return "";
    }

    private String getUserDN(LdapContext ldapContext, String str, String str2) {
        String str3 = "";
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            String str4 = "(&(" + str2 + CopyrightConstant.URL_EQUAL + str + "))";
            String str5 = "";
            if (this.ldap != null && !this.ldap.isRetrieveLocAsBaseDN()) {
                str5 = this.ldap.getLdapSearchBase();
            }
            NamingEnumeration search = ldapContext.search(str5, str4, searchControls);
            while (search != null && search.hasMoreElements()) {
                if (search.hasMoreElements()) {
                    str3 = ((SearchResult) search.nextElement()).getNameInNamespace();
                    if (StringUtils.isNotBlank(str3)) {
                        break;
                    }
                }
            }
            if (search != null) {
                search.close();
            }
        } catch (Exception e) {
            FineLoggerFactory.getLogger().error(e.getMessage(), e);
        }
        FineLoggerFactory.getLogger().debug("LDAP: Using word " + str2 + " name " + str + " and found userDN " + str3);
        return str3;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean authenticate(LdapContext ldapContext, String str, String str2) {
        if (ldapContext == null) {
            return false;
        }
        boolean z = true;
        String recurseGetUserDN = recurseGetUserDN(ldapContext, str);
        if (StringUtils.isEmpty(recurseGetUserDN)) {
            recurseGetUserDN = str;
        }
        try {
            ldapContext.addToEnvironment("java.naming.security.principal", recurseGetUserDN);
            ldapContext.addToEnvironment("java.naming.security.credentials", str2);
            ldapContext.reconnect(this.connCtls);
        } catch (NamingException e) {
            FineLoggerFactory.getLogger().error(e.getMessage(), e);
            z = false;
        } catch (AuthenticationException e2) {
            FineLoggerFactory.getLogger().error(e2.getMessage(), e2);
            z = false;
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void closeContext(LdapContext ldapContext) {
        if (ldapContext != null) {
            try {
                ldapContext.close();
            } catch (NamingException e) {
                FineLoggerFactory.getLogger().error(e.getMessage(), e);
            }
        }
    }
}
