package com.sany.ldap;

import com.frameworkset.platform.ca.CaProperties;
import com.frameworkset.platform.config.ConfigManager;
import com.frameworkset.platform.security.authentication.CheckCallBackWrapper;
import com.frameworkset.platform.security.authentication.EncrpyPwd;
import com.frameworkset.platform.security.authentication.LoginException;
import com.frameworkset.platform.sysmgrcore.authenticate.UserPasswordLoginModule;
import com.frameworkset.platform.sysmgrcore.entity.User;
import com.frameworkset.platform.sysmgrcore.exception.ManagerException;
import com.frameworkset.platform.sysmgrcore.manager.SecurityDatabase;
import com.frameworkset.platform.sysmgrcore.purviewmanager.IpControlUtil;
import com.frameworkset.util.StringUtil;
import com.sany.ldap.ad.AdAccountLogin;
import java.util.Map;
import org.apache.log4j.Logger;
import org.frameworkset.spi.SPIException;

/* loaded from: input_file:com/sany/ldap/LdapLoginModule.class */
public class LdapLoginModule extends UserPasswordLoginModule {
    private static final long serialVersionUID = -7772723568798883076L;
    private Logger logger = Logger.getLogger(LdapLoginModule.class);

    protected boolean _check(String str, String str2, CheckCallBackWrapper checkCallBackWrapper) throws LoginException {
        try {
            User userByName = SecurityDatabase.getUserManager(this.registTable).getUserByName(str);
            if (userByName == null) {
                this.logger.debug("用户名/口令有误,或者用户[" + str + "]不存在");
                throw new LoginException("用户名/口令有误,或者用户[" + str + "]不存在");
            }
            if (!IpControlUtil.validateIp(str, StringUtil.getClientIP(checkCallBackWrapper.getRequest()))) {
                throw new LoginException("IP访问限制，请与管理员联系");
            }
            if (userByName.getUserIsvalid() != null && userByName.getUserIsvalid().intValue() != 2) {
                throw new LoginException("用户[" + str + "]无效,请与系统管理员联系");
            }
            if (!enableusertype(userByName.getUserType())) {
                throw new LoginException("用户[" + str + "]的类型无法登录本系统:需要的类型为[userType=" + this.userTypes + "],请与系统管理员联系");
            }
            if (userByName.getUserType().equals("1")) {
                Map<String, String> validateUser = new AdAccountLogin().validateUser(str, str2, null);
                if (validateUser.get("successFlag").equals("0")) {
                    throw new LoginException(validateUser.get("errorMsg"));
                }
                buildCallback(checkCallBackWrapper, userByName, str, str2, str2, SecurityDatabase.getOrgManager().getMainOrganizationOfUser(str));
                return true;
            }
            boolean configBooleanValue = ConfigManager.getInstance().getConfigBooleanValue("isCasServer", false);
            boolean z = CaProperties.CA_LOGIN_SERVER;
            if (!configBooleanValue || !z) {
                str2 = EncrpyPwd.encodePassword(str2);
            }
            if (!userByName.getUserPassword().equals(str2)) {
                return false;
            }
            buildCallback(checkCallBackWrapper, userByName, str, str2, str2, SecurityDatabase.getOrgManager().getMainOrganizationOfUser(str));
            return true;
        } catch (ManagerException e) {
            throw new LoginException(e.getMessage(), e);
        } catch (Exception e2) {
            this.logger.debug("未知错误:" + e2.getClass() + "," + e2.getMessage());
            throw new LoginException(e2.getMessage(), e2);
        } catch (SPIException e3) {
            throw new LoginException(e3.getMessage(), e3);
        }
    }

    protected boolean check(String str, String str2, CheckCallBackWrapper checkCallBackWrapper) throws LoginException {
        boolean configBooleanValue = ConfigManager.getInstance().getConfigBooleanValue("isWebSealServer", false);
        String header = checkCallBackWrapper.getRequest().getHeader("iv-user");
        String str3 = (String) checkCallBackWrapper.getRequest().getAttribute("fromsso");
        return (str3 == null || !str3.equals("true")) ? (!configBooleanValue || header == null || header.equals("")) ? _check(str, str2, checkCallBackWrapper) : super.check(str, str2, checkCallBackWrapper) : super.check(str, str2, checkCallBackWrapper);
    }
}
