package org.apache.shiro.biz.web.filter.authc;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.biz.authc.exception.IncorrectCaptchaException;
import org.apache.shiro.biz.authc.token.CaptchaAuthenticationToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/shiro/biz/web/filter/authc/AbstractCaptchaAuthenticatingFilter.class */
public abstract class AbstractCaptchaAuthenticatingFilter extends AbstractAuthenticatingFilter {
    private static final Logger LOG = LoggerFactory.getLogger(AbstractCaptchaAuthenticatingFilter.class);
    public static final String DEFAULT_SESSION_CAPTCHA_KEY = "KAPTCHA_SESSION_KEY";
    protected boolean validateCaptcha = false;
    protected String sessoionCaptchaKey = DEFAULT_SESSION_CAPTCHA_KEY;

    public AbstractCaptchaAuthenticatingFilter() {
        setLoginUrl("/login.jsp");
    }

    protected void validateCaptcha(Session session, CaptchaAuthenticationToken captchaAuthenticationToken) {
        boolean z = true;
        if (isValidateCaptcha()) {
            z = validateCaptcha((String) session.getAttribute(getSessoionCaptchaKey()), captchaAuthenticationToken.getCaptcha());
        }
        if (!z) {
            throw new IncorrectCaptchaException("Captcha validation failed!");
        }
    }

    protected boolean validateCaptcha(String str, String str2) {
        if (StringUtils.isEmpty(str)) {
            return false;
        }
        return StringUtils.equalsIgnoreCase(str, str2);
    }

    protected boolean executeLogin(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        Subject subject = getSubject(servletRequest, servletResponse);
        AuthenticationToken createToken = createToken(servletRequest, servletResponse);
        if (subject.isAuthenticated()) {
            LOG.info("User has already been Authenticated!");
            return onLoginSuccess(createToken, subject, servletRequest, servletResponse);
        }
        try {
            if (createToken == null) {
                throw new AuthenticationException("createToken method implementation returned null. A valid non-null AuthenticationToken must be created in order to execute a login attempt.");
            }
            if (createToken instanceof CaptchaAuthenticationToken) {
                validateCaptcha(subject.getSession(), (CaptchaAuthenticationToken) createToken);
            }
            subject.login(createToken);
            return onLoginSuccess(createToken, subject, servletRequest, servletResponse);
        } catch (AuthenticationException e) {
            return onLoginFailure(createToken, e, servletRequest, servletResponse);
        }
    }

    public boolean isValidateCaptcha() {
        return this.validateCaptcha;
    }

    public void setValidateCaptcha(boolean z) {
        this.validateCaptcha = z;
    }

    public String getSessoionCaptchaKey() {
        return this.sessoionCaptchaKey;
    }

    public void setSessoionCaptchaKey(String str) {
        this.sessoionCaptchaKey = str;
    }
}
