package org.apache.shiro.biz.web.filter.authc;

import java.io.IOException;
import java.util.Iterator;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.biz.authc.AuthenticationFailureHandler;
import org.apache.shiro.biz.authc.exception.IncorrectCaptchaException;
import org.apache.shiro.biz.authc.exception.NoneCaptchaException;
import org.apache.shiro.biz.authc.token.CaptchaAuthenticationToken;
import org.apache.shiro.biz.authc.token.DefaultAuthenticationToken;
import org.apache.shiro.biz.utils.WebUtils;
import org.apache.shiro.biz.web.filter.authc.captcha.CaptchaResolver;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/shiro/biz/web/filter/authc/AbstractTrustableAuthenticatingFilter.class */
public abstract class AbstractTrustableAuthenticatingFilter extends AbstractAuthenticatingFilter {
    private static final Logger LOG = LoggerFactory.getLogger(AbstractTrustableAuthenticatingFilter.class);
    public static final String DEFAULT_CAPTCHA_PARAM = "captcha";
    public static final String DEFAULT_RETRY_TIMES_KEY_ATTRIBUTE_NAME = "shiroLoginFailureRetries";
    public static final String DEFAULT_ACCESS_CONTROL_ALLOW_METHODS = "PUT,POST,GET,DELETE,OPTIONS";
    private boolean captchaEnabled = false;
    private String captchaParam = DEFAULT_CAPTCHA_PARAM;
    private String retryTimesKeyAttribute = DEFAULT_RETRY_TIMES_KEY_ATTRIBUTE_NAME;
    private int retryTimesWhenAccessDenied = 3;
    private CaptchaResolver captchaResolver;
    private AuthenticatingFailureCounter failureCounter;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.biz.web.filter.authc.AbstractAuthenticatingFilter
    public boolean executeLogin(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        AuthenticationToken createToken = createToken(servletRequest, servletResponse);
        if (createToken == null) {
            throw new AuthenticationException("createToken method implementation returned null. A valid non-null AuthenticationToken must be created in order to execute a login attempt.");
        }
        try {
            if ((createToken instanceof CaptchaAuthenticationToken) && isOverRetryTimes(servletRequest, servletResponse) && !this.captchaResolver.validCaptcha(servletRequest, (CaptchaAuthenticationToken) createToken)) {
                throw new IncorrectCaptchaException("Captcha validation failed!");
            }
            Subject subject = getSubject(servletRequest, servletResponse);
            subject.login(createToken);
            return onLoginSuccess(createToken, subject, servletRequest, servletResponse);
        } catch (AuthenticationException e) {
            return onLoginFailure(createToken, e, servletRequest, servletResponse);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.biz.web.filter.authc.AbstractAuthenticatingFilter
    public AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) {
        if (WebUtils.isObjectRequest(servletRequest)) {
            try {
                PostLoginRequest postLoginRequest = (PostLoginRequest) this.objectMapper.readValue(servletRequest.getReader(), PostLoginRequest.class);
                String host = getHost(servletRequest);
                return isCaptchaEnabled() ? new DefaultAuthenticationToken(postLoginRequest.getUsername(), postLoginRequest.getPassword(), postLoginRequest.getCaptcha(), postLoginRequest.isRememberMe(), host) : new DefaultAuthenticationToken(postLoginRequest.getUsername(), postLoginRequest.getPassword(), postLoginRequest.isRememberMe(), host);
            } catch (IOException e) {
            }
        }
        return super.createToken(servletRequest, servletResponse);
    }

    protected AuthenticationToken createToken(String str, String str2, ServletRequest servletRequest, ServletResponse servletResponse) {
        boolean isRememberMe = isRememberMe(servletRequest);
        String host = getHost(servletRequest);
        return isCaptchaEnabled() ? new DefaultAuthenticationToken(str, str2, getCaptcha(servletRequest), isRememberMe, host) : new DefaultAuthenticationToken(str, str2, isRememberMe, host);
    }

    @Override // org.apache.shiro.biz.web.filter.authc.AbstractAuthenticatingFilter
    protected boolean onLoginFailure(AuthenticationToken authenticationToken, AuthenticationException authenticationException, ServletRequest servletRequest, ServletResponse servletResponse) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Authentication exception", authenticationException);
        }
        if (!WebUtils.isAjaxResponse(servletRequest)) {
            setFailureAttribute(servletRequest, authenticationException);
            setFailureCountAttribute(servletRequest, servletResponse, authenticationException);
            if (!isCaptchaEnabled() || !isOverRetryRemind(servletRequest, servletResponse)) {
                return true;
            }
            setFailureAttribute(servletRequest, new NoneCaptchaException("The number of login errors exceeds the maximum retry limit and a verification code is required."));
            return true;
        }
        if (CollectionUtils.isEmpty(getFailureHandlers())) {
            writeFailureString(authenticationToken, authenticationException, servletRequest, servletResponse);
            return false;
        }
        boolean z = false;
        Iterator<AuthenticationFailureHandler> it = getFailureHandlers().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            AuthenticationFailureHandler next = it.next();
            if (next != null && next.supports(authenticationException)) {
                next.onAuthenticationFailure(authenticationToken, servletRequest, servletResponse, authenticationException);
                z = true;
                break;
            }
        }
        if (z) {
            return false;
        }
        writeFailureString(authenticationToken, authenticationException, servletRequest, servletResponse);
        return false;
    }

    protected void setFailureCountAttribute(ServletRequest servletRequest, ServletResponse servletResponse, AuthenticationException authenticationException) {
        if (null != getFailureCounter()) {
            getFailureCounter().increment(servletRequest, servletResponse, getRetryTimesKeyAttribute());
        }
    }

    protected String getCaptcha(ServletRequest servletRequest) {
        return WebUtils.getCleanParam(servletRequest, getCaptchaParam());
    }

    @Override // org.apache.shiro.biz.web.filter.authc.AbstractAuthenticatingFilter
    protected String getHost(ServletRequest servletRequest) {
        return WebUtils.getRemoteAddr(servletRequest);
    }

    protected boolean isOverRetryRemind(ServletRequest servletRequest, ServletResponse servletResponse) {
        return null != getFailureCounter() && getFailureCounter().get(servletRequest, servletResponse, getRetryTimesKeyAttribute()) == getRetryTimesWhenAccessDenied();
    }

    protected boolean isOverRetryTimes(ServletRequest servletRequest, ServletResponse servletResponse) {
        return null != getFailureCounter() && getFailureCounter().get(servletRequest, servletResponse, getRetryTimesKeyAttribute()) >= getRetryTimesWhenAccessDenied();
    }

    @Override // org.apache.shiro.biz.web.filter.authc.AbstractAuthenticatingFilter
    protected boolean onAccessSuccess(AuthenticationToken authenticationToken, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) {
        return true;
    }

    protected boolean onAccessFailure(AuthenticationToken authenticationToken, Exception exc, ServletRequest servletRequest, ServletResponse servletResponse) {
        return false;
    }

    public boolean isCaptchaEnabled() {
        return this.captchaEnabled && null != this.captchaResolver;
    }

    public void setCaptchaEnabled(boolean z) {
        this.captchaEnabled = z;
    }

    public String getCaptchaParam() {
        return this.captchaParam;
    }

    public void setCaptchaParam(String str) {
        this.captchaParam = str;
    }

    public String getRetryTimesKeyAttribute() {
        return this.retryTimesKeyAttribute;
    }

    public void setRetryTimesKeyAttribute(String str) {
        this.retryTimesKeyAttribute = str;
    }

    public int getRetryTimesWhenAccessDenied() {
        return this.retryTimesWhenAccessDenied;
    }

    public void setRetryTimesWhenAccessDenied(int i) {
        this.retryTimesWhenAccessDenied = i;
    }

    public CaptchaResolver getCaptchaResolver() {
        return this.captchaResolver;
    }

    public void setCaptchaResolver(CaptchaResolver captchaResolver) {
        this.captchaResolver = captchaResolver;
    }

    public AuthenticatingFailureCounter getFailureCounter() {
        return this.failureCounter;
    }

    public void setFailureCounter(AuthenticatingFailureCounter authenticatingFailureCounter) {
        this.failureCounter = authenticatingFailureCounter;
    }
}
