package com.examstack.management.security.filter;

import com.examstack.common.util.StandardPasswordEncoderForSha1;
import com.examstack.management.security.UserInfo;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/classes/com/examstack/management/security/filter/AuthenticationFilter.class */
public class AuthenticationFilter extends UsernamePasswordAuthenticationFilter {
    public static final String VALIDATE_CODE = "validate_code";
    public static final String USERNAME = "j_username";
    public static final String PASSWORD = "j_password";
    private static Logger log = Logger.getLogger(AuthenticationFilter.class);

    @Autowired
    public UserDetailsService userDetailsService;

    @Override // org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter, org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        if (!httpServletRequest.getMethod().equals("POST")) {
            throw new AuthenticationServiceException("Authentication method not supported: " + httpServletRequest.getMethod());
        }
        String obtainUsername = obtainUsername(httpServletRequest);
        String obtainPassword = obtainPassword(httpServletRequest);
        String str = obtainPassword + "{" + obtainUsername + "}";
        StandardPasswordEncoderForSha1 standardPasswordEncoderForSha1 = new StandardPasswordEncoderForSha1();
        String encode = standardPasswordEncoderForSha1.encode(str);
        log.info(encode);
        UserInfo userInfo = (UserInfo) this.userDetailsService.loadUserByUsername(obtainUsername);
        if (!standardPasswordEncoderForSha1.matches(userInfo.getPassword(), encode) || "0".equals(userInfo.getEnabled()) || userInfo == null) {
            throw new AuthenticationServiceException("用户名或密码错误！");
        }
        if (!userInfo.getRolesName().contains("ROLE_ADMIN") && !userInfo.getRolesName().contains("ROLE_TEACHER")) {
            throw new AuthenticationServiceException("非管理用户，操作无效！");
        }
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(obtainUsername, obtainPassword);
        setDetails(httpServletRequest, usernamePasswordAuthenticationToken);
        Authentication authentication = null;
        try {
            authentication = getAuthenticationManager().authenticate(usernamePasswordAuthenticationToken);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return authentication;
    }

    protected void checkValidateCode(HttpServletRequest httpServletRequest) {
        String obtainSessionValidateCode = obtainSessionValidateCode(httpServletRequest.getSession());
        String obtainValidateCodeParameter = obtainValidateCodeParameter(httpServletRequest);
        if (StringUtils.isEmpty(obtainValidateCodeParameter) || !obtainSessionValidateCode.equalsIgnoreCase(obtainValidateCodeParameter)) {
            throw new AuthenticationServiceException("验证码错误！");
        }
    }

    protected String obtainValidateCodeParameter(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(VALIDATE_CODE);
        return null == parameter ? "" : parameter.toString().trim().toUpperCase();
    }

    protected String obtainSessionValidateCode(HttpSession httpSession) {
        return null;
    }

    @Override // org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
    protected String obtainPassword(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("j_password");
        return null == parameter ? "" : parameter.toString();
    }

    @Override // org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
    protected String obtainUsername(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("j_username");
        return null == parameter ? "" : parameter.toString().trim().toLowerCase();
    }
}
