package org.springside.modules.security.jcaptcha;

import com.octo.captcha.service.CaptchaService;
import com.octo.captcha.service.CaptchaServiceException;
import java.awt.image.BufferedImage;
import java.io.IOException;
import javax.imageio.ImageIO;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:org/springside/modules/security/jcaptcha/JCaptchaFilter.class */
public class JCaptchaFilter implements Filter {
    public static final String CAPTCHA_PARAMTER_NAME_PARAM = "captchaParamterName";
    public static final String CAPTCHA_SERVICE_ID_PARAM = "captchaServiceId";
    public static final String FILTER_PROCESSES_URL_PARAM = "filterProcessesUrl";
    public static final String FAILURE_URL_PARAM = "failureUrl";
    public static final String AUTO_PASS_VALUE_PARAM = "autoPassValue";
    public static final String DEFAULT_FILTER_PROCESSES_URL = "/j_spring_security_check";
    public static final String DEFAULT_CAPTCHA_SERVICE_ID = "captchaService";
    public static final String DEFAULT_CAPTCHA_PARAMTER_NAME = "j_captcha";
    public static final String INVALID_AUTO_PASS_VALUE = "invalid";
    private static Logger logger = LoggerFactory.getLogger(JCaptchaFilter.class);
    private String failureUrl;
    private String filterProcessesUrl = DEFAULT_FILTER_PROCESSES_URL;
    private String captchaServiceId = DEFAULT_CAPTCHA_SERVICE_ID;
    private String captchaParamterName = DEFAULT_CAPTCHA_PARAMTER_NAME;
    private String autoPassValue = INVALID_AUTO_PASS_VALUE;
    private CaptchaService captchaService;

    public void init(FilterConfig filterConfig) throws ServletException {
        initParameters(filterConfig);
        initCaptchaService(filterConfig);
    }

    protected void initParameters(FilterConfig filterConfig) {
        if (StringUtils.isBlank(filterConfig.getInitParameter(FAILURE_URL_PARAM))) {
            throw new IllegalArgumentException("CaptchaFilter缺少failureUrl参数");
        }
        this.failureUrl = filterConfig.getInitParameter(FAILURE_URL_PARAM);
        if (StringUtils.isNotBlank(filterConfig.getInitParameter(FILTER_PROCESSES_URL_PARAM))) {
            this.filterProcessesUrl = filterConfig.getInitParameter(FILTER_PROCESSES_URL_PARAM);
        }
        if (StringUtils.isNotBlank(filterConfig.getInitParameter(CAPTCHA_SERVICE_ID_PARAM))) {
            this.captchaServiceId = filterConfig.getInitParameter(CAPTCHA_SERVICE_ID_PARAM);
        }
        if (StringUtils.isNotBlank(filterConfig.getInitParameter(CAPTCHA_PARAMTER_NAME_PARAM))) {
            this.captchaParamterName = filterConfig.getInitParameter(CAPTCHA_PARAMTER_NAME_PARAM);
        }
        if (StringUtils.isNotBlank(filterConfig.getInitParameter(AUTO_PASS_VALUE_PARAM))) {
            this.autoPassValue = filterConfig.getInitParameter(AUTO_PASS_VALUE_PARAM);
        }
    }

    protected void initCaptchaService(FilterConfig filterConfig) {
        this.captchaService = (CaptchaService) WebApplicationContextUtils.getWebApplicationContext(filterConfig.getServletContext()).getBean(this.captchaServiceId);
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!StringUtils.startsWith(httpServletRequest.getServletPath(), this.filterProcessesUrl)) {
            genernateCaptchaImage(httpServletRequest, httpServletResponse);
        } else if (validateCaptchaChallenge(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            redirectFailureUrl(httpServletRequest, httpServletResponse);
        }
    }

    protected void genernateCaptchaImage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setHeader("Cache-Control", "no-store");
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setDateHeader("Expires", 0L);
        httpServletResponse.setContentType("image/jpeg");
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        try {
            try {
                ImageIO.write((BufferedImage) this.captchaService.getChallengeForID(httpServletRequest.getSession(true).getId(), httpServletRequest.getLocale()), "jpg", outputStream);
                outputStream.flush();
                outputStream.close();
            } catch (CaptchaServiceException e) {
                logger.error(e.getMessage(), e);
                outputStream.close();
            }
        } catch (Throwable th) {
            outputStream.close();
            throw th;
        }
    }

    protected boolean validateCaptchaChallenge(HttpServletRequest httpServletRequest) {
        try {
            String id = httpServletRequest.getSession().getId();
            String parameter = httpServletRequest.getParameter(this.captchaParamterName);
            if (INVALID_AUTO_PASS_VALUE.equals(this.autoPassValue) || !this.autoPassValue.equals(parameter)) {
                return this.captchaService.validateResponseForID(id, parameter).booleanValue();
            }
            return true;
        } catch (CaptchaServiceException e) {
            logger.error(e.getMessage(), e);
            return false;
        }
    }

    protected void redirectFailureUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + this.failureUrl);
    }
}
