package com.els.base.auth.web.security.mobile;

import com.els.base.auth.exception.ValidateCodeException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:com/els/base/auth/web/security/mobile/ValidateCodeFilter.class */
public class ValidateCodeFilter extends MobileAuthenticationFilter {
    @Override // com.els.base.auth.web.security.mobile.MobileAuthenticationFilter
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        HttpSession session = httpServletRequest.getSession();
        String parameter = httpServletRequest.getParameter(MobileAuthenticationFilter.SPRING_SECURITY_FORM_MOBILE);
        String parameter2 = httpServletRequest.getParameter("smsCode");
        ValidateCode validateCode = (ValidateCode) session.getAttribute(parameter);
        if (StringUtils.isBlank(parameter2)) {
            throw new ValidateCodeException("验证码的值不能为空");
        }
        if (validateCode == null) {
            throw new ValidateCodeException("该手机号未发送验证码");
        }
        if (validateCode.isExpried()) {
            session.removeAttribute(parameter);
            throw new ValidateCodeException("验证码已过期");
        }
        if (!StringUtils.equals(validateCode.getCode(), parameter2)) {
            throw new ValidateCodeException("验证码不匹配");
        }
        session.removeAttribute(parameter);
        return super.attemptAuthentication(httpServletRequest, httpServletResponse);
    }
}
