package jwebform.field;

import java.security.SecureRandom;
import java.util.Base64;
import jwebform.env.Env;
import jwebform.field.structure.FieldResult;
import jwebform.field.structure.HTMLProducer;
import jwebform.field.structure.SingleFieldType;
import jwebform.field.structure.StaticFieldInfo;
import jwebform.validation.ValidationResult;

/* loaded from: input_file:jwebform/field/XSRFProtectionType.class */
public class XSRFProtectionType implements SingleFieldType {
    private static final String TOKENNAME = "tokenname";
    private static final String TOKENVAL = "tokenVal";
    private final SecureRandom random;
    private final boolean staticTokenName;

    public XSRFProtectionType() {
        this(false);
    }

    public XSRFProtectionType(boolean z) {
        this.random = new SecureRandom();
        this.staticTokenName = z;
    }

    private String getRandomValue() {
        byte[] bArr = new byte[32];
        this.random.nextBytes(bArr);
        return Base64.getEncoder().encodeToString(bArr);
    }

    @Override // jwebform.field.structure.SingleFieldType
    public FieldResult apply(Env.EnvWithSubmitInfo envWithSubmitInfo) {
        Env env = envWithSubmitInfo.getEnv();
        env.ensureSessionAvail();
        String parameter = env.getParameter(TOKENVAL);
        boolean isSubmitted = env.isSubmitted(TOKENVAL);
        ValidationResult ok = (!isSubmitted || (isSubmitted && parameter.equals(env.getSessionAttribute(env.getParameter(TOKENNAME))))) ? ValidationResult.ok() : ValidationResult.fail("formchecker.xsrf_problem", new Object[0]);
        String str = "token-" + (this.staticTokenName ? "" : Double.valueOf(Math.random()));
        String randomValue = this.staticTokenName ? "static" : getRandomValue();
        env.setSessionAttribute(str, randomValue);
        return FieldResult.builder().withValue("").withStaticFieldInfo(new StaticFieldInfo("xsrf_protection", getRenderer(str, randomValue), 0)).withValidationResult(ok).build();
    }

    public HTMLProducer getRenderer(String str, String str2) {
        return producerInfos -> {
            StringBuilder sb = new StringBuilder();
            sb.append("<input type=\"hidden\" name=\"").append(TOKENNAME).append("\" value=\"").append(str).append("\">");
            sb.append("<input type=\"hidden\" name=\"").append(TOKENVAL).append("\" value=\"").append(str2).append("\">\n");
            return (producerInfos.getValidationResult().isValid ? "" : "XSRF Problem!<br>") + sb.toString();
        };
    }
}
