package com.jk.faces.renderers;

import com.jk.faces.components.TagAttributeConstants;
import com.sun.faces.renderkit.html_basic.FormRenderer;
import java.io.IOException;
import javax.faces.component.UIComponent;
import javax.faces.context.FacesContext;
import javax.faces.context.ResponseWriter;
import javax.servlet.http.HttpSession;
import org.owasp.csrfguard.CsrfGuard;
import org.owasp.csrfguard.util.RandomGenerator;

/* loaded from: input_file:com/jk/faces/renderers/JKFormRenderer.class */
public class JKFormRenderer extends FormRenderer {
    public void encodeEnd(FacesContext facesContext, UIComponent uIComponent) throws IOException {
        HttpSession httpSession = (HttpSession) FacesContext.getCurrentInstance().getExternalContext().getSession(false);
        CsrfGuard csrfGuard = CsrfGuard.getInstance();
        ResponseWriter responseWriter = facesContext.getResponseWriter();
        if (FacesContext.getCurrentInstance().getPartialViewContext().isAjaxRequest()) {
            String updateToken = updateToken(httpSession, csrfGuard);
            responseWriter.startElement("script", uIComponent);
            responseWriter.append("tokenValue='".concat(updateToken).concat("';"));
            responseWriter.append("if(typeof(injectTokens) == \"function\") injectTokens();");
            responseWriter.endElement("script");
        }
        responseWriter.startElement("input", uIComponent);
        responseWriter.writeAttribute("type", "hidden", "type");
        responseWriter.writeAttribute("name", csrfGuard.getTokenName(), "name");
        responseWriter.writeAttribute(TagAttributeConstants.VALUE, "Token_Value", TagAttributeConstants.VALUE);
        responseWriter.endElement("input");
        super.encodeEnd(facesContext, uIComponent);
    }

    private String updateToken(HttpSession httpSession, CsrfGuard csrfGuard) {
        try {
            httpSession.setAttribute(csrfGuard.getSessionKey(), RandomGenerator.generateRandomId(csrfGuard.getPrng(), csrfGuard.getTokenLength()));
            String str = (String) httpSession.getAttribute(csrfGuard.getSessionKey());
            System.err.println("@Token : " + str);
            if (str == null) {
                throw new IllegalStateException("OWASP_CSRF is not configured correctly");
            }
            return str;
        } catch (Exception e) {
            throw new RuntimeException(String.format("unable to generate the random token - %s", e.getLocalizedMessage()), e);
        }
    }
}
