package org.apache.myfaces.tobago.webapp;

import java.io.IOException;
import java.io.Serializable;
import javax.faces.context.FacesContext;
import javax.portlet.PortletSession;
import javax.servlet.http.HttpSession;
import org.apache.myfaces.tobago.internal.util.RandomUtils;
import org.apache.myfaces.tobago.portlet.PortletUtils;
import org.apache.myfaces.tobago.renderkit.html.HtmlAttributes;
import org.apache.myfaces.tobago.renderkit.html.HtmlElements;
import org.apache.myfaces.tobago.renderkit.html.HtmlInputTypes;
import org.apache.myfaces.tobago.renderkit.html.MarkupLanguageAttributes;

/* loaded from: input_file:WEB-INF/lib/tobago-core-4.5.1.jar:org/apache/myfaces/tobago/webapp/Secret.class */
public final class Secret implements Serializable {
    private static final long serialVersionUID = 1;
    private static final String KEY = Secret.class.getName();
    private String secret = RandomUtils.nextString();

    private Secret() {
    }

    public static boolean check(FacesContext facesContext) {
        String str = facesContext.getExternalContext().getRequestParameterMap().get(KEY);
        Secret secret = getSecret(facesContext.getExternalContext().getSession(false));
        return secret != null && secret.secret.equals(str);
    }

    private static Secret getSecret(Object obj) {
        Secret secret = null;
        if (obj != null) {
            if (obj instanceof HttpSession) {
                secret = (Secret) ((HttpSession) obj).getAttribute(KEY);
            } else {
                if (!PortletUtils.isPortletApiAvailable() || !(obj instanceof PortletSession)) {
                    throw new IllegalArgumentException("Unknown session type: " + obj);
                }
                secret = (Secret) ((PortletSession) obj).getAttribute(KEY, 1);
            }
        }
        return secret;
    }

    public static void encode(FacesContext facesContext, TobagoResponseWriter tobagoResponseWriter) throws IOException {
        tobagoResponseWriter.startElement(HtmlElements.INPUT);
        tobagoResponseWriter.writeAttribute(HtmlAttributes.TYPE, HtmlInputTypes.HIDDEN);
        tobagoResponseWriter.writeAttribute((MarkupLanguageAttributes) HtmlAttributes.NAME, KEY, false);
        tobagoResponseWriter.writeAttribute((MarkupLanguageAttributes) HtmlAttributes.ID, KEY, false);
        Secret secret = getSecret(facesContext.getExternalContext().getSession(true));
        if (secret != null) {
            tobagoResponseWriter.writeAttribute((MarkupLanguageAttributes) HtmlAttributes.VALUE, secret.secret, false);
        }
        tobagoResponseWriter.endElement(HtmlElements.INPUT);
    }

    public static void create(HttpSession httpSession) {
        httpSession.setAttribute(KEY, new Secret());
    }
}
