package org.primefaces.csp;

import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.UUID;
import javax.faces.context.FacesContext;
import javax.servlet.http.HttpServletRequest;
import org.primefaces.util.Constants;
import org.primefaces.util.LangUtils;

/* loaded from: input_file:WEB-INF/lib/primefaces-15.0.5.jar:org/primefaces/csp/CspState.class */
public class CspState {
    private FacesContext context;
    private String nonce;
    private boolean initialized = false;
    private Map<String, Map<String, String>> eventHandlers = new HashMap(10);

    public CspState(FacesContext facesContext) {
        this.context = facesContext;
    }

    public String getNonce() {
        if (this.nonce == null) {
            if (this.context.isPostback() || this.context.getPartialViewContext().isAjaxRequest()) {
                Map<String, Object> viewMap = this.context.getViewRoot().getViewMap(false);
                String str = this.context.getExternalContext().getRequestParameterMap().get(Constants.RequestParams.NONCE_PARAM);
                String str2 = viewMap == null ? null : (String) viewMap.get(Constants.RequestParams.NONCE_PARAM);
                if (str2 != null) {
                    str = Objects.toString(str, "");
                    str2 = Objects.toString(str2, "");
                    if (!Objects.equals(str, str2)) {
                        throw new CspException("CSP nonce mismatch");
                    }
                }
                this.nonce = LangUtils.isNotBlank(str2) ? str2 : str;
                if (LangUtils.isBlank(this.nonce) && isForward(this.context)) {
                    this.nonce = generateNonce();
                }
                validate(this.nonce);
            } else {
                this.nonce = generateNonce();
                if (!this.context.getViewRoot().isTransient()) {
                    this.context.getViewRoot().getViewMap(true).put(Constants.RequestParams.NONCE_PARAM, this.nonce);
                }
            }
        }
        return this.nonce;
    }

    public String generateNonce() {
        return Base64.getEncoder().encodeToString(UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8));
    }

    protected boolean isForward(FacesContext facesContext) {
        Object request = facesContext.getExternalContext().getRequest();
        return (request instanceof HttpServletRequest) && ((HttpServletRequest) request).getAttribute("javax.servlet.forward.request_uri") != null;
    }

    private void validate(String str) throws CspException {
        if (LangUtils.isEmpty(str)) {
            throw new CspException("Missing CSP nonce");
        }
        try {
            UUID.fromString(new String(Base64.getDecoder().decode(str), StandardCharsets.UTF_8));
        } catch (Exception e) {
            throw new CspException("Invalid CSP nonce", e);
        }
    }

    public Map<String, Map<String, String>> getEventHandlers() {
        return this.eventHandlers;
    }

    public boolean isInitialized() {
        return this.initialized;
    }

    public void setInitialized(boolean z) {
        this.initialized = z;
    }
}
