package org.owasp.csrfguard.tag;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.jsp.JspException;
import jakarta.servlet.jsp.tagext.DynamicAttributes;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import org.owasp.csrfguard.CsrfGuard;
import org.owasp.csrfguard.session.LogicalSession;
import org.owasp.csrfguard.util.BrowserEncoder;

/* loaded from: input_file:WEB-INF/lib/csrfguard-jsp-tags-4.3.0-jakarta.jar:org/owasp/csrfguard/tag/FormTag.class */
public final class FormTag extends AbstractUriTag implements DynamicAttributes {
    private static final long serialVersionUID = -1090590910;
    private final Map<String, String> attributes = new HashMap();

    public int doStartTag() {
        CsrfGuard csrfGuard = CsrfGuard.getInstance();
        String tokenName = csrfGuard.getTokenName();
        LogicalSession extract = csrfGuard.getLogicalSessionExtractor().extract((HttpServletRequest) this.pageContext.getRequest());
        try {
            this.pageContext.getOut().write(buildStartHtml(tokenName, Objects.nonNull(extract) ? csrfGuard.getTokenService().getTokenValue(extract.getKey(), buildUri(this.attributes.get("action"))) : null));
            return 1;
        } catch (IOException e) {
            this.pageContext.getServletContext().log(e.getLocalizedMessage(), e);
            return 1;
        }
    }

    public int doEndTag() {
        try {
            this.pageContext.getOut().write("</form>");
            return 6;
        } catch (IOException e) {
            this.pageContext.getServletContext().log(e.getLocalizedMessage(), e);
            return 6;
        }
    }

    public void setDynamicAttribute(String str, String str2, Object obj) throws JspException {
        this.attributes.put(str2.toLowerCase(), String.valueOf(obj));
    }

    private String buildStartHtml(String str, String str2) {
        StringBuilder sb = new StringBuilder();
        sb.append("<form ");
        for (String str3 : this.attributes.keySet()) {
            String str4 = this.attributes.get(str3);
            sb.append(BrowserEncoder.encodeForAttribute(str3));
            sb.append('=');
            sb.append('\"');
            sb.append(BrowserEncoder.encodeForAttribute(str4));
            sb.append('\"');
            sb.append(' ');
        }
        sb.append('>');
        sb.append("<input type=\"hidden\" name=\"");
        sb.append(str);
        sb.append("\" value=\"");
        sb.append(str2);
        sb.append("\"");
        sb.append("/>");
        return sb.toString();
    }
}
