package org.broadleafcommerce.common.web.processor;

import javax.annotation.Resource;
import org.broadleafcommerce.common.exception.ServiceException;
import org.broadleafcommerce.common.security.service.ExploitProtectionService;
import org.broadleafcommerce.common.security.service.StaleStateProtectionService;
import org.springframework.stereotype.Component;
import org.thymeleaf.Arguments;
import org.thymeleaf.dom.Element;
import org.thymeleaf.processor.ProcessorResult;
import org.thymeleaf.processor.element.AbstractElementProcessor;
import org.thymeleaf.standard.expression.StandardExpressions;

@Component("blFormProcessor")
/* loaded from: input_file:org/broadleafcommerce/common/web/processor/FormProcessor.class */
public class FormProcessor extends AbstractElementProcessor {

    @Resource(name = "blExploitProtectionService")
    protected ExploitProtectionService eps;

    @Resource(name = "blStaleStateProtectionService")
    protected StaleStateProtectionService spps;

    public FormProcessor() {
        super("form");
    }

    public int getPrecedence() {
        return 1;
    }

    protected ProcessorResult processElement(Arguments arguments, Element element) {
        if (!"GET".equalsIgnoreCase(element.getAttributeValueFromNormalizedName("method"))) {
            try {
                String cSRFToken = this.eps.getCSRFToken();
                String str = null;
                if (this.spps.isEnabled()) {
                    str = this.spps.getStateVersionToken();
                }
                if ("multipart/form-data".equalsIgnoreCase(element.getAttributeValueFromNormalizedName("enctype"))) {
                    String str2 = (String) StandardExpressions.getExpressionParser(arguments.getConfiguration()).parseExpression(arguments.getConfiguration(), arguments, element.getAttributeValueFromNormalizedName("th:action")).execute(arguments.getConfiguration(), arguments);
                    String str3 = "?" + this.eps.getCsrfTokenParameter() + "=" + cSRFToken;
                    if (str != null) {
                        str3 = str3 + "&" + this.spps.getStateVersionTokenParameter() + "=" + str;
                    }
                    element.removeAttribute("th:action");
                    element.setAttribute("action", str2 + str3);
                } else {
                    Element element2 = new Element("input");
                    element2.setAttribute("type", "hidden");
                    element2.setAttribute("name", this.eps.getCsrfTokenParameter());
                    element2.setAttribute("value", cSRFToken);
                    element.addChild(element2);
                    if (str != null) {
                        Element element3 = new Element("input");
                        element3.setAttribute("type", "hidden");
                        element3.setAttribute("name", this.spps.getStateVersionTokenParameter());
                        element3.setAttribute("value", str);
                        element.addChild(element3);
                    }
                }
            } catch (ServiceException e) {
                throw new RuntimeException("Could not get a CSRF token for this session", e);
            }
        }
        Element cloneElementNodeWithNewName = element.cloneElementNodeWithNewName(element.getParent(), "form", false);
        cloneElementNodeWithNewName.setRecomputeProcessorsImmediately(true);
        element.getParent().insertAfter(element, cloneElementNodeWithNewName);
        element.getParent().removeChild(element);
        return ProcessorResult.OK;
    }
}
