package org.springframework.security.web;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.springframework.http.HttpStatus;
import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
import org.springframework.security.crypto.keygen.StringKeyGenerator;
import org.springframework.web.util.HtmlUtils;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:org/springframework/security/web/FormPostRedirectStrategy.class */
public final class FormPostRedirectStrategy implements RedirectStrategy {
    private static final String CONTENT_SECURITY_POLICY_HEADER = "Content-Security-Policy";
    private static final String REDIRECT_PAGE_TEMPLATE = "<!DOCTYPE html>\n<html lang=\"en\">\n  <head>\n    <meta charset=\"utf-8\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n    <meta name=\"description\" content=\"\">\n    <meta name=\"author\" content=\"\">\n    <title>Redirect</title>\n  </head>\n  <body>\n    <form id=\"redirect-form\" method=\"POST\" action=\"{{action}}\">\n      {{params}}\n      <noscript>\n        <p>JavaScript is not enabled for this page.</p>\n        <button type=\"submit\">Click to continue</button>\n      </noscript>\n    </form>\n    <script nonce=\"{{nonce}}\">\n      document.getElementById(\"redirect-form\").submit();\n    </script>\n  </body>\n</html>\n";
    private static final String HIDDEN_INPUT_TEMPLATE = "<input name=\"{{name}}\" type=\"hidden\" value=\"{{value}}\" />\n";
    private static final StringKeyGenerator DEFAULT_NONCE_GENERATOR = new Base64StringKeyGenerator(Base64.getUrlEncoder().withoutPadding(), 96);

    @Override // org.springframework.security.web.RedirectStrategy
    public void sendRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        UriComponentsBuilder fromUriString = UriComponentsBuilder.fromUriString(str);
        StringBuilder sb = new StringBuilder();
        for (Map.Entry entry : fromUriString.build().getQueryParams().entrySet()) {
            String str2 = (String) entry.getKey();
            Iterator it = ((List) entry.getValue()).iterator();
            while (it.hasNext()) {
                sb.append(HIDDEN_INPUT_TEMPLATE.replace("{{name}}", HtmlUtils.htmlEscape(str2)).replace("{{value}}", HtmlUtils.htmlEscape((String) it.next())).trim());
            }
        }
        String generateKey = DEFAULT_NONCE_GENERATOR.generateKey();
        String formatted = "script-src 'nonce-%s'".formatted(generateKey);
        String replace = REDIRECT_PAGE_TEMPLATE.replace("{{action}}", HtmlUtils.htmlEscape(fromUriString.query((String) null).build().toUriString())).replace("{{params}}", sb.toString()).replace("{{nonce}}", HtmlUtils.htmlEscape(generateKey));
        httpServletResponse.setStatus(HttpStatus.OK.value());
        httpServletResponse.setContentType("text/html");
        httpServletResponse.setHeader("Content-Security-Policy", formatted);
        httpServletResponse.getWriter().write(replace);
        httpServletResponse.getWriter().flush();
    }
}
