package play.filters.csrf;

import java.util.concurrent.CompletionStage;
import java.util.function.Function;
import javax.inject.Inject;
import play.api.http.HttpErrorHandler$Attrs$;
import play.api.http.HttpErrorInfo;
import play.api.http.SessionConfiguration;
import play.api.libs.crypto.CSRFTokenSigner;
import play.api.mvc.Request;
import play.api.mvc.RequestHeader;
import play.filters.csrf.CSRF;
import play.inject.Injector;
import play.mvc.Action;
import play.mvc.Http;
import play.mvc.Result;
import scala.Option;

/* loaded from: input_file:play/filters/csrf/RequireCSRFCheckAction.class */
public class RequireCSRFCheckAction extends Action<RequireCSRFCheck> {
    private final CSRFConfig config;
    private final SessionConfiguration sessionConfiguration;
    private final CSRF.TokenProvider tokenProvider;
    private final CSRFTokenSigner tokenSigner;
    private Function<RequireCSRFCheck, CSRFErrorHandler> configurator;

    @Inject
    public RequireCSRFCheckAction(CSRFConfig cSRFConfig, SessionConfiguration sessionConfiguration, CSRF.TokenProvider tokenProvider, CSRFTokenSigner cSRFTokenSigner, Injector injector) {
        this(cSRFConfig, sessionConfiguration, tokenProvider, cSRFTokenSigner, (Function<RequireCSRFCheck, CSRFErrorHandler>) requireCSRFCheck -> {
            return (CSRFErrorHandler) injector.instanceOf(requireCSRFCheck.error());
        });
    }

    public RequireCSRFCheckAction(CSRFConfig cSRFConfig, SessionConfiguration sessionConfiguration, CSRF.TokenProvider tokenProvider, CSRFTokenSigner cSRFTokenSigner, CSRFErrorHandler cSRFErrorHandler) {
        this(cSRFConfig, sessionConfiguration, tokenProvider, cSRFTokenSigner, (Function<RequireCSRFCheck, CSRFErrorHandler>) requireCSRFCheck -> {
            return cSRFErrorHandler;
        });
    }

    public RequireCSRFCheckAction(CSRFConfig cSRFConfig, SessionConfiguration sessionConfiguration, CSRF.TokenProvider tokenProvider, CSRFTokenSigner cSRFTokenSigner, Function<RequireCSRFCheck, CSRFErrorHandler> function) {
        this.config = cSRFConfig;
        this.sessionConfiguration = sessionConfiguration;
        this.tokenProvider = tokenProvider;
        this.tokenSigner = cSRFTokenSigner;
        this.configurator = function;
    }

    public CompletionStage<Result> call(Http.Request request) {
        String[] strArr;
        CSRFActionHelper cSRFActionHelper = new CSRFActionHelper(this.sessionConfiguration, this.config, this.tokenSigner, this.tokenProvider);
        Request tagRequestFromHeader = cSRFActionHelper.tagRequestFromHeader(request.asScala());
        if (!cSRFActionHelper.requiresCsrfCheck(tagRequestFromHeader) || (this.config.checkContentType().apply(request.asScala().contentType()) != Boolean.TRUE && !cSRFActionHelper.hasInvalidContentType(request.asScala()))) {
            return this.delegate.call(request);
        }
        Option<String> tokenToValidate = cSRFActionHelper.getTokenToValidate(tagRequestFromHeader);
        if (!tokenToValidate.isDefined()) {
            return handleTokenError(request, tagRequestFromHeader, "CSRF token not found in session");
        }
        String str = null;
        Option<String> headerToken = cSRFActionHelper.getHeaderToken(tagRequestFromHeader);
        if (headerToken.isDefined()) {
            str = (String) headerToken.get();
        } else if (request.body().asFormUrlEncoded() != null) {
            String[] strArr2 = (String[]) request.body().asFormUrlEncoded().get(this.config.tokenName());
            if (strArr2 != null && strArr2.length > 0) {
                str = strArr2[0];
            }
        } else if (request.body().asMultipartFormData() != null && (strArr = (String[]) request.body().asMultipartFormData().asFormUrlEncoded().get(this.config.tokenName())) != null && strArr.length > 0) {
            str = strArr[0];
        }
        return str != null ? this.tokenProvider.compareTokens(str, (String) tokenToValidate.get()) ? this.delegate.call(request) : handleTokenError(request, tagRequestFromHeader, "CSRF tokens don't match") : handleTokenError(request, tagRequestFromHeader, "CSRF token not found in body or query string");
    }

    /* JADX WARN: Multi-variable type inference failed */
    private CompletionStage<Result> handleTokenError(Http.Request request, RequestHeader requestHeader, String str) {
        return ((CSRFErrorHandler) this.configurator.apply(this.configuration)).handle(requestHeader.addAttr(HttpErrorHandler$Attrs$.MODULE$.HttpErrorInfo(), new HttpErrorInfo("csrf-filter")).asJava(), str).thenApply(result -> {
            if (!CSRF.getToken(requestHeader).isEmpty()) {
                return result;
            }
            if (!this.config.cookieName().isDefined()) {
                return result.removingFromSession(request, new String[]{this.config.tokenName()});
            }
            Option domain = this.sessionConfiguration.domain();
            return result.discardingCookie((String) this.config.cookieName().get(), this.sessionConfiguration.path(), domain.isDefined() ? (String) domain.get() : null, this.config.secureCookie());
        });
    }
}
