package play.filters.csrf;

import java.util.Locale;
import play.api.MarkerContext$;
import play.api.http.HeaderNames$;
import play.api.http.HttpEntity;
import play.api.http.SessionConfiguration;
import play.api.libs.crypto.CSRFTokenSigner;
import play.api.mvc.Cookie;
import play.api.mvc.Cookie$;
import play.api.mvc.DiscardingCookie;
import play.api.mvc.Request;
import play.api.mvc.Request$;
import play.api.mvc.RequestHeader;
import play.api.mvc.Result;
import play.core.Execution$Implicits$;
import play.filters.cors.CORSFilter$Attrs$;
import play.filters.csrf.CSRF;
import play.libs.typedmap.TypedKey;
import play.mvc.Http;
import scala.Function0;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Tuple2;
import scala.collection.ArrayOps$;
import scala.collection.immutable.Set;
import scala.concurrent.Future;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxesRunTime;
import scala.runtime.ScalaRunTime$;

/* compiled from: CSRFActions.scala */
@ScalaSignature(bytes = "\u0006\u0005\u0005]h\u0001\u0002\u000e\u001c\u0001\tB\u0001\"\u000b\u0001\u0003\u0002\u0003\u0006IA\u000b\u0005\te\u0001\u0011\t\u0011)A\u0005g!Aq\u0007\u0001B\u0001B\u0003%\u0001\b\u0003\u0005A\u0001\t\u0005\t\u0015!\u0003B\u0011\u0015\t\u0006\u0001\"\u0001S\u0011\u001dA\u0006A1A\u0005\neCaA\u001b\u0001!\u0002\u0013Q\u0006\"B)\u0001\t\u0003Y\u0007\"B8\u0001\t\u0013\u0001\b\"\u0002;\u0001\t\u0003)\bbBA\t\u0001\u0011\u0005\u00111\u0003\u0005\b\u0003#\u0001A\u0011AA\f\u0011\u001d\tI\u0004\u0001C\u0001\u0003wAq!a\u0014\u0001\t\u0003\t\t\u0006C\u0004\u0002`\u0001!\t!!\u0019\t\u000f\u00055\u0004\u0001\"\u0001\u0002p!9\u0011q\f\u0001\u0005\u0002\u0005M\u0004bBAG\u0001\u0011\u0005\u0011q\u0012\u0005\b\u0003#\u0003A\u0011AAJ\u0011\u001d\t9\n\u0001C\u0001\u00033Cq!!(\u0001\t\u0003\ty\nC\u0004\u0002.\u0002!I!a,\t\u000f\u0005m\u0006\u0001\"\u0001\u0002>\"9\u0011\u0011\u0019\u0001\u0005\u0002\u0005\r\u0007bBAl\u0001\u0011\u0005\u0011\u0011\u001c\u0002\u0011\u0007N\u0013f)Q2uS>t\u0007*\u001a7qKJT!\u0001H\u000f\u0002\t\r\u001c(O\u001a\u0006\u0003=}\tqAZ5mi\u0016\u00148OC\u0001!\u0003\u0011\u0001H.Y=\u0004\u0001M\u0011\u0001a\t\t\u0003I\u001dj\u0011!\n\u0006\u0002M\u0005)1oY1mC&\u0011\u0001&\n\u0002\u0007\u0003:L(+\u001a4\u0002)M,7o]5p]\u000e{gNZ5hkJ\fG/[8o!\tY\u0003'D\u0001-\u0015\tic&\u0001\u0003iiR\u0004(BA\u0018 \u0003\r\t\u0007/[\u0005\u0003c1\u0012AcU3tg&|gnQ8oM&<WO]1uS>t\u0017AC2te\u001a\u001cuN\u001c4jOB\u0011A'N\u0007\u00027%\u0011ag\u0007\u0002\u000b\u0007N\u0013fiQ8oM&<\u0017a\u0003;pW\u0016t7+[4oKJ\u0004\"!\u000f \u000e\u0003iR!a\u000f\u001f\u0002\r\r\u0014\u0018\u0010\u001d;p\u0015\tid&\u0001\u0003mS\n\u001c\u0018BA ;\u0005=\u00195K\u0015$U_.,gnU5h]\u0016\u0014\u0018!\u0004;pW\u0016t\u0007K]8wS\u0012,'\u000f\u0005\u0002C\u001d:\u00111\t\u0014\b\u0003\t.s!!\u0012&\u000f\u0005\u0019KU\"A$\u000b\u0005!\u000b\u0013A\u0002\u001fs_>$h(C\u0001!\u0013\tqr$\u0003\u0002\u001d;%\u0011QjG\u0001\u0005\u0007N\u0013f)\u0003\u0002P!\niAk\\6f]B\u0013xN^5eKJT!!T\u000e\u0002\rqJg.\u001b;?)\u0015\u0019F+\u0016,X!\t!\u0004\u0001C\u0003*\u000b\u0001\u0007!\u0006C\u00033\u000b\u0001\u00071\u0007C\u00038\u000b\u0001\u0007\u0001\bC\u0003A\u000b\u0001\u0007\u0011)A\tO_\u000e\u000b7\r[3ESJ,7\r^5wKN,\u0012A\u0017\t\u00047\u0002\u0014W\"\u0001/\u000b\u0005us\u0016!C5n[V$\u0018M\u00197f\u0015\tyV%\u0001\u0006d_2dWm\u0019;j_:L!!\u0019/\u0003\u0007M+G\u000f\u0005\u0002dQ6\tAM\u0003\u0002fM\u0006!A.\u00198h\u0015\u00059\u0017\u0001\u00026bm\u0006L!!\u001b3\u0003\rM#(/\u001b8h\u0003IqunQ1dQ\u0016$\u0015N]3di&4Xm\u001d\u0011\u0015\tMcWN\u001c\u0005\u0006S!\u0001\rA\u000b\u0005\u0006e!\u0001\ra\r\u0005\u0006o!\u0001\r\u0001O\u0001\u0010i>\\WM\\%t\u0011R$\bo\u00148msV\t\u0011\u000f\u0005\u0002%e&\u00111/\n\u0002\b\u0005>|G.Z1o\u0003I9W\r\u001e+pW\u0016tGk\u001c,bY&$\u0017\r^3\u0015\u0007Y\f\t\u0001E\u0002%ofL!\u0001_\u0013\u0003\r=\u0003H/[8o!\tQhP\u0004\u0002|yB\u0011a)J\u0005\u0003{\u0016\na\u0001\u0015:fI\u00164\u0017BA5��\u0015\tiX\u0005C\u0004\u0002\u0004)\u0001\r!!\u0002\u0002\u000fI,\u0017/^3tiB!\u0011qAA\u0007\u001b\t\tIAC\u0002\u0002\f9\n1!\u001c<d\u0013\u0011\ty!!\u0003\u0003\u001bI+\u0017/^3ti\"+\u0017\rZ3s\u0003Q!\u0018m\u001a*fcV,7\u000f\u001e$s_6DU-\u00193feR!\u0011QAA\u000b\u0011\u001d\t\u0019a\u0003a\u0001\u0003\u000b)B!!\u0007\u0002&Q!\u00111DA\u001c!\u0019\t9!!\b\u0002\"%!\u0011qDA\u0005\u0005\u001d\u0011V-];fgR\u0004B!a\t\u0002&1\u0001AaBA\u0014\u0019\t\u0007\u0011\u0011\u0006\u0002\u0002\u0003F!\u00111FA\u0019!\r!\u0013QF\u0005\u0004\u0003_)#a\u0002(pi\"Lgn\u001a\t\u0004I\u0005M\u0012bAA\u001bK\t\u0019\u0011I\\=\t\u000f\u0005\rA\u00021\u0001\u0002\u001c\u0005\u0001B/Y4SKF,Xm\u001d;IK\u0006$WM\u001d\u000b\u0007\u0003\u000b\ti$a\u0010\t\u000f\u0005\rQ\u00021\u0001\u0002\u0006!A\u0011\u0011I\u0007\u0005\u0002\u0004\t\u0019%A\u0003u_.,g\u000eE\u0003%\u0003\u000b\nI%C\u0002\u0002H\u0015\u0012\u0001\u0002\u00102z]\u0006lWM\u0010\t\u0004\u0005\u0006-\u0013bAA'!\n)Ak\\6f]\u0006QA/Y4SKF,Xm\u001d;\u0016\t\u0005M\u0013\u0011\f\u000b\u0007\u0003+\nY&!\u0018\u0011\r\u0005\u001d\u0011QDA,!\u0011\t\u0019#!\u0017\u0005\u000f\u0005\u001dbB1\u0001\u0002*!9\u00111\u0001\bA\u0002\u0005U\u0003bBA!\u001d\u0001\u0007\u0011\u0011J\u0001\u0017i\u0006<'+Z9vKN$x+\u001b;i\u001d\u0016<Hk\\6f]V!\u00111MA5)\u0011\t)'a\u001b\u0011\r\u0005\u001d\u0011QDA4!\u0011\t\u0019#!\u001b\u0005\u000f\u0005\u001drB1\u0001\u0002*!9\u00111A\bA\u0002\u0005\u0015\u0014\u0001\b;bOJ+\u0017/^3ti\"+\u0017\rZ3s/&$\bNT3x)>\\WM\u001c\u000b\u0005\u0003\u000b\t\t\bC\u0004\u0002\u0004A\u0001\r!!\u0002\u0015\t\u0005U\u0014\u0011\u0012\t\u0005\u0003o\n\u0019I\u0004\u0003\u0002z\u0005udbA#\u0002|%\u0019\u00111B\u0010\n\t\u0005}\u0014\u0011Q\u0001\u0005\u0011R$\bOC\u0002\u0002\f}IA!!\"\u0002\b\nq!+Z9vKN$()^5mI\u0016\u0014(\u0002BA@\u0003\u0003Cq!a#\u0012\u0001\u0004\t)(\u0001\bsKF,Xm\u001d;Ck&dG-\u001a:\u0002\u001b\u001d,g.\u001a:bi\u0016$vn[3o+\t\tI%\u0001\bhKRDU-\u00193feR{7.\u001a8\u0015\u0007Y\f)\nC\u0004\u0002\u0004M\u0001\r!!\u0002\u0002#I,\u0017/^5sKN\u001c5O\u001d4DQ\u0016\u001c7\u000eF\u0002r\u00037Cq!a\u0001\u0015\u0001\u0004\t)!\u0001\nbI\u0012$vn[3o)>\u0014Vm\u001d9p]N,GCBAQ\u0003O\u000bI\u000b\u0005\u0003\u0002\b\u0005\r\u0016\u0002BAS\u0003\u0013\u0011aAU3tk2$\bbBA\u0002+\u0001\u0007\u0011Q\u0001\u0005\b\u0003W+\u0002\u0019AAQ\u0003\u0019\u0011Xm];mi\u0006iR\r\u001f;sC\u000e$8)Y2iK\u000e{g\u000e\u001e:pY\u0012K'/Z2uSZ,7\u000f\u0006\u0003\u00022\u0006]\u0006\u0003\u0002\u0013\u00024fL1!!.&\u0005\u0015\t%O]1z\u0011\u0019\tIL\u0006a\u0001s\u0006Y\u0001.Z1eKJ4\u0016\r\\;f\u0003aI7oQ1dQ\u0016\f'\r\\3CsNC\u0017M]3e\u0007\u0006\u001c\u0007.\u001a\u000b\u0004c\u0006}\u0006bBAV/\u0001\u0007\u0011\u0011U\u0001\tSN\u001c\u0015m\u00195fIR\u0019\u0011/!2\t\u000f\u0005-\u0006\u00041\u0001\u0002\"\":\u0001$!3\u0002P\u0006M\u0007c\u0001\u0013\u0002L&\u0019\u0011QZ\u0013\u0003\u0015\u0011,\u0007O]3dCR,G-\t\u0002\u0002R\u0006\u0019#+\u001a8b[\u0016$\u0007\u0005^8!SN\u001c\u0015m\u00195fC\ndWMQ=TQ\u0006\u0014X\rZ\"bG\",\u0017EAAk\u0003\u0015\u0011d\u0006\u000f\u00181\u0003M\u0019G.Z1s)>\\WM\\%g\u0013:4\u0018\r\\5e)!\tY.a:\u0002j\u0006M\bCBAo\u0003G\f\t+\u0004\u0002\u0002`*\u0019\u0011\u0011]\u0013\u0002\u0015\r|gnY;se\u0016tG/\u0003\u0003\u0002f\u0006}'A\u0002$viV\u0014X\rC\u0004\u0002\u0004e\u0001\r!!\u0002\t\u000f\u0005-\u0018\u00041\u0001\u0002n\u0006aQM\u001d:pe\"\u000bg\u000e\u001a7feB\u0019!)a<\n\u0007\u0005E\bK\u0001\u0007FeJ|'\u000fS1oI2,'\u000f\u0003\u0004\u0002vf\u0001\r!_\u0001\u0004[N<\u0007")
/* loaded from: input_file:play/filters/csrf/CSRFActionHelper.class */
public class CSRFActionHelper {
    private final SessionConfiguration sessionConfiguration;
    private final CSRFConfig csrfConfig;
    private final CSRFTokenSigner tokenSigner;
    private final CSRF.TokenProvider tokenProvider;
    private final Set<String> NoCacheDirectives;

    private Set<String> NoCacheDirectives() {
        return this.NoCacheDirectives;
    }

    private boolean tokenIsHttpOnly() {
        return this.csrfConfig.cookieName().isDefined() ? this.csrfConfig.httpOnlyCookie() : this.sessionConfiguration.httpOnly();
    }

    public Option<String> getTokenToValidate(RequestHeader requestHeader) {
        Option option;
        Option map = CSRF$.MODULE$.getToken(requestHeader).map(token -> {
            return token.value();
        });
        Some cookieName = this.csrfConfig.cookieName();
        if (cookieName instanceof Some) {
            option = requestHeader.cookies().get((String) cookieName.value()).map(cookie -> {
                return cookie.value();
            });
        } else {
            if (!None$.MODULE$.equals(cookieName)) {
                throw new MatchError(cookieName);
            }
            option = requestHeader.session().get(this.csrfConfig.tokenName());
        }
        return option.orElse(() -> {
            return map;
        }).filter(str -> {
            return BoxesRunTime.boxToBoolean($anonfun$getTokenToValidate$4(this, str));
        });
    }

    public RequestHeader tagRequestFromHeader(RequestHeader requestHeader) {
        return (RequestHeader) getTokenToValidate(requestHeader).fold(() -> {
            return requestHeader;
        }, str -> {
            CSRF.Token token = new CSRF.Token(this.csrfConfig.tokenName(), str);
            RequestHeader tagRequestHeader = this.tagRequestHeader(requestHeader, () -> {
                return token;
            });
            return this.csrfConfig.signTokens() ? (RequestHeader) this.tokenSigner.extractSignedToken(token.value()).fold(() -> {
                return tagRequestHeader;
            }, str -> {
                return this.tagRequestHeader(tagRequestHeader, () -> {
                    return token.copy(token.copy$default$1(), this.tokenSigner.signToken(str));
                });
            }) : tagRequestHeader;
        });
    }

    public <A> Request<A> tagRequestFromHeader(Request<A> request) {
        return Request$.MODULE$.apply(tagRequestFromHeader((RequestHeader) request), request.body());
    }

    public RequestHeader tagRequestHeader(RequestHeader requestHeader, Function0<CSRF.Token> function0) {
        return requestHeader.addAttr(CSRF$Token$.MODULE$.InfoAttr(), CSRF$TokenInfo$.MODULE$.apply(function0));
    }

    public <A> Request<A> tagRequest(Request<A> request, CSRF.Token token) {
        return request.addAttr(CSRF$Token$.MODULE$.InfoAttr(), CSRF$TokenInfo$.MODULE$.apply(() -> {
            return token;
        }));
    }

    public <A> Request<A> tagRequestWithNewToken(Request<A> request) {
        return request.addAttr(CSRF$Token$.MODULE$.InfoAttr(), CSRF$TokenInfo$.MODULE$.apply(() -> {
            return this.generateToken();
        }));
    }

    public RequestHeader tagRequestHeaderWithNewToken(RequestHeader requestHeader) {
        return requestHeader.addAttr(CSRF$Token$.MODULE$.InfoAttr(), CSRF$TokenInfo$.MODULE$.apply(() -> {
            return this.generateToken();
        }));
    }

    public Http.RequestBuilder tagRequestWithNewToken(Http.RequestBuilder requestBuilder) {
        return requestBuilder.attr(new TypedKey(CSRF$Token$.MODULE$.InfoAttr()), CSRF$TokenInfo$.MODULE$.apply(() -> {
            return this.generateToken();
        }));
    }

    public CSRF.Token generateToken() {
        return new CSRF.Token(this.csrfConfig.tokenName(), this.tokenProvider.generateToken());
    }

    public Option<String> getHeaderToken(RequestHeader requestHeader) {
        Option queryString = requestHeader.getQueryString(this.csrfConfig.tokenName());
        Option option = requestHeader.headers().get(this.csrfConfig.headerName());
        return queryString.orElse(() -> {
            return option;
        });
    }

    public boolean requiresCsrfCheck(RequestHeader requestHeader) {
        if (!this.csrfConfig.bypassCorsTrustedOrigins() || !requestHeader.attrs().contains(CORSFilter$Attrs$.MODULE$.Origin())) {
            return BoxesRunTime.unboxToBoolean(this.csrfConfig.shouldProtect().apply(requestHeader));
        }
        CSRF$.MODULE$.filterLogger().trace(() -> {
            return "[CSRF] Bypassing check because CORSFilter request tag found";
        }, MarkerContext$.MODULE$.NoMarker());
        return false;
    }

    public Result addTokenToResponse(RequestHeader requestHeader, Result result) {
        Result result2;
        boolean z = false;
        Some some = null;
        Option option = requestHeader.attrs().get(CSRF$Token$.MODULE$.InfoAttr());
        if (None$.MODULE$.equals(option)) {
            CSRF$.MODULE$.filterLogger().warn(() -> {
                return "[CSRF] No token found on request!";
            }, MarkerContext$.MODULE$.NoMarker());
            result2 = result;
        } else {
            if (option instanceof Some) {
                z = true;
                some = (Some) option;
                CSRF.TokenInfo tokenInfo = (CSRF.TokenInfo) some.value();
                if (tokenIsHttpOnly() && (result.body() instanceof HttpEntity.Strict) && !tokenInfo.wasRendered()) {
                    CSRF$.MODULE$.filterLogger().trace(() -> {
                        return "[CSRF] Not emitting CSRF token because token was never rendered";
                    }, MarkerContext$.MODULE$.NoMarker());
                    result2 = result;
                }
            }
            if (isCacheableBySharedCache(result)) {
                CSRF$.MODULE$.filterLogger().trace(() -> {
                    return "[CSRF] Not adding token to response that might get cached by a shared cache (e.g. proxies)";
                }, MarkerContext$.MODULE$.NoMarker());
                result2 = result;
            } else {
                if (!z) {
                    throw new MatchError(option);
                }
                CSRF.Token token = ((CSRF.TokenInfo) some.value()).toToken();
                if (token == null) {
                    throw new MatchError(token);
                }
                Tuple2 tuple2 = new Tuple2(token.name(), token.value());
                String str = (String) tuple2._1();
                String str2 = (String) tuple2._2();
                CSRF$.MODULE$.filterLogger().trace(() -> {
                    return new StringBuilder(31).append("[CSRF] Adding token to result: ").append(result).toString();
                }, MarkerContext$.MODULE$.NoMarker());
                result2 = (Result) this.csrfConfig.cookieName().map(str3 -> {
                    return result.withCookies(ScalaRunTime$.MODULE$.wrapRefArray(new Cookie[]{new Cookie(str3, str2, Cookie$.MODULE$.apply$default$3(), this.sessionConfiguration.path(), this.sessionConfiguration.domain(), this.csrfConfig.secureCookie(), this.csrfConfig.httpOnlyCookie(), this.csrfConfig.sameSiteCookie())}));
                }).getOrElse(() -> {
                    return result.withSession(result.session(requestHeader).$plus(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(str), str2)));
                });
            }
        }
        return result2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String[] extractCacheControlDirectives(String str) {
        return (String[]) ArrayOps$.MODULE$.map$extension(Predef$.MODULE$.refArrayOps(str.toLowerCase(Locale.ROOT).split(",")), str2 -> {
            return str2.trim();
        }, ClassTag$.MODULE$.apply(String.class));
    }

    public boolean isCacheableBySharedCache(Result result) {
        return BoxesRunTime.unboxToBoolean(result.header().headers().get(HeaderNames$.MODULE$.CACHE_CONTROL()).map(str -> {
            return this.extractCacheControlDirectives(str);
        }).fold(() -> {
            return false;
        }, strArr -> {
            return BoxesRunTime.boxToBoolean($anonfun$isCacheableBySharedCache$3(this, strArr));
        }));
    }

    public boolean isCached(Result result) {
        return isCacheableBySharedCache(result);
    }

    public Future<Result> clearTokenIfInvalid(RequestHeader requestHeader, CSRF.ErrorHandler errorHandler, String str) {
        return errorHandler.handle(requestHeader, str).map(result -> {
            return (Result) CSRF$.MODULE$.getToken(requestHeader).fold(() -> {
                return (Result) this.csrfConfig.cookieName().flatMap(str2 -> {
                    return requestHeader.cookies().get(str2).map(cookie -> {
                        return result.discardingCookies(ScalaRunTime$.MODULE$.wrapRefArray(new DiscardingCookie[]{new DiscardingCookie(str2, this.sessionConfiguration.path(), this.sessionConfiguration.domain(), this.csrfConfig.secureCookie())}));
                    });
                }).getOrElse(() -> {
                    return result.withSession(result.session(requestHeader).$minus(this.csrfConfig.tokenName()));
                });
            }, token -> {
                return result;
            });
        }, Execution$Implicits$.MODULE$.trampoline());
    }

    public static final /* synthetic */ boolean $anonfun$getTokenToValidate$4(CSRFActionHelper cSRFActionHelper, String str) {
        return !cSRFActionHelper.csrfConfig.signTokens() || cSRFActionHelper.tokenSigner.extractSignedToken(str).isDefined();
    }

    public static final /* synthetic */ boolean $anonfun$isCacheableBySharedCache$4(CSRFActionHelper cSRFActionHelper, String str) {
        return cSRFActionHelper.NoCacheDirectives().contains(str);
    }

    public static final /* synthetic */ boolean $anonfun$isCacheableBySharedCache$3(CSRFActionHelper cSRFActionHelper, String[] strArr) {
        return !ArrayOps$.MODULE$.exists$extension(Predef$.MODULE$.refArrayOps(strArr), str -> {
            return BoxesRunTime.boxToBoolean($anonfun$isCacheableBySharedCache$4(cSRFActionHelper, str));
        });
    }

    public CSRFActionHelper(SessionConfiguration sessionConfiguration, CSRFConfig cSRFConfig, CSRFTokenSigner cSRFTokenSigner, CSRF.TokenProvider tokenProvider) {
        this.sessionConfiguration = sessionConfiguration;
        this.csrfConfig = cSRFConfig;
        this.tokenSigner = cSRFTokenSigner;
        this.tokenProvider = tokenProvider;
        this.NoCacheDirectives = (Set) Predef$.MODULE$.Set().apply(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{"no-cache", "no-store", "private"}));
    }

    public CSRFActionHelper(SessionConfiguration sessionConfiguration, CSRFConfig cSRFConfig, CSRFTokenSigner cSRFTokenSigner) {
        this(sessionConfiguration, cSRFConfig, cSRFTokenSigner, new CSRF.TokenProviderProvider(cSRFConfig, cSRFTokenSigner).m34get());
    }
}
