package play.filters.csrf;

import akka.stream.Materializer;
import akka.stream.scaladsl.Flow;
import akka.stream.scaladsl.Flow$;
import akka.stream.scaladsl.Keep$;
import akka.stream.scaladsl.Sink$;
import akka.stream.scaladsl.Source;
import akka.util.ByteString;
import akka.util.ByteString$;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.Locale;
import play.api.MarkerContext$;
import play.api.MarkerContexts$SecurityMarkerContext$;
import play.api.http.SessionConfiguration;
import play.api.libs.crypto.CSRFTokenSigner;
import play.api.libs.streams.Accumulator;
import play.api.libs.streams.Accumulator$;
import play.api.mvc.EssentialAction;
import play.api.mvc.RequestHeader;
import play.api.mvc.Result;
import play.core.Execution$Implicits$;
import play.core.parsers.Multipart$PartInfoMatcher$;
import play.filters.csrf.CSRF;
import scala.$less$colon$less$;
import scala.Array;
import scala.Array$;
import scala.Array$UnapplySeqWrapper$;
import scala.Function0;
import scala.Function1;
import scala.Function2;
import scala.Function4;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Tuple2;
import scala.collection.immutable.List;
import scala.collection.immutable.Map;
import scala.collection.immutable.Nil$;
import scala.math.Numeric$CharIsIntegral$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxesRunTime;
import scala.runtime.ScalaRunTime$;

/* compiled from: CSRFActions.scala */
@ScalaSignature(bytes = "\u0006\u0005\u0005}f\u0001\u0002\f\u0018\u0001yA\u0001\"\f\u0001\u0003\u0002\u0003\u0006I!\n\u0005\t]\u0001\u0011\t\u0011)A\u0005_!A1\u0007\u0001B\u0001B\u0003%A\u0007\u0003\u0005=\u0001\t\u0005\t\u0015!\u0003>\u0011!i\u0005A!A!\u0002\u0013q\u0005\u0002\u0003+\u0001\u0005\u0003%\u000b\u0011B+\t\u0011m\u0003!\u0011!Q\u0001\fqCQ\u0001\u001a\u0001\u0005\u0002\u0015D\u0001b\u001c\u0001\t\u0006\u0004%\t\u0001\u001d\u0005\u0006i\u0002!I!\u001e\u0005\b\u0003S\u0001A\u0011AA\u0016\u0011\u001d\t\t\u0004\u0001C\u0005\u0003gAq!a\u000f\u0001\t\u0013\ti\u0004C\u0004\u0002P\u0001!I!!\u0015\t\u000f\u0005\u0005\u0005\u0001\"\u0003\u0002\u0004\"9\u00111\u0012\u0001\u0005\n\u00055u!CAM/\u0005\u0005\t\u0012AAN\r!1r#!A\t\u0002\u0005u\u0005B\u00023\u0013\t\u0003\ty\nC\u0005\u0002\"J\t\n\u0011\"\u0001\u0002$\"I\u0011\u0011\u0018\n\u0012\u0002\u0013\u0005\u00111\u0018\u0002\u000b\u0007N\u0013f)Q2uS>t'B\u0001\r\u001a\u0003\u0011\u00197O\u001d4\u000b\u0005iY\u0012a\u00024jYR,'o\u001d\u0006\u00029\u0005!\u0001\u000f\\1z\u0007\u0001\u00192\u0001A\u0010&!\t\u00013%D\u0001\"\u0015\u0005\u0011\u0013!B:dC2\f\u0017B\u0001\u0013\"\u0005\u0019\te.\u001f*fMB\u0011aeK\u0007\u0002O)\u0011\u0001&K\u0001\u0004[Z\u001c'B\u0001\u0016\u001c\u0003\r\t\u0007/[\u0005\u0003Y\u001d\u0012q\"R:tK:$\u0018.\u00197BGRLwN\\\u0001\u0005]\u0016DH/\u0001\u0004d_:4\u0017n\u001a\t\u0003aEj\u0011aF\u0005\u0003e]\u0011!bQ*S\r\u000e{gNZ5h\u0003-!xn[3o'&<g.\u001a:\u0011\u0005URT\"\u0001\u001c\u000b\u0005]B\u0014AB2ssB$xN\u0003\u0002:S\u0005!A.\u001b2t\u0013\tYdGA\bD'J3Ek\\6f]NKwM\\3s\u00035!xn[3o!J|g/\u001b3feB\u0011aH\u0013\b\u0003\u007f!s!\u0001Q$\u000f\u0005\u00053eB\u0001\"F\u001b\u0005\u0019%B\u0001#\u001e\u0003\u0019a$o\\8u}%\tA$\u0003\u0002\u001b7%\u0011\u0001$G\u0005\u0003\u0013^\tAaQ*S\r&\u00111\n\u0014\u0002\u000e)>\\WM\u001c)s_ZLG-\u001a:\u000b\u0005%;\u0012\u0001F:fgNLwN\\\"p]\u001aLw-\u001e:bi&|g\u000e\u0005\u0002P%6\t\u0001K\u0003\u0002RS\u0005!\u0001\u000e\u001e;q\u0013\t\u0019\u0006K\u0001\u000bTKN\u001c\u0018n\u001c8D_:4\u0017nZ;sCRLwN\\\u0001\rKJ\u0014xN\u001d%b]\u0012dWM\u001d\t\u0004AYC\u0016BA,\"\u0005!a$-\u001f8b[\u0016t\u0004C\u0001 Z\u0013\tQFJ\u0001\u0007FeJ|'\u000fS1oI2,'/A\u0002nCR\u0004\"!\u00182\u000e\u0003yS!a\u00181\u0002\rM$(/Z1n\u0015\u0005\t\u0017\u0001B1lW\u0006L!a\u00190\u0003\u00195\u000bG/\u001a:jC2L'0\u001a:\u0002\rqJg.\u001b;?)\u001d1\u0017N[6m[:$\"a\u001a5\u0011\u0005A\u0002\u0001\"B.\t\u0001\ba\u0006\"B\u0017\t\u0001\u0004)\u0003b\u0002\u0018\t!\u0003\u0005\ra\f\u0005\u0006g!\u0001\r\u0001\u000e\u0005\u0006y!\u0001\r!\u0010\u0005\u0006\u001b\"\u0001\rA\u0014\u0005\b)\"\u0001J\u00111\u0001V\u0003A\u00197O\u001d4BGRLwN\u001c%fYB,'/F\u0001r!\t\u0001$/\u0003\u0002t/\t\u00012i\u0015*G\u0003\u000e$\u0018n\u001c8IK2\u0004XM]\u0001\fG\",7m\u001b$bS2,G\rF\u0003w\u0003\u0017\t)\u0002E\u0003xur\f)!D\u0001y\u0015\tI\b(A\u0004tiJ,\u0017-\\:\n\u0005mD(aC!dGVlW\u000f\\1u_J\u00042!`A\u0001\u001b\u0005q(BA@a\u0003\u0011)H/\u001b7\n\u0007\u0005\raP\u0001\u0006CsR,7\u000b\u001e:j]\u001e\u00042AJA\u0004\u0013\r\tIa\n\u0002\u0007%\u0016\u001cX\u000f\u001c;\t\u000f\u00055!\u00021\u0001\u0002\u0010\u0005\u0019!/Z9\u0011\u0007\u0019\n\t\"C\u0002\u0002\u0014\u001d\u0012QBU3rk\u0016\u001cH\u000fS3bI\u0016\u0014\bbBA\f\u0015\u0001\u0007\u0011\u0011D\u0001\u0004[N<\u0007\u0003BA\u000e\u0003GqA!!\b\u0002 A\u0011!)I\u0005\u0004\u0003C\t\u0013A\u0002)sK\u0012,g-\u0003\u0003\u0002&\u0005\u001d\"AB*ue&twMC\u0002\u0002\"\u0005\nQ!\u00199qYf$2A^A\u0017\u0011\u001d\tyc\u0003a\u0001\u0003\u001f\tq\"\u001e8uC\u001e<W\r\u001a*fcV,7\u000f^\u0001\u000eG\",7m\u001b$pe6\u0014u\u000eZ=\u0016\u0005\u0005U\u0002c\u0003\u0011\u00028\u0005=Q%!\u0007\u0002\u001aYL1!!\u000f\"\u0005%1UO\\2uS>tG'\u0001\ndQ\u0016\u001c7.T;mi&\u0004\u0018M\u001d;C_\u0012LH#\u0003<\u0002@\u0005\r\u0013qIA&\u0011\u001d\t\t%\u0004a\u0001\u0003\u001f\tqA]3rk\u0016\u001cH\u000f\u0003\u0004\u0002F5\u0001\r!J\u0001\u0007C\u000e$\u0018n\u001c8\t\u000f\u0005%S\u00021\u0001\u0002\u001a\u0005yAo\\6f]\u001a\u0013x.\u001c%fC\u0012,'\u000fC\u0004\u0002N5\u0001\r!!\u0007\u0002\u0013Q|7.\u001a8OC6,\u0017!C2iK\u000e\\'i\u001c3z+\u0011\t\u0019&a\u001c\u0015\t\u0005U\u0013q\f\u000b\nm\u0006]\u0013\u0011LA.\u0003;Bq!!\u0011\u000f\u0001\u0004\ty\u0001\u0003\u0004\u0002F9\u0001\r!\n\u0005\b\u0003\u0013r\u0001\u0019AA\r\u0011\u001d\tiE\u0004a\u0001\u00033Aq!!\u0019\u000f\u0001\u0004\t\u0019'A\u0005fqR\u0014\u0018m\u0019;peBA\u0001%!\u001a}\u00033\tI'C\u0002\u0002h\u0005\u0012\u0011BR;oGRLwN\u001c\u001a\u0011\u000b\u0001\nY'!\u0007\n\u0007\u00055\u0014E\u0001\u0004PaRLwN\u001c\u0003\b\u0003cr!\u0019AA:\u0005\u0005!\u0016\u0003BA;\u0003w\u00022\u0001IA<\u0013\r\tI(\t\u0002\b\u001d>$\b.\u001b8h!\r\u0001\u0013QP\u0005\u0004\u0003\u007f\n#aA!os\u0006AR\r\u001f;sC\u000e$Hk\\6f]\u001a\u0013x.\u001c$pe6\u0014u\u000eZ=\u0015\r\u0005%\u0014QQAE\u0011\u0019\t9i\u0004a\u0001y\u0006!!m\u001c3z\u0011\u001d\tie\u0004a\u0001\u00033\tQ%\u001a=ue\u0006\u001cG\u000fV8lK:4%o\\7Nk2$\u0018\u000e]1si\u001a{'/\u001c#bi\u0006\u0014u\u000eZ=\u0015\t\u0005=\u0015Q\u0013\u000b\u0007\u0003S\n\t*a%\t\r\u0005\u001d\u0005\u00031\u0001}\u0011\u001d\ti\u0005\u0005a\u0001\u00033Aa!a&\u0011\u0001\u0004a\u0018\u0001\u00032pk:$\u0017M]=\u0002\u0015\r\u001b&KR!di&|g\u000e\u0005\u00021%M\u0011!c\b\u000b\u0003\u00037\u000b1\u0004\n7fgNLg.\u001b;%OJ,\u0017\r^3sI\u0011,g-Y;mi\u0012\u0012TCAASU\ry\u0013qU\u0016\u0003\u0003S\u0003B!a+\u000266\u0011\u0011Q\u0016\u0006\u0005\u0003_\u000b\t,A\u0005v]\u000eDWmY6fI*\u0019\u00111W\u0011\u0002\u0015\u0005tgn\u001c;bi&|g.\u0003\u0003\u00028\u00065&!E;oG\",7m[3e-\u0006\u0014\u0018.\u00198dK\u0006YB\u0005\\3tg&t\u0017\u000e\u001e\u0013he\u0016\fG/\u001a:%I\u00164\u0017-\u001e7uIY*\"!!0+\u0007a\u000b9\u000b")
/* loaded from: input_file:play/filters/csrf/CSRFAction.class */
public class CSRFAction implements EssentialAction {
    private CSRFActionHelper csrfActionHelper;
    private final EssentialAction next;
    private final CSRFConfig config;
    private CSRFTokenSigner tokenSigner;
    private final CSRF.TokenProvider tokenProvider;
    private SessionConfiguration sessionConfiguration;
    public final Function0<CSRF.ErrorHandler> play$filters$csrf$CSRFAction$$errorHandler;
    private final Materializer mat;
    private volatile boolean bitmap$0;

    public EssentialAction apply() {
        return EssentialAction.apply$(this);
    }

    public play.mvc.EssentialAction asJava() {
        return EssentialAction.asJava$(this);
    }

    public boolean apply$mcZD$sp(double d) {
        return Function1.apply$mcZD$sp$(this, d);
    }

    public double apply$mcDD$sp(double d) {
        return Function1.apply$mcDD$sp$(this, d);
    }

    public float apply$mcFD$sp(double d) {
        return Function1.apply$mcFD$sp$(this, d);
    }

    public int apply$mcID$sp(double d) {
        return Function1.apply$mcID$sp$(this, d);
    }

    public long apply$mcJD$sp(double d) {
        return Function1.apply$mcJD$sp$(this, d);
    }

    public void apply$mcVD$sp(double d) {
        Function1.apply$mcVD$sp$(this, d);
    }

    public boolean apply$mcZF$sp(float f) {
        return Function1.apply$mcZF$sp$(this, f);
    }

    public double apply$mcDF$sp(float f) {
        return Function1.apply$mcDF$sp$(this, f);
    }

    public float apply$mcFF$sp(float f) {
        return Function1.apply$mcFF$sp$(this, f);
    }

    public int apply$mcIF$sp(float f) {
        return Function1.apply$mcIF$sp$(this, f);
    }

    public long apply$mcJF$sp(float f) {
        return Function1.apply$mcJF$sp$(this, f);
    }

    public void apply$mcVF$sp(float f) {
        Function1.apply$mcVF$sp$(this, f);
    }

    public boolean apply$mcZI$sp(int i) {
        return Function1.apply$mcZI$sp$(this, i);
    }

    public double apply$mcDI$sp(int i) {
        return Function1.apply$mcDI$sp$(this, i);
    }

    public float apply$mcFI$sp(int i) {
        return Function1.apply$mcFI$sp$(this, i);
    }

    public int apply$mcII$sp(int i) {
        return Function1.apply$mcII$sp$(this, i);
    }

    public long apply$mcJI$sp(int i) {
        return Function1.apply$mcJI$sp$(this, i);
    }

    public void apply$mcVI$sp(int i) {
        Function1.apply$mcVI$sp$(this, i);
    }

    public boolean apply$mcZJ$sp(long j) {
        return Function1.apply$mcZJ$sp$(this, j);
    }

    public double apply$mcDJ$sp(long j) {
        return Function1.apply$mcDJ$sp$(this, j);
    }

    public float apply$mcFJ$sp(long j) {
        return Function1.apply$mcFJ$sp$(this, j);
    }

    public int apply$mcIJ$sp(long j) {
        return Function1.apply$mcIJ$sp$(this, j);
    }

    public long apply$mcJJ$sp(long j) {
        return Function1.apply$mcJJ$sp$(this, j);
    }

    public void apply$mcVJ$sp(long j) {
        Function1.apply$mcVJ$sp$(this, j);
    }

    public <A> Function1<A, Accumulator<ByteString, Result>> compose(Function1<A, RequestHeader> function1) {
        return Function1.compose$(this, function1);
    }

    public <A> Function1<RequestHeader, A> andThen(Function1<Accumulator<ByteString, Result>, A> function1) {
        return Function1.andThen$(this, function1);
    }

    public String toString() {
        return Function1.toString$(this);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v10, types: [play.filters.csrf.CSRFAction] */
    private CSRFActionHelper csrfActionHelper$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                this.csrfActionHelper = new CSRFActionHelper(this.sessionConfiguration, this.config, this.tokenSigner, this.tokenProvider);
                r0 = this;
                r0.bitmap$0 = true;
            }
        }
        this.tokenSigner = null;
        this.sessionConfiguration = null;
        return this.csrfActionHelper;
    }

    public CSRFActionHelper csrfActionHelper() {
        return !this.bitmap$0 ? csrfActionHelper$lzycompute() : this.csrfActionHelper;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Accumulator<ByteString, Result> checkFailed(RequestHeader requestHeader, String str) {
        return Accumulator$.MODULE$.done(csrfActionHelper().clearTokenIfInvalid(requestHeader, (CSRF.ErrorHandler) this.play$filters$csrf$CSRFAction$$errorHandler.apply(), str));
    }

    public Accumulator<ByteString, Result> apply(RequestHeader requestHeader) {
        RequestHeader tagRequestFromHeader = csrfActionHelper().tagRequestFromHeader(requestHeader);
        if (BoxesRunTime.unboxToBoolean(this.config.checkMethod().apply(tagRequestFromHeader.method())) && (BoxesRunTime.unboxToBoolean(this.config.checkContentType().apply(tagRequestFromHeader.contentType())) || csrfActionHelper().hasInvalidContentType(tagRequestFromHeader))) {
            return !csrfActionHelper().requiresCsrfCheck(tagRequestFromHeader) ? continue$1(tagRequestFromHeader) : (Accumulator) csrfActionHelper().getTokenToValidate(tagRequestFromHeader).map(str -> {
                return (Accumulator) this.csrfActionHelper().getHeaderToken(tagRequestFromHeader).map(str -> {
                    if (this.tokenProvider.compareTokens(str, str)) {
                        CSRF$.MODULE$.filterLogger().trace(() -> {
                            return "[CSRF] Valid token found in query string";
                        }, MarkerContext$.MODULE$.NoMarker());
                        return this.continue$1(tagRequestFromHeader);
                    }
                    CSRF$.MODULE$.filterLogger().warn(() -> {
                        return new StringBuilder(65).append("[CSRF] Check failed because invalid token found in query string: ").append(tagRequestFromHeader.uri()).toString();
                    }, MarkerContexts$SecurityMarkerContext$.MODULE$);
                    return this.checkFailed(tagRequestFromHeader, "Bad CSRF token found in query String");
                }).getOrElse(() -> {
                    Accumulator<ByteString, Result> checkFailed;
                    boolean z = false;
                    Some some = null;
                    Option contentType = tagRequestFromHeader.contentType();
                    if (contentType instanceof Some) {
                        z = true;
                        some = (Some) contentType;
                        if ("application/x-www-form-urlencoded".equals((String) some.value())) {
                            CSRF$.MODULE$.filterLogger().trace(() -> {
                                return "[CSRF] Check form body with url encoding";
                            }, MarkerContext$.MODULE$.NoMarker());
                            checkFailed = (Accumulator) this.checkFormBody().apply(tagRequestFromHeader, this.next, str, this.config.tokenName());
                            return checkFailed;
                        }
                    }
                    if (z && "multipart/form-data".equals((String) some.value())) {
                        CSRF$.MODULE$.filterLogger().trace(() -> {
                            return "[CSRF] Check form body with multipart";
                        }, MarkerContext$.MODULE$.NoMarker());
                        checkFailed = this.checkMultipartBody(tagRequestFromHeader, this.next, str, this.config.tokenName());
                    } else if (z) {
                        String str2 = (String) some.value();
                        CSRF$.MODULE$.filterLogger().warn(() -> {
                            return new StringBuilder(0).append(new StringBuilder(41).append("[CSRF] Check failed because ").append(str2).append(" for request ").toString()).append(tagRequestFromHeader.uri()).toString();
                        }, MarkerContexts$SecurityMarkerContext$.MODULE$);
                        checkFailed = this.checkFailed(tagRequestFromHeader, new StringBuilder(29).append("No CSRF token found for ").append(str2).append(" body").toString());
                    } else {
                        if (!None$.MODULE$.equals(contentType)) {
                            throw new MatchError(contentType);
                        }
                        CSRF$.MODULE$.filterLogger().warn(() -> {
                            return new StringBuilder(0).append("[CSRF] Check failed because request without content type for ").append(tagRequestFromHeader.uri()).toString();
                        }, MarkerContexts$SecurityMarkerContext$.MODULE$);
                        checkFailed = this.checkFailed(tagRequestFromHeader, "No CSRF token found for body without content type");
                    }
                    return checkFailed;
                });
            }).getOrElse(() -> {
                CSRF$.MODULE$.filterLogger().warn(() -> {
                    return new StringBuilder(58).append("[CSRF] Check failed because no token found in headers for ").append(tagRequestFromHeader.uri()).toString();
                }, MarkerContexts$SecurityMarkerContext$.MODULE$);
                return this.checkFailed(tagRequestFromHeader, "No CSRF token found in headers");
            });
        }
        if (csrfActionHelper().getTokenToValidate(tagRequestFromHeader).isEmpty() && BoxesRunTime.unboxToBoolean(this.config.createIfNotFound().apply(tagRequestFromHeader))) {
            RequestHeader tagRequestHeaderWithNewToken = csrfActionHelper().tagRequestHeaderWithNewToken(tagRequestFromHeader);
            return ((Accumulator) this.next.apply(tagRequestHeaderWithNewToken)).map(result -> {
                return this.csrfActionHelper().addTokenToResponse(tagRequestHeaderWithNewToken, result);
            }, Execution$Implicits$.MODULE$.trampoline());
        }
        CSRF$.MODULE$.filterLogger().trace(() -> {
            return "[CSRF] No check necessary";
        }, MarkerContext$.MODULE$.NoMarker());
        return (Accumulator) this.next.apply(tagRequestFromHeader);
    }

    private Function4<RequestHeader, EssentialAction, String, String, Accumulator<ByteString, Result>> checkFormBody() {
        Function2 function2 = (byteString, str) -> {
            return this.extractTokenFromFormBody(byteString, str);
        };
        return (requestHeader, essentialAction, str2, str3) -> {
            return this.checkBody(function2, requestHeader, essentialAction, str2, str3);
        };
    }

    private Accumulator<ByteString, Result> checkMultipartBody(RequestHeader requestHeader, EssentialAction essentialAction, String str, String str2) {
        return (Accumulator) requestHeader.mediaType().flatMap(mediaType -> {
            return mediaType.parameters().find(tuple2 -> {
                return BoxesRunTime.boxToBoolean($anonfun$checkMultipartBody$2(tuple2));
            }).flatMap(tuple22 -> {
                return ((Option) tuple22._2()).map(str3 -> {
                    ByteString apply = ByteString$.MODULE$.apply(str3);
                    return this.checkBody((byteString, str3) -> {
                        return this.extractTokenFromMultipartFormDataBody(apply, byteString, str3);
                    }, requestHeader, essentialAction, str, str2);
                });
            });
        }).getOrElse(() -> {
            return this.checkFailed(requestHeader, "No boundary found in multipart/form-data request");
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <T> Accumulator<ByteString, Result> checkBody(Function2<ByteString, String, Option<String>> function2, RequestHeader requestHeader, EssentialAction essentialAction, String str, String str2) {
        return Accumulator$.MODULE$.apply(((Flow) Flow$.MODULE$.apply().via(new BodyHandler(this.config, byteString -> {
            return BoxesRunTime.boxToBoolean($anonfun$checkBody$1(this, function2, str2, str, requestHeader, byteString));
        })).splitWhen(byteString2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$checkBody$6(byteString2));
        }).prefixAndTail(0).map(tuple2 -> {
            return (Source) tuple2._2();
        }).concatSubstreams()).toMat(Sink$.MODULE$.head(), Keep$.MODULE$.right())).mapFuture(source -> {
            CSRF$.MODULE$.filterLogger().trace(() -> {
                return "[CSRF] running with validated body source";
            }, MarkerContext$.MODULE$.NoMarker());
            return ((Accumulator) essentialAction.apply(requestHeader)).run(source, this.mat);
        }, Execution$Implicits$.MODULE$.trampoline()).recoverWith(new CSRFAction$$anonfun$checkBody$10(this, requestHeader), Execution$Implicits$.MODULE$.trampoline());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Option<String> extractTokenFromFormBody(ByteString byteString, String str) {
        ByteString $plus$plus = ByteString$.MODULE$.apply(URLEncoder.encode(str, "utf-8")).$plus$plus(ByteString$.MODULE$.apply(ScalaRunTime$.MODULE$.wrapCharArray(new char[]{'='}), Numeric$CharIsIntegral$.MODULE$));
        if (byteString.startsWith($plus$plus, byteString.startsWith$default$2())) {
            return new Some(URLDecoder.decode(byteString.drop($plus$plus.size()).takeWhile(obj -> {
                return BoxesRunTime.boxToBoolean($anonfun$extractTokenFromFormBody$1(BoxesRunTime.unboxToByte(obj)));
            }).utf8String(), "utf-8"));
        }
        ByteString $plus$plus2 = ByteString$.MODULE$.apply(ScalaRunTime$.MODULE$.wrapCharArray(new char[]{'&'}), Numeric$CharIsIntegral$.MODULE$).$plus$plus($plus$plus);
        int indexOfSlice = byteString.indexOfSlice($plus$plus2);
        return indexOfSlice == -1 ? None$.MODULE$ : new Some(URLDecoder.decode(byteString.drop(indexOfSlice + $plus$plus2.size()).takeWhile(obj2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$extractTokenFromFormBody$2(BoxesRunTime.unboxToByte(obj2)));
        }).utf8String(), "utf-8"));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Option<String> extractTokenFromMultipartFormDataBody(ByteString byteString, ByteString byteString2, String str) {
        ByteString apply = ByteString$.MODULE$.apply("\r\n");
        return findToken$1(0, apply.$plus$plus(byteString2), ByteString$.MODULE$.apply("\r\n--").$plus$plus(byteString), apply, str);
    }

    private final Accumulator continue$1(RequestHeader requestHeader) {
        return (Accumulator) this.next.apply(requestHeader);
    }

    public static final /* synthetic */ boolean $anonfun$checkMultipartBody$2(Tuple2 tuple2) {
        return ((String) tuple2._1()).equalsIgnoreCase("boundary");
    }

    public static final /* synthetic */ boolean $anonfun$checkBody$3(CSRFAction cSRFAction, String str, String str2) {
        return cSRFAction.tokenProvider.compareTokens(str2, str);
    }

    public static final /* synthetic */ boolean $anonfun$checkBody$1(CSRFAction cSRFAction, Function2 function2, String str, String str2, RequestHeader requestHeader, ByteString byteString) {
        if (BoxesRunTime.unboxToBoolean(((Option) function2.apply(byteString, str)).fold(() -> {
            return false;
        }, str3 -> {
            return BoxesRunTime.boxToBoolean($anonfun$checkBody$3(cSRFAction, str2, str3));
        }))) {
            CSRF$.MODULE$.filterLogger().trace(() -> {
                return "[CSRF] Valid token found in body";
            }, MarkerContext$.MODULE$.NoMarker());
            return true;
        }
        CSRF$.MODULE$.filterLogger().warn(() -> {
            return new StringBuilder(66).append("[CSRF] Check failed because no or invalid token found in body for ").append(requestHeader.uri()).toString();
        }, MarkerContexts$SecurityMarkerContext$.MODULE$);
        return false;
    }

    public static final /* synthetic */ boolean $anonfun$checkBody$6(ByteString byteString) {
        return false;
    }

    public static final /* synthetic */ boolean $anonfun$extractTokenFromFormBody$1(byte b) {
        return b != 38;
    }

    public static final /* synthetic */ boolean $anonfun$extractTokenFromFormBody$2(byte b) {
        return b != 38;
    }

    private final Tuple2 extractHeaders$1(int i, ByteString byteString, ByteString byteString2) {
        while (!byteString.startsWith(byteString2, i)) {
            int indexOfSlice = byteString.indexOfSlice(byteString2, i);
            if (indexOfSlice == -1) {
                return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(BoxesRunTime.boxToInteger(i)), Nil$.MODULE$);
            }
            String[] split = byteString.slice(i, indexOfSlice).utf8String().split(":", 2);
            if (split != null) {
                Object unapplySeq = Array$.MODULE$.unapplySeq(split);
                if (!Array$UnapplySeqWrapper$.MODULE$.isEmpty$extension(unapplySeq) && new Array.UnapplySeqWrapper(Array$UnapplySeqWrapper$.MODULE$.get$extension(unapplySeq)) != null && Array$UnapplySeqWrapper$.MODULE$.lengthCompare$extension(Array$UnapplySeqWrapper$.MODULE$.get$extension(unapplySeq), 1) == 0) {
                    i = indexOfSlice + 2;
                }
            }
            if (split != null) {
                Object unapplySeq2 = Array$.MODULE$.unapplySeq(split);
                if (!Array$UnapplySeqWrapper$.MODULE$.isEmpty$extension(unapplySeq2) && new Array.UnapplySeqWrapper(Array$UnapplySeqWrapper$.MODULE$.get$extension(unapplySeq2)) != null && Array$UnapplySeqWrapper$.MODULE$.lengthCompare$extension(Array$UnapplySeqWrapper$.MODULE$.get$extension(unapplySeq2), 2) == 0) {
                    String str = (String) Array$UnapplySeqWrapper$.MODULE$.apply$extension(Array$UnapplySeqWrapper$.MODULE$.get$extension(unapplySeq2), 0);
                    String str2 = (String) Array$UnapplySeqWrapper$.MODULE$.apply$extension(Array$UnapplySeqWrapper$.MODULE$.get$extension(unapplySeq2), 1);
                    Tuple2 extractHeaders$1 = extractHeaders$1(indexOfSlice + 2, byteString, byteString2);
                    if (extractHeaders$1 == null) {
                        throw new MatchError(extractHeaders$1);
                    }
                    int _1$mcI$sp = extractHeaders$1._1$mcI$sp();
                    Tuple2 tuple2 = new Tuple2(BoxesRunTime.boxToInteger(_1$mcI$sp), (List) extractHeaders$1._2());
                    return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(BoxesRunTime.boxToInteger(tuple2._1$mcI$sp())), ((List) tuple2._2()).$colon$colon(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(str.trim().toLowerCase(Locale.ENGLISH)), str2.trim())));
                }
            }
            throw new MatchError(split);
        }
        return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(BoxesRunTime.boxToInteger(i + 2)), Nil$.MODULE$);
    }

    private final Option findToken$1(int i, ByteString byteString, ByteString byteString2, ByteString byteString3, String str) {
        int _1$mcI$sp;
        while (true) {
            int indexOfSlice = byteString.indexOfSlice(byteString2, i);
            switch (indexOfSlice) {
                case -1:
                    return None$.MODULE$;
                default:
                    int indexOfSlice2 = byteString.indexOfSlice(byteString3, indexOfSlice + byteString2.size());
                    if (indexOfSlice2 == -1) {
                        return None$.MODULE$;
                    }
                    Tuple2 extractHeaders$1 = extractHeaders$1(indexOfSlice2 + 2, byteString, byteString3);
                    if (extractHeaders$1 == null) {
                        throw new MatchError(extractHeaders$1);
                    }
                    Tuple2 tuple2 = new Tuple2(BoxesRunTime.boxToInteger(extractHeaders$1._1$mcI$sp()), (List) extractHeaders$1._2());
                    _1$mcI$sp = tuple2._1$mcI$sp();
                    Map map = ((List) tuple2._2()).toMap($less$colon$less$.MODULE$.refl());
                    if (map != null) {
                        Option unapply = Multipart$PartInfoMatcher$.MODULE$.unapply(map);
                        if (unapply.isEmpty()) {
                            continue;
                        } else {
                            String str2 = (String) unapply.get();
                            if (str2 == null) {
                                if (str == null) {
                                    break;
                                }
                            } else if (str2.equals(str)) {
                                break;
                            }
                        }
                    }
                    i = _1$mcI$sp;
            }
        }
        int indexOfSlice3 = byteString.indexOfSlice(byteString2, _1$mcI$sp);
        return indexOfSlice3 == -1 ? None$.MODULE$ : new Some(byteString.slice(_1$mcI$sp, indexOfSlice3).utf8String());
    }

    public CSRFAction(EssentialAction essentialAction, CSRFConfig cSRFConfig, CSRFTokenSigner cSRFTokenSigner, CSRF.TokenProvider tokenProvider, SessionConfiguration sessionConfiguration, Function0<CSRF.ErrorHandler> function0, Materializer materializer) {
        this.next = essentialAction;
        this.config = cSRFConfig;
        this.tokenSigner = cSRFTokenSigner;
        this.tokenProvider = tokenProvider;
        this.sessionConfiguration = sessionConfiguration;
        this.play$filters$csrf$CSRFAction$$errorHandler = function0;
        this.mat = materializer;
        Function1.$init$(this);
        EssentialAction.$init$(this);
    }
}
