package play.filters.csrf;

import akka.stream.Materializer;
import akka.stream.scaladsl.Flow;
import akka.stream.scaladsl.Flow$;
import akka.stream.scaladsl.Keep$;
import akka.stream.scaladsl.Sink$;
import akka.stream.scaladsl.Source;
import akka.util.ByteString;
import akka.util.ByteString$;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.Locale;
import play.api.MarkerContext$;
import play.api.MarkerContexts$SecurityMarkerContext$;
import play.api.http.SessionConfiguration;
import play.api.libs.crypto.CSRFTokenSigner;
import play.api.libs.streams.Accumulator;
import play.api.libs.streams.Accumulator$;
import play.api.mvc.EssentialAction;
import play.api.mvc.RequestHeader;
import play.api.mvc.Result;
import play.core.Execution$Implicits$;
import play.core.parsers.Multipart$PartInfoMatcher$;
import play.filters.csrf.CSRF;
import scala.Array$;
import scala.Function0;
import scala.Function1;
import scala.Function2;
import scala.Function4;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.StringContext;
import scala.Tuple2;
import scala.collection.SeqLike;
import scala.collection.immutable.List;
import scala.collection.immutable.Nil$;
import scala.math.Numeric$CharIsIntegral$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxesRunTime;

/* compiled from: CSRFActions.scala */
@ScalaSignature(bytes = "\u0006\u0003\u0005}f\u0001B\u0001\u0003\u0001%\u0011!bQ*S\r\u0006\u001bG/[8o\u0015\t\u0019A!\u0001\u0003dgJ4'BA\u0003\u0007\u0003\u001d1\u0017\u000e\u001c;feNT\u0011aB\u0001\u0005a2\f\u0017p\u0001\u0001\u0014\u0007\u0001Q\u0001\u0003\u0005\u0002\f\u001d5\tABC\u0001\u000e\u0003\u0015\u00198-\u00197b\u0013\tyAB\u0001\u0004B]f\u0014VM\u001a\t\u0003#Yi\u0011A\u0005\u0006\u0003'Q\t1!\u001c<d\u0015\t)b!A\u0002ba&L!a\u0006\n\u0003\u001f\u0015\u001b8/\u001a8uS\u0006d\u0017i\u0019;j_:D\u0001\"\u0007\u0001\u0003\u0002\u0003\u0006I\u0001E\u0001\u0005]\u0016DH\u000f\u0003\u0005\u001c\u0001\t\u0005\t\u0015!\u0003\u001d\u0003\u0019\u0019wN\u001c4jOB\u0011QDH\u0007\u0002\u0005%\u0011qD\u0001\u0002\u000b\u0007N\u0013fiQ8oM&<\u0007\u0002C\u0011\u0001\u0005\u0003\u0005\u000b\u0011\u0002\u0012\u0002\u0017Q|7.\u001a8TS\u001etWM\u001d\t\u0003G!j\u0011\u0001\n\u0006\u0003K\u0019\naa\u0019:zaR|'BA\u0014\u0015\u0003\u0011a\u0017NY:\n\u0005%\"#aD\"T%\u001a#vn[3o'&<g.\u001a:\t\u0011-\u0002!\u0011!Q\u0001\n1\nQ\u0002^8lK:\u0004&o\u001c<jI\u0016\u0014\bCA\u0017:\u001d\tqsG\u0004\u00020m9\u0011\u0001'\u000e\b\u0003cQj\u0011A\r\u0006\u0003g!\ta\u0001\u0010:p_Rt\u0014\"A\u0004\n\u0005\u00151\u0011BA\u0002\u0005\u0013\tA$!\u0001\u0003D'J3\u0015B\u0001\u001e<\u00055!vn[3o!J|g/\u001b3fe*\u0011\u0001H\u0001\u0005\t{\u0001\u0011\t\u0011)A\u0005}\u0005!2/Z:tS>t7i\u001c8gS\u001e,(/\u0019;j_:\u0004\"a\u0010\"\u000e\u0003\u0001S!!\u0011\u000b\u0002\t!$H\u000f]\u0005\u0003\u0007\u0002\u0013AcU3tg&|gnQ8oM&<WO]1uS>t\u0007\u0002C#\u0001\u0005\u0003%\u000b\u0011\u0002$\u0002\u0019\u0015\u0014(o\u001c:IC:$G.\u001a:\u0011\u0007-9\u0015*\u0003\u0002I\u0019\tAAHY=oC6,g\b\u0005\u0002.\u0015&\u00111j\u000f\u0002\r\u000bJ\u0014xN\u001d%b]\u0012dWM\u001d\u0005\t\u001b\u0002\u0011\t\u0011)A\u0006\u001d\u0006\u0019Q.\u0019;\u0011\u0005=#V\"\u0001)\u000b\u0005E\u0013\u0016AB:ue\u0016\fWNC\u0001T\u0003\u0011\t7n[1\n\u0005U\u0003&\u0001D'bi\u0016\u0014\u0018.\u00197ju\u0016\u0014\b\"B,\u0001\t\u0003A\u0016A\u0002\u001fj]&$h\bF\u0004Z9vsv\fY1\u0015\u0005i[\u0006CA\u000f\u0001\u0011\u0015ie\u000bq\u0001O\u0011\u0015Ib\u000b1\u0001\u0011\u0011\u001dYb\u000b%AA\u0002qAQ!\t,A\u0002\tBQa\u000b,A\u00021BQ!\u0010,A\u0002yBq!\u0012,\u0011\n\u0003\u0007a\t\u0003\u0005d\u0001!\u0015\r\u0011\"\u0001e\u0003A\u00197O\u001d4BGRLwN\u001c%fYB,'/F\u0001f!\tib-\u0003\u0002h\u0005\t\u00012i\u0015*G\u0003\u000e$\u0018n\u001c8IK2\u0004XM\u001d\u0005\u0006S\u0002!IA[\u0001\fG\",7m\u001b$bS2,G\rF\u0002lu~\u0004B\u0001\\8ro6\tQN\u0003\u0002oM\u000591\u000f\u001e:fC6\u001c\u0018B\u00019n\u0005-\t5mY;nk2\fGo\u001c:\u0011\u0005I,X\"A:\u000b\u0005Q\u0014\u0016\u0001B;uS2L!A^:\u0003\u0015\tKH/Z*ue&tw\r\u0005\u0002\u0012q&\u0011\u0011P\u0005\u0002\u0007%\u0016\u001cX\u000f\u001c;\t\u000bmD\u0007\u0019\u0001?\u0002\u0007I,\u0017\u000f\u0005\u0002\u0012{&\u0011aP\u0005\u0002\u000e%\u0016\fX/Z:u\u0011\u0016\fG-\u001a:\t\u000f\u0005\u0005\u0001\u000e1\u0001\u0002\u0004\u0005\u0019Qn]4\u0011\t\u0005\u0015\u0011Q\u0002\b\u0005\u0003\u000f\tI\u0001\u0005\u00022\u0019%\u0019\u00111\u0002\u0007\u0002\rA\u0013X\rZ3g\u0013\u0011\ty!!\u0005\u0003\rM#(/\u001b8h\u0015\r\tY\u0001\u0004\u0005\b\u0003+\u0001A\u0011AA\f\u0003\u0015\t\u0007\u000f\u001d7z)\rY\u0017\u0011\u0004\u0005\b\u00037\t\u0019\u00021\u0001}\u0003=)h\u000e^1hO\u0016$'+Z9vKN$\bbBA\u0010\u0001\u0011%\u0011\u0011E\u0001\u000eG\",7m\u001b$pe6\u0014u\u000eZ=\u0016\u0005\u0005\r\u0002CC\u0006\u0002&q\u0004\u00121AA\u0002W&\u0019\u0011q\u0005\u0007\u0003\u0013\u0019+hn\u0019;j_:$\u0004bBA\u0016\u0001\u0011%\u0011QF\u0001\u0013G\",7m['vYRL\u0007/\u0019:u\u0005>$\u0017\u0010F\u0005l\u0003_\t\u0019$a\u000e\u0002<!9\u0011\u0011GA\u0015\u0001\u0004a\u0018a\u0002:fcV,7\u000f\u001e\u0005\b\u0003k\tI\u00031\u0001\u0011\u0003\u0019\t7\r^5p]\"A\u0011\u0011HA\u0015\u0001\u0004\t\u0019!A\bu_.,gN\u0012:p[\"+\u0017\rZ3s\u0011!\ti$!\u000bA\u0002\u0005\r\u0011!\u0003;pW\u0016tg*Y7f\u0011\u001d\t\t\u0005\u0001C\u0005\u0003\u0007\n\u0011b\u00195fG.\u0014u\u000eZ=\u0016\t\u0005\u0015\u0013\u0011\r\u000b\u0005\u0003\u000f\n\t\u0006F\u0005l\u0003\u0013\nY%!\u0014\u0002P!9\u0011\u0011GA \u0001\u0004a\bbBA\u001b\u0003\u007f\u0001\r\u0001\u0005\u0005\t\u0003s\ty\u00041\u0001\u0002\u0004!A\u0011QHA \u0001\u0004\t\u0019\u0001\u0003\u0005\u0002T\u0005}\u0002\u0019AA+\u0003%)\u0007\u0010\u001e:bGR|'\u000f\u0005\u0005\f\u0003/\n\u00181AA.\u0013\r\tI\u0006\u0004\u0002\n\rVt7\r^5p]J\u0002RaCA/\u0003\u0007I1!a\u0018\r\u0005\u0019y\u0005\u000f^5p]\u0012A\u00111MA \u0005\u0004\t)GA\u0001U#\u0011\t9'!\u001c\u0011\u0007-\tI'C\u0002\u0002l1\u0011qAT8uQ&tw\rE\u0002\f\u0003_J1!!\u001d\r\u0005\r\te.\u001f\u0005\b\u0003k\u0002A\u0011BA<\u0003a)\u0007\u0010\u001e:bGR$vn[3o\rJ|WNR8s[\n{G-\u001f\u000b\u0007\u00037\nI(! \t\u000f\u0005m\u00141\u000fa\u0001c\u0006!!m\u001c3z\u0011!\ti$a\u001dA\u0002\u0005\r\u0001bBAA\u0001\u0011%\u00111Q\u0001&Kb$(/Y2u)>\\WM\u001c$s_6lU\u000f\u001c;ja\u0006\u0014HOR8s[\u0012\u000bG/\u0019\"pIf$B!!\"\u0002\fR1\u00111LAD\u0003\u0013Cq!a\u001f\u0002��\u0001\u0007\u0011\u000f\u0003\u0005\u0002>\u0005}\u0004\u0019AA\u0002\u0011\u001d\ti)a A\u0002E\f\u0001BY8v]\u0012\f'/_\u0004\n\u0003#\u0013\u0011\u0011!E\u0001\u0003'\u000b!bQ*S\r\u0006\u001bG/[8o!\ri\u0012Q\u0013\u0004\t\u0003\t\t\t\u0011#\u0001\u0002\u0018N\u0019\u0011Q\u0013\u0006\t\u000f]\u000b)\n\"\u0001\u0002\u001cR\u0011\u00111\u0013\u0005\u000b\u0003?\u000b)*%A\u0005\u0002\u0005\u0005\u0016a\u0007\u0013mKN\u001c\u0018N\\5uI\u001d\u0014X-\u0019;fe\u0012\"WMZ1vYR$#'\u0006\u0002\u0002$*\u001aA$!*,\u0005\u0005\u001d\u0006\u0003BAU\u0003gk!!a+\u000b\t\u00055\u0016qV\u0001\nk:\u001c\u0007.Z2lK\u0012T1!!-\r\u0003)\tgN\\8uCRLwN\\\u0005\u0005\u0003k\u000bYKA\tv]\u000eDWmY6fIZ\u000b'/[1oG\u0016D!\"!/\u0002\u0016F\u0005I\u0011AA^\u0003m!C.Z:tS:LG\u000fJ4sK\u0006$XM\u001d\u0013eK\u001a\fW\u000f\u001c;%mU\u0011\u0011Q\u0018\u0016\u0004\u0013\u0006\u0015\u0006")
/* loaded from: input_file:play/filters/csrf/CSRFAction.class */
public class CSRFAction implements EssentialAction {
    private CSRFActionHelper csrfActionHelper;
    private final EssentialAction next;
    private final CSRFConfig config;
    private final CSRFTokenSigner tokenSigner;
    private final CSRF.TokenProvider tokenProvider;
    private final SessionConfiguration sessionConfiguration;
    public final Function0<CSRF.ErrorHandler> play$filters$csrf$CSRFAction$$errorHandler;
    private final Materializer mat;
    private volatile boolean bitmap$0;

    public EssentialAction apply() {
        return EssentialAction.apply$(this);
    }

    public play.mvc.EssentialAction asJava() {
        return EssentialAction.asJava$(this);
    }

    public boolean apply$mcZD$sp(double d) {
        return Function1.apply$mcZD$sp$(this, d);
    }

    public double apply$mcDD$sp(double d) {
        return Function1.apply$mcDD$sp$(this, d);
    }

    public float apply$mcFD$sp(double d) {
        return Function1.apply$mcFD$sp$(this, d);
    }

    public int apply$mcID$sp(double d) {
        return Function1.apply$mcID$sp$(this, d);
    }

    public long apply$mcJD$sp(double d) {
        return Function1.apply$mcJD$sp$(this, d);
    }

    public void apply$mcVD$sp(double d) {
        Function1.apply$mcVD$sp$(this, d);
    }

    public boolean apply$mcZF$sp(float f) {
        return Function1.apply$mcZF$sp$(this, f);
    }

    public double apply$mcDF$sp(float f) {
        return Function1.apply$mcDF$sp$(this, f);
    }

    public float apply$mcFF$sp(float f) {
        return Function1.apply$mcFF$sp$(this, f);
    }

    public int apply$mcIF$sp(float f) {
        return Function1.apply$mcIF$sp$(this, f);
    }

    public long apply$mcJF$sp(float f) {
        return Function1.apply$mcJF$sp$(this, f);
    }

    public void apply$mcVF$sp(float f) {
        Function1.apply$mcVF$sp$(this, f);
    }

    public boolean apply$mcZI$sp(int i) {
        return Function1.apply$mcZI$sp$(this, i);
    }

    public double apply$mcDI$sp(int i) {
        return Function1.apply$mcDI$sp$(this, i);
    }

    public float apply$mcFI$sp(int i) {
        return Function1.apply$mcFI$sp$(this, i);
    }

    public int apply$mcII$sp(int i) {
        return Function1.apply$mcII$sp$(this, i);
    }

    public long apply$mcJI$sp(int i) {
        return Function1.apply$mcJI$sp$(this, i);
    }

    public void apply$mcVI$sp(int i) {
        Function1.apply$mcVI$sp$(this, i);
    }

    public boolean apply$mcZJ$sp(long j) {
        return Function1.apply$mcZJ$sp$(this, j);
    }

    public double apply$mcDJ$sp(long j) {
        return Function1.apply$mcDJ$sp$(this, j);
    }

    public float apply$mcFJ$sp(long j) {
        return Function1.apply$mcFJ$sp$(this, j);
    }

    public int apply$mcIJ$sp(long j) {
        return Function1.apply$mcIJ$sp$(this, j);
    }

    public long apply$mcJJ$sp(long j) {
        return Function1.apply$mcJJ$sp$(this, j);
    }

    public void apply$mcVJ$sp(long j) {
        Function1.apply$mcVJ$sp$(this, j);
    }

    public <A> Function1<A, Accumulator<ByteString, Result>> compose(Function1<A, RequestHeader> function1) {
        return Function1.compose$(this, function1);
    }

    public <A> Function1<RequestHeader, A> andThen(Function1<Accumulator<ByteString, Result>, A> function1) {
        return Function1.andThen$(this, function1);
    }

    public String toString() {
        return Function1.toString$(this);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v10, types: [play.filters.csrf.CSRFAction] */
    private CSRFActionHelper csrfActionHelper$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (!this.bitmap$0) {
                this.csrfActionHelper = new CSRFActionHelper(this.sessionConfiguration, this.config, this.tokenSigner, this.tokenProvider);
                r0 = this;
                r0.bitmap$0 = true;
            }
        }
        this.tokenSigner = null;
        this.sessionConfiguration = null;
        return this.csrfActionHelper;
    }

    public CSRFActionHelper csrfActionHelper() {
        return !this.bitmap$0 ? csrfActionHelper$lzycompute() : this.csrfActionHelper;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Accumulator<ByteString, Result> checkFailed(RequestHeader requestHeader, String str) {
        return Accumulator$.MODULE$.done(csrfActionHelper().clearTokenIfInvalid(requestHeader, (CSRF.ErrorHandler) this.play$filters$csrf$CSRFAction$$errorHandler.apply(), str));
    }

    public Accumulator<ByteString, Result> apply(RequestHeader requestHeader) {
        RequestHeader tagRequestFromHeader = csrfActionHelper().tagRequestFromHeader(requestHeader);
        if (BoxesRunTime.unboxToBoolean(this.config.checkMethod().apply(tagRequestFromHeader.method())) && BoxesRunTime.unboxToBoolean(this.config.checkContentType().apply(tagRequestFromHeader.contentType()))) {
            return !csrfActionHelper().requiresCsrfCheck(tagRequestFromHeader) ? continue$1(tagRequestFromHeader) : (Accumulator) csrfActionHelper().getTokenToValidate(tagRequestFromHeader).map(str -> {
                return (Accumulator) this.csrfActionHelper().getHeaderToken(tagRequestFromHeader).map(str -> {
                    if (this.tokenProvider.compareTokens(str, str)) {
                        CSRF$.MODULE$.filterLogger().trace(() -> {
                            return "[CSRF] Valid token found in query string";
                        }, MarkerContext$.MODULE$.NoMarker());
                        return this.continue$1(tagRequestFromHeader);
                    }
                    CSRF$.MODULE$.filterLogger().warn(() -> {
                        return "[CSRF] Check failed because invalid token found in query string: " + tagRequestFromHeader.uri();
                    }, MarkerContexts$SecurityMarkerContext$.MODULE$);
                    return this.checkFailed(tagRequestFromHeader, "Bad CSRF token found in query String");
                }).getOrElse(() -> {
                    Accumulator<ByteString, Result> checkFailed;
                    boolean z = false;
                    Some some = null;
                    Option contentType = tagRequestFromHeader.contentType();
                    if (contentType instanceof Some) {
                        z = true;
                        some = (Some) contentType;
                        if ("application/x-www-form-urlencoded".equals((String) some.value())) {
                            CSRF$.MODULE$.filterLogger().trace(() -> {
                                return new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"[CSRF] Check form body with url encoding"})).s(Nil$.MODULE$);
                            }, MarkerContext$.MODULE$.NoMarker());
                            checkFailed = (Accumulator) this.checkFormBody().apply(tagRequestFromHeader, this.next, str, this.config.tokenName());
                            return checkFailed;
                        }
                    }
                    if (z && "multipart/form-data".equals((String) some.value())) {
                        CSRF$.MODULE$.filterLogger().trace(() -> {
                            return new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"[CSRF] Check form body with multipart"})).s(Nil$.MODULE$);
                        }, MarkerContext$.MODULE$.NoMarker());
                        checkFailed = this.checkMultipartBody(tagRequestFromHeader, this.next, str, this.config.tokenName());
                    } else if (z) {
                        String str2 = (String) some.value();
                        CSRF$.MODULE$.filterLogger().warn(() -> {
                            return new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"[CSRF] Check failed because ", " for request "})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str2})) + tagRequestFromHeader.uri();
                        }, MarkerContexts$SecurityMarkerContext$.MODULE$);
                        checkFailed = this.checkFailed(tagRequestFromHeader, new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"No CSRF token found for ", " body"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str2})));
                    } else {
                        if (!None$.MODULE$.equals(contentType)) {
                            throw new MatchError(contentType);
                        }
                        CSRF$.MODULE$.filterLogger().warn(() -> {
                            return new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"[CSRF] Check failed because request without content type for "})).s(Nil$.MODULE$) + tagRequestFromHeader.uri();
                        }, MarkerContexts$SecurityMarkerContext$.MODULE$);
                        checkFailed = this.checkFailed(tagRequestFromHeader, new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"No CSRF token found for body without content type"})).s(Nil$.MODULE$));
                    }
                    return checkFailed;
                });
            }).getOrElse(() -> {
                CSRF$.MODULE$.filterLogger().warn(() -> {
                    return "[CSRF] Check failed because no token found in headers for " + tagRequestFromHeader.uri();
                }, MarkerContexts$SecurityMarkerContext$.MODULE$);
                return this.checkFailed(tagRequestFromHeader, "No CSRF token found in headers");
            });
        }
        if (csrfActionHelper().getTokenToValidate(tagRequestFromHeader).isEmpty() && BoxesRunTime.unboxToBoolean(this.config.createIfNotFound().apply(tagRequestFromHeader))) {
            RequestHeader tagRequestHeaderWithNewToken = csrfActionHelper().tagRequestHeaderWithNewToken(tagRequestFromHeader);
            return ((Accumulator) this.next.apply(tagRequestHeaderWithNewToken)).map(result -> {
                return this.csrfActionHelper().addTokenToResponse(tagRequestHeaderWithNewToken, result);
            }, Execution$Implicits$.MODULE$.trampoline());
        }
        CSRF$.MODULE$.filterLogger().trace(() -> {
            return "[CSRF] No check necessary";
        }, MarkerContext$.MODULE$.NoMarker());
        return (Accumulator) this.next.apply(tagRequestFromHeader);
    }

    private Function4<RequestHeader, EssentialAction, String, String, Accumulator<ByteString, Result>> checkFormBody() {
        Function2 function2 = (byteString, str) -> {
            return this.extractTokenFromFormBody(byteString, str);
        };
        return (requestHeader, essentialAction, str2, str3) -> {
            return this.checkBody(function2, requestHeader, essentialAction, str2, str3);
        };
    }

    private Accumulator<ByteString, Result> checkMultipartBody(RequestHeader requestHeader, EssentialAction essentialAction, String str, String str2) {
        return (Accumulator) requestHeader.mediaType().flatMap(mediaType -> {
            return mediaType.parameters().find(tuple2 -> {
                return BoxesRunTime.boxToBoolean($anonfun$checkMultipartBody$2(tuple2));
            }).flatMap(tuple22 -> {
                return ((Option) tuple22._2()).map(str3 -> {
                    ByteString apply = ByteString$.MODULE$.apply(str3);
                    return this.checkBody((byteString, str3) -> {
                        return this.extractTokenFromMultipartFormDataBody(apply, byteString, str3);
                    }, requestHeader, essentialAction, str, str2);
                });
            });
        }).getOrElse(() -> {
            return this.checkFailed(requestHeader, "No boundary found in multipart/form-data request");
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <T> Accumulator<ByteString, Result> checkBody(Function2<ByteString, String, Option<String>> function2, RequestHeader requestHeader, EssentialAction essentialAction, String str, String str2) {
        return Accumulator$.MODULE$.apply(((Flow) Flow$.MODULE$.apply().via(new BodyHandler(this.config, byteString -> {
            return BoxesRunTime.boxToBoolean($anonfun$checkBody$1(this, function2, requestHeader, str, str2, byteString));
        })).splitWhen(byteString2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$checkBody$6(byteString2));
        }).prefixAndTail(0).map(tuple2 -> {
            return (Source) tuple2._2();
        }).concatSubstreams()).toMat(Sink$.MODULE$.head(), Keep$.MODULE$.right())).mapFuture(source -> {
            CSRF$.MODULE$.filterLogger().trace(() -> {
                return new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"[CSRF] running with validated body source"})).s(Nil$.MODULE$);
            }, MarkerContext$.MODULE$.NoMarker());
            return ((Accumulator) essentialAction.apply(requestHeader)).run(source, this.mat);
        }, Execution$Implicits$.MODULE$.trampoline()).recoverWith(new CSRFAction$$anonfun$checkBody$10(this, requestHeader), Execution$Implicits$.MODULE$.trampoline());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Option<String> extractTokenFromFormBody(ByteString byteString, String str) {
        ByteString $plus$plus = ByteString$.MODULE$.apply(URLEncoder.encode(str, "utf-8")).$plus$plus(ByteString$.MODULE$.apply(Predef$.MODULE$.wrapCharArray(new char[]{'='}), Numeric$CharIsIntegral$.MODULE$));
        if (byteString.startsWith($plus$plus)) {
            return new Some(URLDecoder.decode(byteString.drop($plus$plus.size()).takeWhile(obj -> {
                return BoxesRunTime.boxToBoolean($anonfun$extractTokenFromFormBody$1(BoxesRunTime.unboxToByte(obj)));
            }).utf8String(), "utf-8"));
        }
        ByteString $plus$plus2 = ByteString$.MODULE$.apply(Predef$.MODULE$.wrapCharArray(new char[]{'&'}), Numeric$CharIsIntegral$.MODULE$).$plus$plus($plus$plus);
        int indexOfSlice = byteString.indexOfSlice($plus$plus2);
        return indexOfSlice == -1 ? None$.MODULE$ : new Some(URLDecoder.decode(byteString.drop(indexOfSlice + $plus$plus2.size()).takeWhile(obj2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$extractTokenFromFormBody$2(BoxesRunTime.unboxToByte(obj2)));
        }).utf8String(), "utf-8"));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Option<String> extractTokenFromMultipartFormDataBody(ByteString byteString, ByteString byteString2, String str) {
        ByteString apply = ByteString$.MODULE$.apply("\r\n");
        return findToken$1(0, str, apply, ByteString$.MODULE$.apply("\r\n--").$plus$plus(byteString), apply.$plus$plus(byteString2));
    }

    private final Accumulator continue$1(RequestHeader requestHeader) {
        return (Accumulator) this.next.apply(requestHeader);
    }

    public static final /* synthetic */ boolean $anonfun$checkMultipartBody$2(Tuple2 tuple2) {
        return ((String) tuple2._1()).equalsIgnoreCase("boundary");
    }

    public static final /* synthetic */ boolean $anonfun$checkBody$3(CSRFAction cSRFAction, String str, String str2) {
        return cSRFAction.tokenProvider.compareTokens(str2, str);
    }

    public static final /* synthetic */ boolean $anonfun$checkBody$1(CSRFAction cSRFAction, Function2 function2, RequestHeader requestHeader, String str, String str2, ByteString byteString) {
        if (BoxesRunTime.unboxToBoolean(((Option) function2.apply(byteString, str2)).fold(() -> {
            return false;
        }, str3 -> {
            return BoxesRunTime.boxToBoolean($anonfun$checkBody$3(cSRFAction, str, str3));
        }))) {
            CSRF$.MODULE$.filterLogger().trace(() -> {
                return "[CSRF] Valid token found in body";
            }, MarkerContext$.MODULE$.NoMarker());
            return true;
        }
        CSRF$.MODULE$.filterLogger().warn(() -> {
            return "[CSRF] Check failed because no or invalid token found in body for " + requestHeader.uri();
        }, MarkerContexts$SecurityMarkerContext$.MODULE$);
        return false;
    }

    public static final /* synthetic */ boolean $anonfun$checkBody$6(ByteString byteString) {
        return false;
    }

    public static final /* synthetic */ boolean $anonfun$extractTokenFromFormBody$1(byte b) {
        return b != 38;
    }

    public static final /* synthetic */ boolean $anonfun$extractTokenFromFormBody$2(byte b) {
        return b != 38;
    }

    private final Tuple2 extractHeaders$1(int i, ByteString byteString, ByteString byteString2) {
        while (!byteString2.startsWith(byteString, i)) {
            int indexOfSlice = byteString2.indexOfSlice(byteString, i);
            if (indexOfSlice == -1) {
                return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(BoxesRunTime.boxToInteger(i)), Nil$.MODULE$);
            }
            String[] split = byteString2.slice(i, indexOfSlice).utf8String().split(":", 2);
            Option unapplySeq = Array$.MODULE$.unapplySeq(split);
            if (unapplySeq.isEmpty() || unapplySeq.get() == null || ((SeqLike) unapplySeq.get()).lengthCompare(1) != 0) {
                Option unapplySeq2 = Array$.MODULE$.unapplySeq(split);
                if (unapplySeq2.isEmpty() || unapplySeq2.get() == null || ((SeqLike) unapplySeq2.get()).lengthCompare(2) != 0) {
                    throw new MatchError(split);
                }
                String str = (String) ((SeqLike) unapplySeq2.get()).apply(0);
                String str2 = (String) ((SeqLike) unapplySeq2.get()).apply(1);
                Tuple2 extractHeaders$1 = extractHeaders$1(indexOfSlice + 2, byteString, byteString2);
                if (extractHeaders$1 == null) {
                    throw new MatchError(extractHeaders$1);
                }
                int _1$mcI$sp = extractHeaders$1._1$mcI$sp();
                Tuple2 tuple2 = new Tuple2(BoxesRunTime.boxToInteger(_1$mcI$sp), (List) extractHeaders$1._2());
                return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(BoxesRunTime.boxToInteger(tuple2._1$mcI$sp())), ((List) tuple2._2()).$colon$colon(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(str.trim().toLowerCase(Locale.ENGLISH)), str2.trim())));
            }
            i = indexOfSlice + 2;
        }
        return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(BoxesRunTime.boxToInteger(i + 2)), Nil$.MODULE$);
    }

    private final Option findToken$1(int i, String str, ByteString byteString, ByteString byteString2, ByteString byteString3) {
        int _1$mcI$sp;
        while (true) {
            int indexOfSlice = byteString3.indexOfSlice(byteString2, i);
            switch (indexOfSlice) {
                case -1:
                    return None$.MODULE$;
                default:
                    int indexOfSlice2 = byteString3.indexOfSlice(byteString, indexOfSlice + byteString2.size());
                    if (indexOfSlice2 == -1) {
                        return None$.MODULE$;
                    }
                    Tuple2 extractHeaders$1 = extractHeaders$1(indexOfSlice2 + 2, byteString, byteString3);
                    if (extractHeaders$1 == null) {
                        throw new MatchError(extractHeaders$1);
                    }
                    Tuple2 tuple2 = new Tuple2(BoxesRunTime.boxToInteger(extractHeaders$1._1$mcI$sp()), (List) extractHeaders$1._2());
                    _1$mcI$sp = tuple2._1$mcI$sp();
                    Option unapply = Multipart$PartInfoMatcher$.MODULE$.unapply(((List) tuple2._2()).toMap(Predef$.MODULE$.$conforms()));
                    if (!unapply.isEmpty()) {
                        String str2 = (String) unapply.get();
                        if (str2 == null) {
                            if (str == null) {
                                break;
                            }
                        } else if (str2.equals(str)) {
                            break;
                        }
                    }
                    i = _1$mcI$sp;
            }
        }
        int indexOfSlice3 = byteString3.indexOfSlice(byteString2, _1$mcI$sp);
        return indexOfSlice3 == -1 ? None$.MODULE$ : new Some(byteString3.slice(_1$mcI$sp, indexOfSlice3).utf8String());
    }

    public CSRFAction(EssentialAction essentialAction, CSRFConfig cSRFConfig, CSRFTokenSigner cSRFTokenSigner, CSRF.TokenProvider tokenProvider, SessionConfiguration sessionConfiguration, Function0<CSRF.ErrorHandler> function0, Materializer materializer) {
        this.next = essentialAction;
        this.config = cSRFConfig;
        this.tokenSigner = cSRFTokenSigner;
        this.tokenProvider = tokenProvider;
        this.sessionConfiguration = sessionConfiguration;
        this.play$filters$csrf$CSRFAction$$errorHandler = function0;
        this.mat = materializer;
        Function1.$init$(this);
        EssentialAction.$init$(this);
    }
}
