package securesocial.core.java;

import com.fasterxml.jackson.databind.node.ObjectNode;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import play.Logger;
import play.api.libs.oauth.ServiceInfo;
import play.i18n.Messages;
import play.libs.F;
import play.libs.Json;
import play.libs.Scala;
import play.mvc.Action;
import play.mvc.Http;
import play.mvc.Result;
import play.mvc.With;
import scala.Option;
import scala.util.Either;
import securesocial.core.Authenticator;
import securesocial.core.Identity;
import securesocial.core.IdentityProvider;
import securesocial.core.SecureSocial$;
import securesocial.core.UserService$;
import securesocial.core.providers.utils.RoutesHelper;

/* loaded from: input_file:securesocial/core/java/SecureSocial.class */
public class SecureSocial {
    public static final String USER_KEY = "securesocial.user";
    static final String ORIGINAL_URL = "original-url";

    /* loaded from: input_file:securesocial/core/java/SecureSocial$Secured.class */
    public static class Secured extends Action<SecuredAction> {
        public F.Promise<Result> call(Http.Context context) throws Throwable {
            try {
                SecureSocial.fixHttpContext(context);
                Authenticator authenticatorFromRequest = SecureSocial.getAuthenticatorFromRequest(context);
                Identity currentUser = authenticatorFromRequest != null ? SecureSocial.currentUser(authenticatorFromRequest) : null;
                if (currentUser == null) {
                    if (Logger.isDebugEnabled()) {
                        Logger.debug("[securesocial] anonymous user trying to access : " + context.request().uri());
                    }
                    if (((SecuredAction) this.configuration).ajaxCall()) {
                        F.Promise<Result> pure = F.Promise.pure(unauthorized(SecureSocial.access$300()));
                        Http.Context.current.set(null);
                        return pure;
                    }
                    context.flash().put("error", Messages.get("securesocial.loginRequired", new Object[0]));
                    context.session().put(SecureSocial.ORIGINAL_URL, context.request().uri());
                    F.Promise<Result> pure2 = F.Promise.pure(redirect(RoutesHelper.login().absoluteURL(context.request(), IdentityProvider.sslEnabled())));
                    Http.Context.current.set(null);
                    return pure2;
                }
                if (((SecuredAction) this.configuration).authorization().newInstance().isAuthorized(currentUser, ((SecuredAction) this.configuration).params())) {
                    context.args.put(SecureSocial.USER_KEY, currentUser);
                    SecureSocial.touch(authenticatorFromRequest);
                    F.Promise<Result> call = this.delegate.call(context);
                    Http.Context.current.set(null);
                    return call;
                }
                if (((SecuredAction) this.configuration).ajaxCall()) {
                    F.Promise<Result> pure3 = F.Promise.pure(forbidden(SecureSocial.access$500()));
                    Http.Context.current.set(null);
                    return pure3;
                }
                F.Promise<Result> pure4 = F.Promise.pure(redirect(RoutesHelper.notAuthorized()));
                Http.Context.current.set(null);
                return pure4;
            } catch (Throwable th) {
                Http.Context.current.set(null);
                throw th;
            }
        }
    }

    @Target({ElementType.TYPE, ElementType.METHOD})
    @With({Secured.class})
    @Retention(RetentionPolicy.RUNTIME)
    /* loaded from: input_file:securesocial/core/java/SecureSocial$SecuredAction.class */
    public @interface SecuredAction {
        boolean ajaxCall() default false;

        Class<? extends Authorization> authorization() default DummyAuthorization.class;

        String[] params() default {};
    }

    /* loaded from: input_file:securesocial/core/java/SecureSocial$UserAware.class */
    public static class UserAware extends Action<UserAwareAction> {
        public F.Promise<Result> call(Http.Context context) throws Throwable {
            SecureSocial.fixHttpContext(context);
            try {
                Authenticator authenticatorFromRequest = SecureSocial.getAuthenticatorFromRequest(context);
                Identity currentUser = authenticatorFromRequest != null ? SecureSocial.currentUser(authenticatorFromRequest) : null;
                if (currentUser != null) {
                    SecureSocial.touch(authenticatorFromRequest);
                    context.args.put(SecureSocial.USER_KEY, currentUser);
                }
                F.Promise<Result> call = this.delegate.call(context);
                Http.Context.current.set(null);
                return call;
            } catch (Throwable th) {
                Http.Context.current.set(null);
                throw th;
            }
        }
    }

    @Target({ElementType.TYPE, ElementType.METHOD})
    @With({UserAware.class})
    @Retention(RetentionPolicy.RUNTIME)
    /* loaded from: input_file:securesocial/core/java/SecureSocial$UserAwareAction.class */
    public @interface UserAwareAction {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Authenticator getAuthenticatorFromRequest(Http.Context context) {
        Http.Cookie cookie = context.request().cookies().get(Authenticator.cookieName());
        Authenticator authenticator = null;
        if (cookie != null) {
            Either<Error, Option<Authenticator>> find = Authenticator.find(cookie.value());
            if (find.isRight()) {
                authenticator = (Authenticator) Scala.orNull((Option) find.right().get());
                if (authenticator != null && !authenticator.isValid()) {
                    Authenticator.delete(authenticator.id());
                    context.response().discardCookie(Authenticator.cookieName(), Authenticator.cookiePath(), (String) Scala.orNull(Authenticator.cookieDomain()), Authenticator.cookieSecure());
                    authenticator = null;
                }
            }
        }
        return authenticator;
    }

    public static Identity currentUser() {
        return currentUser(getAuthenticatorFromRequest(Http.Context.current()));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Identity currentUser(Authenticator authenticator) {
        Identity identity = null;
        if (authenticator != null) {
            identity = (Identity) Scala.orNull(UserService$.MODULE$.find(authenticator.identityId()));
        }
        return identity;
    }

    public static ServiceInfo serviceInfoFor(Identity identity) {
        return (ServiceInfo) Scala.orNull(SecureSocial$.MODULE$.serviceInfoFor(identity));
    }

    private static ObjectNode ajaxCallNotAuthenticated() {
        ObjectNode newObject = Json.newObject();
        newObject.put("error", "Credentials required");
        return newObject;
    }

    private static ObjectNode ajaxCallNotAuthorized() {
        ObjectNode newObject = Json.newObject();
        newObject.put("error", "Not authorized");
        return newObject;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void fixHttpContext(Http.Context context) {
        Http.Context.current.set(context);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void touch(Authenticator authenticator) {
        Authenticator.save(authenticator.touch());
    }

    static /* synthetic */ ObjectNode access$300() {
        return ajaxCallNotAuthenticated();
    }

    static /* synthetic */ ObjectNode access$500() {
        return ajaxCallNotAuthorized();
    }
}
