package org.minijax.security;

import java.io.IOException;
import javax.enterprise.context.RequestScoped;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.MediaType;
import org.minijax.MinijaxRequestContext;

@RequestScoped
/* loaded from: input_file:org/minijax/security/CsrfFilter.class */
class CsrfFilter implements ContainerRequestFilter {
    CsrfFilter() {
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        String authenticationScheme;
        MediaType mediaType;
        if (containerRequestContext.getMethod().equals("POST")) {
            MinijaxRequestContext minijaxRequestContext = (MinijaxRequestContext) containerRequestContext;
            Security security = (Security) minijaxRequestContext.get(Security.class);
            if (security.isLoggedIn() && (authenticationScheme = security.getAuthenticationScheme()) != null && authenticationScheme.equals("FORM") && (mediaType = minijaxRequestContext.getMediaType()) != null) {
                if (mediaType.isCompatible(MediaType.APPLICATION_FORM_URLENCODED_TYPE) || mediaType.isCompatible(MediaType.MULTIPART_FORM_DATA_TYPE)) {
                    security.validateSession(minijaxRequestContext.getForm().getString("csrf"));
                }
            }
        }
    }
}
