package com.erudika.para.server.security;

import com.erudika.para.core.utils.Para;
import jakarta.servlet.http.HttpServletRequest;
import java.util.regex.Pattern;
import org.springframework.security.web.util.matcher.RegexRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

/* loaded from: input_file:com/erudika/para/server/security/CsrfProtectionRequestMatcher.class */
public final class CsrfProtectionRequestMatcher implements RequestMatcher {
    public static final RequestMatcher INSTANCE = new CsrfProtectionRequestMatcher();
    private final Pattern allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
    private final RegexRequestMatcher authEndpoints = new RegexRequestMatcher("^/\\w+_auth", (String) null, true);
    private final RegexRequestMatcher passAuthEndpoint = new RegexRequestMatcher("^/password_auth", (String) null, true);
    private final RegexRequestMatcher samlEndpoint = new RegexRequestMatcher("^/saml_auth.*", (String) null, true);
    private final RegexRequestMatcher samlMetaEndpoint = new RegexRequestMatcher("^/saml_metadata.*", (String) null, true);
    private final RegexRequestMatcher signinEndpoint = new RegexRequestMatcher("^" + Para.getConfig().signinPath() + ".*", (String) null, true);

    private CsrfProtectionRequestMatcher() {
    }

    public boolean matches(HttpServletRequest httpServletRequest) {
        return (!RestRequestMatcher.INSTANCE.matches(httpServletRequest) && !IgnoredRequestMatcher.INSTANCE.matches(httpServletRequest) && !this.samlMetaEndpoint.matches(httpServletRequest) && !this.samlEndpoint.matches(httpServletRequest) && !this.authEndpoints.matches(httpServletRequest) && !this.allowedMethods.matcher(httpServletRequest.getMethod()).matches()) || this.passAuthEndpoint.matches(httpServletRequest) || this.signinEndpoint.matches(httpServletRequest);
    }
}
