package de.muenchen.oss.digiwf.gateway.configuration;

import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import lombok.Generated;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.http.HttpMethod;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

@Profile({"!no-security"})
@Configuration
/* loaded from: input_file:BOOT-INF/classes/de/muenchen/oss/digiwf/gateway/configuration/CsrfProtectionMatcher.class */
public class CsrfProtectionMatcher implements ServerWebExchangeMatcher {
    private static final Set<HttpMethod> ALLOWED_METHODS = new HashSet(Arrays.asList(HttpMethod.GET, HttpMethod.HEAD, HttpMethod.TRACE, HttpMethod.OPTIONS));
    private final SecurityProperties securityProperties;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/classes/de/muenchen/oss/digiwf/gateway/configuration/CsrfProtectionMatcher$MethodAndPath.class */
    public static final class MethodAndPath extends Record {
        private final HttpMethod method;
        private final String path;

        private MethodAndPath(HttpMethod httpMethod, String str) {
            this.method = httpMethod;
            this.path = str;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, MethodAndPath.class), MethodAndPath.class, "method;path", "FIELD:Lde/muenchen/oss/digiwf/gateway/configuration/CsrfProtectionMatcher$MethodAndPath;->method:Lorg/springframework/http/HttpMethod;", "FIELD:Lde/muenchen/oss/digiwf/gateway/configuration/CsrfProtectionMatcher$MethodAndPath;->path:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, MethodAndPath.class), MethodAndPath.class, "method;path", "FIELD:Lde/muenchen/oss/digiwf/gateway/configuration/CsrfProtectionMatcher$MethodAndPath;->method:Lorg/springframework/http/HttpMethod;", "FIELD:Lde/muenchen/oss/digiwf/gateway/configuration/CsrfProtectionMatcher$MethodAndPath;->path:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, MethodAndPath.class, Object.class), MethodAndPath.class, "method;path", "FIELD:Lde/muenchen/oss/digiwf/gateway/configuration/CsrfProtectionMatcher$MethodAndPath;->method:Lorg/springframework/http/HttpMethod;", "FIELD:Lde/muenchen/oss/digiwf/gateway/configuration/CsrfProtectionMatcher$MethodAndPath;->path:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public HttpMethod method() {
            return this.method;
        }

        public String path() {
            return this.path;
        }
    }

    @Override // org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher
    public Mono<ServerWebExchangeMatcher.MatchResult> matches(ServerWebExchange serverWebExchange) {
        return Mono.just(serverWebExchange.getRequest()).flatMap(serverHttpRequest -> {
            return Mono.justOrEmpty(new MethodAndPath(serverHttpRequest.getMethod(), serverHttpRequest.getPath().toString()));
        }).filter(methodAndPath -> {
            return ALLOWED_METHODS.contains(methodAndPath.method) || isWhitelisted(methodAndPath.path);
        }).flatMap(methodAndPath2 -> {
            return ServerWebExchangeMatcher.MatchResult.notMatch();
        }).switchIfEmpty(ServerWebExchangeMatcher.MatchResult.match());
    }

    private boolean isWhitelisted(String str) {
        Iterator<String> it = this.securityProperties.getCsrfWhitelisted().iterator();
        while (it.hasNext()) {
            if (new AntPathMatcher().match(it.next(), str)) {
                return true;
            }
        }
        return false;
    }

    @Generated
    public CsrfProtectionMatcher(SecurityProperties securityProperties) {
        this.securityProperties = securityProperties;
    }
}
