package com.evolveum.midpoint.web.security.filter;

import com.evolveum.midpoint.model.api.authentication.MidpointAuthentication;
import com.evolveum.midpoint.util.exception.SystemException;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.util.matcher.RequestMatcher;

/* loaded from: input_file:WEB-INF/classes/com/evolveum/midpoint/web/security/filter/UseCsrfFilterOnlyForAuthenticatedRequest.class */
public class UseCsrfFilterOnlyForAuthenticatedRequest implements RequestMatcher {
    private final RequestMatcher requireCsrfProtectionMatcher = CsrfFilter.DEFAULT_CSRF_MATCHER;

    @Override // org.springframework.security.web.util.matcher.RequestMatcher
    public boolean matches(HttpServletRequest httpServletRequest) {
        MidpointAuthentication midpointAuthentication = getMidpointAuthentication();
        if (midpointAuthentication == null || !midpointAuthentication.isAuthenticated()) {
            return false;
        }
        return this.requireCsrfProtectionMatcher.matches(httpServletRequest);
    }

    @Override // org.springframework.security.web.util.matcher.RequestMatcher
    public RequestMatcher.MatchResult matcher(HttpServletRequest httpServletRequest) {
        return this.requireCsrfProtectionMatcher.matcher(httpServletRequest);
    }

    public static MidpointAuthentication getMidpointAuthentication() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication instanceof MidpointAuthentication) {
            return (MidpointAuthentication) authentication;
        }
        throw new SystemException("web.security.flexAuth.auth.wrong.type");
    }
}
