package de.superx.spring;

import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.web.util.matcher.RequestMatcher;

/* loaded from: input_file:de/superx/spring/CsRfRequestMatcher.class */
public class CsRfRequestMatcher implements RequestMatcher {
    private static Logger logger = LoggerFactory.getLogger(CsRfRequestMatcher.class);

    public boolean matches(HttpServletRequest httpServletRequest) {
        String method = httpServletRequest.getMethod();
        String header = httpServletRequest.getHeader("X-Requested-With");
        if ((header != null && header.equals("XMLHttpRequest")) || method.equals("OPTIONS")) {
            return false;
        }
        int indexOf = httpServletRequest.getRequestURL().indexOf("&");
        String stringBuffer = indexOf == -1 ? httpServletRequest.getRequestURL().toString() : httpServletRequest.getRequestURL().toString().substring(0, indexOf);
        return ((method.equals("GET") && !stringBuffer.endsWith("/control")) || stringBuffer.endsWith("/SuperXmlAnmeldung") || stringBuffer.endsWith("/SuperXmlAbmeldung") || stringBuffer.endsWith("/xml/his1/index.jsp") || stringBuffer.endsWith("/SuperXmlPwChanger") || stringBuffer.contains("/ds/api/")) ? false : true;
    }

    public static boolean isTrustedOrigin(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Origin");
        String header2 = httpServletRequest.getHeader("Host");
        logger.info("Origin: {} Host: {}", header);
        return header == null || header.endsWith("://" + header2);
    }
}
