package org.pac4j.core.authorization.authorizer;

import java.util.List;
import java.util.Optional;
import org.pac4j.core.context.ContextHelper;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.profile.UserProfile;
import org.pac4j.core.util.Pac4jConstants;

/* loaded from: input_file:WEB-INF/lib/pac4j-core-4.0.3.jar:org/pac4j/core/authorization/authorizer/CsrfAuthorizer.class */
public class CsrfAuthorizer implements Authorizer<UserProfile> {
    private String parameterName;
    private String headerName;
    private boolean checkAllRequests;

    public CsrfAuthorizer() {
        this.parameterName = Pac4jConstants.CSRF_TOKEN;
        this.headerName = Pac4jConstants.CSRF_TOKEN;
        this.checkAllRequests = false;
    }

    public CsrfAuthorizer(String str, String str2) {
        this.parameterName = Pac4jConstants.CSRF_TOKEN;
        this.headerName = Pac4jConstants.CSRF_TOKEN;
        this.checkAllRequests = false;
        this.parameterName = str;
        this.headerName = str2;
    }

    public CsrfAuthorizer(String str, String str2, boolean z) {
        this(str, str2);
        this.checkAllRequests = z;
    }

    @Override // org.pac4j.core.authorization.authorizer.Authorizer
    public boolean isAuthorized(WebContext webContext, List<UserProfile> list) {
        if (!(this.checkAllRequests || ContextHelper.isPost(webContext) || ContextHelper.isPut(webContext) || ContextHelper.isPatch(webContext) || ContextHelper.isDelete(webContext))) {
            return true;
        }
        String orElse = webContext.getRequestParameter(this.parameterName).orElse(null);
        String orElse2 = webContext.getRequestHeader(this.headerName).orElse(null);
        Optional<Object> optional = webContext.getSessionStore().get(webContext, Pac4jConstants.CSRF_TOKEN);
        return optional.isPresent() && (((String) optional.get()).equals(orElse) || ((String) optional.get()).equals(orElse2));
    }

    public String getParameterName() {
        return this.parameterName;
    }

    public void setParameterName(String str) {
        this.parameterName = str;
    }

    public String getHeaderName() {
        return this.headerName;
    }

    public void setHeaderName(String str) {
        this.headerName = str;
    }

    public boolean isCheckAllRequests() {
        return this.checkAllRequests;
    }

    public void setCheckAllRequests(boolean z) {
        this.checkAllRequests = z;
    }
}
