package io.github.icodegarden.commons.gateway.core.security;

import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.auth0.jwt.exceptions.TokenExpiredException;
import io.github.icodegarden.commons.lang.annotation.Nullable;
import io.github.icodegarden.commons.lang.spec.response.ClientParameterInvalidErrorCodeException;
import io.github.icodegarden.commons.springboot.exception.ErrorCodeAuthenticationException;
import io.github.icodegarden.commons.springboot.security.User;
import java.util.Map;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
import org.springframework.security.web.server.WebFilterExchange;
import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
import org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler;
import org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler;
import org.springframework.util.StringUtils;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;

/* loaded from: input_file:io/github/icodegarden/commons/gateway/core/security/JWTAuthenticationWebFilter.class */
public class JWTAuthenticationWebFilter implements WebFilter {
    private final AuthenticationWebFilter authenticationWebFilter = new AuthenticationWebFilter(new NoOpReactiveAuthenticationManager());

    /* loaded from: input_file:io/github/icodegarden/commons/gateway/core/security/JWTAuthenticationWebFilter$ApiResponseServerAuthenticationFailureHandler.class */
    private class ApiResponseServerAuthenticationFailureHandler implements ServerAuthenticationFailureHandler {
        private final ServerAuthenticationEntryPoint authenticationEntryPoint;

        public ApiResponseServerAuthenticationFailureHandler(ServerAuthenticationEntryPoint serverAuthenticationEntryPoint) {
            this.authenticationEntryPoint = serverAuthenticationEntryPoint;
        }

        public Mono<Void> onAuthenticationFailure(WebFilterExchange webFilterExchange, AuthenticationException authenticationException) {
            return this.authenticationEntryPoint.commence(webFilterExchange.getExchange(), authenticationException);
        }
    }

    /* loaded from: input_file:io/github/icodegarden/commons/gateway/core/security/JWTAuthenticationWebFilter$GatewayPreAuthenticatedServerAuthenticationSuccessHandler.class */
    private class GatewayPreAuthenticatedServerAuthenticationSuccessHandler implements ServerAuthenticationSuccessHandler {
        private GatewayPreAuthenticatedServerAuthenticationSuccessHandler() {
        }

        public Mono<Void> onAuthenticationSuccess(WebFilterExchange webFilterExchange, Authentication authentication) {
            return Mono.defer(() -> {
                WebFilterChain chain = webFilterExchange.getChain();
                ServerWebExchange exchange = webFilterExchange.getExchange();
                User user = (User) authentication.getPrincipal();
                Map map = (Map) authentication.getDetails();
                return chain.filter(exchange.mutate().request(exchange.getRequest().mutate().headers(httpHeaders -> {
                    httpHeaders.add("X-Auth-UserId", user.getUserId());
                    httpHeaders.add("X-Auth-Username", user.getUsername());
                    if (map != null) {
                        httpHeaders.add("X-Flow-Tag", (String) map.get("flowTag"));
                    }
                }).build()).build());
            });
        }
    }

    /* loaded from: input_file:io/github/icodegarden/commons/gateway/core/security/JWTAuthenticationWebFilter$JWTResolveServerAuthenticationConverter.class */
    private class JWTResolveServerAuthenticationConverter implements ServerAuthenticationConverter {
        private final JWTConfig jwtConfig;

        public JWTResolveServerAuthenticationConverter(JWTConfig jWTConfig) {
            this.jwtConfig = jWTConfig;
        }

        public Mono<Authentication> convert(ServerWebExchange serverWebExchange) {
            return Mono.defer(() -> {
                String jwt = JWTAuthenticationWebFilter.this.getJWT(serverWebExchange.getRequest());
                if (!StringUtils.hasText(jwt)) {
                    return Mono.empty();
                }
                try {
                    return Mono.just(new JWTResolver(this.jwtConfig, jwt).getAuthentication());
                } catch (JWTDecodeException | SignatureVerificationException e) {
                    throw new ErrorCodeAuthenticationException(new ClientParameterInvalidErrorCodeException(ClientParameterInvalidErrorCodeException.SubPair.INVALID_SIGNATURE.getSub_code(), "Not Authenticated, Token Invalid"));
                } catch (JWTVerificationException e2) {
                    throw new AuthenticationServiceException("Verification Token Error", e2);
                } catch (TokenExpiredException e3) {
                    throw new ErrorCodeAuthenticationException(new ClientParameterInvalidErrorCodeException(ClientParameterInvalidErrorCodeException.SubPair.INVALID_SIGNATURE.getSub_code(), "Not Authenticated, Token Expired"));
                }
            });
        }
    }

    /* loaded from: input_file:io/github/icodegarden/commons/gateway/core/security/JWTAuthenticationWebFilter$NoOpReactiveAuthenticationManager.class */
    private class NoOpReactiveAuthenticationManager implements ReactiveAuthenticationManager {
        private NoOpReactiveAuthenticationManager() {
        }

        public Mono<Authentication> authenticate(Authentication authentication) {
            return Mono.just(authentication);
        }
    }

    public JWTAuthenticationWebFilter(JWTConfig jWTConfig, ServerAuthenticationEntryPoint serverAuthenticationEntryPoint) {
        this.authenticationWebFilter.setServerAuthenticationConverter(new JWTResolveServerAuthenticationConverter(jWTConfig));
        this.authenticationWebFilter.setAuthenticationSuccessHandler(new GatewayPreAuthenticatedServerAuthenticationSuccessHandler());
        this.authenticationWebFilter.setAuthenticationFailureHandler(new ApiResponseServerAuthenticationFailureHandler(serverAuthenticationEntryPoint));
    }

    public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
        return this.authenticationWebFilter.filter(serverWebExchange, webFilterChain);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getJWT(ServerHttpRequest serverHttpRequest) {
        String first = serverHttpRequest.getHeaders().getFirst("Authorization");
        if (first != null) {
            return resolveBearerToken(first, " ");
        }
        return null;
    }

    private String resolveBearerToken(String str, @Nullable String str2) {
        if (str2 == null) {
            str2 = " ";
        }
        if (StringUtils.hasText(str) && str.startsWith("Bearer" + str2)) {
            return str.substring(7, str.length());
        }
        return null;
    }
}
