package io.github.icodegarden.commons.gateway.core.security.jwt;

import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.auth0.jwt.exceptions.TokenExpiredException;
import io.github.icodegarden.commons.gateway.spi.JWTAuthenticationConverter;
import io.github.icodegarden.commons.gateway.spi.JWTTokenExtractor;
import io.github.icodegarden.commons.lang.spec.response.ClientParameterInvalidErrorCodeException;
import io.github.icodegarden.commons.springboot.exception.ErrorCodeAuthenticationException;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
import org.springframework.util.StringUtils;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* loaded from: input_file:io/github/icodegarden/commons/gateway/core/security/jwt/JWTServerAuthenticationConverter.class */
public class JWTServerAuthenticationConverter implements ServerAuthenticationConverter {
    private final String secretKey;
    private final JWTTokenExtractor jwtTokenExtractor;
    private final JWTAuthenticationConverter jwtAuthenticationConverter;

    public JWTServerAuthenticationConverter(String str, JWTTokenExtractor jWTTokenExtractor, JWTAuthenticationConverter jWTAuthenticationConverter) {
        this.secretKey = str;
        this.jwtTokenExtractor = jWTTokenExtractor;
        this.jwtAuthenticationConverter = jWTAuthenticationConverter;
    }

    public Mono<Authentication> convert(ServerWebExchange serverWebExchange) {
        return Mono.defer(() -> {
            String extract = this.jwtTokenExtractor.extract(serverWebExchange);
            if (!StringUtils.hasText(extract)) {
                return Mono.empty();
            }
            try {
                return Mono.just(this.jwtAuthenticationConverter.convertAuthentication(JWTDecoder.decode(this.secretKey, extract)));
            } catch (TokenExpiredException e) {
                throw new ErrorCodeAuthenticationException(new ClientParameterInvalidErrorCodeException(ClientParameterInvalidErrorCodeException.SubPair.INVALID_SIGNATURE.getSub_code(), "Not Authenticated, Token Expired"));
            } catch (JWTVerificationException e2) {
                throw new AuthenticationServiceException("Verification Token Error", e2);
            } catch (JWTDecodeException | SignatureVerificationException e3) {
                throw new ErrorCodeAuthenticationException(new ClientParameterInvalidErrorCodeException(ClientParameterInvalidErrorCodeException.SubPair.INVALID_SIGNATURE.getSub_code(), "Not Authenticated, Token Invalid"));
            }
        });
    }
}
