package io.soffa.platform.gateways.security;

import io.soffa.platform.core.security.TokenProvider;
import io.soffa.platform.core.security.model.DecodedToken;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* loaded from: input_file:io/soffa/platform/gateways/security/ServerHttpBearerAuthenticationConverter.class */
public class ServerHttpBearerAuthenticationConverter implements ServerAuthenticationConverter {
    private static final String BEARER = "Bearer ";
    private final TokenProvider tokenProvider;
    private static final Authentication ANONYMOUS = new UsernamePasswordAuthenticationToken("guest", "guest", Collections.singletonList(new SimpleGrantedAuthority("guest")));

    public ServerHttpBearerAuthenticationConverter(TokenProvider tokenProvider) {
        this.tokenProvider = tokenProvider;
    }

    public Mono<Authentication> convert(ServerWebExchange serverWebExchange) {
        return Mono.justOrEmpty(serverWebExchange.getRequest()).flatMap(serverHttpRequest -> {
            if (!serverHttpRequest.getHeaders().containsKey("Authorization")) {
                return Mono.just(ANONYMOUS);
            }
            String first = serverHttpRequest.getHeaders().getFirst("Authorization");
            return !first.startsWith(BEARER) ? Mono.just(ANONYMOUS) : this.tokenProvider.decode(first.substring(BEARER.length())).switchIfEmpty(Mono.just(DecodedToken.ANONYMOUS)).map(decodedToken -> {
                if (decodedToken == DecodedToken.ANONYMOUS) {
                    return ANONYMOUS;
                }
                ArrayList arrayList = new ArrayList();
                if (decodedToken.getRoles() != null) {
                    Iterator it = decodedToken.getRoles().iterator();
                    while (it.hasNext()) {
                        arrayList.add(new SimpleGrantedAuthority((String) it.next()));
                    }
                }
                return new UsernamePasswordAuthenticationToken(decodedToken.getUsername(), (Object) null, arrayList);
            });
        });
    }
}
