package dev.macula.boot.starter.cloud.gateway.security;

import cn.hutool.core.date.DateUtil;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jwt.JWTClaimsSet;
import java.util.Date;
import java.util.Map;
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* loaded from: input_file:dev/macula/boot/starter/cloud/gateway/security/AddJwtFilter.class */
public class AddJwtFilter implements GlobalFilter, Ordered {
    private static final Logger log = LoggerFactory.getLogger(AddJwtFilter.class);
    private final String jwtSecret;

    public Mono<Void> filter(ServerWebExchange serverWebExchange, GatewayFilterChain gatewayFilterChain) {
        if (!serverWebExchange.getRequest().getHeaders().containsKey("Authorization")) {
            return gatewayFilterChain.filter(serverWebExchange);
        }
        Mono map = ReactiveSecurityContextHolder.getContext().map((v0) -> {
            return v0.getAuthentication();
        }).cast(BearerTokenAuthentication.class).map((v0) -> {
            return v0.getPrincipal();
        });
        Class<OAuth2AuthenticatedPrincipal> cls = OAuth2AuthenticatedPrincipal.class;
        OAuth2AuthenticatedPrincipal.class.getClass();
        return map.filter(cls::isInstance).cast(OAuth2AuthenticatedPrincipal.class).switchIfEmpty(Mono.error(new BadCredentialsException("Bad Credentials"))).flatMap(oAuth2AuthenticatedPrincipal -> {
            return gatewayFilterChain.filter(serverWebExchange.mutate().request(serverWebExchange.getRequest().mutate().header("Authorization", new String[]{"Bearer " + generateJwtToken(oAuth2AuthenticatedPrincipal)}).build()).build());
        });
    }

    private String generateJwtToken(OAuth2AuthenticatedPrincipal oAuth2AuthenticatedPrincipal) {
        JWTClaimsSet.Builder jwtID = new JWTClaimsSet.Builder().jwtID(UUID.randomUUID().toString());
        Map attributes = oAuth2AuthenticatedPrincipal.getAttributes();
        jwtID.getClass();
        attributes.forEach(jwtID::claim);
        jwtID.expirationTime(DateUtil.offsetMonth(new Date(), 12));
        jwtID.issueTime(new Date());
        JWSObject jWSObject = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.HS256).type(JOSEObjectType.JWT).build(), jwtID.build().toPayload());
        jWSObject.sign(new MACSigner(this.jwtSecret));
        return jWSObject.serialize();
    }

    public int getOrder() {
        return 0;
    }

    public AddJwtFilter(String str) {
        this.jwtSecret = str;
    }
}
