package top.zenyoung.security.webflux.converter;

import com.google.common.base.Strings;
import javax.annotation.Nonnull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
import top.zenyoung.security.webflux.AuthenticationManager;
import top.zenyoung.security.webflux.model.TokenAuthentication;
import top.zenyoung.security.webflux.model.TokenUserDetails;

/* loaded from: input_file:top/zenyoung/security/webflux/converter/JwtTokenAuthenticationConverter.class */
public class JwtTokenAuthenticationConverter implements ServerAuthenticationConverter {
    private static final Logger log = LoggerFactory.getLogger(JwtTokenAuthenticationConverter.class);
    private static final String TOKEN_HEADER_NAME = "Authorization";
    private final AuthenticationManager authenticationManager;
    private final ServerWebExchangeMatcher exchangeMatcher;

    public JwtTokenAuthenticationConverter(@Nonnull AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
        String[] whiteUrls = authenticationManager.getWhiteUrls();
        this.exchangeMatcher = (whiteUrls == null || whiteUrls.length == 0) ? null : ServerWebExchangeMatchers.pathMatchers(whiteUrls);
    }

    public Mono<Authentication> convert(@Nonnull ServerWebExchange serverWebExchange) {
        ServerHttpRequest request = serverWebExchange.getRequest();
        String first = request.getHeaders().getFirst(TOKEN_HEADER_NAME);
        return Strings.isNullOrEmpty(first) ? Mono.empty() : this.exchangeMatcher != null ? this.exchangeMatcher.matches(serverWebExchange).filter(matchResult -> {
            return !matchResult.isMatch();
        }).map(matchResult2 -> {
            return parseToken(first);
        }).switchIfEmpty(Mono.empty()).onErrorResume(th -> {
            return fallback(request, first, th);
        }) : Mono.just(parseToken(first)).onErrorResume(th2 -> {
            return fallback(request, first, th2);
        });
    }

    private Mono<? extends Authentication> fallback(@Nonnull ServerHttpRequest serverHttpRequest, @Nonnull String str, @Nonnull Throwable th) {
        log.warn("fallback(request-path: {},authorization: " + str + ")-exp: {}", serverHttpRequest.getPath(), th.getMessage());
        return Mono.error(new AuthenticationException(th.getMessage(), th) { // from class: top.zenyoung.security.webflux.converter.JwtTokenAuthenticationConverter.1
        });
    }

    @Nonnull
    protected Authentication parseToken(@Nonnull String str) {
        log.debug("parseToken(authorization: {})...", str);
        TokenUserDetails tokenUserDetails = new TokenUserDetails(this.authenticationManager.getTokenGenerator().parseToken(str));
        return new TokenAuthentication(tokenUserDetails, null, tokenUserDetails.getAuthorities());
    }
}
