package io.getmedusa.medusa.core.filters;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import io.getmedusa.medusa.core.websocket.hydra.HydraConnection;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateKey;
import java.time.Duration;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.springframework.http.HttpCookie;
import org.springframework.http.ResponseCookie;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* loaded from: input_file:io/getmedusa/medusa/core/filters/JWTTokenInterpreter.class */
public class JWTTokenInterpreter extends AuthenticationWebFilter {
    static Cache<String, Authentication> cache = Caffeine.newBuilder().expireAfterWrite(5, TimeUnit.MINUTES).maximumSize(250).build();

    public static void clearCache() {
        cache.invalidateAll();
    }

    public JWTTokenInterpreter() {
        super(new KnownAuthenticationManager());
        setServerAuthenticationConverter(serverWebExchange -> {
            List list = (List) serverWebExchange.getRequest().getCookies().getOrDefault("HYDRA-SSO", new ArrayList());
            if (list.isEmpty()) {
                return reject(serverWebExchange);
            }
            String value = ((HttpCookie) list.get(0)).getValue();
            Authentication authentication = (Authentication) cache.get(value, str -> {
                return verifyToken(value);
            });
            return authentication == null ? reject(serverWebExchange) : Mono.just(authentication);
        });
    }

    private Mono<Authentication> reject(ServerWebExchange serverWebExchange) {
        serverWebExchange.getResponse().addCookie(ResponseCookie.from("Referer", serverWebExchange.getRequest().getPath().toString()).httpOnly(true).maxAge(Duration.ofMinutes(4L)).build());
        return Mono.empty();
    }

    private PreAuthenticatedAuthenticationToken verifyToken(String str) {
        try {
            DecodedJWT verify = JWT.require(Algorithm.RSA256(HydraConnection.publicKey, (RSAPrivateKey) null)).withIssuer("hydra").build().verify(str);
            if (verify == null) {
                return null;
            }
            return new PreAuthenticatedAuthenticationToken(verify.getClaim("username").asString(), new SecureRandom(), buildAuthorities((String[]) verify.getClaim("roles").asArray(String.class)));
        } catch (Exception e) {
            return null;
        }
    }

    private List<SimpleGrantedAuthority> buildAuthorities(String[] strArr) {
        ArrayList arrayList = new ArrayList();
        if (strArr.length == 0) {
            return arrayList;
        }
        for (String str : strArr) {
            arrayList.add(new SimpleGrantedAuthority(str.toUpperCase()));
        }
        return arrayList;
    }
}
