package cn.insmart.iam.resource.fegin;

import cn.insmart.fx.common.lang.util.BooleanUtils;
import cn.insmart.fx.common.lang.util.Message;
import cn.insmart.fx.common.lang.util.StringUtils;
import cn.insmart.iam.common.constant.Claims;
import cn.insmart.iam.resource.config.ResourceServerAutoConfiguration;
import cn.insmart.iam.resource.service.ClientTokenService;
import feign.RequestInterceptor;
import feign.RequestTemplate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/iam-resource-starter-IAM.2022.2.16.jar:cn/insmart/iam/resource/fegin/FeignTokenInterceptor.class */
public class FeignTokenInterceptor implements RequestInterceptor {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) FeignTokenInterceptor.class);
    private static final String MIDDLE_PLATFORM_SERVICE_PREFIX = "is-mp-";
    private volatile int count = 0;

    @Override // feign.RequestInterceptor
    public void apply(RequestTemplate requestTemplate) {
        String token;
        ClientTokenService clientTokenService = ResourceServerAutoConfiguration.getClientTokenService();
        Assert.notNull(clientTokenService, "clientTokenService is null");
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        String name = requestTemplate.feignTarget().name();
        if (StringUtils.startsWith(name, MIDDLE_PLATFORM_SERVICE_PREFIX)) {
            log.debug("access middle platform({}), use service token", name);
            token = clientTokenService.getToken();
        } else if (authentication == null || (authentication instanceof AnonymousAuthenticationToken)) {
            log.debug("anonymous token, use service token");
            token = clientTokenService.getToken();
        } else {
            if (!(authentication instanceof JwtAuthenticationToken)) {
                throw new UnsupportedOperationException(Message.of("token {} not supported!", authentication));
            }
            log.debug("jwt token");
            Jwt token2 = ((JwtAuthenticationToken) authentication).getToken();
            if (token2.getClaims().containsKey(Claims.USER_ID)) {
                log.debug("user token, use it!");
                token = token2.getTokenValue();
            } else if (BooleanUtils.isTrue(token2.getClaimAsBoolean(Claims.BIZ_CLIENT))) {
                log.debug("biz client token, use it!");
                token = token2.getTokenValue();
            } else {
                log.debug("service(prev) token, use this service token");
                token = clientTokenService.getToken();
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("Bearer Token {}", StringUtils.mask(token));
        }
        requestTemplate.header("Authorization", "Bearer " + token);
    }
}
