package cn.insmart.iam.gateway.validator;

import cn.insmart.fx.common.exception.business.impl.UnauthorizedException;
import cn.insmart.fx.common.lang.util.Message;
import cn.insmart.iam.gateway.holder.ReactiveRequestContextHolder;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import java.util.Objects;
import org.springframework.cloud.gateway.route.Route;
import org.springframework.cloud.gateway.support.ServerWebExchangeUtils;
import org.springframework.stereotype.Component;
import reactor.core.publisher.Mono;

@Component
/* loaded from: input_file:cn/insmart/iam/gateway/validator/AudienceValidator.class */
public class AudienceValidator implements IClaimValidator {
    private static final UnauthorizedException AUD_EMPTY_EXCEPTION = new UnauthorizedException("Invalid token does not carry aud ids");
    private static final String DEFAULT_PREFIX = "ReactiveCompositeDiscoveryClient_";
    private static final String IAM_PREFIX = "iam-";

    @Override // cn.insmart.iam.gateway.validator.IClaimValidator
    public Mono<Boolean> validate(JSONObject jSONObject) {
        if (!jSONObject.containsKey("aud")) {
            return Mono.error(AUD_EMPTY_EXCEPTION);
        }
        JSONArray jSONArray = jSONObject.getJSONArray("aud");
        return ReactiveRequestContextHolder.getExchange().map(serverWebExchange -> {
            return ((Route) Objects.requireNonNull(serverWebExchange.getAttribute(ServerWebExchangeUtils.GATEWAY_ROUTE_ATTR))).getId();
        }).flatMap(str -> {
            return (str.startsWith(IAM_PREFIX) || jSONArray.contains(str) || jSONArray.contains(str.replace(DEFAULT_PREFIX, ""))) ? Mono.just(true) : Mono.error(createUnauthorizedException(str));
        });
    }

    public Exception createUnauthorizedException(String str) {
        return new UnauthorizedException(Message.of("Invalid token does not contain resource id ({})", new Object[]{str}));
    }
}
