package com.atlassian.pipelines.bitbucket.client.core;

import com.atlassian.jwt.SigningAlgorithm;
import com.atlassian.jwt.core.TimeUtil;
import com.atlassian.jwt.core.writer.JsonSmartJwtJsonBuilder;
import com.atlassian.jwt.core.writer.JwtClaimsBuilder;
import com.atlassian.jwt.core.writer.NimbusJwtWriterFactory;
import com.atlassian.jwt.httpclient.CanonicalHttpUriRequest;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import org.springframework.web.reactive.function.client.ClientRequest;
import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/atlassian/pipelines/bitbucket/client/core/JwtHeaderInterceptor.class */
public final class JwtHeaderInterceptor {
    private static final long ISSUED_AT_OFFSET_SECONDS = -10;
    private static final long EXPIRATION_TIME_OFFSET_SECONDS = 180;

    /* loaded from: input_file:com/atlassian/pipelines/bitbucket/client/core/JwtHeaderInterceptor$JwtHeader.class */
    public static final class JwtHeader {
        public static final String ADDON_KEY = "JWT_ADDON_KEY";
        public static final String CLIENT_KEY = "JWT_CLIENT_KEY";
        public static final String SHARED_SECRET = "JWT_SHARED_SECRET";

        private JwtHeader() {
        }
    }

    private JwtHeaderInterceptor() {
    }

    private static String authorizationHeader(String str, String str2, String str3, String str4, String str5) {
        JsonSmartJwtJsonBuilder jsonSmartJwtJsonBuilder = new JsonSmartJwtJsonBuilder();
        jsonSmartJwtJsonBuilder.issuedAt(TimeUtil.currentTimePlusNSeconds(ISSUED_AT_OFFSET_SECONDS));
        jsonSmartJwtJsonBuilder.expirationTime(TimeUtil.currentTimePlusNSeconds(EXPIRATION_TIME_OFFSET_SECONDS));
        jsonSmartJwtJsonBuilder.issuer(str);
        jsonSmartJwtJsonBuilder.subject(str2);
        try {
            JwtClaimsBuilder.appendHttpRequestClaims(jsonSmartJwtJsonBuilder, new CanonicalHttpUriRequest(str4, str5, ""));
            return "JWT " + new NimbusJwtWriterFactory().macSigningWriter(SigningAlgorithm.HS256, str3).jsonToJwt(jsonSmartJwtJsonBuilder.build());
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException("An unsupported character encoding was requested for token generation.");
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("An incorrect algorithm was requested for token generation.");
        }
    }

    public static ExchangeFilterFunction exchangeFilter() {
        return ExchangeFilterFunction.ofRequestProcessor(clientRequest -> {
            if (clientRequest.headers().containsKey("Authorization")) {
                return Mono.just(clientRequest);
            }
            String authorizationHeader = authorizationHeader(clientRequest.headers().getFirst(JwtHeader.ADDON_KEY), clientRequest.headers().getFirst(JwtHeader.CLIENT_KEY), clientRequest.headers().getFirst(JwtHeader.SHARED_SECRET), clientRequest.method().name(), clientRequest.url().toASCIIString());
            return Mono.just(ClientRequest.from(clientRequest).headers(httpHeaders -> {
                httpHeaders.add("Authorization", authorizationHeader);
                httpHeaders.remove(JwtHeader.ADDON_KEY);
                httpHeaders.remove(JwtHeader.CLIENT_KEY);
                httpHeaders.remove(JwtHeader.SHARED_SECRET);
            }).build());
        });
    }
}
