package org.springframework.cloud.gateway.filter.factory;

import java.util.Collections;
import java.util.List;
import java.util.Objects;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/springframework/cloud/gateway/filter/factory/TokenRelayGatewayFilterFactory.class */
public class TokenRelayGatewayFilterFactory extends AbstractGatewayFilterFactory<AbstractGatewayFilterFactory.NameConfig> {
    private final ObjectProvider<ReactiveOAuth2AuthorizedClientManager> clientManagerProvider;

    public TokenRelayGatewayFilterFactory(ObjectProvider<ReactiveOAuth2AuthorizedClientManager> objectProvider) {
        super(AbstractGatewayFilterFactory.NameConfig.class);
        this.clientManagerProvider = objectProvider;
    }

    @Override // org.springframework.cloud.gateway.support.ShortcutConfigurable
    public List<String> shortcutFieldOrder() {
        return Collections.singletonList("name");
    }

    public GatewayFilter apply() {
        return apply((AbstractGatewayFilterFactory.NameConfig) null);
    }

    @Override // org.springframework.cloud.gateway.filter.factory.GatewayFilterFactory
    public GatewayFilter apply(AbstractGatewayFilterFactory.NameConfig nameConfig) {
        String name = nameConfig == null ? null : nameConfig.getName();
        return (serverWebExchange, gatewayFilterChain) -> {
            Mono defaultIfEmpty = serverWebExchange.getPrincipal().filter(principal -> {
                return principal instanceof Authentication;
            }).cast(Authentication.class).flatMap(authentication -> {
                return authorizationRequest(name, authentication);
            }).flatMap(this::authorizedClient).map((v0) -> {
                return v0.getAccessToken();
            }).map(oAuth2AccessToken -> {
                return withBearerAuth(serverWebExchange, oAuth2AccessToken);
            }).defaultIfEmpty(serverWebExchange);
            Objects.requireNonNull(gatewayFilterChain);
            return defaultIfEmpty.flatMap(gatewayFilterChain::filter);
        };
    }

    private Mono<OAuth2AuthorizeRequest> authorizationRequest(String str, Authentication authentication) {
        String str2 = str;
        if (str2 == null && (authentication instanceof OAuth2AuthenticationToken)) {
            str2 = ((OAuth2AuthenticationToken) authentication).getAuthorizedClientRegistrationId();
        }
        return Mono.justOrEmpty(str2).map(OAuth2AuthorizeRequest::withClientRegistrationId).map(builder -> {
            return builder.principal(authentication).build();
        });
    }

    private Mono<OAuth2AuthorizedClient> authorizedClient(OAuth2AuthorizeRequest oAuth2AuthorizeRequest) {
        ReactiveOAuth2AuthorizedClientManager reactiveOAuth2AuthorizedClientManager = (ReactiveOAuth2AuthorizedClientManager) this.clientManagerProvider.getIfAvailable();
        return reactiveOAuth2AuthorizedClientManager == null ? Mono.error(new IllegalStateException("No ReactiveOAuth2AuthorizedClientManager bean was found. Did you include the org.springframework.boot:spring-boot-starter-oauth2-client dependency?")) : reactiveOAuth2AuthorizedClientManager.authorize(oAuth2AuthorizeRequest);
    }

    private ServerWebExchange withBearerAuth(ServerWebExchange serverWebExchange, OAuth2AccessToken oAuth2AccessToken) {
        return serverWebExchange.mutate().request(builder -> {
            builder.headers(httpHeaders -> {
                httpHeaders.setBearerAuth(oAuth2AccessToken.getTokenValue());
            });
        }).build();
    }
}
