package org.springframework.cloud.security.oauth2.gateway;

import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

@Component
/* loaded from: input_file:BOOT-INF/lib/spring-cloud-security-2.1.5.RELEASE.jar:org/springframework/cloud/security/oauth2/gateway/TokenRelayGatewayFilterFactory.class */
public class TokenRelayGatewayFilterFactory extends AbstractGatewayFilterFactory<Object> {
    private ServerOAuth2AuthorizedClientRepository authorizedClientRepository;

    public TokenRelayGatewayFilterFactory(ServerOAuth2AuthorizedClientRepository serverOAuth2AuthorizedClientRepository) {
        super(Object.class);
        this.authorizedClientRepository = serverOAuth2AuthorizedClientRepository;
    }

    public GatewayFilter apply() {
        return apply(null);
    }

    public GatewayFilter apply(Object obj) {
        return (serverWebExchange, gatewayFilterChain) -> {
            Mono defaultIfEmpty = serverWebExchange.getPrincipal().filter(principal -> {
                return principal instanceof OAuth2AuthenticationToken;
            }).cast(OAuth2AuthenticationToken.class).flatMap(oAuth2AuthenticationToken -> {
                return authorizedClient(serverWebExchange, oAuth2AuthenticationToken);
            }).map((v0) -> {
                return v0.getAccessToken();
            }).map(oAuth2AccessToken -> {
                return withBearerAuth(serverWebExchange, oAuth2AccessToken);
            }).defaultIfEmpty(serverWebExchange);
            gatewayFilterChain.getClass();
            return defaultIfEmpty.flatMap(gatewayFilterChain::filter);
        };
    }

    private Mono<OAuth2AuthorizedClient> authorizedClient(ServerWebExchange serverWebExchange, OAuth2AuthenticationToken oAuth2AuthenticationToken) {
        return this.authorizedClientRepository.loadAuthorizedClient(oAuth2AuthenticationToken.getAuthorizedClientRegistrationId(), oAuth2AuthenticationToken, serverWebExchange);
    }

    private ServerWebExchange withBearerAuth(ServerWebExchange serverWebExchange, OAuth2AccessToken oAuth2AccessToken) {
        return serverWebExchange.mutate().request(builder -> {
            builder.headers(httpHeaders -> {
                httpHeaders.setBearerAuth(oAuth2AccessToken.getTokenValue());
            });
        }).build();
    }
}
