package org.springframework.cloud.security.oauth2.proxy;

import com.lowagie.text.html.HtmlTags;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import java.util.HashMap;
import java.util.Map;
import org.springframework.cloud.security.oauth2.proxy.ProxyAuthenticationProperties;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.OAuth2RestOperations;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;

/* loaded from: input_file:BOOT-INF/lib/spring-cloud-security-1.1.3.RELEASE.jar:org/springframework/cloud/security/oauth2/proxy/OAuth2TokenRelayFilter.class */
public class OAuth2TokenRelayFilter extends ZuulFilter {
    private static final String ACCESS_TOKEN = "ACCESS_TOKEN";
    private static final String TOKEN_TYPE = "TOKEN_TYPE";
    private Map<String, ProxyAuthenticationProperties.Route> routes;
    private OAuth2RestOperations restTemplate;

    public OAuth2TokenRelayFilter(ProxyAuthenticationProperties proxyAuthenticationProperties) {
        this.routes = new HashMap();
        this.routes = proxyAuthenticationProperties.getRoutes();
    }

    public void setRestTemplate(OAuth2RestOperations oAuth2RestOperations) {
        this.restTemplate = oAuth2RestOperations;
    }

    public int filterOrder() {
        return 10;
    }

    public String filterType() {
        return HtmlTags.PRE;
    }

    public boolean shouldFilter() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!(authentication instanceof OAuth2Authentication)) {
            return false;
        }
        Object details = authentication.getDetails();
        if (!(details instanceof OAuth2AuthenticationDetails)) {
            return false;
        }
        OAuth2AuthenticationDetails oAuth2AuthenticationDetails = (OAuth2AuthenticationDetails) details;
        RequestContext currentContext = RequestContext.getCurrentContext();
        if (currentContext.containsKey("proxy")) {
            String str = (String) currentContext.get("proxy");
            if (this.routes.containsKey(str) && !ProxyAuthenticationProperties.Route.Scheme.OAUTH2.matches(this.routes.get(str).getScheme())) {
                return false;
            }
        }
        currentContext.set(ACCESS_TOKEN, oAuth2AuthenticationDetails.getTokenValue());
        currentContext.set(TOKEN_TYPE, oAuth2AuthenticationDetails.getTokenType() == null ? "Bearer" : oAuth2AuthenticationDetails.getTokenType());
        return true;
    }

    public Object run() {
        RequestContext currentContext = RequestContext.getCurrentContext();
        currentContext.addZuulRequestHeader("authorization", currentContext.get(TOKEN_TYPE) + " " + getAccessToken(currentContext));
        return null;
    }

    private String getAccessToken(RequestContext requestContext) {
        String str = (String) requestContext.get(ACCESS_TOKEN);
        if (this.restTemplate != null) {
            if (this.restTemplate.getResource().getClientId().equals(((OAuth2Authentication) SecurityContextHolder.getContext().getAuthentication()).getOAuth2Request().getClientId())) {
                try {
                    str = this.restTemplate.getAccessToken().getValue();
                } catch (Exception e) {
                    throw new BadCredentialsException("Cannot obtain valid access token");
                }
            }
        }
        return str;
    }
}
