package org.springframework.cloud.openfeign.security;

import feign.RequestInterceptor;
import feign.RequestTemplate;
import feign.Target;
import java.net.URI;
import java.util.Optional;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.config.Elements;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-cloud-openfeign-core-4.0.3.jar:org/springframework/cloud/openfeign/security/OAuth2AccessTokenInterceptor.class */
public class OAuth2AccessTokenInterceptor implements RequestInterceptor {
    public static final String BEARER = "Bearer";
    public static final String AUTHORIZATION = "Authorization";
    private final String tokenType;
    private final String header;
    private final String clientRegistrationId;
    private final OAuth2AuthorizedClientManager authorizedClientManager;
    private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken(Elements.ANONYMOUS, "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));

    public OAuth2AccessTokenInterceptor(OAuth2AuthorizedClientManager oAuth2AuthorizedClientManager) {
        this(null, oAuth2AuthorizedClientManager);
    }

    public OAuth2AccessTokenInterceptor(String str, OAuth2AuthorizedClientManager oAuth2AuthorizedClientManager) {
        this(BEARER, "Authorization", str, oAuth2AuthorizedClientManager);
    }

    public OAuth2AccessTokenInterceptor(String str, String str2, String str3, OAuth2AuthorizedClientManager oAuth2AuthorizedClientManager) {
        this.tokenType = str;
        this.header = str2;
        this.clientRegistrationId = str3;
        this.authorizedClientManager = oAuth2AuthorizedClientManager;
    }

    @Override // feign.RequestInterceptor
    public void apply(RequestTemplate requestTemplate) {
        String format = String.format("%s %s", this.tokenType, getToken(requestTemplate).getTokenValue());
        requestTemplate.header(this.header, new String[0]);
        requestTemplate.header(this.header, format);
    }

    public OAuth2AccessToken getToken(RequestTemplate requestTemplate) {
        OAuth2AccessToken token;
        if (StringUtils.hasText(this.clientRegistrationId) && (token = getToken(this.clientRegistrationId)) != null) {
            return token;
        }
        OAuth2AccessToken token2 = getToken(getServiceId(requestTemplate));
        if (token2 != null) {
            return token2;
        }
        throw new IllegalStateException("OAuth2 token has not been successfully acquired.");
    }

    protected OAuth2AccessToken getToken(String str) {
        if (!StringUtils.hasText(str)) {
            return null;
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            authentication = ANONYMOUS_AUTHENTICATION;
        }
        return (OAuth2AccessToken) Optional.ofNullable(this.authorizedClientManager.authorize(OAuth2AuthorizeRequest.withClientRegistrationId(str).principal(authentication).build())).map((v0) -> {
            return v0.getAccessToken();
        }).orElse(null);
    }

    private static String getServiceId(RequestTemplate requestTemplate) {
        Target<?> feignTarget = requestTemplate.feignTarget();
        Assert.notNull(feignTarget, "FeignTarget may not be null.");
        String url = feignTarget.url();
        Assert.hasLength(url, "Url may not be empty.");
        return URI.create(url).getHost();
    }
}
