package org.activiti.cloud.gateway;

import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
import org.keycloak.admin.client.resource.BearerAuthFilter;
import org.springframework.cloud.netflix.zuul.filters.support.FilterConstants;

/* loaded from: input_file:BOOT-INF/classes/org/activiti/cloud/gateway/KeycloakFilterRoute.class */
public class KeycloakFilterRoute extends ZuulFilter {
    private static final String AUTHORIZATION_HEADER = "Authorization";

    @Override // com.netflix.zuul.ZuulFilter
    public String filterType() {
        return FilterConstants.ROUTE_TYPE;
    }

    @Override // com.netflix.zuul.ZuulFilter
    public int filterOrder() {
        return 1;
    }

    @Override // com.netflix.zuul.IZuulFilter
    public boolean shouldFilter() {
        return true;
    }

    @Override // com.netflix.zuul.IZuulFilter
    public Object run() {
        RequestContext currentContext = RequestContext.getCurrentContext();
        currentContext.getRequest();
        if (currentContext.getRequest().getHeader("Authorization") != null) {
            return null;
        }
        addKeycloakTokenToHeader(currentContext);
        return null;
    }

    private void addKeycloakTokenToHeader(RequestContext requestContext) {
        RefreshableKeycloakSecurityContext refreshableKeycloakSecurityContext = getRefreshableKeycloakSecurityContext(requestContext);
        if (refreshableKeycloakSecurityContext != null) {
            requestContext.addZuulRequestHeader("Authorization", buildBearerToken(refreshableKeycloakSecurityContext));
        }
    }

    private RefreshableKeycloakSecurityContext getRefreshableKeycloakSecurityContext(RequestContext requestContext) {
        if (requestContext.getRequest().getUserPrincipal() instanceof KeycloakAuthenticationToken) {
            return (RefreshableKeycloakSecurityContext) ((KeycloakAuthenticationToken) requestContext.getRequest().getUserPrincipal()).getCredentials();
        }
        return null;
    }

    private String buildBearerToken(RefreshableKeycloakSecurityContext refreshableKeycloakSecurityContext) {
        return BearerAuthFilter.AUTH_HEADER_PREFIX + refreshableKeycloakSecurityContext.getTokenString();
    }
}
