package org.cloudfoundry.identity.uaa.oauth.token;

import java.lang.reflect.Field;
import java.security.Principal;
import java.security.interfaces.RSAPublicKey;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.jwt.crypto.sign.RsaVerifier;
import org.springframework.security.jwt.crypto.sign.SignatureVerifier;
import org.springframework.stereotype.Controller;
import org.springframework.util.Assert;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
/* loaded from: input_file:org/cloudfoundry/identity/uaa/oauth/token/TokenKeyEndpoint.class */
public class TokenKeyEndpoint implements InitializingBean {
    protected final Log logger = LogFactory.getLog(getClass());
    private SignerProvider signerProvider;

    public void setSignerProvider(SignerProvider signerProvider) {
        this.signerProvider = signerProvider;
    }

    @RequestMapping(value = {"/token_key"}, method = {RequestMethod.GET})
    @ResponseBody
    public Map<String, String> getKey(Principal principal) {
        SignatureVerifier verifier;
        RSAPublicKey extractRsaPublicKey;
        if ((principal == null || (principal instanceof AnonymousAuthenticationToken)) && !this.signerProvider.isPublic()) {
            throw new AccessDeniedException("You need to authenticate to see a shared key");
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("alg", this.signerProvider.getSigner().algorithm());
        linkedHashMap.put("value", this.signerProvider.getVerifierKey());
        linkedHashMap.put("kty", this.signerProvider.getType());
        linkedHashMap.put("use", "sig");
        if (this.signerProvider.isPublic() && "RSA".equals(this.signerProvider.getType()) && (verifier = this.signerProvider.getVerifier()) != null && (verifier instanceof RsaVerifier) && (extractRsaPublicKey = extractRsaPublicKey((RsaVerifier) verifier)) != null) {
            String str = new String(Base64.encode(extractRsaPublicKey.getModulus().toByteArray()));
            String str2 = new String(Base64.encode(extractRsaPublicKey.getPublicExponent().toByteArray()));
            linkedHashMap.put("n", str);
            linkedHashMap.put("e", str2);
        }
        return linkedHashMap;
    }

    @RequestMapping(value = {"/token_keys"}, method = {RequestMethod.GET})
    @ResponseBody
    public Map<String, List<Map<String, String>>> getKeys(Principal principal) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("keys", Collections.singletonList(getKey(principal)));
        return linkedHashMap;
    }

    private RSAPublicKey extractRsaPublicKey(RsaVerifier rsaVerifier) {
        try {
            Field declaredField = rsaVerifier.getClass().getDeclaredField("key");
            if (declaredField == null) {
                return null;
            }
            declaredField.setAccessible(true);
            if (declaredField.get(rsaVerifier) instanceof RSAPublicKey) {
                return (RSAPublicKey) declaredField.get(rsaVerifier);
            }
            return null;
        } catch (ClassCastException e) {
            return null;
        } catch (IllegalAccessException e2) {
            return null;
        } catch (NoSuchFieldException e3) {
            return null;
        }
    }

    public void afterPropertiesSet() throws Exception {
        Assert.state(this.signerProvider != null, "A SignerProvider must be provided");
    }
}
