package org.cloudfoundry.identity.uaa.oauth;

import java.security.Principal;
import java.security.interfaces.RSAPublicKey;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.oauth.token.VerificationKeyResponse;
import org.cloudfoundry.identity.uaa.oauth.token.VerificationKeysListResponse;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.3.0.3.jar:org/cloudfoundry/identity/uaa/oauth/TokenKeyEndpoint.class */
public class TokenKeyEndpoint {
    protected final Log logger = LogFactory.getLog(getClass());

    @RequestMapping(value = {"/token_key"}, method = {RequestMethod.GET})
    @ResponseBody
    public VerificationKeyResponse getKey(Principal principal) {
        KeyInfo activeKey = KeyInfo.getActiveKey();
        if (includeSymmetricalKeys(principal) || activeKey.isAssymetricKey()) {
            return getVerificationKeyResponse(activeKey);
        }
        throw new AccessDeniedException("You need to authenticate to see a shared key");
    }

    public static VerificationKeyResponse getVerificationKeyResponse(KeyInfo keyInfo) {
        RSAPublicKey rsaPublicKey;
        VerificationKeyResponse verificationKeyResponse = new VerificationKeyResponse();
        verificationKeyResponse.setAlgorithm(keyInfo.getSigner().algorithm());
        verificationKeyResponse.setKey(keyInfo.getVerifierKey());
        verificationKeyResponse.setType(keyInfo.getType());
        verificationKeyResponse.setUse("sig");
        verificationKeyResponse.setId(keyInfo.getKeyId());
        if (keyInfo.isAssymetricKey() && "RSA".equals(keyInfo.getType()) && (rsaPublicKey = keyInfo.getRsaPublicKey()) != null) {
            String str = new String(Base64.encode(rsaPublicKey.getModulus().toByteArray()));
            String str2 = new String(Base64.encode(rsaPublicKey.getPublicExponent().toByteArray()));
            verificationKeyResponse.setModulus(str);
            verificationKeyResponse.setExponent(str2);
        }
        return verificationKeyResponse;
    }

    @RequestMapping(value = {"/token_keys"}, method = {RequestMethod.GET})
    @ResponseBody
    public VerificationKeysListResponse getKeys(Principal principal) {
        boolean includeSymmetricalKeys = includeSymmetricalKeys(principal);
        VerificationKeysListResponse verificationKeysListResponse = new VerificationKeysListResponse();
        verificationKeysListResponse.setKeys((List) KeyInfo.getKeys().values().stream().filter(keyInfo -> {
            return includeSymmetricalKeys || keyInfo.isAssymetricKey();
        }).map(TokenKeyEndpoint::getVerificationKeyResponse).collect(Collectors.toList()));
        return verificationKeysListResponse;
    }

    protected boolean includeSymmetricalKeys(Principal principal) {
        if (principal == null || (principal instanceof AnonymousAuthenticationToken) || !(principal instanceof Authentication)) {
            return false;
        }
        Authentication authentication = (Authentication) principal;
        if (authentication.getAuthorities() == null) {
            return false;
        }
        Iterator<? extends GrantedAuthority> it = authentication.getAuthorities().iterator();
        while (it.hasNext()) {
            if ("uaa.resource".equals(it.next().getAuthority())) {
                return true;
            }
        }
        return false;
    }
}
