package org.cloudfoundry.identity.uaa.oauth.token;

import java.security.Principal;
import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.stereotype.Controller;
import org.springframework.util.Assert;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-common-1.7.1.jar:org/cloudfoundry/identity/uaa/oauth/token/TokenKeyEndpoint.class */
public class TokenKeyEndpoint implements InitializingBean {
    protected final Log logger = LogFactory.getLog(getClass());
    private SignerProvider signerProvider;

    public void setSignerProvider(SignerProvider signerProvider) {
        this.signerProvider = signerProvider;
    }

    @RequestMapping(value = {"/token_key"}, method = {RequestMethod.GET})
    @ResponseBody
    public Map<String, String> getKey(Principal principal) {
        if ((principal == null || (principal instanceof AnonymousAuthenticationToken)) && !this.signerProvider.isPublic()) {
            throw new AccessDeniedException("You need to authenticate to see a shared key");
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("alg", this.signerProvider.getSigner().algorithm());
        linkedHashMap.put("value", this.signerProvider.getVerifierKey());
        return linkedHashMap;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.state(this.signerProvider != null, "A SignerProvider must be provided");
    }
}
