package org.wso2.is.key.manager.tokenpersistence.processor;

import java.util.ArrayList;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException;
import org.wso2.carbon.identity.oauth.OAuthUtil;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDAO;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDO;
import org.wso2.carbon.identity.oauth.tokenprocessor.OAuth2RevocationProcessor;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dao.OAuthTokenPersistenceFactory;
import org.wso2.carbon.identity.oauth2.dto.OAuthRevocationRequestDTO;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.model.RefreshTokenValidationDataDO;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.is.key.manager.tokenpersistence.PersistenceConstants;
import org.wso2.is.key.manager.tokenpersistence.internal.ServiceReferenceHolder;
import org.wso2.is.key.manager.tokenpersistence.utils.OpaqueTokenUtil;

/* loaded from: input_file:org/wso2/is/key/manager/tokenpersistence/processor/InMemoryOAuth2RevocationProcessor.class */
public class InMemoryOAuth2RevocationProcessor implements OAuth2RevocationProcessor {
    private static final Log log = LogFactory.getLog(InMemoryOAuth2RevocationProcessor.class);

    public void revokeAccessToken(OAuthRevocationRequestDTO oAuthRevocationRequestDTO, AccessTokenDO accessTokenDO) throws IdentityOAuth2Exception {
        if (log.isDebugEnabled()) {
            if (IdentityUtil.isTokenLoggable("AccessToken")) {
                log.debug(String.format("Revoking access token(hashed): %s", DigestUtils.sha256Hex(accessTokenDO.getAccessToken())));
            } else {
                log.debug("Revoking access token.");
            }
        }
        if (accessTokenDO.getProperty(PersistenceConstants.IS_PERSISTED) != null && ((Boolean) accessTokenDO.getProperty(PersistenceConstants.IS_PERSISTED)).booleanValue()) {
            OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().revokeAccessTokens(new String[]{accessTokenDO.getAccessToken()});
        } else {
            accessTokenDO.setTokenState("REVOKED");
            ServiceReferenceHolder.getInstance().getInvalidTokenPersistenceService().addInvalidToken(accessTokenDO.getAccessToken(), accessTokenDO.getConsumerKey(), Long.valueOf(accessTokenDO.getIssuedTime().getTime() + accessTokenDO.getValidityPeriodInMillis()));
        }
    }

    public void revokeRefreshToken(OAuthRevocationRequestDTO oAuthRevocationRequestDTO, RefreshTokenValidationDataDO refreshTokenValidationDataDO) throws IdentityOAuth2Exception {
        String refreshToken = refreshTokenValidationDataDO.getRefreshToken();
        if (log.isDebugEnabled()) {
            if (IdentityUtil.isTokenLoggable("RefreshToken")) {
                log.debug(String.format("Revoking refresh token(hashed): %s", DigestUtils.sha256Hex(refreshToken)));
            } else {
                log.debug("Revoking refresh token.");
            }
        }
        if (refreshTokenValidationDataDO.getProperty(PersistenceConstants.IS_PERSISTED) != null && ((Boolean) refreshTokenValidationDataDO.getProperty(PersistenceConstants.IS_PERSISTED)).booleanValue()) {
            OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().revokeAccessTokens(new String[]{refreshTokenValidationDataDO.getAccessToken()});
        } else {
            refreshTokenValidationDataDO.setRefreshTokenState("REVOKED");
            ServiceReferenceHolder.getInstance().getInvalidTokenPersistenceService().addInvalidToken(refreshToken, oAuthRevocationRequestDTO.getConsumerKey(), Long.valueOf(refreshTokenValidationDataDO.getIssuedTime().getTime() + refreshTokenValidationDataDO.getValidityPeriodInMillis()));
        }
    }

    public boolean revokeTokens(String str, UserStoreManager userStoreManager) throws UserStoreException {
        revokeMigratedTokenOfUser(str, userStoreManager);
        String userIDFromUserName = ((AbstractUserStoreManager) userStoreManager).getUserIDFromUserName(str);
        int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
        String tenantDomain = IdentityTenantUtil.getTenantDomain(tenantId);
        long timeInMillis = Calendar.getInstance().getTimeInMillis();
        Map<String, Object> hashMap = new HashMap<>();
        hashMap.put(PersistenceConstants.ENTITY_ID, userIDFromUserName);
        hashMap.put(PersistenceConstants.ENTITY_TYPE, PersistenceConstants.ENTITY_ID_TYPE_USER_ID);
        hashMap.put(PersistenceConstants.REVOCATION_TIME, Long.valueOf(timeInMillis));
        hashMap.put(PersistenceConstants.TENANT_DOMAIN, tenantDomain);
        hashMap.put(PersistenceConstants.TENANT_ID, Integer.valueOf(tenantId));
        hashMap.put(PersistenceConstants.USERNAME, str);
        OAuthUtil.invokePreRevocationBySystemListeners(userIDFromUserName, hashMap);
        try {
            ServiceReferenceHolder.getInstance().getInvalidTokenPersistenceService().revokeTokensByUserEvent(userIDFromUserName, PersistenceConstants.ENTITY_ID_TYPE_USER_ID, timeInMillis, tenantDomain, 0);
            revokeAppTokensOfUser(hashMap);
            OAuthUtil.invokePostRevocationBySystemListeners(userIDFromUserName, hashMap);
            return true;
        } catch (IdentityOAuth2Exception e) {
            log.error("Error while persisting revoke rules for tokens by user event.", e);
            return false;
        }
    }

    private void revokeAppTokensOfUser(Map<String, Object> map) {
        int intValue = ((Integer) map.get(PersistenceConstants.TENANT_ID)).intValue();
        String obj = map.get(PersistenceConstants.TENANT_DOMAIN).toString();
        long longValue = ((Long) map.get(PersistenceConstants.REVOCATION_TIME)).longValue();
        try {
            for (OAuthAppDO oAuthAppDO : new OAuthAppDAO().getOAuthConsumerAppsOfUser((String) map.get(PersistenceConstants.USERNAME), intValue)) {
                String oauthConsumerKey = oAuthAppDO.getOauthConsumerKey();
                HashMap hashMap = new HashMap();
                hashMap.put(PersistenceConstants.ENTITY_ID, oauthConsumerKey);
                hashMap.put(PersistenceConstants.ENTITY_TYPE, PersistenceConstants.ENTITY_ID_TYPE_CLIENT_ID);
                hashMap.put(PersistenceConstants.REVOCATION_TIME, Long.valueOf(longValue));
                hashMap.put(PersistenceConstants.TENANT_DOMAIN, obj);
                hashMap.put(PersistenceConstants.TENANT_ID, Integer.valueOf(intValue));
                OAuthUtil.invokePreRevocationBySystemListeners(oauthConsumerKey, hashMap);
                ServiceReferenceHolder.getInstance().getInvalidTokenPersistenceService().revokeTokensByUserEvent(oauthConsumerKey, PersistenceConstants.ENTITY_ID_TYPE_CLIENT_ID, longValue, obj, 0);
                OAuthUtil.invokePostRevocationBySystemListeners(oauthConsumerKey, hashMap);
            }
        } catch (IdentityOAuthAdminException | IdentityOAuth2Exception e) {
            log.error("Error while persisting revoke rules for app tokens by user event.", e);
        }
    }

    private void revokeMigratedTokenOfUser(String str, UserStoreManager userStoreManager) throws UserStoreException {
        String domainName = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration());
        String tenantDomain = IdentityTenantUtil.getTenantDomain(userStoreManager.getTenantId());
        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
        authenticatedUser.setUserStoreDomain(domainName);
        authenticatedUser.setTenantDomain(tenantDomain);
        authenticatedUser.setUserName(str);
        String str2 = null;
        if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
            try {
                str2 = OAuth2Util.getUserStoreForFederatedUser(authenticatedUser);
            } catch (IdentityOAuth2Exception e) {
                log.error("Error occurred while getting user store domain for User ID : " + authenticatedUser, e);
                throw new UserStoreException(e);
            }
        }
        try {
            boolean z = false;
            for (String str3 : OAuthTokenPersistenceFactory.getInstance().getTokenManagementDAO().getAllTimeAuthorizedClientIds(authenticatedUser)) {
                try {
                    try {
                        Set<AccessTokenDO> accessTokens = ServiceReferenceHolder.getInstance().getMigratedAccessTokenDAO().getAccessTokens(str3, authenticatedUser, str2, true);
                        if (log.isDebugEnabled() && CollectionUtils.isNotEmpty(accessTokens)) {
                            log.debug("ACTIVE or EXPIRED access tokens found for the client: " + str3 + " for the user: " + str);
                        }
                        ArrayList arrayList = new ArrayList();
                        for (AccessTokenDO accessTokenDO : accessTokens) {
                            String str4 = "NONE";
                            if (accessTokenDO.getTokenBinding() != null && StringUtils.isNotBlank(accessTokenDO.getTokenBinding().getBindingReference())) {
                                str4 = accessTokenDO.getTokenBinding().getBindingReference();
                            }
                            OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), accessTokenDO.getAuthzUser(), OAuth2Util.buildScopeString(accessTokenDO.getScope()), str4);
                            OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), accessTokenDO.getAuthzUser(), OAuth2Util.buildScopeString(accessTokenDO.getScope()), str4);
                            OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), accessTokenDO.getAuthzUser(), OAuth2Util.buildScopeString(accessTokenDO.getScope()));
                            OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), accessTokenDO.getAuthzUser());
                            OAuthUtil.clearOAuthCache(accessTokenDO);
                            arrayList.add(accessTokenDO);
                        }
                        try {
                            OpaqueTokenUtil.revokeTokens(arrayList);
                        } catch (IdentityOAuth2Exception e2) {
                            log.error("Error occurred while revoking Access Token", e2);
                            throw new UserStoreException(e2);
                        }
                    } catch (IdentityOAuth2Exception e3) {
                        log.error("Error occurred while retrieving access tokens issued for Client ID : " + str3 + ", User ID : " + authenticatedUser, e3);
                        throw new UserStoreException(e3);
                    }
                } catch (UserStoreException e4) {
                    z = true;
                }
            }
            if (z) {
                throw new UserStoreException("Error occurred while revoking Access Tokens of the user " + str);
            }
        } catch (IdentityOAuth2Exception e5) {
            log.error("Error occurred while retrieving apps authorized by User ID : " + authenticatedUser, e5);
            throw new UserStoreException(e5);
        }
    }
}
