package org.wso2.carbon.identity.oauth.endpoint.revoke;

import java.util.Enumeration;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.oltu.oauth2.as.response.OAuthASResponse;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.OAuthResponse;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.oauth.common.exception.OAuthClientException;
import org.wso2.carbon.identity.oauth.endpoint.OAuthRequestWrapper;
import org.wso2.carbon.identity.oauth.endpoint.util.EndpointUtil;
import org.wso2.carbon.identity.oauth2.ResponseHeader;
import org.wso2.carbon.identity.oauth2.dto.OAuthRevocationRequestDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuthRevocationResponseDTO;

@Path("/revoke")
/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/identity/oauth/endpoint/revoke/OAuthRevocationEndpoint.class */
public class OAuthRevocationEndpoint {
    private static final Log log = LogFactory.getLog(OAuthRevocationEndpoint.class);

    @POST
    @Path("/")
    @Consumes({"application/x-www-form-urlencoded"})
    public Response revokeAccessToken(@Context HttpServletRequest httpServletRequest, MultivaluedMap<String, String> multivaluedMap) throws OAuthSystemException {
        OAuthResponse buildBodyMessage;
        try {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            threadLocalCarbonContext.setTenantId(-1234);
            threadLocalCarbonContext.setTenantDomain("carbon.super");
            OAuthRequestWrapper oAuthRequestWrapper = new OAuthRequestWrapper(httpServletRequest, multivaluedMap);
            if (log.isDebugEnabled()) {
                logAccessTokenRevocationRequest(oAuthRequestWrapper);
            }
            String parameter = oAuthRequestWrapper.getParameter("token");
            if (StringUtils.isBlank(parameter) && multivaluedMap.get("token") != null && !multivaluedMap.isEmpty()) {
                parameter = (String) ((List) multivaluedMap.get("token")).get(0);
            }
            String parameter2 = oAuthRequestWrapper.getParameter("token_type_hint");
            if (StringUtils.isBlank(parameter2) && multivaluedMap.get("token_type_hint") != null && !((List) multivaluedMap.get("token_type_hint")).isEmpty()) {
                parameter2 = (String) ((List) multivaluedMap.get("token_type_hint")).get(0);
            }
            String parameter3 = oAuthRequestWrapper.getParameter("callback");
            if (StringUtils.isBlank(parameter3) && multivaluedMap.get("callback") != null && !((List) multivaluedMap.get("callback")).isEmpty()) {
                parameter3 = (String) ((List) multivaluedMap.get("callback")).get(0);
            }
            if (httpServletRequest.getHeader("Authorization") != null) {
                try {
                    String[] extractCredentialsFromAuthzHeader = EndpointUtil.extractCredentialsFromAuthzHeader(httpServletRequest.getHeader("Authorization"));
                    if (multivaluedMap.containsKey("client_id") && multivaluedMap.containsKey("client_secret")) {
                        Response handleBasicAuthFailure = handleBasicAuthFailure(parameter3);
                        PrivilegedCarbonContext.endTenantFlow();
                        return handleBasicAuthFailure;
                    }
                    if (extractCredentialsFromAuthzHeader.length != 2) {
                        handleBasicAuthFailure(parameter3);
                    }
                    multivaluedMap.add("client_id", extractCredentialsFromAuthzHeader[0]);
                    multivaluedMap.add("client_secret", extractCredentialsFromAuthzHeader[1]);
                } catch (OAuthClientException e) {
                    log.error("Error while extracting credentials from authorization header", e);
                    Response handleBasicAuthFailure2 = handleBasicAuthFailure(parameter3);
                    PrivilegedCarbonContext.endTenantFlow();
                    return handleBasicAuthFailure2;
                }
            }
            try {
                OAuthRevocationRequestDTO oAuthRevocationRequestDTO = new OAuthRevocationRequestDTO();
                if (multivaluedMap.get("client_id") != null) {
                    oAuthRevocationRequestDTO.setConsumerKey((String) ((List) multivaluedMap.get("client_id")).get(0));
                }
                if (multivaluedMap.get("client_secret") != null) {
                    oAuthRevocationRequestDTO.setConsumerSecret((String) ((List) multivaluedMap.get("client_secret")).get(0));
                }
                if (StringUtils.isNotEmpty(parameter)) {
                    oAuthRevocationRequestDTO.setToken(parameter);
                } else {
                    handleClientFailure(parameter3);
                }
                if (StringUtils.isNotEmpty(parameter2)) {
                    oAuthRevocationRequestDTO.setToken_type(parameter2);
                }
                OAuthRevocationResponseDTO revokeTokens = revokeTokens(oAuthRevocationRequestDTO);
                if (revokeTokens.getErrorMsg() != null) {
                    if ("invalid_client".equals(revokeTokens.getErrorCode())) {
                        Response handleBasicAuthFailure3 = handleBasicAuthFailure(parameter3);
                        PrivilegedCarbonContext.endTenantFlow();
                        return handleBasicAuthFailure3;
                    }
                    if ("unauthorized_client".equals(revokeTokens.getErrorCode())) {
                        Response handleAuthorizationFailure = handleAuthorizationFailure(parameter3);
                        PrivilegedCarbonContext.endTenantFlow();
                        return handleAuthorizationFailure;
                    }
                    Response handleClientFailure = handleClientFailure(parameter3, revokeTokens);
                    PrivilegedCarbonContext.endTenantFlow();
                    return handleClientFailure;
                }
                if (StringUtils.isNotEmpty(parameter3)) {
                    buildBodyMessage = CarbonOAuthASResponse.revokeResponse(200).buildBodyMessage();
                    buildBodyMessage.setBody(parameter3 + "();");
                } else {
                    buildBodyMessage = CarbonOAuthASResponse.revokeResponse(200).buildBodyMessage();
                }
                ResponseHeader[] responseHeaders = revokeTokens.getResponseHeaders();
                Response.ResponseBuilder header = Response.status(buildBodyMessage.getResponseStatus()).header("Cache-Control", "no-store").header("Content-Length", "0").header("Pragma", "no-cache");
                if (responseHeaders != null && responseHeaders.length > 0) {
                    for (int i = 0; i < responseHeaders.length; i++) {
                        if (responseHeaders[i] != null) {
                            header.header(responseHeaders[i].getKey(), responseHeaders[i].getValue());
                        }
                    }
                }
                if (StringUtils.isNotEmpty(parameter3)) {
                    header.header("Content-Type", "application/javascript");
                } else {
                    header.header("Content-Type", "text/html");
                }
                Response build = header.entity(buildBodyMessage.getBody()).build();
                PrivilegedCarbonContext.endTenantFlow();
                return build;
            } catch (OAuthClientException e2) {
                Response handleServerFailure = handleServerFailure(parameter3, e2);
                PrivilegedCarbonContext.endTenantFlow();
                return handleServerFailure;
            }
        } catch (Throwable th) {
            PrivilegedCarbonContext.endTenantFlow();
            throw th;
        }
    }

    private Response handleBasicAuthFailure(String str) throws OAuthSystemException {
        if (str == null || "".equals(str)) {
            OAuthResponse buildJSONMessage = OAuthASResponse.errorResponse(401).setError("invalid_client").setErrorDescription("Client Authentication failed.").buildJSONMessage();
            return Response.status(buildJSONMessage.getResponseStatus()).header("WWW-Authenticate", EndpointUtil.getRealmInfo()).header("Content-Type", "text/html").entity(buildJSONMessage.getBody()).build();
        }
        OAuthResponse buildJSONMessage2 = OAuthASResponse.errorResponse(401).setError("invalid_client").buildJSONMessage();
        return Response.status(buildJSONMessage2.getResponseStatus()).header("WWW-Authenticate", EndpointUtil.getRealmInfo()).header("Content-Type", "application/javascript").entity(str + "(" + buildJSONMessage2.getBody() + ");").build();
    }

    private Response handleAuthorizationFailure(String str) throws OAuthSystemException {
        if (str == null || "".equals(str)) {
            OAuthResponse buildJSONMessage = OAuthASResponse.errorResponse(401).setError("unauthorized_client").setErrorDescription("Client Authentication failed.").buildJSONMessage();
            return Response.status(buildJSONMessage.getResponseStatus()).header("WWW-Authenticate", EndpointUtil.getRealmInfo()).header("Content-Type", "text/html").entity(buildJSONMessage.getBody()).build();
        }
        OAuthResponse buildJSONMessage2 = OAuthASResponse.errorResponse(401).setError("unauthorized_client").buildJSONMessage();
        return Response.status(buildJSONMessage2.getResponseStatus()).header("WWW-Authenticate", EndpointUtil.getRealmInfo()).header("Content-Type", "application/javascript").entity(str + "(" + buildJSONMessage2.getBody() + ");").build();
    }

    private Response handleServerFailure(String str, Exception exc) throws OAuthSystemException {
        if (str == null || "".equals(str)) {
            OAuthResponse buildJSONMessage = OAuthASResponse.errorResponse(500).setError("server_error").setErrorDescription(exc.getMessage()).buildJSONMessage();
            return Response.status(buildJSONMessage.getResponseStatus()).header("Content-Type", "text/html").entity(buildJSONMessage.getBody()).build();
        }
        OAuthResponse buildJSONMessage2 = OAuthASResponse.errorResponse(500).setError("server_error").buildJSONMessage();
        return Response.status(buildJSONMessage2.getResponseStatus()).header("Content-Type", "application/javascript").entity(str + "(" + buildJSONMessage2.getBody() + ");").build();
    }

    private Response handleClientFailure(String str) throws OAuthSystemException {
        if (str == null || "".equals(str)) {
            OAuthResponse buildJSONMessage = OAuthASResponse.errorResponse(400).setError("invalid_request").setErrorDescription("Invalid revocation request").buildJSONMessage();
            return Response.status(buildJSONMessage.getResponseStatus()).header("Content-Type", "text/html").entity(buildJSONMessage.getBody()).build();
        }
        OAuthResponse buildJSONMessage2 = OAuthASResponse.errorResponse(400).setError("invalid_request").buildJSONMessage();
        return Response.status(buildJSONMessage2.getResponseStatus()).header("Content-Type", "application/javascript").entity(str + "(" + buildJSONMessage2.getBody() + ");").build();
    }

    private Response handleClientFailure(String str, OAuthRevocationResponseDTO oAuthRevocationResponseDTO) throws OAuthSystemException {
        if (str == null || "".equals(str)) {
            OAuthResponse buildJSONMessage = OAuthASResponse.errorResponse(400).setError(oAuthRevocationResponseDTO.getErrorCode()).setErrorDescription(oAuthRevocationResponseDTO.getErrorMsg()).buildJSONMessage();
            return Response.status(buildJSONMessage.getResponseStatus()).header("Content-Type", "text/html").entity(buildJSONMessage.getBody()).build();
        }
        OAuthResponse buildJSONMessage2 = OAuthASResponse.errorResponse(400).setError(oAuthRevocationResponseDTO.getErrorCode()).buildJSONMessage();
        return Response.status(buildJSONMessage2.getResponseStatus()).header("Content-Type", "application/javascript").entity(str + "(" + buildJSONMessage2.getBody() + ");").build();
    }

    private void logAccessTokenRevocationRequest(HttpServletRequest httpServletRequest) {
        log.debug("Received a access token revocation request : " + httpServletRequest.getRequestURI());
        log.debug("----------logging request headers.----------");
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            Enumeration headers = httpServletRequest.getHeaders(str);
            while (headers.hasMoreElements()) {
                log.debug(str + " : " + headers.nextElement());
            }
        }
        log.debug("----------logging request parameters.----------");
        log.debug("token - " + httpServletRequest.getParameter("token"));
    }

    private OAuthRevocationResponseDTO revokeTokens(OAuthRevocationRequestDTO oAuthRevocationRequestDTO) throws OAuthClientException {
        OAuthRevocationRequestDTO oAuthRevocationRequestDTO2 = new OAuthRevocationRequestDTO();
        oAuthRevocationRequestDTO2.setConsumerKey(oAuthRevocationRequestDTO.getConsumerKey());
        oAuthRevocationRequestDTO2.setConsumerSecret(oAuthRevocationRequestDTO.getConsumerSecret());
        oAuthRevocationRequestDTO2.setToken(oAuthRevocationRequestDTO.getToken());
        oAuthRevocationRequestDTO2.setToken_type(oAuthRevocationRequestDTO.getToken_type());
        return EndpointUtil.getOAuth2Service().revokeTokenByOAuthClient(oAuthRevocationRequestDTO2);
    }
}
