package com.stormpath.sdk.servlet.event;

import com.stormpath.sdk.authc.AuthenticationResult;
import com.stormpath.sdk.client.Client;
import com.stormpath.sdk.oauth.AccessToken;
import com.stormpath.sdk.oauth.RefreshToken;
import com.stormpath.sdk.resource.ResourceException;
import com.stormpath.sdk.servlet.account.event.RegisteredAccountRequestEvent;
import com.stormpath.sdk.servlet.account.event.VerifiedAccountRequestEvent;
import com.stormpath.sdk.servlet.authc.FailedAuthenticationRequestEvent;
import com.stormpath.sdk.servlet.authc.LogoutRequestEvent;
import com.stormpath.sdk.servlet.authc.SuccessfulAuthenticationRequestEvent;
import com.stormpath.sdk.servlet.client.ClientResolver;
import com.stormpath.sdk.servlet.http.impl.StormpathHttpServletRequest;
import com.stormpath.sdk.servlet.oauth.impl.JwtTokenSigningKeyResolver;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.util.LinkedHashMap;
import javax.servlet.ServletRequest;
import org.apache.oltu.oauth2.rs.extractor.BearerHeaderTokenExtractor;
import org.apache.oltu.oauth2.rs.extractor.TokenExtractor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/stormpath/sdk/servlet/event/TokenRevocationRequestEventListener.class */
public class TokenRevocationRequestEventListener implements RequestEventListener {
    private static final Logger log = LoggerFactory.getLogger(TokenRevocationRequestEventListener.class);
    private final TokenExtractor tokenExtractor = new BearerHeaderTokenExtractor();
    private final JwtTokenSigningKeyResolver jwtTokenSigningKeyResolver = new JwtTokenSigningKeyResolver();
    private Client client = null;

    @Override // com.stormpath.sdk.servlet.event.RequestEventListener
    public void on(SuccessfulAuthenticationRequestEvent successfulAuthenticationRequestEvent) {
    }

    @Override // com.stormpath.sdk.servlet.event.RequestEventListener
    public void on(FailedAuthenticationRequestEvent failedAuthenticationRequestEvent) {
    }

    @Override // com.stormpath.sdk.servlet.event.RequestEventListener
    public void on(RegisteredAccountRequestEvent registeredAccountRequestEvent) {
    }

    @Override // com.stormpath.sdk.servlet.event.RequestEventListener
    public void on(VerifiedAccountRequestEvent verifiedAccountRequestEvent) {
    }

    @Override // com.stormpath.sdk.servlet.event.RequestEventListener
    public void on(LogoutRequestEvent logoutRequestEvent) {
        String accessToken = this.tokenExtractor.getAccessToken(logoutRequestEvent.getRequest());
        if (accessToken != null) {
            if (this.client == null) {
                this.client = ClientResolver.INSTANCE.getClient((ServletRequest) logoutRequestEvent.getRequest());
            }
            Claims claims = (Claims) Jwts.parser().setSigningKey(this.jwtTokenSigningKeyResolver.getSigningKey(logoutRequestEvent.getRequest(), logoutRequestEvent.getResponse(), (AuthenticationResult) null, SignatureAlgorithm.HS256).getEncoded()).parseClaimsJws(accessToken).getBody();
            if (isAccessToken(claims)) {
                gracefullyDeleteRefreshToken((String) claims.get("rti"));
                gracefullyDeleteAccessToken(claims.getId());
            }
            log.debug("The current access and refresh tokens for '{}' have been revoked.", logoutRequestEvent.getAccount() != null ? logoutRequestEvent.getAccount().getEmail() : "unknown user");
        }
    }

    private boolean isAccessToken(Claims claims) {
        return claims.containsKey("rti");
    }

    private void gracefullyDeleteAccessToken(String str) {
        try {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put(StormpathHttpServletRequest.HREF, "/accessTokens/" + str);
            this.client.getDataStore().instantiate(AccessToken.class, linkedHashMap, true).delete();
        } catch (ResourceException e) {
            log.warn("There was an error trying to delete access token with ID {}", str, e);
        }
    }

    private void gracefullyDeleteRefreshToken(String str) {
        try {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put(StormpathHttpServletRequest.HREF, "/refreshTokens/" + str);
            this.client.getDataStore().instantiate(RefreshToken.class, linkedHashMap, true).delete();
        } catch (ResourceException e) {
            log.warn("There was an error trying to delete refresh token with ID {}", str, e);
        }
    }
}
