package org.wso2.carbon.identity.oauth.listener;

import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.base.IdentityRuntimeException;
import org.wso2.carbon.identity.core.bean.context.MessageContext;
import org.wso2.carbon.identity.core.handler.InitConfig;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.event.handler.AbstractEventHandler;
import org.wso2.carbon.identity.oauth.OAuthUtil;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;

/* loaded from: input_file:org/wso2/carbon/identity/oauth/listener/IdentityOauthEventHandler.class */
public class IdentityOauthEventHandler extends AbstractEventHandler {
    private static final Log log = LogFactory.getLog(IdentityOauthEventHandler.class);

    public String getName() {
        return "identityOauthEventHandler";
    }

    public String getFriendlyName() {
        return "Identity Oauth Event Handler";
    }

    public void init(InitConfig initConfig) throws IdentityRuntimeException {
        super.init(initConfig);
    }

    public int getPriority(MessageContext messageContext) {
        int priority = super.getPriority(messageContext);
        if (priority == -1) {
            priority = 51;
        }
        return priority;
    }

    public void handleEvent(Event event) throws IdentityEventException {
        if ("POST_SET_USER_CLAIMS".equals(event.getEventName()) || "POST_SET_USER_CLAIM".equals(event.getEventName())) {
            String str = (String) event.getEventProperties().get("user-name");
            UserStoreManager userStoreManager = (UserStoreManager) event.getEventProperties().get("userStoreManager");
            try {
                revokeTokensOfLockedUser(str, userStoreManager);
                revokeTokensOfDisabledUser(str, userStoreManager);
                OAuthUtil.removeUserClaimsFromCache(str, userStoreManager);
            } catch (UserStoreException e) {
                String str2 = "Error occurred while revoking  access token for User : " + str;
                log.error(str2, e);
                throw new IdentityEventException(str2);
            }
        }
    }

    private void revokeTokensOfLockedUser(String str, UserStoreManager userStoreManager) throws UserStoreException {
        if ("17003".equalsIgnoreCase((String) ((Map) IdentityUtil.threadLocalProperties.get()).get("UserAccountState"))) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("User %s is locked. Hence revoking user's access tokens.", str));
            }
            OAuthUtil.revokeTokens(str, userStoreManager);
        }
    }

    private void revokeTokensOfDisabledUser(String str, UserStoreManager userStoreManager) throws UserStoreException {
        if ("17004".equalsIgnoreCase((String) ((Map) IdentityUtil.threadLocalProperties.get()).get("UserAccountState"))) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("User %s is disabled. Hence revoking user's access tokens.", str));
            }
            OAuthUtil.revokeTokens(str, userStoreManager);
        }
    }
}
