package org.wso2.carbon.identity.oauth.listener;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.core.AbstractIdentityUserOperationEventListener;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.OAuthUtil;
import org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCache;
import org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheKey;
import org.wso2.carbon.identity.oauth.util.ClaimCache;
import org.wso2.carbon.identity.oauth.util.ClaimMetaDataCache;
import org.wso2.carbon.identity.oauth.util.ClaimMetaDataCacheEntry;
import org.wso2.carbon.identity.oauth.util.ClaimMetaDataCacheKey;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dao.OAuthTokenPersistenceFactory;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.model.AuthzCodeDO;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/oauth/listener/IdentityOathEventListener.class */
public class IdentityOathEventListener extends AbstractIdentityUserOperationEventListener {
    private static final Log log = LogFactory.getLog(IdentityOathEventListener.class);

    public int getExecutionOrderId() {
        int orderId = getOrderId();
        if (orderId != -1) {
            return orderId;
        }
        return 100;
    }

    public boolean doPreDeleteUser(String str, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable()) {
            return true;
        }
        removeClaimCacheEntry(str, userStoreManager);
        return OAuthUtil.revokeTokens(str, userStoreManager);
    }

    public boolean doPreSetUserClaimValue(String str, String str2, String str3, String str4, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable()) {
            return true;
        }
        removeTokensFromCache(str, userStoreManager);
        return true;
    }

    public boolean doPreSetUserClaimValues(String str, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable()) {
            return true;
        }
        removeTokensFromCache(str, userStoreManager);
        return true;
    }

    public boolean doPostSetUserClaimValue(String str, UserStoreManager userStoreManager) throws UserStoreException {
        return !isEnable() ? true : true;
    }

    public boolean doPostSetUserClaimValues(String str, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        return !isEnable() ? true : true;
    }

    public boolean doPostAuthenticate(String str, boolean z, UserStoreManager userStoreManager) throws UserStoreException {
        if (isEnable()) {
            return revokeTokensOfLockedUser(str, userStoreManager) && revokeTokensOfDisabledUser(str, userStoreManager);
        }
        return true;
    }

    public boolean doPostUpdateCredential(String str, Object obj, UserStoreManager userStoreManager) throws UserStoreException {
        if (isEnable()) {
            return OAuthUtil.revokeTokens(str, userStoreManager);
        }
        return true;
    }

    public boolean doPostUpdateCredentialByAdmin(String str, Object obj, UserStoreManager userStoreManager) throws UserStoreException {
        if (isEnable()) {
            return OAuthUtil.revokeTokens(str, userStoreManager);
        }
        return true;
    }

    public boolean doPreUpdateRoleListOfUser(String str, String[] strArr, String[] strArr2, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable()) {
            return true;
        }
        removeTokensFromCache(str, userStoreManager);
        return true;
    }

    public boolean doPostUpdateRoleListOfUser(String str, String[] strArr, String[] strArr2, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable()) {
            return true;
        }
        if (ArrayUtils.isNotEmpty(strArr)) {
            OAuthUtil.revokeTokens(str, userStoreManager);
        }
        return OAuthUtil.removeUserClaimsFromCache(str, userStoreManager);
    }

    public boolean doPreUpdateUserListOfRole(String str, String[] strArr, String[] strArr2, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable()) {
            return true;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(Arrays.asList(strArr));
        arrayList.addAll(Arrays.asList(strArr2));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            removeTokensFromCache((String) it.next(), userStoreManager);
        }
        return true;
    }

    public boolean doPostUpdateUserListOfRole(String str, String[] strArr, String[] strArr2, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable()) {
            return true;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(Arrays.asList(strArr));
        arrayList.addAll(Arrays.asList(strArr2));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            OAuthUtil.removeUserClaimsFromCache((String) it.next(), userStoreManager);
        }
        for (String str2 : strArr) {
            OAuthUtil.revokeTokens(str2, userStoreManager);
        }
        return true;
    }

    private boolean revokeTokensOfLockedUser(String str, UserStoreManager userStoreManager) throws UserStoreException {
        String str2 = (String) ((Map) IdentityUtil.threadLocalProperties.get()).get("UserAccountState");
        if (str2 == null || !str2.equalsIgnoreCase("17003")) {
            return true;
        }
        return OAuthUtil.revokeTokens(str, userStoreManager);
    }

    private boolean revokeTokensOfDisabledUser(String str, UserStoreManager userStoreManager) throws UserStoreException {
        String str2 = (String) ((Map) IdentityUtil.threadLocalProperties.get()).get("UserAccountState");
        if (str2 == null || !str2.equalsIgnoreCase("17004")) {
            return true;
        }
        return OAuthUtil.revokeTokens(str, userStoreManager);
    }

    private void removeTokensFromCache(String str, UserStoreManager userStoreManager) throws UserStoreException {
        String domainName = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration());
        String tenantDomain = IdentityTenantUtil.getTenantDomain(userStoreManager.getTenantId());
        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
        authenticatedUser.setUserStoreDomain(domainName);
        authenticatedUser.setTenantDomain(tenantDomain);
        authenticatedUser.setUserName(str);
        try {
            Set<AccessTokenDO> accessTokensByUserForOpenidScope = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getAccessTokensByUserForOpenidScope(authenticatedUser);
            List<AuthzCodeDO> authorizationCodesByUserForOpenidScope = OAuthTokenPersistenceFactory.getInstance().getAuthorizationCodeDAO().getAuthorizationCodesByUserForOpenidScope(authenticatedUser);
            removeAccessTokensFromCache(accessTokensByUserForOpenidScope);
            removeAuthzCodesFromCache(authorizationCodesByUserForOpenidScope);
        } catch (IdentityOAuth2Exception e) {
            log.error("Error occurred while retrieving access tokens issued for user : " + str, e);
        }
    }

    private void removeAuthzCodesFromCache(List<AuthzCodeDO> list) {
        if (CollectionUtils.isNotEmpty(list)) {
            for (AuthzCodeDO authzCodeDO : list) {
                String authorizationCode = authzCodeDO.getAuthorizationCode();
                String authzCodeId = authzCodeDO.getAuthzCodeId();
                AuthorizationGrantCache.getInstance().clearCacheEntryByCodeId(new AuthorizationGrantCacheKey(authorizationCode), authzCodeId);
            }
        }
    }

    private void removeAccessTokensFromCache(Set<AccessTokenDO> set) {
        if (CollectionUtils.isNotEmpty(set)) {
            for (AccessTokenDO accessTokenDO : set) {
                String accessToken = accessTokenDO.getAccessToken();
                String tokenId = accessTokenDO.getTokenId();
                AuthorizationGrantCache.getInstance().clearCacheEntryByTokenId(new AuthorizationGrantCacheKey(accessToken), tokenId);
            }
        }
    }

    private void removeClaimCacheEntry(String str, UserStoreManager userStoreManager) throws UserStoreException {
        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
        authenticatedUser.setUserName(str);
        authenticatedUser.setTenantDomain(IdentityTenantUtil.getTenantDomain(userStoreManager.getTenantId()));
        authenticatedUser.setUserStoreDomain(UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration()));
        ClaimMetaDataCacheEntry claimMetaDataCacheEntry = (ClaimMetaDataCacheEntry) ClaimMetaDataCache.getInstance().getValueFromCache(new ClaimMetaDataCacheKey(authenticatedUser), IdentityTenantUtil.getTenantDomain(userStoreManager.getTenantId()));
        if (claimMetaDataCacheEntry == null) {
            return;
        }
        ClaimCache.getInstance().clearCacheEntry(claimMetaDataCacheEntry.getClaimCacheKey(), IdentityTenantUtil.getTenantDomain(userStoreManager.getTenantId()));
    }
}
