package org.wso2.carbon.identity.oauth.listener;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException;
import org.wso2.carbon.identity.application.authentication.framework.exception.session.mgt.SessionManagementException;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.base.IdentityRuntimeException;
import org.wso2.carbon.identity.core.bean.context.MessageContext;
import org.wso2.carbon.identity.core.handler.InitConfig;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.event.handler.AbstractEventHandler;
import org.wso2.carbon.identity.oauth.OAuthUtil;
import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder;
import org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException;
import org.wso2.carbon.identity.role.mgt.core.UserBasicInfo;
import org.wso2.carbon.identity.role.mgt.core.dao.RoleDAO;
import org.wso2.carbon.identity.role.mgt.core.dao.RoleMgtDAOFactory;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;

/* loaded from: input_file:org/wso2/carbon/identity/oauth/listener/IdentityOauthEventHandler.class */
public class IdentityOauthEventHandler extends AbstractEventHandler {
    private static final Log log = LogFactory.getLog(IdentityOauthEventHandler.class);
    private final RoleDAO roleDAO = RoleMgtDAOFactory.getInstance().getRoleDAO();

    public String getName() {
        return "identityOauthEventHandler";
    }

    public String getFriendlyName() {
        return "Identity Oauth Event Handler";
    }

    public void init(InitConfig initConfig) throws IdentityRuntimeException {
        super.init(initConfig);
    }

    public int getPriority(MessageContext messageContext) {
        int priority = super.getPriority(messageContext);
        if (priority == -1) {
            priority = 51;
        }
        return priority;
    }

    public void handleEvent(Event event) throws IdentityEventException {
        if ("POST_SET_USER_CLAIMS".equals(event.getEventName()) || "POST_SET_USER_CLAIM".equals(event.getEventName())) {
            String str = (String) event.getEventProperties().get("user-name");
            UserStoreManager userStoreManager = (UserStoreManager) event.getEventProperties().get("userStoreManager");
            try {
                revokeTokensOfLockedUser(str, userStoreManager);
                revokeTokensOfDisabledUser(str, userStoreManager);
                OAuthUtil.removeUserClaimsFromCache(str, userStoreManager);
                return;
            } catch (UserStoreException e) {
                String str2 = "Error occurred while revoking  access token for User : " + str;
                log.error(str2, e);
                throw new IdentityEventException(str2);
            }
        }
        if ("POST_UPDATE_USER_LIST_OF_ROLE_EVENT".equals(event.getEventName())) {
            Object obj = event.getEventProperties().get("DELETE_USER_ID_LIST");
            if (obj instanceof List) {
                terminateSession((List) obj);
                return;
            }
            return;
        }
        if ("PRE_DELETE_ROLE_EVENT".equals(event.getEventName()) || "POST_SET_PERMISSIONS_FOR_ROLE_EVENT".equals(event.getEventName())) {
            String str3 = (String) event.getEventProperties().get("role-id");
            String str4 = (String) event.getEventProperties().get("tenant-domain");
            try {
                List users = this.roleDAO.getRole(str3, str4).getUsers();
                ArrayList arrayList = new ArrayList();
                if (users != null) {
                    Iterator it = users.iterator();
                    while (it.hasNext()) {
                        arrayList.add(((UserBasicInfo) it.next()).getId());
                    }
                    terminateSession(arrayList);
                }
            } catch (IdentityRoleManagementException e2) {
                throw new IdentityEventException("Invaild role id :" + str3 + "in tenant domain " + str4);
            }
        }
    }

    private void revokeTokensOfLockedUser(String str, UserStoreManager userStoreManager) throws UserStoreException {
        if ("17003".equalsIgnoreCase((String) ((Map) IdentityUtil.threadLocalProperties.get()).get("UserAccountState"))) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("User %s is locked. Hence revoking user's access tokens.", str));
            }
            OAuthUtil.revokeTokens(str, userStoreManager);
        }
    }

    private void revokeTokensOfDisabledUser(String str, UserStoreManager userStoreManager) throws UserStoreException {
        if ("17004".equalsIgnoreCase((String) ((Map) IdentityUtil.threadLocalProperties.get()).get("UserAccountState"))) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("User %s is disabled. Hence revoking user's access tokens.", str));
            }
            OAuthUtil.revokeTokens(str, userStoreManager);
        }
    }

    private void terminateSession(List<String> list) throws IdentityEventException {
        try {
            UserStoreManager userStoreManager = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager();
            if (CollectionUtils.isNotEmpty(list)) {
                for (String str : list) {
                    try {
                        String resolveUserNameFromUserId = FrameworkUtils.resolveUserNameFromUserId(userStoreManager, str);
                        OAuthUtil.revokeTokens(resolveUserNameFromUserId, userStoreManager);
                        OAuthUtil.removeUserClaimsFromCache(resolveUserNameFromUserId, userStoreManager);
                        OAuth2ServiceComponentHolder.getUserSessionManagementService().terminateSessionsByUserId(str);
                    } catch (SessionManagementException e) {
                        String str2 = "Failed to terminate active sessions of user Id: " + str;
                        log.error(str2, e);
                        throw new IdentityEventException(str2, e);
                    } catch (UserSessionException e2) {
                        String str3 = "Error occurred while revoking access token for user Id: " + str;
                        log.error(str3, e2);
                        throw new IdentityEventException(str3, e2);
                    }
                }
            }
        } catch (org.wso2.carbon.user.api.UserStoreException e3) {
            log.error("Error occurred while retrieving user manager", e3);
            throw new IdentityEventException("Error occurred while retrieving user manager", e3);
        }
    }
}
