package org.wso2.carbon.identity.oauth.tokenprocessor;

import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.oauth.OAuthUtil;
import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.bean.OAuthClientAuthnContext;
import org.wso2.carbon.identity.oauth2.dao.OAuthTokenPersistenceFactory;
import org.wso2.carbon.identity.oauth2.dto.OAuthRevocationRequestDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuthRevocationResponseDTO;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.model.RefreshTokenValidationDataDO;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;

/* loaded from: input_file:org/wso2/carbon/identity/oauth/tokenprocessor/DefaultOAuth2RevocationProcessor.class */
public class DefaultOAuth2RevocationProcessor implements OAuth2RevocationProcessor {
    public static final Log LOG = LogFactory.getLog(DefaultOAuth2RevocationProcessor.class);

    @Override // org.wso2.carbon.identity.oauth.tokenprocessor.OAuth2RevocationProcessor
    public void revokeAccessToken(OAuthRevocationRequestDTO oAuthRevocationRequestDTO, AccessTokenDO accessTokenDO) throws IdentityOAuth2Exception {
        OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().revokeAccessTokens(new String[]{accessTokenDO.getAccessToken()});
    }

    @Override // org.wso2.carbon.identity.oauth.tokenprocessor.OAuth2RevocationProcessor
    public void revokeRefreshToken(OAuthRevocationRequestDTO oAuthRevocationRequestDTO, RefreshTokenValidationDataDO refreshTokenValidationDataDO) throws IdentityOAuth2Exception {
        OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().revokeAccessTokens(new String[]{refreshTokenValidationDataDO.getAccessToken()});
    }

    @Override // org.wso2.carbon.identity.oauth.tokenprocessor.OAuth2RevocationProcessor
    public boolean revokeTokens(String str, UserStoreManager userStoreManager) throws UserStoreException {
        return OAuthUtil.revokeTokens(str, userStoreManager);
    }

    @Override // org.wso2.carbon.identity.oauth.tokenprocessor.OAuth2RevocationProcessor
    public boolean revokeTokens(String str, UserStoreManager userStoreManager, String str2) throws UserStoreException {
        return OAuthUtil.revokeTokens(str, userStoreManager, str2);
    }

    @Override // org.wso2.carbon.identity.oauth.tokenprocessor.OAuth2RevocationProcessor
    public void revokeTokens(String str, String str2, List<String> list, String str3) throws IdentityOAuth2Exception {
        String str4 = null;
        try {
            ServiceProvider applicationByResourceId = OAuthComponentServiceHolder.getInstance().getApplicationManagementService().getApplicationByResourceId(str, str3);
            if (applicationByResourceId == null || applicationByResourceId.getInboundAuthenticationConfig() == null || applicationByResourceId.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs() == null) {
                return;
            }
            InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs = applicationByResourceId.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs();
            int length = inboundAuthenticationRequestConfigs.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = inboundAuthenticationRequestConfigs[i];
                if (StringUtils.equals("oauth2", inboundAuthenticationRequestConfig.getInboundAuthType())) {
                    str4 = inboundAuthenticationRequestConfig.getInboundAuthKey();
                    break;
                }
                i++;
            }
            if (str4 == null) {
                LOG.error(String.format("Invalid client of application : %s , ", applicationByResourceId.getApplicationName()));
                throw new IdentityOAuth2Exception(String.format("Invalid client of application : %s , ", applicationByResourceId.getApplicationName()));
            }
            Iterator<AccessTokenDO> it = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getActiveTokenSetWithTokenIdByConsumerKeyAndScope(str4, list).iterator();
            while (it.hasNext()) {
                revokeExistingToken(str4, it.next().getAccessToken());
            }
        } catch (IdentityApplicationManagementException e) {
            LOG.error("Error occurred while retrieving app by app ID : " + str, e);
            throw new IdentityOAuth2Exception("Error occurred while retrieving app by app ID : " + str, e);
        }
    }

    private OAuthClientAuthnContext buildAuthenticatedOAuthClientAuthnContext(String str) {
        OAuthClientAuthnContext oAuthClientAuthnContext = new OAuthClientAuthnContext();
        oAuthClientAuthnContext.setAuthenticated(true);
        oAuthClientAuthnContext.setClientId(str);
        return oAuthClientAuthnContext;
    }

    private void revokeExistingToken(String str, String str2) throws IdentityOAuth2Exception {
        OAuthRevocationResponseDTO revokeTokenByOAuthClient = OAuthComponentServiceHolder.getInstance().getOauth2Service().revokeTokenByOAuthClient(OAuth2Util.buildOAuthRevocationRequest(buildAuthenticatedOAuthClientAuthnContext(str), str2));
        if (revokeTokenByOAuthClient.isError()) {
            String str3 = "Error while revoking tokens for clientId:" + str + " Error Message:" + revokeTokenByOAuthClient.getErrorMsg();
            if (StringUtils.equals("server_error", revokeTokenByOAuthClient.getErrorCode())) {
                LOG.error(str3);
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug(str3);
            }
            throw new IdentityOAuth2Exception(str3);
        }
    }
}
