package org.wso2.carbon.identity.oauth.listener;

import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.core.AbstractIdentityUserOperationEventListener;
import org.wso2.carbon.identity.core.model.IdentityErrorMsgContext;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.OAuthUtil;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dao.TokenMgtDAO;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/oauth/listener/IdentityOathEventListener.class */
public class IdentityOathEventListener extends AbstractIdentityUserOperationEventListener {
    private static final Log log = LogFactory.getLog(IdentityOathEventListener.class);

    public int getExecutionOrderId() {
        int orderId = getOrderId();
        if (orderId != -1) {
            return orderId;
        }
        return 60;
    }

    public boolean doPreDeleteUser(String str, UserStoreManager userStoreManager) throws UserStoreException {
        if (isEnable()) {
            return revokeTokens(str, userStoreManager);
        }
        return true;
    }

    public boolean doPostSetUserClaimValues(String str, Map<String, String> map, String str2, UserStoreManager userStoreManager) {
        if (isEnable()) {
            return revokeTokensOfLockedUser(str, userStoreManager);
        }
        return true;
    }

    public boolean doPostAuthenticate(String str, boolean z, UserStoreManager userStoreManager) throws UserStoreException {
        if (isEnable()) {
            return revokeTokensOfLockedUser(str, userStoreManager);
        }
        return true;
    }

    private boolean revokeTokensOfLockedUser(String str, UserStoreManager userStoreManager) {
        IdentityErrorMsgContext identityErrorMsg = IdentityUtil.getIdentityErrorMsg();
        if (identityErrorMsg == null || identityErrorMsg.getErrorCode() != "17003") {
            return true;
        }
        return revokeTokens(str, userStoreManager);
    }

    private boolean revokeTokens(String str, UserStoreManager userStoreManager) {
        TokenMgtDAO tokenMgtDAO = new TokenMgtDAO();
        String domainName = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration());
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
        authenticatedUser.setUserStoreDomain(domainName);
        authenticatedUser.setTenantDomain(tenantDomain);
        authenticatedUser.setUserName(str);
        String str2 = null;
        if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
            try {
                str2 = OAuth2Util.getUserStoreDomainFromUserId(authenticatedUser.toString());
            } catch (IdentityOAuth2Exception e) {
                log.error("Error occurred while getting user store domain for User ID : " + authenticatedUser, e);
                return true;
            }
        }
        try {
            for (String str3 : tokenMgtDAO.getAllTimeAuthorizedClientIds(authenticatedUser)) {
                try {
                    for (AccessTokenDO accessTokenDO : tokenMgtDAO.retrieveAccessTokens(str3, authenticatedUser, str2, true)) {
                        OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), (User) accessTokenDO.getAuthzUser(), OAuth2Util.buildScopeString(accessTokenDO.getScope()));
                        OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), (User) accessTokenDO.getAuthzUser());
                        OAuthUtil.clearOAuthCache(accessTokenDO.getAccessToken());
                        try {
                            AccessTokenDO retrieveLatestAccessToken = tokenMgtDAO.retrieveLatestAccessToken(str3, authenticatedUser, str2, OAuth2Util.buildScopeString(accessTokenDO.getScope()), true);
                            if (retrieveLatestAccessToken != null) {
                                try {
                                    tokenMgtDAO.revokeTokens(new String[]{retrieveLatestAccessToken.getAccessToken()});
                                } catch (IdentityOAuth2Exception e2) {
                                    log.error("Error occurred while revoking Access Token : " + retrieveLatestAccessToken.getAccessToken(), e2);
                                    return true;
                                }
                            }
                        } catch (IdentityOAuth2Exception e3) {
                            log.error("Error occurred while retrieving latest access token issued for Client ID : " + str3 + ", User ID : " + authenticatedUser + " and Scope : " + OAuth2Util.buildScopeString(accessTokenDO.getScope()), e3);
                            return true;
                        }
                    }
                } catch (IdentityOAuth2Exception e4) {
                    log.error("Error occurred while retrieving access tokens issued for Client ID : " + str3 + ", User ID : " + authenticatedUser, e4);
                    return true;
                }
            }
            return true;
        } catch (IdentityOAuth2Exception e5) {
            log.error("Error occurred while retrieving apps authorized by User ID : " + authenticatedUser, e5);
            return true;
        }
    }
}
