package org.apache.nifi.web.security.oidc.client.web;

import java.util.Collections;
import java.util.List;
import java.util.Objects;
import org.apache.nifi.web.security.oidc.revocation.TokenRevocationRequest;
import org.apache.nifi.web.security.oidc.revocation.TokenRevocationResponseClient;
import org.apache.nifi.web.security.oidc.revocation.TokenTypeHint;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;

/* loaded from: input_file:org/apache/nifi/web/security/oidc/client/web/AuthorizedClientExpirationCommand.class */
public class AuthorizedClientExpirationCommand implements Runnable {
    private static final Logger logger = LoggerFactory.getLogger(AuthorizedClientExpirationCommand.class);
    private final TrackedAuthorizedClientRepository trackedAuthorizedClientRepository;
    private final TokenRevocationResponseClient tokenRevocationResponseClient;

    public AuthorizedClientExpirationCommand(TrackedAuthorizedClientRepository trackedAuthorizedClientRepository, TokenRevocationResponseClient tokenRevocationResponseClient) {
        this.trackedAuthorizedClientRepository = (TrackedAuthorizedClientRepository) Objects.requireNonNull(trackedAuthorizedClientRepository, "Repository required");
        this.tokenRevocationResponseClient = (TokenRevocationResponseClient) Objects.requireNonNull(tokenRevocationResponseClient, "Response Client required");
    }

    @Override // java.lang.Runnable
    public void run() {
        logger.debug("Delete Expired Authorized Clients started");
        for (OidcAuthorizedClient oidcAuthorizedClient : deleteExpired()) {
            String principalName = oidcAuthorizedClient.getPrincipalName();
            OAuth2RefreshToken refreshToken = oidcAuthorizedClient.getRefreshToken();
            if (refreshToken == null) {
                logger.debug("Identity [{}] OIDC Refresh Token not found", principalName);
            } else {
                logger.debug("Identity [{}] OIDC Refresh Token revocation response status [{}]", principalName, Integer.valueOf(this.tokenRevocationResponseClient.getRevocationResponse(new TokenRevocationRequest(refreshToken.getTokenValue(), TokenTypeHint.REFRESH_TOKEN.getHint())).getStatusCode()));
            }
        }
        logger.debug("Delete Expired Authorized Clients completed");
    }

    private List<OidcAuthorizedClient> deleteExpired() {
        try {
            return this.trackedAuthorizedClientRepository.deleteExpired();
        } catch (Exception e) {
            logger.warn("Delete Expired Authorized Clients failed", e);
            return Collections.emptyList();
        }
    }
}
