package org.apereo.cas.oidc.web.controllers;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.profile.OAuth20ProfileScopeToAttributesFilter;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.support.oauth.validator.OAuth20Validator;
import org.apereo.cas.support.oauth.web.endpoints.BaseOAuth20Controller;
import org.apereo.cas.ticket.accesstoken.AccessTokenFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.Pac4jUtils;
import org.apereo.cas.web.support.CookieRetrievingCookieGenerator;
import org.pac4j.core.credentials.UsernamePasswordCredentials;
import org.pac4j.core.credentials.extractor.BasicAuthExtractor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PostMapping;

/* loaded from: input_file:org/apereo/cas/oidc/web/controllers/OidcRevocationEndpointController.class */
public class OidcRevocationEndpointController extends BaseOAuth20Controller {
    private static final Logger LOGGER = LoggerFactory.getLogger(OidcRevocationEndpointController.class);

    public OidcRevocationEndpointController(ServicesManager servicesManager, TicketRegistry ticketRegistry, OAuth20Validator oAuth20Validator, AccessTokenFactory accessTokenFactory, PrincipalFactory principalFactory, ServiceFactory<WebApplicationService> serviceFactory, OAuth20ProfileScopeToAttributesFilter oAuth20ProfileScopeToAttributesFilter, CasConfigurationProperties casConfigurationProperties, CookieRetrievingCookieGenerator cookieRetrievingCookieGenerator) {
        super(servicesManager, ticketRegistry, oAuth20Validator, accessTokenFactory, principalFactory, serviceFactory, oAuth20ProfileScopeToAttributesFilter, casConfigurationProperties, cookieRetrievingCookieGenerator);
    }

    @PostMapping({"/oidc/revoke"})
    public ResponseEntity<String> handleRequestInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        UsernamePasswordCredentials extract;
        try {
            extract = new BasicAuthExtractor(getClass().getSimpleName()).extract(Pac4jUtils.getPac4jJ2EContext(httpServletRequest, httpServletResponse));
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
        }
        if (extract == null) {
            throw new IllegalArgumentException("No credentials are provided to verify revocation of the token");
        }
        OAuthRegisteredService registeredOAuthService = OAuth20Utils.getRegisteredOAuthService(this.servicesManager, extract.getUsername());
        if (this.validator.checkServiceValid(registeredOAuthService) && this.validator.checkParameterExist(httpServletRequest, "token") && this.validator.checkClientSecret(registeredOAuthService, extract.getPassword())) {
            String parameter = httpServletRequest.getParameter("token");
            LOGGER.debug("Located token [{}] in the revocation request", parameter);
            this.ticketRegistry.deleteTicket(parameter);
        }
        return new ResponseEntity<>(HttpStatus.OK);
    }
}
