package com.predic8.membrane.core.interceptor.oauth2.processors;

import com.bornium.security.oauth2openid.Constants;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.interceptor.Outcome;
import com.predic8.membrane.core.interceptor.authentication.session.SessionManager;
import com.predic8.membrane.core.interceptor.oauth2.Client;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2AuthorizationServerInterceptor;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2Util;
import com.predic8.membrane.core.interceptor.oauth2.ParamNames;
import com.predic8.membrane.core.util.URLParamUtil;
import java.util.Map;

/* loaded from: input_file:WEB-INF/lib/service-proxy-core-4.9.1.jar:com/predic8/membrane/core/interceptor/oauth2/processors/RevocationEndpointProcessor.class */
public class RevocationEndpointProcessor extends EndpointProcessor {
    public RevocationEndpointProcessor(OAuth2AuthorizationServerInterceptor oAuth2AuthorizationServerInterceptor) {
        super(oAuth2AuthorizationServerInterceptor);
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.processors.EndpointProcessor
    public boolean isResponsible(Exchange exchange) {
        return exchange.getRequestURI().startsWith(this.authServer.getBasePath() + "/oauth2/revoke");
    }

    @Override // com.predic8.membrane.core.interceptor.oauth2.processors.EndpointProcessor
    public Outcome process(Exchange exchange) throws Exception {
        Client client;
        Map<String, String> params = URLParamUtil.getParams(this.uriFactory, exchange);
        if (!params.containsKey("token")) {
            exchange.setResponse(OAuth2Util.createParameterizedJsonErrorResponse(exchange, this.jsonGen, Constants.PARAMETER_ERROR, Constants.ERROR_INVALID_REQUEST));
            return Outcome.RETURN;
        }
        SessionManager.Session sessionForToken = this.authServer.getSessionFinder().getSessionForToken(params.get("token"));
        if (sessionForToken == null) {
            exchange.setResponse(Response.ok().bodyEmpty().build());
            return Outcome.RETURN;
        }
        Map<String, String> userAttributes = sessionForToken.getUserAttributes();
        synchronized (userAttributes) {
            try {
                client = this.authServer.getClientList().getClient(userAttributes.get("client_id"));
            } catch (Exception e) {
                exchange.setResponse(Response.ok().bodyEmpty().build());
                return Outcome.RETURN;
            }
        }
        String str = params.get("client_id");
        String str2 = params.get(ParamNames.CLIENT_SECRET);
        if ((str != null && !client.getClientId().equals(str)) || (str2 != null && !client.getClientSecret().equals(str2))) {
            exchange.setResponse(OAuth2Util.createParameterizedJsonErrorResponse(exchange, this.jsonGen, Constants.PARAMETER_ERROR, Constants.ERROR_INVALID_GRANT));
            return Outcome.RETURN;
        }
        try {
            this.authServer.getTokenGenerator().invalidateToken(params.get("token"), client.getClientId(), client.getClientSecret());
            synchronized (sessionForToken) {
                sessionForToken.clear();
            }
            synchronized (this.authServer.getSessionManager()) {
                this.authServer.getSessionManager().removeSession(sessionForToken);
            }
            synchronized (this.authServer.getSessionFinder()) {
                this.authServer.getSessionFinder().removeSessionForToken(params.get("token"));
            }
            exchange.setResponse(Response.ok().bodyEmpty().build());
            return Outcome.RETURN;
        } catch (Exception e2) {
            exchange.setResponse(OAuth2Util.createParameterizedJsonErrorResponse(exchange, this.jsonGen, Constants.PARAMETER_ERROR, Constants.ERROR_INVALID_GRANT));
            return Outcome.RETURN;
        }
    }
}
