package org.wso2.carbon.identity.oauth.endpoint.token;

import java.util.Enumeration;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.apache.amber.oauth2.as.response.OAuthASResponse;
import org.apache.amber.oauth2.common.exception.OAuthSystemException;
import org.apache.amber.oauth2.common.message.OAuthResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth.ui.OAuthClientException;
import org.wso2.carbon.identity.oauth.ui.util.OAuthUIUtil;
import org.wso2.carbon.identity.oauth2.stub.dto.OAuthRevocationRequestDTO;
import org.wso2.carbon.identity.oauth2.stub.dto.OAuthRevocationResponseDTO;

@Path("/revoke")
/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/identity/oauth/endpoint/token/OAuthRevocationEndpoint.class */
public class OAuthRevocationEndpoint {
    private static Log log = LogFactory.getLog(OAuth2TokenEndpoint.class);

    @Path("/")
    @Consumes({"application/x-www-form-urlencoded"})
    @POST
    @Produces({"application/json"})
    public Response revokeAccessToken(@Context HttpServletRequest httpServletRequest, MultivaluedMap<String, String> multivaluedMap) throws OAuthSystemException {
        OAuthRequestWrapper oAuthRequestWrapper = new OAuthRequestWrapper(httpServletRequest, multivaluedMap);
        if (log.isDebugEnabled()) {
            logAccessTokenRevocationRequest(oAuthRequestWrapper);
        }
        boolean z = false;
        if (httpServletRequest.getHeader("Authorization") != null) {
            try {
                String[] extractCredentialsFromAuthzHeader = OAuthUIUtil.extractCredentialsFromAuthzHeader(httpServletRequest.getHeader("Authorization"));
                if (multivaluedMap.containsKey("client_id") && multivaluedMap.containsKey("client_secret")) {
                    return handleBasicAuthFailure();
                }
                multivaluedMap.add("client_id", extractCredentialsFromAuthzHeader[0]);
                multivaluedMap.add("client_secret", extractCredentialsFromAuthzHeader[1]);
                z = true;
                log.debug("HTTP Authorization Header is available which will take precedence over the client credentials available as request parameters.");
            } catch (OAuthClientException e) {
                return handleBasicAuthFailure();
            }
        }
        try {
            OAuthRevocationRequestDTO oAuthRevocationRequestDTO = new OAuthRevocationRequestDTO();
            oAuthRevocationRequestDTO.setConsumerKey((String) ((List) multivaluedMap.get("client_id")).get(0));
            oAuthRevocationRequestDTO.setConsumerSecret((String) ((List) multivaluedMap.get("client_secret")).get(0));
            oAuthRevocationRequestDTO.setTokens(new String[]{httpServletRequest.getParameter("token")});
            OAuthRevocationResponseDTO revokeTokens = new OAuthRevocationClient().revokeTokens(oAuthRevocationRequestDTO);
            if (!revokeTokens.getError()) {
                OAuthResponse buildJSONMessage = CarbonOAuthASResponse.revokeResponse(200).buildJSONMessage();
                return Response.status(buildJSONMessage.getResponseStatus()).header("Cache-Control", "no-store").header("Pragma", "no-cache").entity(buildJSONMessage.getBody()).build();
            }
            if (z && "invalid_client".equals(revokeTokens.getErrorCode())) {
                return handleBasicAuthFailure();
            }
            if ("unauthorized_client".equals(revokeTokens.getErrorCode())) {
                OAuthResponse buildJSONMessage2 = OAuthASResponse.errorResponse(401).setError(revokeTokens.getErrorCode()).setErrorDescription(revokeTokens.getErrorMsg()).buildJSONMessage();
                return Response.status(buildJSONMessage2.getResponseStatus()).entity(buildJSONMessage2.getBody()).build();
            }
            OAuthResponse buildJSONMessage3 = OAuthASResponse.errorResponse(400).setError(revokeTokens.getErrorCode()).setErrorDescription(revokeTokens.getErrorMsg()).buildJSONMessage();
            return Response.status(buildJSONMessage3.getResponseStatus()).entity(buildJSONMessage3.getBody()).build();
        } catch (OAuthClientException e2) {
            OAuthResponse buildJSONMessage4 = OAuthASResponse.errorResponse(500).setError("server_error").setErrorDescription(e2.getMessage()).buildJSONMessage();
            return Response.status(buildJSONMessage4.getResponseStatus()).entity(buildJSONMessage4.getBody()).build();
        }
    }

    private Response handleBasicAuthFailure() throws OAuthSystemException {
        OAuthResponse buildJSONMessage = OAuthASResponse.errorResponse(401).setError("invalid_client").setErrorDescription("Client Authentication was failed.").buildJSONMessage();
        return Response.status(buildJSONMessage.getResponseStatus()).header("WWW-Authenticate", OAuthUIUtil.getRealmInfo()).entity(buildJSONMessage.getBody()).build();
    }

    private void logAccessTokenRevocationRequest(HttpServletRequest httpServletRequest) {
        log.debug("Received a access token revocation request : " + httpServletRequest.getRequestURI());
        log.debug("----------logging request headers.----------");
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            Enumeration headers = httpServletRequest.getHeaders(str);
            while (headers.hasMoreElements()) {
                log.debug(str + " : " + headers.nextElement());
            }
        }
        log.debug("----------logging request parameters.----------");
        log.debug("token - " + httpServletRequest.getParameter("token"));
    }
}
