package io.jans.as.server.revoke;

import io.jans.as.common.model.common.User;
import io.jans.as.common.model.session.SessionId;
import io.jans.as.common.model.session.SessionIdState;
import io.jans.as.model.common.ComponentType;
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.model.session.EndSessionErrorResponseType;
import io.jans.as.server.model.config.Constants;
import io.jans.as.server.model.session.SessionClient;
import io.jans.as.server.security.Identity;
import io.jans.as.server.service.ScopeService;
import io.jans.as.server.service.SessionIdService;
import io.jans.as.server.service.UserService;
import io.jans.as.server.service.ciba.CibaRequestsProcessorJob;
import jakarta.inject.Inject;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.ws.rs.FormParam;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.SecurityContext;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.commons.lang.ArrayUtils;
import org.slf4j.Logger;

@Path("/")
/* loaded from: input_file:io/jans/as/server/revoke/RevokeSessionRestWebService.class */
public class RevokeSessionRestWebService {

    @Inject
    private Logger log;

    @Inject
    private UserService userService;

    @Inject
    private SessionIdService sessionIdService;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    @Inject
    private Identity identity;

    @Inject
    private ScopeService scopeService;

    @POST
    @Produces({"application/json"})
    @Path("/revoke_session")
    public Response requestRevokeSession(@FormParam("user_criterion_key") String str, @FormParam("user_criterion_value") String str2, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @Context SecurityContext securityContext) {
        try {
            this.log.debug("Attempting to revoke session: userCriterionKey = {}, userCriterionValue = {}, isSecure = {}", new Object[]{str, str2, Boolean.valueOf(securityContext.isSecure())});
            this.errorResponseFactory.validateComponentEnabled(ComponentType.REVOKE_SESSION);
            validateAccess();
            User userByAttribute = this.userService.getUserByAttribute(str, str2);
            if (userByAttribute == null) {
                this.log.trace("Unable to find user by {}={}", str, str2);
                return Response.ok().build();
            }
            List<SessionId> findByUser = this.sessionIdService.findByUser(userByAttribute.getDn());
            if (findByUser == null || findByUser.isEmpty()) {
                this.log.trace("No sessions found for user uid: {}, dn: {}", userByAttribute.getUserId(), userByAttribute.getDn());
                return Response.ok().build();
            }
            List<SessionId> list = (List) findByUser.stream().filter(sessionId -> {
                return sessionId.getState() == SessionIdState.AUTHENTICATED;
            }).collect(Collectors.toList());
            this.sessionIdService.remove(list);
            this.log.debug("Revoked {} user's sessions (user: {})", Integer.valueOf(list.size()), userByAttribute.getUserId());
            return Response.ok().build();
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            return Response.status(CibaRequestsProcessorJob.CHUNK_SIZE).build();
        } catch (WebApplicationException e2) {
            throw e2;
        }
    }

    private void validateAccess() {
        SessionClient sessionClient = this.identity.getSessionClient();
        if (sessionClient == null || sessionClient.getClient() == null || ArrayUtils.isEmpty(sessionClient.getClient().getScopes())) {
            this.log.debug("Client failed to authenticate.");
            throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).entity(this.errorResponseFactory.getErrorAsJson(EndSessionErrorResponseType.INVALID_REQUEST)).build());
        }
        if (this.scopeService.getScopeIdsByDns(Arrays.asList(sessionClient.getClient().getScopes())).contains(Constants.REVOKE_SESSION_SCOPE)) {
            return;
        }
        this.log.debug("Client does not have required revoke_session scope.");
        throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).entity(this.errorResponseFactory.getErrorAsJson(EndSessionErrorResponseType.INVALID_REQUEST)).build());
    }
}
