package io.jans.as.server.service.token;

import com.fasterxml.jackson.databind.SerializationFeature;
import io.jans.as.common.model.common.User;
import io.jans.as.common.model.session.SessionId;
import io.jans.as.model.authorize.AuthorizeErrorResponseType;
import io.jans.as.model.common.FeatureFlagType;
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.model.revoke.GlobalTokenRevocationRequest;
import io.jans.as.model.session.EndSessionErrorResponseType;
import io.jans.as.server.model.config.Constants;
import io.jans.as.server.model.session.SessionClient;
import io.jans.as.server.security.Identity;
import io.jans.as.server.service.GrantService;
import io.jans.as.server.service.ScopeService;
import io.jans.as.server.service.SessionIdService;
import io.jans.as.server.service.UserService;
import io.jans.as.server.util.ServerUtil;
import io.jans.model.token.TokenEntity;
import jakarta.ejb.Stateless;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.lang.ArrayUtils;
import org.slf4j.Logger;

@Named
@Stateless
/* loaded from: input_file:io/jans/as/server/service/token/GlobalTokenRevocationService.class */
public class GlobalTokenRevocationService {

    @Inject
    private Logger log;

    @Inject
    private UserService userService;

    @Inject
    private SessionIdService sessionIdService;

    @Inject
    private ErrorResponseFactory errorResponseFactory;

    @Inject
    private Identity identity;

    @Inject
    private ScopeService scopeService;

    @Inject
    private GrantService grantService;

    public void requestGlobalTokenRevocation(String str) {
        this.log.debug("Attempt for global token revocation: request = {}, ", str);
        this.errorResponseFactory.validateFeatureEnabled(FeatureFlagType.GLOBAL_TOKEN_REVOCATION);
        validateAccess();
        GlobalTokenRevocationRequest parseRequest = parseRequest(str);
        String format = parseRequest.getSubId().getFormat();
        String id = parseRequest.getSubId().getId();
        User userByAttribute = this.userService.getUserByAttribute(format, id);
        if (userByAttribute == null) {
            this.log.trace("Unable to find user by {}={}", format, id);
            return;
        }
        List<SessionId> findByUser = this.sessionIdService.findByUser(userByAttribute.getDn());
        this.sessionIdService.remove(findByUser);
        this.log.debug("Revoked {} user's sessions (user: {})", Integer.valueOf(findByUser != null ? findByUser.size() : 0), userByAttribute.getUserId());
        List<TokenEntity> grantsByUserDn = this.grantService.getGrantsByUserDn(userByAttribute.getDn());
        this.grantService.removeSilently(grantsByUserDn);
        this.log.debug("Revoked {} tokens (user: {})", Integer.valueOf(grantsByUserDn != null ? grantsByUserDn.size() : 0), userByAttribute.getUserId());
    }

    public void validateAccess() {
        SessionClient sessionClient = this.identity.getSessionClient();
        if (sessionClient == null || sessionClient.getClient() == null || ArrayUtils.isEmpty(sessionClient.getClient().getScopes())) {
            this.log.debug("Client failed to authenticate.");
            throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).entity(this.errorResponseFactory.getErrorAsJson(EndSessionErrorResponseType.INVALID_REQUEST)).build());
        }
        if (this.scopeService.getScopeIdsByDns(Arrays.asList(sessionClient.getClient().getScopes())).contains(Constants.GLOBAL_TOKEN_REVOCATION_SCOPE)) {
            return;
        }
        this.log.debug("Client does not have required global_token_revocation scope.");
        throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).entity(this.errorResponseFactory.getErrorAsJson(EndSessionErrorResponseType.INVALID_REQUEST)).build());
    }

    public GlobalTokenRevocationRequest parseRequest(String str) {
        try {
            return (GlobalTokenRevocationRequest) ServerUtil.createJsonMapper().configure(SerializationFeature.WRAP_ROOT_VALUE, false).readValue(str, GlobalTokenRevocationRequest.class);
        } catch (IOException e) {
            this.log.error("Failed to parse " + str, e);
            throw this.errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST, AuthorizeErrorResponseType.INVALID_REQUEST, "Failed to parse GlobalTokenRevocationRequest.");
        }
    }
}
