package net.trajano.ms.authz;

import com.google.gson.JsonObject;
import io.swagger.annotations.Api;
import java.text.ParseException;
import javax.annotation.security.PermitAll;
import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import net.trajano.ms.auth.spi.ClientValidator;
import net.trajano.ms.auth.token.GrantTypes;
import net.trajano.ms.auth.token.OAuthTokenResponse;
import net.trajano.ms.auth.util.HttpAuthorizationHeaders;
import net.trajano.ms.authz.internal.TokenCache;
import net.trajano.ms.core.ErrorCodes;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.stereotype.Component;

@Api
@Path("/revoke")
@PermitAll
@Configuration
@Component
/* loaded from: input_file:BOOT-INF/lib/ms-common-auth-1.0.0.jar:net/trajano/ms/authz/RevocationResource.class */
public class RevocationResource {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) RevocationResource.class);

    @Autowired
    private ClientValidator clientValidator;

    @Value("${token.jwtMaximumLifetime:86400}")
    private int jwtMaximumLifetimeInSeconds;

    @Value("${realmName:client_credentials}")
    private String realmName;

    @Autowired
    private TokenCache tokenCache;

    @POST
    @Produces({"application/json"})
    @Consumes({"application/x-www-form-urlencoded"})
    public JsonObject revoke(@FormParam("token") String str, @FormParam("token_type_hint") String str2, @HeaderParam("Authorization") String str3) {
        try {
            String[] parseBasicAuthorization = HttpAuthorizationHeaders.parseBasicAuthorization(str3);
            String str4 = parseBasicAuthorization[0];
            if (!this.clientValidator.isValid("revocation", str4, parseBasicAuthorization[1])) {
                throw OAuthTokenResponse.unauthorized(ErrorCodes.UNAUTHORIZED_CLIENT, "Unauthorized client", String.format("Basic realm=\"%s\", encoding=\"UTF-8\"", this.realmName));
            }
            if (str == null) {
                throw OAuthTokenResponse.badRequest(ErrorCodes.INVALID_REQUEST, "Missing token");
            }
            if (str2 != null && !GrantTypes.REFRESH_TOKEN.equals(str2)) {
                throw OAuthTokenResponse.badRequest(ErrorCodes.UNSUPPORTED_TOKEN_TYPE, "Token type is not supported");
            }
            this.tokenCache.revokeRefreshToken(str, str4);
            LOG.debug("revoked token={}", str);
            JsonObject jsonObject = new JsonObject();
            jsonObject.addProperty("ok", (Number) 1);
            return jsonObject;
        } catch (ParseException e) {
            throw OAuthTokenResponse.unauthorized(ErrorCodes.UNAUTHORIZED_CLIENT, "Invalid or missing authorization", String.format("Basic realm=\"%s\", encoding=\"UTF-8\"", this.realmName));
        }
    }
}
