package com.adobe.granite.oauth.server.impl;

import com.adobe.granite.oauth.server.impl.helper.OAuth2Constants;
import com.adobe.granite.oauth.server.impl.helper.OAuth2Helper;
import java.io.IOException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;
import org.apache.sling.commons.osgi.OsgiUtil;
import org.apache.sling.jcr.api.SlingRepository;
import org.osgi.service.cm.ConfigurationAdmin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(metatype = true, label = "%oauth.token.revocation.endpoint.name", description = "%oauth.token.revocation.endpoint.description")
@Deprecated
@Service({Servlet.class})
@Properties({@Property(name = "sling.servlet.resourceTypes", value = {OAuth2Constants.OAUTH_ACCESS_TOKEN, OAuth2Constants.OAUTH_REFRESH_TOKEN}, propertyPrivate = true), @Property(name = "sling.servlet.methods", value = {"POST"}, propertyPrivate = true), @Property(name = "service.description", value = {"OAuth Token Revocation Servlet (DEPRECATED)"})})
/* loaded from: input_file:com/adobe/granite/oauth/server/impl/OAuth2TokenRevocationServlet.class */
public class OAuth2TokenRevocationServlet extends SlingAllMethodsServlet {
    private static final Logger log = LoggerFactory.getLogger(OAuth2TokenRevocationServlet.class);
    private static final boolean ACTIVE_DEFAULT = false;

    @Property(boolValue = {false})
    private static final String ACTIVE = "oauth.token.revocation.active";
    private boolean active;

    @Reference
    private SlingRepository repository;

    @Reference
    private ConfigurationAdmin confAdmin;

    protected void doPost(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws ServletException, IOException {
        this.active = OsgiUtil.toBoolean(this.confAdmin.getConfiguration("com.adobe.granite.oauth.server.impl.OAuth2TokenRevocationServlet").getProperties().get(ACTIVE), false);
        String parameter = slingHttpServletRequest.getParameter("tokenPath");
        String parameter2 = slingHttpServletRequest.getParameter(":redirect");
        if (this.active) {
            log.debug("Revoking token at path {}.", parameter);
            Session session = null;
            try {
                try {
                    Session loginService = this.repository.loginService((String) null, (String) null);
                    if (OAuth2Helper.validateSubject(loginService, slingHttpServletRequest.getResourceResolver().getUserID(), parameter)) {
                        OAuth2Helper.revokeToken(loginService, parameter);
                        if (!OAuth2Helper.isRefreshToken(loginService, parameter)) {
                            OAuth2Helper.removeAccessTokenReference(loginService, parameter);
                        }
                        if (loginService.hasPendingChanges()) {
                            loginService.save();
                        }
                    } else {
                        log.error("Unable to revoke token at path {}, only the subject who authorized the token can revoke it", parameter);
                    }
                    if (loginService != null && loginService.isLive()) {
                        loginService.logout();
                    }
                } catch (RepositoryException e) {
                    log.error("Failed to revoke token at path {}.", parameter, e);
                    if (ACTIVE_DEFAULT != 0 && session.isLive()) {
                        session.logout();
                    }
                }
            } catch (Throwable th) {
                if (ACTIVE_DEFAULT != 0 && session.isLive()) {
                    session.logout();
                }
                throw th;
            }
        } else {
            log.error("OAuth token revocation endpoint invoked, but token revocation is not active");
        }
        slingHttpServletResponse.sendRedirect(parameter2);
    }

    protected void bindRepository(SlingRepository slingRepository) {
        this.repository = slingRepository;
    }

    protected void unbindRepository(SlingRepository slingRepository) {
        if (this.repository == slingRepository) {
            this.repository = null;
        }
    }

    protected void bindConfAdmin(ConfigurationAdmin configurationAdmin) {
        this.confAdmin = configurationAdmin;
    }

    protected void unbindConfAdmin(ConfigurationAdmin configurationAdmin) {
        if (this.confAdmin == configurationAdmin) {
            this.confAdmin = null;
        }
    }
}
