package edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet;

import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction;
import edu.uiuc.ncsa.myproxy.oa4mp.oauth2.storage.RefreshTokenStore;
import edu.uiuc.ncsa.myproxy.oa4mp.server.OA4MPConfigTags;
import edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.MyProxyDelegationServlet;
import edu.uiuc.ncsa.security.core.Identifier;
import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.core.util.BasicIdentifier;
import edu.uiuc.ncsa.security.delegation.server.ServiceTransaction;
import edu.uiuc.ncsa.security.delegation.server.request.IssuerResponse;
import edu.uiuc.ncsa.security.delegation.storage.Client;
import edu.uiuc.ncsa.security.delegation.storage.TransactionStore;
import edu.uiuc.ncsa.security.delegation.token.AccessToken;
import edu.uiuc.ncsa.security.delegation.token.RefreshToken;
import edu.uiuc.ncsa.security.delegation.token.impl.AccessTokenImpl;
import edu.uiuc.ncsa.security.oauth_2_0.OA2Constants;
import edu.uiuc.ncsa.security.oauth_2_0.OA2Errors;
import edu.uiuc.ncsa.security.oauth_2_0.OA2GeneralError;
import edu.uiuc.ncsa.security.oauth_2_0.OA2RefreshTokenImpl;
import edu.uiuc.ncsa.security.servlet.ServletDebugUtil;
import java.io.IOException;
import java.net.URI;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.util.JSONUtils;
import org.apache.commons.codec.digest.DigestUtils;

/* loaded from: input_file:WEB-INF/lib/oa4mp-server-loader-oauth2-4.3.jar:edu/uiuc/ncsa/myproxy/oa4mp/oauth2/servlet/RevocationServlet.class */
public class RevocationServlet extends MyProxyDelegationServlet {
    public static String REFRESH_TOKEN_HINT = OA2Constants.REFRESH_TOKEN;
    public static String ACCESS_TOKEN_HINT = OA2Constants.ACCESS_TOKEN;
    public static String TOKEN_TYPE_HINT = "token_type_hint";
    public static String REVOCATION_TOKEN = OA4MPConfigTags.SERIAL_STRING_TOKEN;

    @Override // edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.MyProxyDelegationServlet
    public ServiceTransaction verifyAndGet(IssuerResponse issuerResponse) throws IOException {
        return null;
    }

    protected void doError() {
        throw new OA2GeneralError("unsupported_token_type", "The authorization server does not support\n           the revocation of the presented token type.  That is, the\n           client tried to revoke an access token on a server not\n           supporting this feature", 500);
    }

    protected void doOK(HttpServletResponse httpServletResponse) {
        httpServletResponse.setStatus(200);
    }

    @Override // edu.uiuc.ncsa.security.servlet.AbstractServlet
    protected void doIt(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Throwable {
        if (!HeaderUtils.hasBasicHeader(httpServletRequest)) {
            throw new OA2GeneralError(OA2Errors.ACCESS_DENIED, "No basic header", 401);
        }
        String[] credentialsFromHeaders = HeaderUtils.getCredentialsFromHeaders(httpServletRequest, "Basic");
        Identifier newID = BasicIdentifier.newID(credentialsFromHeaders[HeaderUtils.ID_INDEX]);
        if (!getServiceEnvironment().getClientStore().containsKey(newID)) {
            throw new GeneralException("Error: unknown client.");
        }
        String str = credentialsFromHeaders[HeaderUtils.SECRET_INDEX];
        if (str == null || str.isEmpty()) {
            throw new GeneralException("Error: missing secret.");
        }
        if (!DigestUtils.sha1Hex(str).equals(((Client) getServiceEnvironment().getClientStore().get(newID)).getSecret())) {
            throw new GeneralException("Error: client and secret do not match");
        }
        String firstParameterValue = getFirstParameterValue(httpServletRequest, REVOCATION_TOKEN);
        if (firstParameterValue == null || firstParameterValue.isEmpty()) {
            doOK(httpServletResponse);
            return;
        }
        ServletDebugUtil.trace(this, "Got request to revoke token \"" + firstParameterValue + "\" with hint \"" + getFirstParameterValue(httpServletRequest, TOKEN_TYPE_HINT) + JSONUtils.DOUBLE_QUOTE);
        TransactionStore<ServiceTransaction> transactionStore = getServiceEnvironment().getTransactionStore();
        OA2ServiceTransaction oA2ServiceTransaction = (OA2ServiceTransaction) transactionStore.get((AccessToken) new AccessTokenImpl(URI.create(firstParameterValue)));
        if (oA2ServiceTransaction == null) {
            oA2ServiceTransaction = ((RefreshTokenStore) transactionStore).get((RefreshToken) new OA2RefreshTokenImpl(URI.create(firstParameterValue)));
        }
        if (oA2ServiceTransaction != null) {
            transactionStore.remove(oA2ServiceTransaction.getIdentifier());
        }
        doOK(httpServletResponse);
    }
}
