package org.mitre.oauth2.web;

import java.security.Principal;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;

@Controller
/* loaded from: input_file:WEB-INF/classes/org/mitre/oauth2/web/RevocationEndpoint.class */
public class RevocationEndpoint {

    @Autowired
    OAuth2TokenEntityService tokenServices;
    private static Logger logger = LoggerFactory.getLogger(RevocationEndpoint.class);

    @RequestMapping({"/revoke"})
    @PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_CLIENT')")
    public String revoke(@RequestParam("token") String str, Principal principal, Model model) {
        AuthorizationRequest authorizationRequest = null;
        if (principal instanceof OAuth2Authentication) {
            authorizationRequest = ((OAuth2Authentication) principal).getAuthorizationRequest();
        }
        try {
            OAuth2AccessTokenEntity readAccessToken = this.tokenServices.readAccessToken(str);
            if (authorizationRequest != null && !readAccessToken.getClient().getClientId().equals(authorizationRequest.getClientId())) {
                model.addAttribute("code", HttpStatus.FORBIDDEN);
                return "httpCodeView";
            }
            this.tokenServices.revokeAccessToken(readAccessToken);
            model.addAttribute("code", HttpStatus.OK);
            return "httpCodeView";
        } catch (InvalidTokenException e) {
            try {
                OAuth2RefreshTokenEntity refreshToken = this.tokenServices.getRefreshToken(str);
                if (authorizationRequest != null && !refreshToken.getClient().getClientId().equals(authorizationRequest.getClientId())) {
                    model.addAttribute("code", HttpStatus.FORBIDDEN);
                    return "httpCodeView";
                }
                this.tokenServices.revokeRefreshToken(refreshToken);
                model.addAttribute("code", HttpStatus.OK);
                return "httpCodeView";
            } catch (InvalidTokenException e2) {
                model.addAttribute("code", HttpStatus.OK);
                return "httpCodeView";
            }
        }
    }
}
