package net.shibboleth.idp.plugin.oidc.op.oauth2.profile.impl;

import javax.annotation.Nonnull;
import net.shibboleth.idp.plugin.oidc.op.oauth2.messaging.context.OAuth2TokenMgmtResponseContext;
import net.shibboleth.idp.plugin.oidc.op.storage.RevocationCacheContexts;
import net.shibboleth.idp.profile.AbstractProfileAction;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.storage.RevocationCache;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/oauth2/profile/impl/RevokeToken.class */
public class RevokeToken extends AbstractProfileAction {

    @Nonnull
    private Logger log = LoggerFactory.getLogger(RevokeToken.class);

    @NonnullAfterInit
    private RevocationCache revocationCache;

    public void setRevocationCache(@Nonnull RevocationCache revocationCache) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.revocationCache = (RevocationCache) Constraint.isNotNull(revocationCache, "RevocationCache cannot be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.revocationCache == null) {
            throw new ComponentInitializationException("RevocationCache and DataSealer cannot be null");
        }
    }

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext) {
        OAuth2TokenMgmtResponseContext subcontext = profileRequestContext.getOutboundMessageContext().getSubcontext(OAuth2TokenMgmtResponseContext.class);
        if (subcontext == null || subcontext.getTokenClaimsSet() == null) {
            this.log.debug("{} No token validated for revocation, assumed to be invalid", getLogPrefix());
            return;
        }
        String jwtid = subcontext.getTokenClaimsSet().getJWTID();
        if (jwtid == null) {
            this.log.error("{} No ID found in token claims set (this should be impossible)", getLogPrefix());
        } else if (this.revocationCache.revoke(RevocationCacheContexts.AUTHORIZATION_CODE, jwtid)) {
            this.log.debug("{} Revoked all tokens based on ID '{}'", getLogPrefix(), jwtid);
        } else {
            this.log.warn("{} Failed to revoke tokens based on ID '{}'", getLogPrefix(), jwtid);
            ActionSupport.buildEvent(profileRequestContext, "RevocationFailed");
        }
    }
}
