package org.gatein.security.oauth.data;

import org.exoplatform.commons.utils.Safe;
import org.exoplatform.services.organization.OrganizationService;
import org.exoplatform.services.organization.UserProfile;
import org.exoplatform.services.organization.UserProfileEventListener;
import org.exoplatform.services.organization.UserProfileHandler;
import org.gatein.common.logging.Logger;
import org.gatein.common.logging.LoggerFactory;
import org.gatein.security.oauth.spi.AccessTokenContext;
import org.gatein.security.oauth.spi.OAuthCodec;
import org.gatein.security.oauth.spi.OAuthProviderProcessor;
import org.gatein.security.oauth.spi.OAuthProviderType;
import org.gatein.security.oauth.spi.OAuthProviderTypeRegistry;

/* loaded from: input_file:org/gatein/security/oauth/data/AccessTokenInvalidationListener.class */
public class AccessTokenInvalidationListener extends UserProfileEventListener {
    private static Logger log = LoggerFactory.getLogger(AccessTokenInvalidationListener.class);
    private final UserProfileHandler userProfileHandler;
    private final OAuthProviderTypeRegistry oauthProviderTypeRegistry;
    private final OAuthCodec oauthCodec;

    public AccessTokenInvalidationListener(OrganizationService organizationService, OAuthProviderTypeRegistry oAuthProviderTypeRegistry, OAuthCodec oAuthCodec) {
        this.userProfileHandler = organizationService.getUserProfileHandler();
        this.oauthProviderTypeRegistry = oAuthProviderTypeRegistry;
        this.oauthCodec = oAuthCodec;
    }

    public void preSave(UserProfile userProfile, boolean z) throws Exception {
        UserProfile findUserProfileByName = this.userProfileHandler.findUserProfileByName(userProfile.getUserName());
        if (findUserProfileByName == null) {
            findUserProfileByName = this.userProfileHandler.createUserProfileInstance(userProfile.getUserName());
        }
        for (OAuthProviderType oAuthProviderType : this.oauthProviderTypeRegistry.getEnabledOAuthProviders()) {
            if (!Safe.equals(userProfile.getAttribute(oAuthProviderType.getUserNameAttrName()), findUserProfileByName.getAttribute(oAuthProviderType.getUserNameAttrName()))) {
                OAuthProviderProcessor oauthProviderProcessor = oAuthProviderType.getOauthProviderProcessor();
                AccessTokenContext accessTokenFromUserProfile = oauthProviderProcessor.getAccessTokenFromUserProfile(userProfile, this.oauthCodec);
                AccessTokenContext accessTokenFromUserProfile2 = oauthProviderProcessor.getAccessTokenFromUserProfile(findUserProfileByName, this.oauthCodec);
                if (accessTokenFromUserProfile != null && accessTokenFromUserProfile.equals(accessTokenFromUserProfile2)) {
                    if (log.isTraceEnabled()) {
                        log.trace("Removing accessToken for oauthProvider=" + oAuthProviderType + ", username=" + userProfile.getUserName());
                    }
                    oauthProviderProcessor.removeAccessTokenFromUserProfile(userProfile);
                }
            }
        }
    }
}
