package org.cloudfoundry.identity.uaa.oauth;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.client.ClientConstants;
import org.cloudfoundry.identity.uaa.scim.ScimUser;
import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning;
import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceNotFoundException;
import org.cloudfoundry.identity.uaa.zone.MultitenantJdbcClientDetailsService;
import org.springframework.http.ResponseEntity;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
import org.springframework.security.oauth2.provider.client.BaseClientDetails;
import org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator;
import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-login-2.3.1.jar:org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpoint.class */
public class TokenRevocationEndpoint {
    private final ScimUserProvisioning userProvisioning;
    private final MultitenantJdbcClientDetailsService clientDetailsService;
    protected final Log logger = LogFactory.getLog(getClass());
    private WebResponseExceptionTranslator exceptionTranslator = new DefaultWebResponseExceptionTranslator();
    private final RandomValueStringGenerator generator = new RandomValueStringGenerator(8);

    public TokenRevocationEndpoint(MultitenantJdbcClientDetailsService multitenantJdbcClientDetailsService, ScimUserProvisioning scimUserProvisioning) {
        this.clientDetailsService = multitenantJdbcClientDetailsService;
        this.userProvisioning = scimUserProvisioning;
    }

    @RequestMapping({"/oauth/token/revoke/user/{userId}"})
    public void revokeTokensForUser(@PathVariable String str) {
        this.logger.debug("Revoking tokens for user: " + str);
        ScimUser retrieve = this.userProvisioning.retrieve(str);
        retrieve.setSalt(this.generator.generate());
        this.userProvisioning.update(str, retrieve);
        this.logger.debug("Tokens revoked for user: " + str);
    }

    @RequestMapping({"/oauth/token/revoke/user/{clientId}"})
    public void revokeTokensForClient(@PathVariable String str) {
        this.logger.debug("Revoking tokens for client: " + str);
        BaseClientDetails baseClientDetails = (BaseClientDetails) this.clientDetailsService.loadClientByClientId(str);
        baseClientDetails.addAdditionalInformation(ClientConstants.TOKEN_SALT, this.generator.generate());
        this.clientDetailsService.updateClientDetails(baseClientDetails);
        this.logger.debug("Tokens revoked for client: " + str);
    }

    @ExceptionHandler({ScimResourceNotFoundException.class})
    public ResponseEntity<OAuth2Exception> handleException(Exception exc) throws Exception {
        this.logger.info("Handling error: " + exc.getClass().getSimpleName() + ", " + exc.getMessage());
        return this.exceptionTranslator.translate(new InvalidTokenException("Resource not found") { // from class: org.cloudfoundry.identity.uaa.oauth.TokenRevocationEndpoint.1
            @Override // org.springframework.security.oauth2.common.exceptions.InvalidTokenException, org.springframework.security.oauth2.common.exceptions.ClientAuthenticationException, org.springframework.security.oauth2.common.exceptions.OAuth2Exception
            public int getHttpErrorCode() {
                return 404;
            }
        });
    }
}
