package org.ovirt.engine.core.sso.servlets;

import java.io.IOException;
import java.util.HashMap;
import java.util.TreeSet;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.ovirt.engine.core.sso.utils.OAuthException;
import org.ovirt.engine.core.sso.utils.SsoConstants;
import org.ovirt.engine.core.sso.utils.SsoContext;
import org.ovirt.engine.core.sso.utils.SsoSession;
import org.ovirt.engine.core.sso.utils.SsoUtils;
import org.ovirt.engine.core.sso.utils.TokenCleanupUtility;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/ovirt/engine/core/sso/servlets/OAuthRevokeServlet.class */
public class OAuthRevokeServlet extends HttpServlet {
    private static final long serialVersionUID = -473606118937052463L;
    private static Logger log = LoggerFactory.getLogger(OAuthRevokeServlet.class);
    private SsoContext ssoContext;

    public void init(ServletConfig servletConfig) throws ServletException {
        this.ssoContext = SsoUtils.getSsoContext(servletConfig.getServletContext());
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        log.debug("Entered OAuthRevokeServlet QueryString: {}, Parameters : {}", httpServletRequest.getQueryString(), SsoUtils.getRequestParameters(httpServletRequest));
        try {
            String requestParameter = SsoUtils.getRequestParameter(httpServletRequest, SsoConstants.HTTP_PARAM_TOKEN);
            String requestParameter2 = SsoUtils.getRequestParameter(httpServletRequest, "scope", "");
            SsoUtils.validateClientAcceptHeader(httpServletRequest);
            String[] clientIdClientSecret = SsoUtils.getClientIdClientSecret(httpServletRequest);
            SsoUtils.validateClientRequest(httpServletRequest, clientIdClientSecret[0], clientIdClientSecret[1], requestParameter2, null);
            SsoSession ssoSession = this.ssoContext.getSsoSession(requestParameter);
            if (ssoSession != null) {
                TreeSet treeSet = new TreeSet(ssoSession.getAssociatedClientIds());
                boolean contains = SsoUtils.scopeAsList(requestParameter2).contains("ovirt-ext=revoke:revoke-all");
                if (contains) {
                    SsoUtils.validateRequestScope(httpServletRequest, requestParameter, requestParameter2);
                } else {
                    ssoSession.getAssociatedClientIds().remove(clientIdClientSecret[0]);
                }
                if (contains || ssoSession.getAssociatedClientIds().isEmpty()) {
                    log.info("User {}@{} successfully logged out", SsoUtils.getUserId(ssoSession.getPrincipalRecord()), ssoSession.getProfile());
                    TokenCleanupUtility.cleanupSsoSession(this.ssoContext, ssoSession, treeSet);
                }
            }
            SsoUtils.sendJsonData(httpServletResponse, new HashMap());
        } catch (OAuthException e) {
            SsoUtils.sendJsonDataWithMessage(httpServletRequest, httpServletResponse, e);
        } catch (Exception e2) {
            SsoUtils.sendJsonDataWithMessage(httpServletRequest, httpServletResponse, SsoConstants.ERR_CODE_SERVER_ERROR, e2);
        }
    }
}
