package org.apache.nifi.web.security.oidc.revocation;

import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.Objects;
import org.apache.nifi.web.security.oidc.client.web.OidcRegistrationProperty;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.RequestEntity;
import org.springframework.http.ResponseEntity;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestOperations;

/* loaded from: input_file:org/apache/nifi/web/security/oidc/revocation/StandardTokenRevocationResponseClient.class */
public class StandardTokenRevocationResponseClient implements TokenRevocationResponseClient {
    static final String REVOCATION_ENDPOINT = "revocation_endpoint";
    private static final Logger logger = LoggerFactory.getLogger(StandardTokenRevocationResponseClient.class);
    private final RestOperations restOperations;
    private final ClientRegistrationRepository clientRegistrationRepository;

    public StandardTokenRevocationResponseClient(RestOperations restOperations, ClientRegistrationRepository clientRegistrationRepository) {
        this.restOperations = (RestOperations) Objects.requireNonNull(restOperations, "REST Operations required");
        this.clientRegistrationRepository = (ClientRegistrationRepository) Objects.requireNonNull(clientRegistrationRepository, "Client Registry Repository required");
    }

    @Override // org.apache.nifi.web.security.oidc.revocation.TokenRevocationResponseClient
    public TokenRevocationResponse getRevocationResponse(TokenRevocationRequest tokenRevocationRequest) {
        Objects.requireNonNull(tokenRevocationRequest, "Revocation Request required");
        HttpStatus statusCode = getResponseEntity(tokenRevocationRequest, this.clientRegistrationRepository.findByRegistrationId(OidcRegistrationProperty.REGISTRATION_ID.getProperty())).getStatusCode();
        return new TokenRevocationResponse(statusCode.is2xxSuccessful(), statusCode.value());
    }

    private ResponseEntity<?> getResponseEntity(TokenRevocationRequest tokenRevocationRequest, ClientRegistration clientRegistration) {
        RequestEntity<?> requestEntity = getRequestEntity(tokenRevocationRequest, clientRegistration);
        if (requestEntity == null) {
            return ResponseEntity.ok((Object) null);
        }
        try {
            ResponseEntity<?> exchange = this.restOperations.exchange(requestEntity, String.class);
            logger.debug("Token Revocation Request processing completed [HTTP {}]", exchange.getStatusCode());
            return exchange;
        } catch (Exception e) {
            logger.warn("Token Revocation Request processing failed", e);
            return ResponseEntity.internalServerError().build();
        }
    }

    private RequestEntity<?> getRequestEntity(TokenRevocationRequest tokenRevocationRequest, ClientRegistration clientRegistration) {
        RequestEntity<?> body;
        URI revocationEndpoint = getRevocationEndpoint(clientRegistration);
        if (revocationEndpoint == null) {
            body = null;
            logger.info("OIDC Revocation Endpoint not found");
        } else {
            LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
            linkedMultiValueMap.add("token", tokenRevocationRequest.getToken());
            String tokenTypeHint = tokenRevocationRequest.getTokenTypeHint();
            if (StringUtils.hasLength(tokenTypeHint)) {
                linkedMultiValueMap.add("token_type_hint", tokenTypeHint);
            }
            HttpHeaders httpHeaders = new HttpHeaders();
            httpHeaders.setBasicAuth(clientRegistration.getClientId(), clientRegistration.getClientSecret(), StandardCharsets.UTF_8);
            body = RequestEntity.post(revocationEndpoint).headers(httpHeaders).contentType(MediaType.APPLICATION_FORM_URLENCODED).body(linkedMultiValueMap);
        }
        return body;
    }

    private URI getRevocationEndpoint(ClientRegistration clientRegistration) {
        Object obj = clientRegistration.getProviderDetails().getConfigurationMetadata().get(REVOCATION_ENDPOINT);
        if (obj == null) {
            return null;
        }
        return URI.create(obj.toString());
    }
}
