package de.adorsys.ledgers.sca.service.impl;

import com.fasterxml.jackson.annotation.JsonProperty;
import de.adorsys.ledgers.sca.db.domain.AuthCodeStatus;
import de.adorsys.ledgers.sca.db.domain.OpType;
import de.adorsys.ledgers.sca.db.domain.SCAOperationEntity;
import de.adorsys.ledgers.sca.db.domain.ScaStatus;
import de.adorsys.ledgers.sca.db.repository.SCAOperationRepository;
import de.adorsys.ledgers.sca.domain.AuthCodeDataBO;
import de.adorsys.ledgers.sca.domain.OpTypeBO;
import de.adorsys.ledgers.sca.domain.SCAOperationBO;
import de.adorsys.ledgers.sca.domain.ScaAuthConfirmationBO;
import de.adorsys.ledgers.sca.domain.ScaStatusBO;
import de.adorsys.ledgers.sca.domain.ScaValidationBO;
import de.adorsys.ledgers.sca.service.AuthCodeGenerator;
import de.adorsys.ledgers.sca.service.SCAOperationService;
import de.adorsys.ledgers.sca.service.SCASender;
import de.adorsys.ledgers.sca.service.impl.mapper.SCAOperationMapper;
import de.adorsys.ledgers.um.api.domain.ScaMethodTypeBO;
import de.adorsys.ledgers.um.api.domain.ScaUserDataBO;
import de.adorsys.ledgers.um.api.domain.UserBO;
import de.adorsys.ledgers.util.exception.SCAErrorCode;
import de.adorsys.ledgers.util.exception.ScaModuleException;
import de.adorsys.ledgers.util.hash.BaseHashItem;
import de.adorsys.ledgers.util.hash.HashGenerationException;
import de.adorsys.ledgers.util.hash.HashGenerator;
import de.adorsys.ledgers.util.hash.HashGeneratorImpl;
import java.time.LocalDateTime;
import java.util.Arrays;
import java.util.EnumMap;
import java.util.EnumSet;
import java.util.IntSummaryStatistics;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import java.util.stream.Collectors;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:de/adorsys/ledgers/sca/service/impl/SCAOperationServiceImpl.class */
public class SCAOperationServiceImpl implements SCAOperationService, InitializingBean {
    private static final Logger log = LoggerFactory.getLogger(SCAOperationServiceImpl.class);
    private static final String TAN_VALIDATION_ERROR = "Can't validate client TAN";
    private static final String AUTH_CODE_GENERATION_ERROR = "TAN can't be generated";
    private static final String STOLEN_ERROR = "Seems auth code was stolen because it already used in the system";
    private static final String EXPIRATION_ERROR = "Operation is not valid because of expiration";
    private final Environment env;
    private final SCAOperationRepository repository;
    private final AuthCodeGenerator authCodeGenerator;
    private final SCAOperationMapper scaOperationMapper;
    private final List<SCASender> sendersList;
    private Map<ScaMethodTypeBO, SCASender> senders = new EnumMap(ScaMethodTypeBO.class);
    private HashGenerator hashGenerator = new HashGeneratorImpl();

    @Value("${default.token.lifetime.seconds:600}")
    private int authCodeValiditySeconds;

    @Value("${sca.authCode.email.body}")
    private String authCodeEmailBody;

    @Value("${sca.authCode.failed.max:5}")
    private int authCodeFailedMax;

    @Value("${sca.login.failed.max:3}")
    private int loginFailedMax;

    @Value("${sca.multilevel.enabled:false}")
    private boolean multilevelScaEnable;

    @Value("${sca.final.weight:100}")
    private int finalWeight;

    @Value("${sca.authorisation_confirmation_enabled:false}")
    private boolean authConfirmationEnabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/adorsys/ledgers/sca/service/impl/SCAOperationServiceImpl$OperationHashItem.class */
    public static final class OperationHashItem {

        @JsonProperty
        private String id;

        @JsonProperty
        private String opId;

        @JsonProperty
        private String opData;

        @JsonProperty
        private String tan;

        public OperationHashItem(String str, String str2, String str3, String str4) {
            this.id = str;
            this.opId = str2;
            this.opData = str3;
            this.tan = str4;
        }
    }

    public void afterPropertiesSet() {
        if (this.sendersList != null) {
            this.sendersList.forEach(sCASender -> {
                this.senders.put(sCASender.getType(), sCASender);
            });
        }
    }

    public SCAOperationBO generateAuthCode(AuthCodeDataBO authCodeDataBO, UserBO userBO, ScaStatusBO scaStatusBO) {
        SCAOperationEntity loadOrCreateScaOperation = loadOrCreateScaOperation(authCodeDataBO, scaStatusBO);
        checkOperationAttempts(loadOrCreateScaOperation, false);
        checkScaOperationIsValid(authCodeDataBO, userBO, loadOrCreateScaOperation);
        loadOrCreateScaOperation.setScaStatus(ScaStatus.valueOf(scaStatusBO.name()));
        ScaUserDataBO scaUserData = getScaUserData(userBO.getScaUserData(), loadOrCreateScaOperation.getScaMethodId());
        checkMethodSupported(scaUserData);
        String tanDependingOnStrategy = getTanDependingOnStrategy(scaUserData);
        updateSCAOperation(loadOrCreateScaOperation, new BaseHashItem<>(new OperationHashItem(loadOrCreateScaOperation.getId(), loadOrCreateScaOperation.getOpId(), authCodeDataBO.getOpData(), tanDependingOnStrategy)));
        this.repository.save(loadOrCreateScaOperation);
        if (scaUserData.isEmailValid()) {
            this.senders.get(scaUserData.getScaMethod()).send(scaUserData.getMethodValue(), String.format(StringUtils.isBlank(authCodeDataBO.getUserMessage()) ? this.authCodeEmailBody : authCodeDataBO.getUserMessage(), tanDependingOnStrategy));
        }
        SCAOperationBO bo = this.scaOperationMapper.toBO(loadOrCreateScaOperation);
        bo.setTan(tanDependingOnStrategy);
        return bo;
    }

    public ScaValidationBO validateAuthCode(String str, String str2, String str3, String str4, int i) {
        SCAOperationEntity sCAOperationEntity = (SCAOperationEntity) this.repository.findById(str).orElseThrow(() -> {
            return ScaModuleException.builder().errorCode(SCAErrorCode.SCA_OPERATION_NOT_FOUND).devMsg("Sca operation does not contain SCA DATA").build();
        });
        String authCodeHash = sCAOperationEntity.getAuthCodeHash();
        checkOperationAttempts(sCAOperationEntity, false);
        checkOperationNotUsed(sCAOperationEntity);
        checkOperationNotExpired(sCAOperationEntity);
        checkSameOperation(sCAOperationEntity, str2);
        boolean equals = StringUtils.equals(authCodeHash, generateHash(sCAOperationEntity.getId(), str2, str3, str4));
        ScaValidationBO scaValidationBO = new ScaValidationBO(equals);
        if (!equals) {
            throw updateFailedCount(str, false);
        }
        success(sCAOperationEntity, i, scaValidationBO);
        return scaValidationBO;
    }

    public void processExpiredOperations() {
        List findByStatus = this.repository.findByStatus(AuthCodeStatus.SENT);
        log.info("{} operations with status NEW were found", Integer.valueOf(findByStatus.size()));
        List list = (List) findByStatus.stream().filter(this::isOperationAlreadyExpired).collect(Collectors.toList());
        list.forEach(sCAOperationEntity -> {
            updateOperationStatus(sCAOperationEntity, AuthCodeStatus.EXPIRED, sCAOperationEntity.getScaStatus(), 0);
        });
        log.info("{} operations was detected as EXPIRED", Integer.valueOf(list.size()));
        this.repository.saveAll(list);
        log.info("Expired operations were updated");
    }

    public SCAOperationBO createAuthCode(AuthCodeDataBO authCodeDataBO, ScaStatusBO scaStatusBO) {
        return this.scaOperationMapper.toBO(createAuthCodeInternal(authCodeDataBO, scaStatusBO));
    }

    public SCAOperationBO loadAuthCode(String str) {
        return this.scaOperationMapper.toBO((SCAOperationEntity) this.repository.findById(str).orElseThrow(() -> {
            return ScaModuleException.builder().errorCode(SCAErrorCode.SCA_OPERATION_NOT_FOUND).devMsg(String.format("Sca operation for authorization %s not found", str)).build();
        }));
    }

    public boolean authenticationCompleted(String str, OpTypeBO opTypeBO) {
        List<SCAOperationEntity> findByOpIdAndOpType = this.repository.findByOpIdAndOpType(str, OpType.valueOf(opTypeBO.name()));
        return this.multilevelScaEnable ? isMultiLevelScaCompleted(findByOpIdAndOpType, opTypeBO) : isAnyScaCompleted(findByOpIdAndOpType);
    }

    public ScaAuthConfirmationBO verifyAuthConfirmationCode(String str, String str2) {
        SCAOperationEntity scaOperationEntityByIdAndUnconfirmed = getScaOperationEntityByIdAndUnconfirmed(str);
        boolean equals = StringUtils.equals(scaOperationEntityByIdAndUnconfirmed.getAuthCodeHash(), generateHash(str, str2));
        this.repository.save(scaOperationEntityByIdAndUnconfirmed.updateStatuses(equals));
        return new ScaAuthConfirmationBO(equals, OpTypeBO.valueOf(scaOperationEntityByIdAndUnconfirmed.getOpType().name()), scaOperationEntityByIdAndUnconfirmed.getOpId());
    }

    public ScaAuthConfirmationBO completeAuthConfirmation(String str, boolean z) {
        SCAOperationEntity scaOperationEntityByIdAndUnconfirmed = getScaOperationEntityByIdAndUnconfirmed(str);
        this.repository.save(scaOperationEntityByIdAndUnconfirmed.updateStatuses(z));
        return new ScaAuthConfirmationBO(z, OpTypeBO.valueOf(scaOperationEntityByIdAndUnconfirmed.getOpType().name()), scaOperationEntityByIdAndUnconfirmed.getOpId());
    }

    public SCAOperationBO checkIfExistsOrNew(AuthCodeDataBO authCodeDataBO) {
        Optional findById = this.repository.findById(authCodeDataBO.getAuthorisationId());
        findById.ifPresent(sCAOperationEntity -> {
            checkOperationAttempts(sCAOperationEntity, true);
            checkOperationNotExpired(sCAOperationEntity);
            checkOperationNotUsed(sCAOperationEntity);
        });
        SCAOperationMapper sCAOperationMapper = this.scaOperationMapper;
        sCAOperationMapper.getClass();
        return (SCAOperationBO) findById.map(sCAOperationMapper::toBO).orElseGet(() -> {
            return createAuthCode(authCodeDataBO, ScaStatusBO.RECEIVED);
        });
    }

    private void checkOperationAttempts(SCAOperationEntity sCAOperationEntity, boolean z) {
        if (sCAOperationEntity.getFailledCount() >= (z ? this.loginFailedMax : this.authCodeFailedMax)) {
            throw ScaModuleException.buildAttemptsException(0, z);
        }
    }

    public ScaModuleException updateFailedCount(String str, boolean z) {
        SCAOperationEntity scaOperationEntityById = getScaOperationEntityById(str);
        failed(scaOperationEntityById, z);
        this.repository.save(scaOperationEntityById);
        return ScaModuleException.buildAttemptsException(this.loginFailedMax - scaOperationEntityById.getFailledCount(), z);
    }

    private SCAOperationEntity getScaOperationEntityByIdAndUnconfirmed(String str) {
        return (SCAOperationEntity) this.repository.findByIdAndScaStatus(str, ScaStatus.UNCONFIRMED).orElseThrow(() -> {
            return ScaModuleException.builder().errorCode(SCAErrorCode.SCA_OPERATION_NOT_FOUND).devMsg(String.format("Sca operation for authorisation %s not found", str)).build();
        });
    }

    private SCAOperationEntity getScaOperationEntityById(String str) {
        return (SCAOperationEntity) this.repository.findById(str).orElseThrow(() -> {
            return ScaModuleException.builder().errorCode(SCAErrorCode.SCA_OPERATION_NOT_FOUND).devMsg(String.format("Sca operation for authorisation %s not found", str)).build();
        });
    }

    private String getTanDependingOnStrategy(ScaUserDataBO scaUserDataBO) {
        return (Arrays.asList(this.env.getActiveProfiles()).contains("sandbox") && scaUserDataBO.isUsesStaticTan() && StringUtils.isNotBlank(scaUserDataBO.getStaticTan())) ? scaUserDataBO.getStaticTan() : this.authCodeGenerator.generate();
    }

    private void checkScaOperationIsValid(AuthCodeDataBO authCodeDataBO, UserBO userBO, SCAOperationEntity sCAOperationEntity) {
        if (sCAOperationEntity.getScaMethodId() == null) {
            if (authCodeDataBO.getScaUserDataId() == null) {
                throw ScaModuleException.builder().errorCode(SCAErrorCode.SCA_OPERATION_VALIDATION_INVALID).devMsg("Missing selected sca method.").build();
            }
            sCAOperationEntity.setScaMethodId(authCodeDataBO.getScaUserDataId());
        }
        if (CollectionUtils.isEmpty(userBO.getScaUserData())) {
            throw ScaModuleException.builder().errorCode(SCAErrorCode.SCA_OPERATION_VALIDATION_INVALID).devMsg(String.format("User with login %s has no sca data", userBO.getLogin())).build();
        }
    }

    private boolean isMultiLevelScaCompleted(List<SCAOperationEntity> list, OpTypeBO opTypeBO) {
        return EnumSet.of(OpTypeBO.PAYMENT, OpTypeBO.CANCEL_PAYMENT, OpTypeBO.CONSENT).contains(opTypeBO) && isCompletedByAllUsers(list);
    }

    private boolean isCompletedByAllUsers(List<SCAOperationEntity> list) {
        return ((IntSummaryStatistics) list.stream().filter(sCAOperationEntity -> {
            return sCAOperationEntity.getScaStatus() == ScaStatus.FINALISED;
        }).collect(Collectors.summarizingInt((v0) -> {
            return v0.getScaWeight();
        }))).getSum() >= ((long) this.finalWeight);
    }

    private boolean isAnyScaCompleted(List<SCAOperationEntity> list) {
        return list.stream().anyMatch(sCAOperationEntity -> {
            return sCAOperationEntity.getScaStatus() == ScaStatus.FINALISED;
        });
    }

    private void success(SCAOperationEntity sCAOperationEntity, int i, ScaValidationBO scaValidationBO) {
        ScaStatus scaStatus = ScaStatus.FINALISED;
        if (this.authConfirmationEnabled) {
            scaStatus = ScaStatus.UNCONFIRMED;
            String uuid = UUID.randomUUID().toString();
            sCAOperationEntity.setAuthCodeHash(generateHash(sCAOperationEntity.getId(), uuid));
            scaValidationBO.setAuthConfirmationCode(uuid);
        }
        scaValidationBO.setScaStatus(ScaStatusBO.valueOf(scaStatus.name()));
        updateOperationStatus(sCAOperationEntity, AuthCodeStatus.VALIDATED, scaStatus, i);
        this.repository.save(sCAOperationEntity);
    }

    private void failed(SCAOperationEntity sCAOperationEntity, boolean z) {
        sCAOperationEntity.setFailledCount(sCAOperationEntity.getFailledCount() + 1);
        sCAOperationEntity.setStatus(AuthCodeStatus.FAILED);
        if (sCAOperationEntity.getFailledCount() >= (z ? this.loginFailedMax : this.authCodeFailedMax)) {
            sCAOperationEntity.setScaStatus(ScaStatus.FAILED);
        }
        sCAOperationEntity.setStatusTime(LocalDateTime.now());
    }

    private void checkSameOperation(SCAOperationEntity sCAOperationEntity, String str) {
        if (!StringUtils.equals(str, sCAOperationEntity.getOpId())) {
            throw ScaModuleException.builder().errorCode(SCAErrorCode.SCA_OPERATION_VALIDATION_INVALID).devMsg("Operation id not matching.").build();
        }
    }

    private String generateHash(String str, String str2) {
        return generateHash(str, null, null, str2);
    }

    private String generateHash(String str, String str2, String str3, String str4) {
        try {
            return this.hashGenerator.hash(new BaseHashItem(new OperationHashItem(str, str2, str3, str4)));
        } catch (HashGenerationException e) {
            log.error(TAN_VALIDATION_ERROR);
            throw ScaModuleException.builder().errorCode(SCAErrorCode.SCA_OPERATION_VALIDATION_INVALID).devMsg(TAN_VALIDATION_ERROR).build();
        }
    }

    private void checkOperationNotExpired(SCAOperationEntity sCAOperationEntity) {
        if (isOperationAlreadyExpired(sCAOperationEntity)) {
            updateOperationStatus(sCAOperationEntity, AuthCodeStatus.EXPIRED, sCAOperationEntity.getScaStatus(), 0);
            this.repository.save(sCAOperationEntity);
            log.error(EXPIRATION_ERROR);
            throw ScaModuleException.builder().errorCode(SCAErrorCode.SCA_OPERATION_EXPIRED).devMsg(EXPIRATION_ERROR).build();
        }
    }

    private void checkOperationNotUsed(SCAOperationEntity sCAOperationEntity) {
        if (isOperationAlreadyUsed(sCAOperationEntity)) {
            log.error(STOLEN_ERROR);
            throw ScaModuleException.builder().errorCode(SCAErrorCode.SCA_OPERATION_USED_OR_STOLEN).devMsg(STOLEN_ERROR).build();
        }
    }

    private SCAOperationEntity createAuthCodeInternal(AuthCodeDataBO authCodeDataBO, ScaStatusBO scaStatusBO) {
        if (authCodeDataBO.getAuthorisationId() == null) {
            throw ScaModuleException.builder().errorCode(SCAErrorCode.AUTH_CODE_GENERATION_FAILURE).devMsg("Missing authorization id.").build();
        }
        SCAOperationEntity sCAOperationEntity = new SCAOperationEntity();
        sCAOperationEntity.setId(authCodeDataBO.getAuthorisationId());
        sCAOperationEntity.setOpId(authCodeDataBO.getOpId());
        sCAOperationEntity.setOpType(OpType.valueOf(authCodeDataBO.getOpType().name()));
        sCAOperationEntity.setScaMethodId(authCodeDataBO.getScaUserDataId());
        sCAOperationEntity.setStatus(AuthCodeStatus.INITIATED);
        sCAOperationEntity.setStatusTime(LocalDateTime.now());
        sCAOperationEntity.setValiditySeconds(authCodeDataBO.getValiditySeconds() <= 0 ? this.authCodeValiditySeconds : authCodeDataBO.getValiditySeconds());
        sCAOperationEntity.setScaStatus(ScaStatus.valueOf(scaStatusBO.name()));
        sCAOperationEntity.setScaWeight(authCodeDataBO.getScaWeight());
        return (SCAOperationEntity) this.repository.save(sCAOperationEntity);
    }

    @NotNull
    private ScaUserDataBO getScaUserData(@NotNull List<ScaUserDataBO> list, @NotNull String str) {
        return list.stream().filter(scaUserDataBO -> {
            return str.equals(scaUserDataBO.getId());
        }).findFirst().orElseThrow(() -> {
            return ScaModuleException.builder().errorCode(SCAErrorCode.USER_SCA_DATA_NOT_FOUND).devMsg(String.format("Sca data not found for: %s", str)).build();
        });
    }

    private void updateSCAOperation(SCAOperationEntity sCAOperationEntity, BaseHashItem<OperationHashItem> baseHashItem) {
        String generateHashByOpData = generateHashByOpData(baseHashItem);
        sCAOperationEntity.setCreated(LocalDateTime.now());
        sCAOperationEntity.setValiditySeconds(sCAOperationEntity.getValiditySeconds() <= 0 ? this.authCodeValiditySeconds : sCAOperationEntity.getValiditySeconds());
        sCAOperationEntity.setStatus(AuthCodeStatus.SENT);
        sCAOperationEntity.setStatusTime(LocalDateTime.now());
        sCAOperationEntity.setHashAlg(baseHashItem.getAlg());
        sCAOperationEntity.setAuthCodeHash(generateHashByOpData);
    }

    private String generateHashByOpData(BaseHashItem<OperationHashItem> baseHashItem) {
        try {
            return this.hashGenerator.hash(baseHashItem);
        } catch (HashGenerationException e) {
            log.error(AUTH_CODE_GENERATION_ERROR);
            throw ScaModuleException.builder().errorCode(SCAErrorCode.AUTH_CODE_GENERATION_FAILURE).devMsg(AUTH_CODE_GENERATION_ERROR).build();
        }
    }

    private SCAOperationEntity loadOrCreateScaOperation(AuthCodeDataBO authCodeDataBO, ScaStatusBO scaStatusBO) {
        if (authCodeDataBO.getAuthorisationId() == null) {
            throw ScaModuleException.builder().errorCode(SCAErrorCode.AUTH_CODE_GENERATION_FAILURE).devMsg("Missing authorization id.").build();
        }
        return (SCAOperationEntity) this.repository.findById(authCodeDataBO.getAuthorisationId()).orElseGet(() -> {
            return createAuthCodeInternal(authCodeDataBO, scaStatusBO);
        });
    }

    private void checkMethodSupported(ScaUserDataBO scaUserDataBO) {
        if (!this.senders.containsKey(scaUserDataBO.getScaMethod())) {
            throw ScaModuleException.builder().errorCode(SCAErrorCode.SCA_METHOD_NOT_SUPPORTED).devMsg(String.format("SCA method %s is not supported", scaUserDataBO.getScaMethod().name())).build();
        }
    }

    private boolean isOperationAlreadyUsed(SCAOperationEntity sCAOperationEntity) {
        return EnumSet.of(AuthCodeStatus.VALIDATED, AuthCodeStatus.EXPIRED, AuthCodeStatus.DONE).contains(sCAOperationEntity.getStatus()) || EnumSet.of(ScaStatus.FAILED, ScaStatus.FINALISED).contains(sCAOperationEntity.getScaStatus());
    }

    private boolean isOperationAlreadyExpired(SCAOperationEntity sCAOperationEntity) {
        return (sCAOperationEntity.getStatus() == AuthCodeStatus.EXPIRED) || LocalDateTime.now().isAfter(sCAOperationEntity.getCreated().plusSeconds((long) sCAOperationEntity.getValiditySeconds()));
    }

    private void updateOperationStatus(SCAOperationEntity sCAOperationEntity, AuthCodeStatus authCodeStatus, ScaStatus scaStatus, int i) {
        sCAOperationEntity.setScaWeight(i);
        sCAOperationEntity.setStatus(authCodeStatus);
        sCAOperationEntity.setScaStatus(scaStatus);
        sCAOperationEntity.setStatusTime(LocalDateTime.now());
    }

    public void setSenders(Map<ScaMethodTypeBO, SCASender> map) {
        this.senders = map;
    }

    public void setHashGenerator(HashGenerator hashGenerator) {
        this.hashGenerator = hashGenerator;
    }

    public void setAuthCodeValiditySeconds(int i) {
        this.authCodeValiditySeconds = i;
    }

    public void setAuthCodeEmailBody(String str) {
        this.authCodeEmailBody = str;
    }

    public void setAuthCodeFailedMax(int i) {
        this.authCodeFailedMax = i;
    }

    public void setLoginFailedMax(int i) {
        this.loginFailedMax = i;
    }

    public void setMultilevelScaEnable(boolean z) {
        this.multilevelScaEnable = z;
    }

    public void setFinalWeight(int i) {
        this.finalWeight = i;
    }

    public void setAuthConfirmationEnabled(boolean z) {
        this.authConfirmationEnabled = z;
    }

    public SCAOperationServiceImpl(Environment environment, SCAOperationRepository sCAOperationRepository, AuthCodeGenerator authCodeGenerator, SCAOperationMapper sCAOperationMapper, List<SCASender> list) {
        this.env = environment;
        this.repository = sCAOperationRepository;
        this.authCodeGenerator = authCodeGenerator;
        this.scaOperationMapper = sCAOperationMapper;
        this.sendersList = list;
    }
}
