package de.adorsys.ledgers.um.impl.service;

import de.adorsys.ledgers.um.api.domain.TokenUsageBO;
import de.adorsys.ledgers.um.api.domain.UserBO;
import de.adorsys.ledgers.um.api.domain.oauth.OauthCodeResponseBO;
import de.adorsys.ledgers.um.api.domain.oauth.OauthTokenResponseBO;
import de.adorsys.ledgers.um.api.exception.UserManagementErrorCode;
import de.adorsys.ledgers.um.api.exception.UserManagementModuleException;
import de.adorsys.ledgers.um.api.service.OauthAuthorisationService;
import de.adorsys.ledgers.um.api.service.UserService;
import de.adorsys.ledgers.um.db.domain.OauthCodeEntity;
import de.adorsys.ledgers.um.db.domain.UserRole;
import de.adorsys.ledgers.um.db.repository.OauthCodeRepository;
import de.adorsys.ledgers.util.Ids;
import de.adorsys.ledgers.util.PasswordEnc;
import java.time.OffsetDateTime;
import java.util.Date;
import java.util.Optional;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.time.DateUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service
/* loaded from: input_file:de/adorsys/ledgers/um/impl/service/OauthAuthorisationServiceImpl.class */
public class OauthAuthorisationServiceImpl implements OauthAuthorisationService {
    private static final Logger log = LoggerFactory.getLogger(OauthAuthorisationServiceImpl.class);

    @Value("${oauth.lifetime.auth_code:2}")
    private int authCodeLifeTime;

    @Value("${oauth.lifetime.access_token:5}")
    private int accessTokenLifeTime;
    private final UserService userService;
    private final PasswordEnc passwordEnc;
    private final OauthCodeRepository oauthCodeRepository;
    private final BearerTokenService bearerTokenService;

    @Transactional
    public OauthCodeResponseBO oauthCode(String str, String str2) {
        UserBO findByLogin = this.userService.findByLogin(str);
        if (!this.passwordEnc.verify(findByLogin.getId(), str2, findByLogin.getPin())) {
            throw UserManagementModuleException.builder().errorCode(UserManagementErrorCode.INVALID_CREDENTIAL).devMsg("Invalid credentials").build();
        }
        OffsetDateTime plusMinutes = OffsetDateTime.now().plusMinutes(this.authCodeLifeTime);
        String random = RandomStringUtils.random(24, true, true);
        Optional findByUserId = this.oauthCodeRepository.findByUserId(findByLogin.getId());
        if (!findByUserId.isPresent()) {
            return new OauthCodeResponseBO(((OauthCodeEntity) this.oauthCodeRepository.save(new OauthCodeEntity(findByLogin.getId(), random, plusMinutes))).getCode());
        }
        OauthCodeEntity oauthCodeEntity = (OauthCodeEntity) findByUserId.get();
        oauthCodeEntity.setCode(random);
        oauthCodeEntity.setExpiryTime(plusMinutes);
        return new OauthCodeResponseBO(random);
    }

    public OauthTokenResponseBO oauthToken(String str) {
        OauthCodeEntity oauthCodeEntity = (OauthCodeEntity) this.oauthCodeRepository.findByCode(str).orElseThrow(() -> {
            return UserManagementModuleException.builder().errorCode(UserManagementErrorCode.OAUTH_CODE_INVALID).devMsg("Invalid code").build();
        });
        if (oauthCodeEntity.isExpired()) {
            throw UserManagementModuleException.builder().errorCode(UserManagementErrorCode.OAUTH_CODE_INVALID).devMsg("Oauth code is expired").build();
        }
        UserBO findById = this.userService.findById(oauthCodeEntity.getUserId());
        String id = Ids.id();
        Date date = new Date();
        return new OauthTokenResponseBO(this.bearerTokenService.bearerToken(findById.getId(), findById.getLogin(), null, null, UserRole.CUSTOMER, id, id, date, DateUtils.addMinutes(date, this.accessTokenLifeTime), TokenUsageBO.LOGIN, null));
    }

    public OauthAuthorisationServiceImpl(UserService userService, PasswordEnc passwordEnc, OauthCodeRepository oauthCodeRepository, BearerTokenService bearerTokenService) {
        this.userService = userService;
        this.passwordEnc = passwordEnc;
        this.oauthCodeRepository = oauthCodeRepository;
        this.bearerTokenService = bearerTokenService;
    }
}
