package de.adorsys.aspsp.xs2a.connector.spi.impl;

import de.adorsys.aspsp.xs2a.connector.spi.converter.AisConsentMapper;
import de.adorsys.aspsp.xs2a.connector.spi.converter.ScaLoginToConsentResponseMapper;
import de.adorsys.aspsp.xs2a.connector.spi.converter.ScaMethodConverter;
import de.adorsys.ledgers.middleware.api.domain.sca.OpTypeTO;
import de.adorsys.ledgers.middleware.api.domain.sca.SCAConsentResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.SCALoginResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.SCAResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.ScaStatusTO;
import de.adorsys.ledgers.middleware.api.domain.um.BearerTokenTO;
import de.adorsys.ledgers.middleware.api.service.TokenStorageService;
import de.adorsys.ledgers.rest.client.AuthRequestInterceptor;
import de.adorsys.ledgers.rest.client.ConsentRestClient;
import de.adorsys.psd2.xs2a.core.ais.AccountAccessType;
import de.adorsys.psd2.xs2a.core.consent.AspspConsentData;
import de.adorsys.psd2.xs2a.core.consent.ConsentStatus;
import de.adorsys.psd2.xs2a.spi.domain.SpiContextData;
import de.adorsys.psd2.xs2a.spi.domain.account.SpiAccountConsent;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiAuthenticationObject;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiAuthorisationStatus;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiAuthorizationCodeResult;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiScaConfirmation;
import de.adorsys.psd2.xs2a.spi.domain.consent.SpiInitiateAisConsentResponse;
import de.adorsys.psd2.xs2a.spi.domain.consent.SpiVerifyScaAuthorisationResponse;
import de.adorsys.psd2.xs2a.spi.domain.psu.SpiPsuData;
import de.adorsys.psd2.xs2a.spi.domain.response.SpiResponse;
import de.adorsys.psd2.xs2a.spi.domain.response.SpiResponseStatus;
import de.adorsys.psd2.xs2a.spi.service.AisConsentSpi;
import feign.FeignException;
import java.io.IOException;
import java.time.LocalDateTime;
import java.util.EnumSet;
import java.util.List;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:de/adorsys/aspsp/xs2a/connector/spi/impl/AisConsentSpiImpl.class */
public class AisConsentSpiImpl implements AisConsentSpi {
    private static final Logger logger = LoggerFactory.getLogger(AisConsentSpiImpl.class);
    private final ConsentRestClient consentRestClient;
    private final TokenStorageService tokenStorageService;
    private final AisConsentMapper aisConsentMapper;
    private final AuthRequestInterceptor authRequestInterceptor;
    private final AspspConsentDataService consentDataService;
    private final GeneralAuthorisationService authorisationService;
    private final ScaMethodConverter scaMethodConverter;
    private final ScaLoginToConsentResponseMapper scaLoginToConsentResponseMapper;

    public AisConsentSpiImpl(ConsentRestClient consentRestClient, TokenStorageService tokenStorageService, AisConsentMapper aisConsentMapper, AuthRequestInterceptor authRequestInterceptor, AspspConsentDataService aspspConsentDataService, GeneralAuthorisationService generalAuthorisationService, ScaMethodConverter scaMethodConverter, ScaLoginToConsentResponseMapper scaLoginToConsentResponseMapper) {
        this.consentRestClient = consentRestClient;
        this.tokenStorageService = tokenStorageService;
        this.aisConsentMapper = aisConsentMapper;
        this.authRequestInterceptor = authRequestInterceptor;
        this.consentDataService = aspspConsentDataService;
        this.authorisationService = generalAuthorisationService;
        this.scaMethodConverter = scaMethodConverter;
        this.scaLoginToConsentResponseMapper = scaLoginToConsentResponseMapper;
    }

    public SpiResponse<SpiInitiateAisConsentResponse> initiateAisConsent(@NotNull SpiContextData spiContextData, SpiAccountConsent spiAccountConsent, AspspConsentData aspspConsentData) {
        if (aspspConsentData.getAspspConsentData() == null) {
            return firstCallInstantiatingConsent(spiAccountConsent, aspspConsentData, new SpiInitiateAisConsentResponse());
        }
        SCAResponseTO initiateConsentInternal = initiateConsentInternal(spiAccountConsent, aspspConsentData);
        return SpiResponse.builder().payload(new SpiInitiateAisConsentResponse(spiAccountConsent.getAccess(), false)).aspspConsentData(aspspConsentData.respondWith(this.consentDataService.store(initiateConsentInternal))).message(initiateConsentInternal.getScaStatus().name()).success();
    }

    public SpiResponse<SpiResponse.VoidResponse> revokeAisConsent(@NotNull SpiContextData spiContextData, SpiAccountConsent spiAccountConsent, AspspConsentData aspspConsentData) {
        SCAResponseTO sCAResponseTO = (SCAConsentResponseTO) this.consentDataService.response(aspspConsentData.getAspspConsentData(), SCAConsentResponseTO.class);
        sCAResponseTO.setScaStatus(ScaStatusTO.FINALISED);
        sCAResponseTO.setStatusDate(LocalDateTime.now());
        sCAResponseTO.setBearerToken(new BearerTokenTO());
        return SpiResponse.builder().payload(SpiResponse.voidResponse()).aspspConsentData(aspspConsentData.respondWith(this.consentDataService.store(sCAResponseTO))).message(sCAResponseTO.getScaStatus().name()).success();
    }

    @NotNull
    public SpiResponse<SpiVerifyScaAuthorisationResponse> verifyScaAuthorisation(@NotNull SpiContextData spiContextData, @NotNull SpiScaConfirmation spiScaConfirmation, @NotNull SpiAccountConsent spiAccountConsent, @NotNull AspspConsentData aspspConsentData) {
        try {
            SCAConsentResponseTO response = this.consentDataService.response(aspspConsentData.getAspspConsentData(), (Class<SCAConsentResponseTO>) SCAConsentResponseTO.class);
            this.authRequestInterceptor.setAccessToken(response.getBearerToken().getAccess_token());
            SCAResponseTO sCAResponseTO = (SCAConsentResponseTO) this.consentRestClient.authorizeConsent(response.getConsentId(), response.getAuthorisationId(), spiScaConfirmation.getTanNumber()).getBody();
            SpiResponse<SpiVerifyScaAuthorisationResponse> success = SpiResponse.builder().payload(new SpiVerifyScaAuthorisationResponse(ConsentStatus.VALID)).aspspConsentData(aspspConsentData.respondWith(this.consentDataService.store(sCAResponseTO))).message(sCAResponseTO.getScaStatus().name()).success();
            this.authRequestInterceptor.setAccessToken((String) null);
            return success;
        } catch (Throwable th) {
            this.authRequestInterceptor.setAccessToken((String) null);
            throw th;
        }
    }

    public SpiResponse<SpiAuthorisationStatus> authorisePsu(@NotNull SpiContextData spiContextData, @NotNull SpiPsuData spiPsuData, String str, SpiAccountConsent spiAccountConsent, @NotNull AspspConsentData aspspConsentData) {
        SpiResponse<SpiAuthorisationStatus> authorisePsuForConsent = this.authorisationService.authorisePsuForConsent(spiPsuData, str, spiAccountConsent.getId(), this.consentDataService.response(aspspConsentData.getAspspConsentData(), SCAConsentResponseTO.class, false), OpTypeTO.CONSENT, aspspConsentData);
        if (!authorisePsuForConsent.isSuccessful()) {
            return authorisePsuForConsent;
        }
        try {
            if (!EnumSet.of(ScaStatusTO.EXEMPTED, ScaStatusTO.PSUAUTHENTICATED, ScaStatusTO.PSUIDENTIFIED).contains(toConsentResponse(spiAccountConsent, authorisePsuForConsent).getScaStatus())) {
                return new SpiResponse<>(authorisePsuForConsent.getPayload(), authorisePsuForConsent.getAspspConsentData());
            }
            return new SpiResponse<>(authorisePsuForConsent.getPayload(), authorisePsuForConsent.getAspspConsentData().respondWith(this.consentDataService.store(initiateConsentInternal(spiAccountConsent, authorisePsuForConsent.getAspspConsentData()))));
        } catch (IOException e) {
            return SpiResponse.builder().message(e.getMessage()).aspspConsentData(aspspConsentData).fail(SpiResponseStatus.LOGICAL_FAILURE);
        }
    }

    public SpiResponse<List<SpiAuthenticationObject>> requestAvailableScaMethods(@NotNull SpiContextData spiContextData, SpiAccountConsent spiAccountConsent, @NotNull AspspConsentData aspspConsentData) {
        try {
            SCAResponseTO sCAResponseTO = (SCAConsentResponseTO) this.consentDataService.response(aspspConsentData.getAspspConsentData(), SCAConsentResponseTO.class);
            if (sCAResponseTO.getScaMethods() == null) {
                logger.error("Process mismatch. Current SCA Status is %s", sCAResponseTO.getScaStatus());
                return SpiResponse.builder().aspspConsentData(aspspConsentData).fail(SpiResponseStatus.LOGICAL_FAILURE);
            }
            sCAResponseTO.setBearerToken(this.authorisationService.validateToken(sCAResponseTO.getBearerToken().getAccess_token()));
            return SpiResponse.builder().aspspConsentData(aspspConsentData.respondWith(this.consentDataService.store(sCAResponseTO))).payload(this.scaMethodConverter.toSpiAuthenticationObjectList(sCAResponseTO.getScaMethods())).success();
        } catch (FeignException e) {
            return SpiResponse.builder().aspspConsentData(aspspConsentData).fail(getSpiFailureResponse(e));
        }
    }

    @NotNull
    public SpiResponse<SpiAuthorizationCodeResult> requestAuthorisationCode(@NotNull SpiContextData spiContextData, @NotNull String str, @NotNull SpiAccountConsent spiAccountConsent, @NotNull AspspConsentData aspspConsentData) {
        SCAResponseTO sCAResponseTO = (SCAConsentResponseTO) this.consentDataService.response(aspspConsentData.getAspspConsentData(), SCAConsentResponseTO.class);
        if (!EnumSet.of(ScaStatusTO.PSUIDENTIFIED, ScaStatusTO.PSUAUTHENTICATED).contains(sCAResponseTO.getScaStatus())) {
            return this.authorisationService.getResponseIfScaSelected(aspspConsentData, sCAResponseTO);
        }
        try {
            this.authRequestInterceptor.setAccessToken(sCAResponseTO.getBearerToken().getAccess_token());
            logger.info("Request to generate SCA {}", sCAResponseTO.getConsentId());
            ResponseEntity selectMethod = this.consentRestClient.selectMethod(sCAResponseTO.getConsentId(), sCAResponseTO.getAuthorisationId(), str);
            logger.info("SCA was send, operationId is {}", sCAResponseTO.getConsentId());
            SCAResponseTO sCAResponseTO2 = (SCAConsentResponseTO) selectMethod.getBody();
            if (sCAResponseTO2 != null && sCAResponseTO2.getBearerToken() == null) {
                sCAResponseTO2.setBearerToken(sCAResponseTO.getBearerToken());
            }
            SpiResponse<SpiAuthorizationCodeResult> returnScaMethodSelection = this.authorisationService.returnScaMethodSelection(aspspConsentData, sCAResponseTO2);
            this.authRequestInterceptor.setAccessToken((String) null);
            return returnScaMethodSelection;
        } catch (Throwable th) {
            this.authRequestInterceptor.setAccessToken((String) null);
            throw th;
        }
    }

    private <T extends SpiInitiateAisConsentResponse> SpiResponse<T> firstCallInstantiatingConsent(@NotNull SpiAccountConsent spiAccountConsent, @NotNull AspspConsentData aspspConsentData, T t) {
        SCAResponseTO sCAConsentResponseTO = new SCAConsentResponseTO();
        sCAConsentResponseTO.setScaStatus(ScaStatusTO.STARTED);
        t.setAccountAccess(spiAccountConsent.getAccess());
        return SpiResponse.builder().aspspConsentData(aspspConsentData.respondWith(this.consentDataService.store(sCAConsentResponseTO, false))).payload(t).success();
    }

    private SCAConsentResponseTO toConsentResponse(SpiAccountConsent spiAccountConsent, SpiResponse<SpiAuthorisationStatus> spiResponse) throws IOException {
        SCAConsentResponseTO consentResponse = this.scaLoginToConsentResponseMapper.toConsentResponse(this.tokenStorageService.fromBytes(spiResponse.getAspspConsentData().getAspspConsentData(), SCALoginResponseTO.class));
        consentResponse.setObjectType(SCAConsentResponseTO.class.getSimpleName());
        consentResponse.setConsentId(spiAccountConsent.getId());
        return consentResponse;
    }

    private boolean isEmpty(SpiAccountConsent spiAccountConsent) {
        return spiAccountConsent.getAccess() == null || ((spiAccountConsent.getAccess().getAccounts() == null || spiAccountConsent.getAccess().getAccounts().isEmpty()) && ((spiAccountConsent.getAccess().getBalances() == null || spiAccountConsent.getAccess().getBalances().isEmpty()) && ((spiAccountConsent.getAccess().getTransactions() == null || spiAccountConsent.getAccess().getTransactions().isEmpty()) && spiAccountConsent.getAccess().getAllPsd2() == null && spiAccountConsent.getAccess().getAvailableAccounts() == null)));
    }

    private SCAConsentResponseTO initiateConsentInternal(SpiAccountConsent spiAccountConsent, AspspConsentData aspspConsentData) {
        try {
            SCAResponseTO response = this.consentDataService.response(aspspConsentData.getAspspConsentData());
            this.authRequestInterceptor.setAccessToken(response.getBearerToken().getAccess_token());
            if (isEmpty(spiAccountConsent)) {
                spiAccountConsent.getAccess().setAllPsd2(AccountAccessType.ALL_ACCOUNTS);
            }
            SCAConsentResponseTO sCAConsentResponseTO = (SCAConsentResponseTO) this.consentRestClient.startSCA(spiAccountConsent.getId(), this.aisConsentMapper.toTo(spiAccountConsent)).getBody();
            if (sCAConsentResponseTO != null && sCAConsentResponseTO.getBearerToken() == null) {
                sCAConsentResponseTO.setBearerToken(response.getBearerToken());
            }
            return sCAConsentResponseTO;
        } finally {
            this.authRequestInterceptor.setAccessToken((String) null);
        }
    }

    private SpiResponseStatus getSpiFailureResponse(FeignException feignException) {
        logger.error(feignException.getMessage(), feignException);
        return feignException.status() == 500 ? SpiResponseStatus.TECHNICAL_FAILURE : SpiResponseStatus.LOGICAL_FAILURE;
    }
}
