package de.adorsys.aspsp.xs2a.connector.spi.impl;

import de.adorsys.aspsp.xs2a.connector.spi.converter.ChallengeDataMapper;
import de.adorsys.aspsp.xs2a.connector.spi.converter.ScaMethodConverter;
import de.adorsys.ledgers.middleware.api.domain.sca.OpTypeTO;
import de.adorsys.ledgers.middleware.api.domain.sca.SCALoginResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.SCAResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.ScaStatusTO;
import de.adorsys.ledgers.middleware.api.domain.um.BearerTokenTO;
import de.adorsys.ledgers.rest.client.AuthRequestInterceptor;
import de.adorsys.ledgers.rest.client.UserMgmtRestClient;
import de.adorsys.ledgers.util.Ids;
import de.adorsys.psd2.xs2a.core.consent.AspspConsentData;
import de.adorsys.psd2.xs2a.core.sca.ChallengeData;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiAuthorisationStatus;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiAuthorizationCodeResult;
import de.adorsys.psd2.xs2a.spi.domain.psu.SpiPsuData;
import de.adorsys.psd2.xs2a.spi.domain.response.SpiResponse;
import de.adorsys.psd2.xs2a.spi.domain.response.SpiResponseStatus;
import feign.FeignException;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:de/adorsys/aspsp/xs2a/connector/spi/impl/GeneralAuthorisationService.class */
public class GeneralAuthorisationService {
    private static final Logger logger = LoggerFactory.getLogger(GeneralAuthorisationService.class);
    private final UserMgmtRestClient userMgmtRestClient;
    private final AuthRequestInterceptor authRequestInterceptor;
    private final ChallengeDataMapper challengeDataMapper;
    private final ScaMethodConverter scaMethodConverter;
    private final AspspConsentDataService consentDataService;

    public GeneralAuthorisationService(UserMgmtRestClient userMgmtRestClient, AuthRequestInterceptor authRequestInterceptor, ChallengeDataMapper challengeDataMapper, ScaMethodConverter scaMethodConverter, AspspConsentDataService aspspConsentDataService) {
        this.userMgmtRestClient = userMgmtRestClient;
        this.authRequestInterceptor = authRequestInterceptor;
        this.challengeDataMapper = challengeDataMapper;
        this.scaMethodConverter = scaMethodConverter;
        this.consentDataService = aspspConsentDataService;
    }

    public <T extends SCAResponseTO> SpiResponse<SpiAuthorisationStatus> authorisePsuForConsent(@NotNull SpiPsuData spiPsuData, String str, String str2, T t, OpTypeTO opTypeTO, AspspConsentData aspspConsentData) {
        String id = (t == null || t.getAuthorisationId() == null) ? Ids.id() : t.getAuthorisationId();
        try {
            String psuId = spiPsuData.getPsuId();
            logger.info("Authorise user with login={} and password={}", psuId, StringUtils.repeat("*", 10));
            ResponseEntity authoriseForConsent = this.userMgmtRestClient.authoriseForConsent(psuId, str, str2, id, opTypeTO);
            SpiAuthorisationStatus spiAuthorisationStatus = (authoriseForConsent == null || authoriseForConsent.getBody() == null || ((SCALoginResponseTO) authoriseForConsent.getBody()).getBearerToken() == null) ? SpiAuthorisationStatus.FAILURE : SpiAuthorisationStatus.SUCCESS;
            logger.info("Authorisation result is {}", spiAuthorisationStatus);
            return new SpiResponse<>(spiAuthorisationStatus, aspspConsentData.respondWith(this.consentDataService.store((SCAResponseTO) Optional.ofNullable(authoriseForConsent).map((v0) -> {
                return v0.getBody();
            }).orElseGet(SCALoginResponseTO::new))));
        } catch (FeignException e) {
            return SpiResponse.builder().aspspConsentData(aspspConsentData).fail(SpiFailureResponseHelper.getSpiFailureResponse(e, logger));
        }
    }

    public BearerTokenTO validateToken(String str) {
        try {
            this.authRequestInterceptor.setAccessToken(str);
            return (BearerTokenTO) this.userMgmtRestClient.validate(str).getBody();
        } finally {
            this.authRequestInterceptor.setAccessToken((String) null);
        }
    }

    public SpiResponse<SpiAuthorizationCodeResult> getResponseIfScaSelected(AspspConsentData aspspConsentData, SCAResponseTO sCAResponseTO) {
        return ScaStatusTO.SCAMETHODSELECTED.equals(sCAResponseTO.getScaStatus()) ? returnScaMethodSelection(aspspConsentData, sCAResponseTO) : SpiResponse.builder().aspspConsentData(aspspConsentData).message(String.format("Wrong state. Expecting sca status to be %s if auth was sent or %s if auth code wasn't sent yet. But was %s.", ScaStatusTO.SCAMETHODSELECTED.name(), ScaStatusTO.PSUIDENTIFIED.name(), sCAResponseTO.getScaStatus().name())).fail(SpiResponseStatus.LOGICAL_FAILURE);
    }

    public SpiResponse<SpiAuthorizationCodeResult> returnScaMethodSelection(AspspConsentData aspspConsentData, SCAResponseTO sCAResponseTO) {
        SpiAuthorizationCodeResult spiAuthorizationCodeResult = new SpiAuthorizationCodeResult();
        spiAuthorizationCodeResult.setChallengeData((ChallengeData) Optional.ofNullable(this.challengeDataMapper.toChallengeData(sCAResponseTO.getChallengeData())).orElse(new ChallengeData()));
        spiAuthorizationCodeResult.setSelectedScaMethod(this.scaMethodConverter.toSpiAuthenticationObject(sCAResponseTO.getChosenScaMethod()));
        return SpiResponse.builder().aspspConsentData(aspspConsentData.respondWith(this.consentDataService.store(sCAResponseTO))).payload(spiAuthorizationCodeResult).success();
    }
}
