package de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation;

import de.adorsys.aspsp.xs2a.connector.spi.converter.ScaMethodConverter;
import de.adorsys.aspsp.xs2a.connector.spi.impl.AspspConsentDataService;
import de.adorsys.aspsp.xs2a.connector.spi.impl.FeignExceptionHandler;
import de.adorsys.aspsp.xs2a.connector.spi.impl.FeignExceptionReader;
import de.adorsys.ledgers.middleware.api.domain.sca.OpTypeTO;
import de.adorsys.ledgers.middleware.api.domain.sca.SCAResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.ScaStatusTO;
import de.adorsys.ledgers.middleware.api.domain.um.ScaUserDataTO;
import de.adorsys.ledgers.middleware.api.service.TokenStorageService;
import de.adorsys.ledgers.rest.client.AuthRequestInterceptor;
import de.adorsys.psd2.xs2a.core.authorisation.AuthenticationObject;
import de.adorsys.psd2.xs2a.core.error.MessageErrorCode;
import de.adorsys.psd2.xs2a.core.error.TppMessage;
import de.adorsys.psd2.xs2a.spi.domain.SpiAspspConsentDataProvider;
import de.adorsys.psd2.xs2a.spi.domain.SpiContextData;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiAuthorisationDecoupledScaResponse;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiAuthorisationStatus;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiAuthorizationCodeResult;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiAvailableScaMethodsResponse;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiPsuAuthorisationResponse;
import de.adorsys.psd2.xs2a.spi.domain.psu.SpiPsuData;
import de.adorsys.psd2.xs2a.spi.domain.response.SpiResponse;
import feign.FeignException;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.EnumSet;
import java.util.List;
import java.util.Optional;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.ResponseEntity;

/* loaded from: input_file:de/adorsys/aspsp/xs2a/connector/spi/impl/authorisation/AbstractAuthorisationSpi.class */
public abstract class AbstractAuthorisationSpi<T, R extends SCAResponseTO> {
    private static final Logger log = LoggerFactory.getLogger(AbstractAuthorisationSpi.class);
    private static final String DECOUPLED_PSU_MESSAGE = "Please check your app to continue...";
    private final AuthRequestInterceptor authRequestInterceptor;
    private final AspspConsentDataService consentDataService;
    private final GeneralAuthorisationService authorisationService;
    private final ScaMethodConverter scaMethodConverter;
    private final FeignExceptionReader feignExceptionReader;
    private final TokenStorageService tokenStorageService;

    public SpiResponse<SpiPsuAuthorisationResponse> authorisePsu(@NotNull SpiContextData spiContextData, @NotNull String str, @NotNull SpiPsuData spiPsuData, String str2, T t, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        try {
            R sCAConsentResponse = getSCAConsentResponse(spiAspspConsentDataProvider, false);
            SpiResponse<SpiPsuAuthorisationResponse> authorisePsuForConsent = this.authorisationService.authorisePsuForConsent(spiPsuData, str2, getBusinessObjectId(t), str, getOtpType(), spiAspspConsentDataProvider);
            if (authorisePsuForConsent.isSuccessful()) {
                try {
                    return onSuccessfulAuthorisation(t, spiAspspConsentDataProvider, authorisePsuForConsent, mapToScaResponse(t, spiAspspConsentDataProvider.loadAspspConsentData(), sCAConsentResponse));
                } catch (IOException e) {
                    return SpiResponse.builder().error(new TppMessage(MessageErrorCode.FORMAT_ERROR_RESPONSE_TYPE, new Object[0])).build();
                }
            }
            SpiPsuAuthorisationResponse spiPsuAuthorisationResponse = (SpiPsuAuthorisationResponse) authorisePsuForConsent.getPayload();
            return (spiPsuAuthorisationResponse == null || spiPsuAuthorisationResponse.getSpiAuthorisationStatus() != SpiAuthorisationStatus.ATTEMPT_FAILURE) ? SpiResponse.builder().payload(new SpiPsuAuthorisationResponse(false, SpiAuthorisationStatus.FAILURE)).build() : authorisePsuForConsent;
        } catch (FeignException e2) {
            log.error("Read aspspConsentData in authorise PSU failed: consent ID {}, devMessage {}", getBusinessObjectId(t), this.feignExceptionReader.getErrorMessage(e2));
            return SpiResponse.builder().error(new TppMessage(MessageErrorCode.PSU_CREDENTIALS_INVALID, new Object[0])).build();
        }
    }

    public SpiResponse<SpiAvailableScaMethodsResponse> requestAvailableScaMethods(@NotNull SpiContextData spiContextData, T t, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        try {
            R sCAConsentResponse = getSCAConsentResponse(spiAspspConsentDataProvider, true);
            if (validateStatuses(t, sCAConsentResponse)) {
                return SpiResponse.builder().payload(new SpiAvailableScaMethodsResponse(Collections.emptyList())).build();
            }
            Optional<List<ScaUserDataTO>> scaMethods = getScaMethods(sCAConsentResponse);
            if (!scaMethods.isPresent()) {
                return getForZeroScaMethods(sCAConsentResponse.getScaStatus());
            }
            sCAConsentResponse.setBearerToken(this.authorisationService.validateToken(sCAConsentResponse.getBearerToken().getAccess_token()));
            List<AuthenticationObject> authenticationObjectList = this.scaMethodConverter.toAuthenticationObjectList(scaMethods.get());
            spiAspspConsentDataProvider.updateAspspConsentData(this.consentDataService.store(sCAConsentResponse));
            return SpiResponse.builder().payload(new SpiAvailableScaMethodsResponse(authenticationObjectList)).build();
        } catch (FeignException e) {
            log.error("Read available sca methods failed: consent ID {}, devMessage {}", getBusinessObjectId(t), this.feignExceptionReader.getErrorMessage(e));
            return SpiResponse.builder().error(FeignExceptionHandler.getFailureMessage(e, MessageErrorCode.FORMAT_ERROR_SCA_METHODS)).build();
        }
    }

    SpiResponse<SpiAvailableScaMethodsResponse> getForZeroScaMethods(ScaStatusTO scaStatusTO) {
        log.error("Process mismatch. Current SCA Status is {}", scaStatusTO);
        return SpiResponse.builder().error(new TppMessage(MessageErrorCode.SCA_METHOD_UNKNOWN_PROCESS_MISMATCH, new Object[0])).build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Optional<List<ScaUserDataTO>> getScaMethods(R r) {
        return Optional.ofNullable(r.getScaMethods());
    }

    @NotNull
    public SpiResponse<SpiAuthorizationCodeResult> requestAuthorisationCode(@NotNull SpiContextData spiContextData, @NotNull String str, @NotNull T t, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        R sCAConsentResponse = getSCAConsentResponse(spiAspspConsentDataProvider, true);
        try {
            if (!EnumSet.of(ScaStatusTO.PSUIDENTIFIED, ScaStatusTO.PSUAUTHENTICATED).contains(sCAConsentResponse.getScaStatus())) {
                return this.authorisationService.getResponseIfScaSelected(spiAspspConsentDataProvider, sCAConsentResponse);
            }
            try {
                this.authRequestInterceptor.setAccessToken(sCAConsentResponse.getBearerToken().getAccess_token());
                SCAResponseTO sCAResponseTO = (SCAResponseTO) getSelectMethodResponse(str, sCAConsentResponse).getBody();
                if (sCAResponseTO != null && sCAResponseTO.getBearerToken() == null) {
                    sCAResponseTO.setBearerToken(sCAConsentResponse.getBearerToken());
                }
                SpiResponse<SpiAuthorizationCodeResult> returnScaMethodSelection = this.authorisationService.returnScaMethodSelection(spiAspspConsentDataProvider, sCAResponseTO);
                this.authRequestInterceptor.setAccessToken((String) null);
                return returnScaMethodSelection;
            } catch (FeignException e) {
                log.error("Request authorisation code failed: consent ID {}, devMessage {}", getBusinessObjectId(t), this.feignExceptionReader.getErrorMessage(e));
                SpiResponse<SpiAuthorizationCodeResult> build = SpiResponse.builder().error(new TppMessage(getMessageErrorCodeByStatus(e.status()), new Object[0])).build();
                this.authRequestInterceptor.setAccessToken((String) null);
                return build;
            }
        } catch (Throwable th) {
            this.authRequestInterceptor.setAccessToken((String) null);
            throw th;
        }
    }

    @NotNull
    public SpiResponse<SpiAuthorisationDecoupledScaResponse> startScaDecoupled(@NotNull SpiContextData spiContextData, @NotNull String str, @Nullable String str2, @NotNull T t, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        if (str2 == null) {
            return SpiResponse.builder().error(new TppMessage(MessageErrorCode.SERVICE_NOT_SUPPORTED, new Object[0])).build();
        }
        SpiResponse<SpiAuthorizationCodeResult> requestAuthorisationCode = requestAuthorisationCode(spiContextData, str2, t, spiAspspConsentDataProvider);
        if (requestAuthorisationCode.hasError()) {
            return SpiResponse.builder().error(requestAuthorisationCode.getErrors()).build();
        }
        return SpiResponse.builder().payload(new SpiAuthorisationDecoupledScaResponse(generatePsuMessage(spiContextData, str, spiAspspConsentDataProvider, requestAuthorisationCode))).build();
    }

    protected abstract ResponseEntity<R> getSelectMethodResponse(@NotNull String str, R r);

    protected abstract R getSCAConsentResponse(@NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider, boolean z);

    protected abstract String getBusinessObjectId(T t);

    protected abstract OpTypeTO getOtpType();

    protected abstract TppMessage getAuthorisePsuFailureMessage(T t);

    protected abstract SCAResponseTO initiateBusinessObject(T t, byte[] bArr);

    protected abstract R mapToScaResponse(T t, byte[] bArr, R r) throws IOException;

    protected String generatePsuMessage(@NotNull SpiContextData spiContextData, @NotNull String str, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider, SpiResponse<SpiAuthorizationCodeResult> spiResponse) {
        return DECOUPLED_PSU_MESSAGE;
    }

    protected boolean validateStatuses(T t, R r) {
        return false;
    }

    protected abstract boolean isFirstInitiationOfMultilevelSca(T t, R r);

    /* JADX INFO: Access modifiers changed from: protected */
    public SpiResponse<SpiPsuAuthorisationResponse> onSuccessfulAuthorisation(T t, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider, SpiResponse<SpiPsuAuthorisationResponse> spiResponse, R r) {
        try {
            spiAspspConsentDataProvider.updateAspspConsentData(this.tokenStorageService.toBytes(r));
            if (EnumSet.of(ScaStatusTO.EXEMPTED, ScaStatusTO.PSUAUTHENTICATED, ScaStatusTO.PSUIDENTIFIED).contains(r.getScaStatus()) && isFirstInitiationOfMultilevelSca(t, r)) {
                try {
                    SCAResponseTO initiateBusinessObject = initiateBusinessObject(t, spiAspspConsentDataProvider.loadAspspConsentData());
                    if (initiateBusinessObject == null) {
                        return SpiResponse.builder().error(getAuthorisePsuFailureMessage(t)).build();
                    }
                    spiAspspConsentDataProvider.updateAspspConsentData(this.consentDataService.store(initiateBusinessObject));
                    log.info("SCA status is: {}", initiateBusinessObject.getScaStatus().name());
                } catch (FeignException e) {
                    log.info("Processing of successful authorisation failed: devMessage '{}'", this.feignExceptionReader.getErrorMessage(e));
                    return SpiResponse.builder().error(FeignExceptionHandler.getFailureMessage(e, MessageErrorCode.FORMAT_ERROR)).build();
                }
            }
            return SpiResponse.builder().payload((SpiPsuAuthorisationResponse) spiResponse.getPayload()).build();
        } catch (IOException e2) {
            return SpiResponse.builder().error(new TppMessage(MessageErrorCode.TOKEN_UNKNOWN, new Object[0])).build();
        }
    }

    private MessageErrorCode getMessageErrorCodeByStatus(int i) {
        return i == 501 ? MessageErrorCode.SCA_METHOD_UNKNOWN : Arrays.asList(400, 401, 403).contains(Integer.valueOf(i)) ? MessageErrorCode.FORMAT_ERROR : i == 404 ? MessageErrorCode.PSU_CREDENTIALS_INVALID : MessageErrorCode.INTERNAL_SERVER_ERROR;
    }

    public AbstractAuthorisationSpi(AuthRequestInterceptor authRequestInterceptor, AspspConsentDataService aspspConsentDataService, GeneralAuthorisationService generalAuthorisationService, ScaMethodConverter scaMethodConverter, FeignExceptionReader feignExceptionReader, TokenStorageService tokenStorageService) {
        this.authRequestInterceptor = authRequestInterceptor;
        this.consentDataService = aspspConsentDataService;
        this.authorisationService = generalAuthorisationService;
        this.scaMethodConverter = scaMethodConverter;
        this.feignExceptionReader = feignExceptionReader;
        this.tokenStorageService = tokenStorageService;
    }
}
