package de.adorsys.ledgers.middleware.impl.service;

import de.adorsys.ledgers.middleware.api.domain.sca.ChallengeDataTO;
import de.adorsys.ledgers.middleware.api.domain.sca.OpTypeTO;
import de.adorsys.ledgers.middleware.api.domain.sca.SCALoginResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.ScaInfoTO;
import de.adorsys.ledgers.middleware.api.domain.sca.ScaStatusTO;
import de.adorsys.ledgers.middleware.api.domain.um.BearerTokenTO;
import de.adorsys.ledgers.middleware.api.domain.um.LoginKeyDataTO;
import de.adorsys.ledgers.middleware.api.domain.um.UserRoleTO;
import de.adorsys.ledgers.middleware.api.domain.um.UserTO;
import de.adorsys.ledgers.middleware.api.exception.MiddlewareErrorCode;
import de.adorsys.ledgers.middleware.api.exception.MiddlewareModuleException;
import de.adorsys.ledgers.middleware.api.service.MiddlewareOnlineBankingService;
import de.adorsys.ledgers.middleware.impl.converter.BearerTokenMapper;
import de.adorsys.ledgers.middleware.impl.converter.ScaInfoMapper;
import de.adorsys.ledgers.middleware.impl.converter.UserMapper;
import de.adorsys.ledgers.sca.domain.AuthCodeDataBO;
import de.adorsys.ledgers.sca.domain.OpTypeBO;
import de.adorsys.ledgers.sca.domain.SCAOperationBO;
import de.adorsys.ledgers.sca.domain.ScaStatusBO;
import de.adorsys.ledgers.sca.domain.ScaValidationBO;
import de.adorsys.ledgers.sca.service.SCAOperationService;
import de.adorsys.ledgers.um.api.domain.BearerTokenBO;
import de.adorsys.ledgers.um.api.domain.ScaInfoBO;
import de.adorsys.ledgers.um.api.domain.TokenUsageBO;
import de.adorsys.ledgers.um.api.domain.UserBO;
import de.adorsys.ledgers.um.api.domain.UserRoleBO;
import de.adorsys.ledgers.um.api.service.AuthorizationService;
import de.adorsys.ledgers.um.api.service.UserService;
import de.adorsys.ledgers.util.exception.ScaModuleException;
import java.time.LocalDateTime;
import java.util.Date;
import java.util.Optional;
import org.jetbrains.annotations.NotNull;
import org.mapstruct.factory.Mappers;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Transactional
@Service
/* loaded from: input_file:de/adorsys/ledgers/middleware/impl/service/MiddlewareOnlineBankingServiceImpl.class */
public class MiddlewareOnlineBankingServiceImpl implements MiddlewareOnlineBankingService {
    private static final Logger log = LoggerFactory.getLogger(MiddlewareOnlineBankingServiceImpl.class);
    private static final String NO_USER_MESSAGE = "No user message";
    private final UserMapper userTOMapper = (UserMapper) Mappers.getMapper(UserMapper.class);
    private final UserService userService;
    private final BearerTokenMapper bearerTokenMapper;
    private final SCAOperationService scaOperationService;
    private final SCAUtils scaUtils;
    private final ScaInfoMapper scaInfoMapper;
    private final AuthorizationService authorizationService;

    @Value("${default.token.lifetime.seconds:600}")
    private int defaultLoginTokenExpireInSeconds;

    public SCALoginResponseTO authorise(String str, String str2, UserRoleTO userRoleTO) {
        UserBO user = user(str);
        String opId = new LoginKeyDataTO(user.getId(), LocalDateTime.now()).toOpId();
        return authorizeResponse(proceedToLogin(user, str2, userRoleTO, opId, opId));
    }

    @Transactional(noRollbackFor = {ScaModuleException.class})
    public SCALoginResponseTO authoriseForConsent(String str, String str2, String str3, String str4, OpTypeTO opTypeTO) {
        OpTypeBO valueOf = OpTypeBO.valueOf(opTypeTO.name());
        UserBO user = user(str);
        this.scaOperationService.checkIfExistsOrNew(new AuthCodeDataBO(user.getLogin(), (String) null, str3, (String) null, NO_USER_MESSAGE, this.defaultLoginTokenExpireInSeconds, valueOf, str4, 0));
        try {
            return resolveLoginResponseForConsentLogin(str3, str4, valueOf, user, proceedToLogin(user, str2, UserRoleTO.CUSTOMER, str3, str4));
        } catch (MiddlewareModuleException e) {
            throw this.scaOperationService.updateFailedCount(str4, true);
        }
    }

    public SCALoginResponseTO authoriseForConsentWithToken(ScaInfoTO scaInfoTO, String str, String str2, OpTypeTO opTypeTO) {
        return resolveLoginResponseForConsentLogin(str, str2, OpTypeBO.valueOf(opTypeTO.name()), user(scaInfoTO.getUserLogin()), proceedToLogin(this.scaInfoMapper.toScaInfoBO(scaInfoTO), str2));
    }

    @NotNull
    private SCALoginResponseTO resolveLoginResponseForConsentLogin(String str, String str2, OpTypeBO opTypeBO, UserBO userBO, BearerTokenBO bearerTokenBO) {
        if (!scaRequired(userBO)) {
            return authorizeResponse(bearerTokenBO);
        }
        SCALoginResponseTO scaResponse = toScaResponse(userBO, NO_USER_MESSAGE, this.scaOperationService.createAuthCode(new AuthCodeDataBO(userBO.getLogin(), (String) null, str, (String) null, NO_USER_MESSAGE, this.defaultLoginTokenExpireInSeconds, opTypeBO, str2, 0), ScaStatusBO.PSUIDENTIFIED));
        scaResponse.setBearerToken(this.bearerTokenMapper.toBearerTokenTO(this.authorizationService.scaToken(bearerTokenBO.getAccessTokenObject().buildScaInfoBO())));
        return scaResponse;
    }

    private BearerTokenBO proceedToLogin(ScaInfoBO scaInfoBO, String str) {
        return (BearerTokenBO) Optional.ofNullable(this.authorizationService.authorizeNewAuthorizationId(scaInfoBO, str)).orElseThrow(() -> {
            return MiddlewareModuleException.builder().errorCode(MiddlewareErrorCode.INSUFFICIENT_PERMISSION).devMsg("Unknown credentials.").build();
        });
    }

    public BearerTokenTO validate(String str) {
        return this.bearerTokenMapper.toBearerTokenTO(this.authorizationService.validate(str, new Date()));
    }

    public UserTO register(String str, String str2, String str3, UserRoleTO userRoleTO) {
        UserTO userTO = new UserTO(str, str2, str3);
        userTO.getUserRoles().add(userRoleTO);
        return this.userTOMapper.toUserTO(this.userService.create(this.userTOMapper.toUserBO(userTO)));
    }

    public SCALoginResponseTO generateLoginAuthCode(ScaInfoTO scaInfoTO, String str, int i) {
        UserBO userBO = this.scaUtils.userBO(scaInfoTO.getUserId());
        SCAOperationBO loadAuthCode = this.scaOperationService.loadAuthCode(scaInfoTO.getAuthorisationId());
        LoginKeyDataTO fromOpId = LoginKeyDataTO.fromOpId(loadAuthCode.getOpId());
        String opId = loadAuthCode.getOpId();
        SCALoginResponseTO scaResponse = toScaResponse(userBO, fromOpId.messageTemplate(), this.scaOperationService.generateAuthCode(new AuthCodeDataBO(userBO.getLogin(), scaInfoTO.getScaMethodId(), opId, opId, str, i, OpTypeBO.LOGIN, scaInfoTO.getAuthorisationId(), 0), userBO, ScaStatusBO.SCAMETHODSELECTED));
        scaResponse.setBearerToken(this.bearerTokenMapper.toBearerTokenTO(this.authorizationService.loginToken(this.scaInfoMapper.toScaInfoBO(scaInfoTO))));
        return scaResponse;
    }

    public SCALoginResponseTO authenticateForLogin(ScaInfoTO scaInfoTO) {
        UserBO userBO = this.scaUtils.userBO(scaInfoTO.getUserId());
        SCAOperationBO loadAuthCode = this.scaOperationService.loadAuthCode(scaInfoTO.getAuthorisationId());
        LoginKeyDataTO fromOpId = LoginKeyDataTO.fromOpId(loadAuthCode.getOpId());
        String authorisationId = scaInfoTO.getAuthorisationId();
        ScaValidationBO validateAuthCode = this.scaOperationService.validateAuthCode(authorisationId, authorisationId, authorisationId, scaInfoTO.getAuthCode(), 0);
        SCALoginResponseTO scaResponse = toScaResponse(userBO, fromOpId.messageTemplate(), loadAuthCode);
        if (validateAuthCode.isValidAuthCode()) {
            scaResponse.setBearerToken(this.bearerTokenMapper.toBearerTokenTO(this.authorizationService.scaToken(this.scaInfoMapper.toScaInfoBO(scaInfoTO))));
            scaResponse.setAuthConfirmationCode(validateAuthCode.getAuthConfirmationCode());
        }
        return scaResponse;
    }

    public SCALoginResponseTO authorizeForUser(String str, String str2, String str3) {
        if (!this.authorizationService.validateCredentials(str, str2, UserRoleBO.SYSTEM)) {
            throw MiddlewareModuleException.builder().devMsg("Your credentials or role does not comply to request you're executing!").errorCode(MiddlewareErrorCode.AUTHENTICATION_FAILURE).build();
        }
        SCALoginResponseTO sCALoginResponseTO = new SCALoginResponseTO();
        sCALoginResponseTO.setScaStatus(ScaStatusTO.EXEMPTED);
        UserBO user = user(str3);
        BearerTokenBO scaToken = this.authorizationService.scaToken(new ScaInfoBO(user.getId(), (String) null, (String) null, UserRoleBO.CUSTOMER, (String) null, (String) null, TokenUsageBO.DIRECT_ACCESS, user.getLogin()));
        sCALoginResponseTO.setBearerToken(this.bearerTokenMapper.toBearerTokenTO(scaToken));
        sCALoginResponseTO.setScaId(scaToken.getAccessTokenObject().getScaId());
        sCALoginResponseTO.setExpiresInSeconds(scaToken.getExpires_in());
        sCALoginResponseTO.setStatusDate(LocalDateTime.now());
        return sCALoginResponseTO;
    }

    private SCALoginResponseTO toScaResponse(UserBO userBO, String str, SCAOperationBO sCAOperationBO) {
        SCALoginResponseTO sCALoginResponseTO = new SCALoginResponseTO();
        UserTO user = this.scaUtils.user(userBO);
        sCALoginResponseTO.setAuthorisationId(sCAOperationBO.getId());
        sCALoginResponseTO.setChosenScaMethod(this.scaUtils.getScaMethod(user, sCAOperationBO.getScaMethodId()));
        sCALoginResponseTO.setChallengeData((ChallengeDataTO) null);
        sCALoginResponseTO.setExpiresInSeconds(sCAOperationBO.getValiditySeconds());
        sCALoginResponseTO.setScaId(sCAOperationBO.getOpId());
        sCALoginResponseTO.setPsuMessage(str);
        sCALoginResponseTO.setScaMethods(user.getScaUserData());
        sCALoginResponseTO.setScaStatus(ScaStatusTO.valueOf(sCAOperationBO.getScaStatus().name()));
        sCALoginResponseTO.setStatusDate(sCAOperationBO.getStatusTime());
        return sCALoginResponseTO;
    }

    private boolean scaRequired(UserBO userBO) {
        return this.scaUtils.hasSCA(userBO);
    }

    private SCALoginResponseTO authorizeResponse(BearerTokenBO bearerTokenBO) {
        SCALoginResponseTO sCALoginResponseTO = new SCALoginResponseTO();
        sCALoginResponseTO.setScaStatus(ScaStatusTO.EXEMPTED);
        BearerTokenBO scaToken = this.authorizationService.scaToken(bearerTokenBO.getAccessTokenObject().buildScaInfoBO());
        sCALoginResponseTO.setBearerToken(this.bearerTokenMapper.toBearerTokenTO(scaToken));
        sCALoginResponseTO.setScaId(scaToken.getAccessTokenObject().getScaId());
        sCALoginResponseTO.setExpiresInSeconds(scaToken.getExpires_in());
        sCALoginResponseTO.setStatusDate(LocalDateTime.now());
        sCALoginResponseTO.setAuthorisationId(bearerTokenBO.getAccessTokenObject().getAuthorisationId());
        return sCALoginResponseTO;
    }

    private UserBO user(String str) {
        return this.userService.findByLogin(str);
    }

    private BearerTokenBO proceedToLogin(UserBO userBO, String str, UserRoleTO userRoleTO, String str2, String str3) {
        return (BearerTokenBO) Optional.ofNullable(this.authorizationService.authorise(userBO.getLogin(), str, UserRoleBO.valueOf(userRoleTO.name()), str2, str3)).orElseThrow(() -> {
            return MiddlewareModuleException.builder().errorCode(MiddlewareErrorCode.INSUFFICIENT_PERMISSION).devMsg("Unknown credentials.").build();
        });
    }

    public MiddlewareOnlineBankingServiceImpl(UserService userService, BearerTokenMapper bearerTokenMapper, SCAOperationService sCAOperationService, SCAUtils sCAUtils, ScaInfoMapper scaInfoMapper, AuthorizationService authorizationService) {
        this.userService = userService;
        this.bearerTokenMapper = bearerTokenMapper;
        this.scaOperationService = sCAOperationService;
        this.scaUtils = sCAUtils;
        this.scaInfoMapper = scaInfoMapper;
        this.authorizationService = authorizationService;
    }
}
