package de.adorsys.ledgers.oba.rest.server.resource;

import de.adorsys.ledgers.middleware.api.domain.sca.OpTypeTO;
import de.adorsys.ledgers.middleware.api.domain.sca.SCALoginResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.ScaStatusTO;
import de.adorsys.ledgers.middleware.api.domain.um.AccessTokenTO;
import de.adorsys.ledgers.middleware.api.domain.um.BearerTokenTO;
import de.adorsys.ledgers.middleware.client.rest.AuthRequestInterceptor;
import de.adorsys.ledgers.middleware.client.rest.UserMgmtRestClient;
import de.adorsys.ledgers.oba.rest.server.auth.oba.SecurityConstant;
import de.adorsys.ledgers.oba.service.api.domain.AuthorizeResponse;
import de.adorsys.ledgers.oba.service.api.domain.ConsentReference;
import de.adorsys.ledgers.oba.service.api.domain.ConsentType;
import de.adorsys.ledgers.oba.service.api.domain.PaymentAuthorizeResponse;
import de.adorsys.ledgers.oba.service.api.domain.PaymentWorkflow;
import de.adorsys.ledgers.oba.service.api.domain.exception.AuthErrorCode;
import de.adorsys.ledgers.oba.service.api.domain.exception.AuthorizationException;
import de.adorsys.ledgers.oba.service.api.domain.exception.InvalidConsentException;
import de.adorsys.ledgers.oba.service.api.service.ConsentReferencePolicy;
import java.util.EnumSet;
import java.util.Optional;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Service;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.web.util.WebUtils;

@Service
/* loaded from: input_file:de/adorsys/ledgers/oba/rest/server/resource/XISControllerService.class */
public class XISControllerService {
    private static final Logger log = LoggerFactory.getLogger(XISControllerService.class);
    private static final String ACCESS_TOKEN_COOKIE = "ACCESS_TOKEN";
    private final AuthRequestInterceptor authInterceptor;
    private final HttpServletRequest request;
    private final HttpServletResponse response;
    private final UserMgmtRestClient userMgmtRestClient;
    private final ConsentReferencePolicy referencePolicy;
    private final ResponseUtils responseUtils;

    @Value("${online-banking.sca.loginpage:http://localhost:4400/}")
    private String loginPage;

    public ResponseEntity<AuthorizeResponse> auth(String str, ConsentType consentType, String str2, HttpServletResponse httpServletResponse) {
        AuthorizeResponse authorizeResponse = new AuthorizeResponse();
        try {
            ConsentReference fromURL = this.referencePolicy.fromURL(str, consentType, str2);
            authorizeResponse.setEncryptedConsentId(str2);
            authorizeResponse.setAuthorisationId(str);
            String str3 = (String) Optional.ofNullable(this.request.getHeader("Authorization")).filter(str4 -> {
                return StringUtils.startsWithIgnoreCase(str4, SecurityConstant.BEARER_TOKEN_PREFIX);
            }).map(str5 -> {
                return StringUtils.substringAfter(str5, SecurityConstant.BEARER_TOKEN_PREFIX);
            }).orElse(null);
            this.responseUtils.setCookies(httpServletResponse, fromURL, str3, (AccessTokenTO) Optional.ofNullable(str3).map(str6 -> {
                return (BearerTokenTO) this.userMgmtRestClient.validate(str6).getBody();
            }).map((v0) -> {
                return v0.getAccessTokenObject();
            }).orElse(null));
            if (StringUtils.isNotBlank(str3)) {
                httpServletResponse.addHeader("Authorization", str3);
            }
            httpServletResponse.addHeader("Location", UriComponentsBuilder.fromUriString(this.loginPage).queryParam("encryptedConsentId", new Object[]{authorizeResponse.getEncryptedConsentId()}).queryParam("authorisationId", new Object[]{authorizeResponse.getAuthorisationId()}).build().toUriString());
            return ResponseEntity.ok(authorizeResponse);
        } catch (InvalidConsentException e) {
            log.info(e.getMessage());
            this.responseUtils.removeCookies(httpServletResponse);
            return this.responseUtils.unknownCredentials(authorizeResponse, httpServletResponse);
        }
    }

    public ResponseEntity<SCALoginResponseTO> performLoginForConsent(String str, String str2, String str3, String str4, OpTypeTO opTypeTO) {
        Cookie cookie = WebUtils.getCookie(this.request, "ACCESS_TOKEN");
        return performLoginForConsent(str, str2, cookie != null ? cookie.getValue() : null, str3, str4, opTypeTO);
    }

    private ResponseEntity<SCALoginResponseTO> performLoginForConsent(String str, String str2, String str3, String str4, String str5, OpTypeTO opTypeTO) {
        if (StringUtils.isNotBlank(str3)) {
            this.authInterceptor.setAccessToken(str3);
            return this.userMgmtRestClient.authoriseForConsent(str4, str5, opTypeTO);
        }
        if (StringUtils.isNotBlank(str) || StringUtils.isNotBlank(str2)) {
            return this.userMgmtRestClient.authoriseForConsent(str, str2, str4, str5, opTypeTO);
        }
        throw AuthorizationException.builder().errorCode(AuthErrorCode.LOGIN_FAILED).devMessage("Login or pin is missing.").build();
    }

    public ResponseEntity<PaymentAuthorizeResponse> resolvePaymentWorkflow(PaymentWorkflow paymentWorkflow) {
        if (EnumSet.of(ScaStatusTO.PSUIDENTIFIED, ScaStatusTO.FINALISED, ScaStatusTO.EXEMPTED, ScaStatusTO.PSUAUTHENTICATED, ScaStatusTO.SCAMETHODSELECTED).contains(paymentWorkflow.scaStatus())) {
            this.responseUtils.setCookies(this.response, paymentWorkflow.getConsentReference(), paymentWorkflow.bearerToken().getAccess_token(), paymentWorkflow.bearerToken().getAccessTokenObject());
            return ResponseEntity.ok(paymentWorkflow.getAuthResponse());
        }
        this.responseUtils.removeCookies(this.response);
        return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
    }

    public XISControllerService(AuthRequestInterceptor authRequestInterceptor, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, UserMgmtRestClient userMgmtRestClient, ConsentReferencePolicy consentReferencePolicy, ResponseUtils responseUtils) {
        this.authInterceptor = authRequestInterceptor;
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.userMgmtRestClient = userMgmtRestClient;
        this.referencePolicy = consentReferencePolicy;
        this.responseUtils = responseUtils;
    }
}
