package de.adorsys.ledgers.oba.rest.server.resource;

import de.adorsys.ledgers.middleware.api.domain.account.AccountDetailsTO;
import de.adorsys.ledgers.middleware.api.domain.oauth.OauthCodeResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.OpTypeTO;
import de.adorsys.ledgers.middleware.api.domain.sca.SCAConsentResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.SCALoginResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.SCAResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.ScaStatusTO;
import de.adorsys.ledgers.middleware.api.domain.um.AccessTokenTO;
import de.adorsys.ledgers.middleware.api.domain.um.AisAccountAccessInfoTO;
import de.adorsys.ledgers.middleware.api.domain.um.AisConsentTO;
import de.adorsys.ledgers.middleware.api.domain.um.BearerTokenTO;
import de.adorsys.ledgers.middleware.api.service.TokenStorageService;
import de.adorsys.ledgers.middleware.client.rest.AccountRestClient;
import de.adorsys.ledgers.middleware.client.rest.AuthRequestInterceptor;
import de.adorsys.ledgers.middleware.client.rest.ConsentRestClient;
import de.adorsys.ledgers.middleware.client.rest.OauthRestClient;
import de.adorsys.ledgers.oba.rest.api.resource.AISApi;
import de.adorsys.ledgers.oba.rest.api.resource.exception.ConsentAuthorizeException;
import de.adorsys.ledgers.oba.rest.server.auth.ObaMiddlewareAuthentication;
import de.adorsys.ledgers.oba.service.api.domain.AuthorizeResponse;
import de.adorsys.ledgers.oba.service.api.domain.ConsentAuthorizeResponse;
import de.adorsys.ledgers.oba.service.api.domain.ConsentType;
import de.adorsys.ledgers.oba.service.api.domain.ConsentWorkflow;
import de.adorsys.ledgers.oba.service.api.domain.CreatePiisConsentRequestTO;
import de.adorsys.ledgers.oba.service.api.domain.PIISConsentCreateResponse;
import de.adorsys.ledgers.oba.service.api.service.ConsentService;
import de.adorsys.ledgers.oba.service.api.service.RedirectConsentService;
import de.adorsys.psd2.consent.api.CmsAspspConsentDataBase64;
import de.adorsys.psd2.consent.api.ais.CmsAisConsentResponse;
import de.adorsys.psd2.xs2a.core.consent.ConsentStatus;
import de.adorsys.psd2.xs2a.core.psu.PsuIdData;
import de.adorsys.psd2.xs2a.core.sca.AuthenticationDataHolder;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import java.io.IOException;
import java.util.Collections;
import java.util.EnumSet;
import java.util.List;
import java.util.Optional;
import javax.servlet.http.HttpServletResponse;
import org.adorsys.ledgers.consent.psu.rest.client.CmsPsuAisClient;
import org.adorsys.ledgers.consent.xs2a.rest.client.AspspConsentDataClient;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/ais"})
@Api(value = "/ais", tags = {"PSU AIS. Provides access to online banking account functionality"})
@RestController
/* loaded from: input_file:de/adorsys/ledgers/oba/rest/server/resource/AISController.class */
public class AISController implements AISApi {
    private static final Logger log = LoggerFactory.getLogger(AISController.class);
    private final CmsPsuAisClient cmsPsuAisClient;
    private final ConsentRestClient consentRestClient;
    private final AccountRestClient accountRestClient;
    private final OauthRestClient oauthRestClient;
    private final RedirectConsentService redirectConsentService;
    private final ConsentService consentService;
    private final XISControllerService xisService;
    private final HttpServletResponse response;
    private final ResponseUtils responseUtils;
    private final ObaMiddlewareAuthentication middlewareAuth;
    private final AuthRequestInterceptor authInterceptor;
    private final AspspConsentDataClient aspspConsentDataClient;
    private final TokenStorageService tokenStorageService;

    @ApiOperation("Entry point for authenticating ais consent requests.")
    public ResponseEntity<AuthorizeResponse> aisAuth(String str, String str2, String str3) {
        return this.xisService.auth(str, ConsentType.AIS, str2, this.response);
    }

    public ResponseEntity<ConsentAuthorizeResponse> login(String str, String str2, String str3, String str4, String str5) {
        try {
            ConsentWorkflow identifyConsent = this.redirectConsentService.identifyConsent(str, str2, false, this.responseUtils.consentCookie(str5), (BearerTokenTO) null);
            ResponseEntity<SCALoginResponseTO> performLoginForConsent = this.xisService.performLoginForConsent(str3, str4, identifyConsent.consentId(), identifyConsent.authId(), OpTypeTO.CONSENT);
            AuthUtils.checkIfUserInitiatedOperation(performLoginForConsent, identifyConsent.getConsentResponse().getAccountConsent().getPsuIdDataList());
            identifyConsent.storeSCAResponse((SCAResponseTO) performLoginForConsent.getBody());
            if (!AuthUtils.success(performLoginForConsent)) {
                return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
            }
            String psuId = AuthUtils.psuId(identifyConsent.bearerToken());
            try {
                updatePSUIdentification(identifyConsent, psuId);
                this.redirectConsentService.updateScaStatusConsentStatusConsentData(psuId, identifyConsent);
                return resolveResponseByScaStatus(identifyConsent, true);
            } catch (ConsentAuthorizeException e) {
                return e.getError();
            }
        } catch (ConsentAuthorizeException e2) {
            return e2.getError();
        }
    }

    public ResponseEntity<ConsentAuthorizeResponse> startConsentAuth(String str, String str2, String str3, AisConsentTO aisConsentTO) {
        String psuId = AuthUtils.psuId(this.middlewareAuth);
        try {
            ConsentWorkflow identifyConsent = this.redirectConsentService.identifyConsent(str, str2, false, this.responseUtils.consentCookie(str3), this.middlewareAuth.getBearerToken());
            this.redirectConsentService.startConsent(identifyConsent, aisConsentTO, listOfAccounts(identifyConsent));
            this.redirectConsentService.updateScaStatusConsentStatusConsentData(psuId, identifyConsent);
            return resolveResponseByScaStatus(identifyConsent, false);
        } catch (ConsentAuthorizeException e) {
            return e.getError();
        }
    }

    public ResponseEntity<ConsentAuthorizeResponse> authrizedConsent(String str, String str2, String str3, String str4) {
        String psuId = AuthUtils.psuId(this.middlewareAuth);
        try {
            try {
                ConsentWorkflow identifyConsent = this.redirectConsentService.identifyConsent(str, str2, true, this.responseUtils.consentCookie(str3), this.middlewareAuth.getBearerToken());
                this.authInterceptor.setAccessToken(identifyConsent.bearerToken().getAccess_token());
                SCAConsentResponseTO sCAConsentResponseTO = (SCAConsentResponseTO) this.consentRestClient.authorizeConsent(identifyConsent.consentId(), str2, str4).getBody();
                identifyConsent.storeSCAResponse(sCAConsentResponseTO);
                if (sCAConsentResponseTO != null && ScaStatusTO.FINALISED == sCAConsentResponseTO.getScaStatus()) {
                    this.cmsPsuAisClient.confirmConsent(identifyConsent.consentId(), psuId, (String) null, (String) null, (String) null, "UNDEFINED");
                }
                this.redirectConsentService.updateScaStatusConsentStatusConsentData(psuId, identifyConsent);
                Optional ofNullable = Optional.ofNullable(identifyConsent.bearerToken());
                this.responseUtils.setCookies(this.response, identifyConsent.getConsentReference(), (String) ofNullable.map((v0) -> {
                    return v0.getAccess_token();
                }).orElseGet(() -> {
                    return "";
                }), (AccessTokenTO) ofNullable.map((v0) -> {
                    return v0.getAccessTokenObject();
                }).orElse(null));
                log.info("Confirmation code: {}", identifyConsent.getAuthResponse().getAuthConfirmationCode());
                ResponseEntity<ConsentAuthorizeResponse> ok = ResponseEntity.ok(identifyConsent.getAuthResponse());
                this.authInterceptor.setAccessToken((String) null);
                return ok;
            } catch (ConsentAuthorizeException e) {
                ResponseEntity<ConsentAuthorizeResponse> error = e.getError();
                this.authInterceptor.setAccessToken((String) null);
                return error;
            }
        } catch (Throwable th) {
            this.authInterceptor.setAccessToken((String) null);
            throw th;
        }
    }

    public ResponseEntity<ConsentAuthorizeResponse> selectMethod(String str, String str2, String str3, String str4) {
        String psuId = AuthUtils.psuId(this.middlewareAuth);
        try {
            ConsentWorkflow identifyConsent = this.redirectConsentService.identifyConsent(str, str2, true, this.responseUtils.consentCookie(str4), this.middlewareAuth.getBearerToken());
            this.redirectConsentService.selectScaMethod(str3, identifyConsent);
            this.redirectConsentService.updateScaStatusConsentStatusConsentData(psuId, identifyConsent);
            this.responseUtils.setCookies(this.response, identifyConsent.getConsentReference(), identifyConsent.bearerToken().getAccess_token(), identifyConsent.bearerToken().getAccessTokenObject());
            return ResponseEntity.ok(identifyConsent.getAuthResponse());
        } catch (ConsentAuthorizeException e) {
            return e.getError();
        }
    }

    public ResponseEntity<PIISConsentCreateResponse> grantPiisConsent(String str, CreatePiisConsentRequestTO createPiisConsentRequestTO) {
        String psuId = AuthUtils.psuId(this.middlewareAuth);
        try {
            try {
                this.authInterceptor.setAccessToken(this.middlewareAuth.getBearerToken().getAccess_token());
                SCAConsentResponseTO createConsent = this.consentService.createConsent(createPiisConsentRequestTO, psuId);
                ResponseEntity<?> updateAspspPiisConsentData = updateAspspPiisConsentData(createConsent.getConsentId(), createConsent);
                if (!HttpStatus.OK.equals(updateAspspPiisConsentData.getStatusCode())) {
                    ResponseEntity<PIISConsentCreateResponse> error = this.responseUtils.error(new PIISConsentCreateResponse(), updateAspspPiisConsentData.getStatusCode(), "Could not update aspsp consent data", this.response);
                    this.authInterceptor.setAccessToken((String) null);
                    return error;
                }
                this.responseUtils.setCookies(this.response, null, this.middlewareAuth.getBearerToken().getAccess_token(), this.middlewareAuth.getBearerToken().getAccessTokenObject());
                ResponseEntity<PIISConsentCreateResponse> ok = ResponseEntity.ok(new PIISConsentCreateResponse(createConsent.getBearerToken().getAccessTokenObject().getConsent()));
                this.authInterceptor.setAccessToken((String) null);
                return ok;
            } catch (IOException e) {
                ResponseEntity<PIISConsentCreateResponse> error2 = this.responseUtils.error(new PIISConsentCreateResponse(), HttpStatus.INTERNAL_SERVER_ERROR, e.getMessage(), this.response);
                this.authInterceptor.setAccessToken((String) null);
                return error2;
            }
        } catch (Throwable th) {
            this.authInterceptor.setAccessToken((String) null);
            throw th;
        }
    }

    public ResponseEntity<List<AccountDetailsTO>> getListOfAccounts(String str) {
        try {
            this.authInterceptor.setAccessToken(this.middlewareAuth.getBearerToken().getAccess_token());
            ResponseEntity<List<AccountDetailsTO>> ok = ResponseEntity.ok((List) this.accountRestClient.getListOfAccounts().getBody());
            this.authInterceptor.setAccessToken((String) null);
            return ok;
        } catch (Throwable th) {
            this.authInterceptor.setAccessToken((String) null);
            throw th;
        }
    }

    public ResponseEntity<ConsentAuthorizeResponse> aisDone(String str, String str2, String str3, boolean z, String str4) {
        ConsentWorkflow identifyConsent = this.redirectConsentService.identifyConsent(str, str2, true, this.responseUtils.consentCookie(str3), this.middlewareAuth.getBearerToken());
        ConsentStatus consentStatus = identifyConsent.getConsentResponse().getAccountConsent().getConsentStatus();
        CmsAisConsentResponse consentResponse = identifyConsent.getConsentResponse();
        this.authInterceptor.setAccessToken(identifyConsent.getScaResponse().getBearerToken().getAccess_token());
        return this.responseUtils.redirect(EnumSet.of(ConsentStatus.VALID, ConsentStatus.RECEIVED, ConsentStatus.PARTIALLY_AUTHORISED).contains(consentStatus) ? z ? ((OauthCodeResponseTO) this.oauthRestClient.oauthCode(consentResponse.getTppOkRedirectUri()).getBody()).getRedirectUri() : buildTppOkRedirectUri(consentResponse.getTppOkRedirectUri(), str4) : consentResponse.getTppNokRedirectUri(), this.response);
    }

    private String buildTppOkRedirectUri(String str, String str2) {
        return str + (StringUtils.isNotBlank(str2) ? "?authConfirmationCode=" + str2 : "");
    }

    public ResponseEntity<ConsentAuthorizeResponse> revokeConsent(@NotNull String str, @NotNull String str2, String str3) {
        try {
            ConsentWorkflow identifyConsent = this.redirectConsentService.identifyConsent(str, str2, true, this.responseUtils.consentCookie(str3), this.middlewareAuth.getBearerToken());
            this.authInterceptor.setAccessToken(this.middlewareAuth.getBearerToken().getAccess_token());
            return failAuthorisation(identifyConsent.consentId(), AuthUtils.psuId(this.middlewareAuth), str2) ? ResponseEntity.ok(buildResponseForSuccessfulConsentRevoke()) : ResponseEntity.badRequest().build();
        } catch (ConsentAuthorizeException e) {
            return ResponseEntity.badRequest().build();
        }
    }

    private ResponseEntity<ConsentAuthorizeResponse> resolveResponseByScaStatus(ConsentWorkflow consentWorkflow, boolean z) {
        ScaStatusTO scaStatus = consentWorkflow.scaStatus();
        if (scaStatus == ScaStatusTO.EXEMPTED) {
            this.responseUtils.removeCookies(this.response);
            return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();
        }
        if (!EnumSet.of(ScaStatusTO.PSUIDENTIFIED, ScaStatusTO.FINALISED, ScaStatusTO.PSUAUTHENTICATED, ScaStatusTO.SCAMETHODSELECTED).contains(scaStatus)) {
            this.responseUtils.removeCookies(this.response);
            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
        }
        List<AccountDetailsTO> listOfAccounts = listOfAccounts(consentWorkflow);
        consentWorkflow.getAuthResponse().setAccounts(listOfAccounts);
        if (z) {
            this.redirectConsentService.updateAccessByConsentType(consentWorkflow, listOfAccounts);
        }
        this.responseUtils.setCookies(this.response, consentWorkflow.getConsentReference(), consentWorkflow.bearerToken().getAccess_token(), consentWorkflow.bearerToken().getAccessTokenObject());
        return ResponseEntity.ok(consentWorkflow.getAuthResponse());
    }

    private boolean failAuthorisation(String str, String str2, String str3) {
        return this.cmsPsuAisClient.updateAuthorisationStatus(str, "FAILED", str3, str2, (String) null, (String) null, (String) null, "UNDEFINED", new AuthenticationDataHolder((String) null, (String) null)).getStatusCode() == HttpStatus.OK;
    }

    private ConsentAuthorizeResponse buildResponseForSuccessfulConsentRevoke() {
        ConsentAuthorizeResponse consentAuthorizeResponse = new ConsentAuthorizeResponse();
        consentAuthorizeResponse.setScaStatus(ScaStatusTO.EXEMPTED);
        consentAuthorizeResponse.setAccounts(Collections.emptyList());
        AisConsentTO aisConsentTO = new AisConsentTO();
        AisAccountAccessInfoTO aisAccountAccessInfoTO = new AisAccountAccessInfoTO();
        aisAccountAccessInfoTO.setBalances(Collections.emptyList());
        aisAccountAccessInfoTO.setAccounts(Collections.emptyList());
        aisAccountAccessInfoTO.setTransactions(Collections.emptyList());
        aisConsentTO.setAccess(aisAccountAccessInfoTO);
        consentAuthorizeResponse.setConsent(aisConsentTO);
        return consentAuthorizeResponse;
    }

    private void updatePSUIdentification(ConsentWorkflow consentWorkflow, String str) {
        ResponseEntity updatePsuDataInConsent = this.cmsPsuAisClient.updatePsuDataInConsent(consentWorkflow.consentId(), consentWorkflow.authId(), "UNDEFINED", new PsuIdData(str, (String) null, (String) null, (String) null, (String) null));
        if (!HttpStatus.OK.equals(updatePsuDataInConsent.getStatusCode())) {
            throw new ConsentAuthorizeException(this.responseUtils.couldNotProcessRequest(authResp(), "Error updating psu identification. See error code.", updatePsuDataInConsent.getStatusCode(), this.response));
        }
    }

    private ConsentAuthorizeResponse authResp() {
        return new ConsentAuthorizeResponse();
    }

    private ResponseEntity<?> updateAspspPiisConsentData(String str, SCAConsentResponseTO sCAConsentResponseTO) throws IOException {
        return this.aspspConsentDataClient.updateAspspConsentData(str, new CmsAspspConsentDataBase64(str, this.tokenStorageService.toBase64String(sCAConsentResponseTO)));
    }

    private List<AccountDetailsTO> listOfAccounts(ConsentWorkflow consentWorkflow) {
        try {
            this.authInterceptor.setAccessToken(consentWorkflow.bearerToken().getAccess_token());
            return (List) this.accountRestClient.getListOfAccounts().getBody();
        } finally {
            this.authInterceptor.setAccessToken((String) null);
        }
    }

    public AISController(CmsPsuAisClient cmsPsuAisClient, ConsentRestClient consentRestClient, AccountRestClient accountRestClient, OauthRestClient oauthRestClient, RedirectConsentService redirectConsentService, ConsentService consentService, XISControllerService xISControllerService, HttpServletResponse httpServletResponse, ResponseUtils responseUtils, ObaMiddlewareAuthentication obaMiddlewareAuthentication, AuthRequestInterceptor authRequestInterceptor, AspspConsentDataClient aspspConsentDataClient, TokenStorageService tokenStorageService) {
        this.cmsPsuAisClient = cmsPsuAisClient;
        this.consentRestClient = consentRestClient;
        this.accountRestClient = accountRestClient;
        this.oauthRestClient = oauthRestClient;
        this.redirectConsentService = redirectConsentService;
        this.consentService = consentService;
        this.xisService = xISControllerService;
        this.response = httpServletResponse;
        this.responseUtils = responseUtils;
        this.middlewareAuth = obaMiddlewareAuthentication;
        this.authInterceptor = authRequestInterceptor;
        this.aspspConsentDataClient = aspspConsentDataClient;
        this.tokenStorageService = tokenStorageService;
    }
}
