package de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation;

import de.adorsys.aspsp.xs2a.connector.spi.converter.AisConsentMapper;
import de.adorsys.aspsp.xs2a.connector.spi.converter.ScaMethodConverter;
import de.adorsys.aspsp.xs2a.connector.spi.converter.ScaResponseMapper;
import de.adorsys.aspsp.xs2a.connector.spi.converter.SpiScaStatusResponseMapper;
import de.adorsys.aspsp.xs2a.connector.spi.impl.AspspConsentDataService;
import de.adorsys.aspsp.xs2a.connector.spi.impl.FeignExceptionHandler;
import de.adorsys.aspsp.xs2a.connector.spi.impl.FeignExceptionReader;
import de.adorsys.aspsp.xs2a.connector.spi.impl.LedgersErrorCode;
import de.adorsys.aspsp.xs2a.connector.spi.impl.MultilevelScaService;
import de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation.confirmation.ConsentAuthConfirmationCodeService;
import de.adorsys.ledgers.keycloak.client.api.KeycloakTokenService;
import de.adorsys.ledgers.middleware.api.domain.sca.GlobalScaResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.OpTypeTO;
import de.adorsys.ledgers.middleware.api.domain.sca.SCAConsentResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.ScaStatusTO;
import de.adorsys.ledgers.middleware.api.domain.sca.StartScaOprTO;
import de.adorsys.ledgers.rest.client.AuthRequestInterceptor;
import de.adorsys.ledgers.rest.client.ConsentRestClient;
import de.adorsys.ledgers.rest.client.RedirectScaRestClient;
import de.adorsys.psd2.xs2a.core.consent.ConsentStatus;
import de.adorsys.psd2.xs2a.core.error.MessageErrorCode;
import de.adorsys.psd2.xs2a.core.error.TppMessage;
import de.adorsys.psd2.xs2a.core.tpp.TppInfo;
import de.adorsys.psd2.xs2a.spi.domain.SpiAspspConsentDataProvider;
import de.adorsys.psd2.xs2a.spi.domain.SpiContextData;
import de.adorsys.psd2.xs2a.spi.domain.account.SpiAccountConsent;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiAuthorisationStatus;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiCheckConfirmationCodeRequest;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiScaConfirmation;
import de.adorsys.psd2.xs2a.spi.domain.consent.SpiAccountAccess;
import de.adorsys.psd2.xs2a.spi.domain.consent.SpiConsentConfirmationCodeValidationResponse;
import de.adorsys.psd2.xs2a.spi.domain.consent.SpiConsentStatusResponse;
import de.adorsys.psd2.xs2a.spi.domain.consent.SpiInitiatePiisConsentResponse;
import de.adorsys.psd2.xs2a.spi.domain.consent.SpiVerifyScaAuthorisationResponse;
import de.adorsys.psd2.xs2a.spi.domain.piis.SpiPiisConsent;
import de.adorsys.psd2.xs2a.spi.domain.psu.SpiPsuData;
import de.adorsys.psd2.xs2a.spi.domain.response.SpiResponse;
import de.adorsys.psd2.xs2a.spi.service.PiisConsentSpi;
import feign.FeignException;
import java.util.Collections;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/xs2a-connector-10.10.jar:de/adorsys/aspsp/xs2a/connector/spi/impl/authorisation/PiisConsentSpiImpl.class */
public class PiisConsentSpiImpl extends AbstractAuthorisationSpi<SpiPiisConsent> implements PiisConsentSpi {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) PiisConsentSpiImpl.class);
    private static final String SCA_STATUS_LOG = "SCA status is {}";
    private final AuthRequestInterceptor authRequestInterceptor;
    private final AspspConsentDataService consentDataService;
    private final MultilevelScaService multilevelScaService;
    private final FeignExceptionReader feignExceptionReader;
    private final RedirectScaRestClient redirectScaRestClient;
    private final ConsentRestClient consentRestClient;
    private final AisConsentMapper aisConsentMapper;
    private final ScaResponseMapper scaResponseMapper;
    private final ConsentAuthConfirmationCodeService authConfirmationCodeService;

    @Autowired
    public PiisConsentSpiImpl(AuthRequestInterceptor authRequestInterceptor, AspspConsentDataService aspspConsentDataService, GeneralAuthorisationService generalAuthorisationService, ScaMethodConverter scaMethodConverter, FeignExceptionReader feignExceptionReader, MultilevelScaService multilevelScaService, RedirectScaRestClient redirectScaRestClient, KeycloakTokenService keycloakTokenService, ConsentRestClient consentRestClient, AisConsentMapper aisConsentMapper, ScaResponseMapper scaResponseMapper, ConsentAuthConfirmationCodeService consentAuthConfirmationCodeService, SpiScaStatusResponseMapper spiScaStatusResponseMapper) {
        super(authRequestInterceptor, aspspConsentDataService, generalAuthorisationService, scaMethodConverter, feignExceptionReader, keycloakTokenService, redirectScaRestClient, spiScaStatusResponseMapper);
        this.authRequestInterceptor = authRequestInterceptor;
        this.consentDataService = aspspConsentDataService;
        this.multilevelScaService = multilevelScaService;
        this.feignExceptionReader = feignExceptionReader;
        this.redirectScaRestClient = redirectScaRestClient;
        this.consentRestClient = consentRestClient;
        this.aisConsentMapper = aisConsentMapper;
        this.scaResponseMapper = scaResponseMapper;
        this.authConfirmationCodeService = consentAuthConfirmationCodeService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation.AbstractAuthorisationSpi
    public GlobalScaResponseTO getScaObjectResponse(@NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider, boolean z) {
        return this.consentDataService.response(spiAspspConsentDataProvider.loadAspspConsentData(), z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation.AbstractAuthorisationSpi
    public String getBusinessObjectId(SpiPiisConsent spiPiisConsent) {
        return spiPiisConsent.getId();
    }

    @Override // de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation.AbstractAuthorisationSpi
    protected OpTypeTO getOpType() {
        return OpTypeTO.CONSENT;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation.AbstractAuthorisationSpi
    public TppMessage getAuthorisePsuFailureMessage(SpiPiisConsent spiPiisConsent) {
        log.error("Initiate consent failed: consent ID {}", spiPiisConsent.getId());
        return new TppMessage(MessageErrorCode.FORMAT_ERROR_UNKNOWN_ACCOUNT, new Object[0]);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation.AbstractAuthorisationSpi
    public GlobalScaResponseTO initiateBusinessObject(SpiPiisConsent spiPiisConsent, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider, String str) {
        try {
            SpiAccountConsent spiAccountConsent = new SpiAccountConsent();
            SpiAccountAccess spiAccountAccess = new SpiAccountAccess();
            spiAccountAccess.setAccounts(Collections.singletonList(spiPiisConsent.getAccount()));
            spiAccountConsent.setAccess(spiAccountAccess);
            TppInfo tppInfo = new TppInfo();
            tppInfo.setAuthorityId("TPP ID");
            tppInfo.setAuthorisationNumber("TPP ID");
            spiAccountConsent.setTppInfo(tppInfo);
            spiAccountConsent.setId(spiPiisConsent.getId());
            ResponseEntity<SCAConsentResponseTO> initiateAisConsent = this.consentRestClient.initiateAisConsent(spiPiisConsent.getId(), this.aisConsentMapper.mapToAisConsent(spiAccountConsent));
            if (initiateAisConsent == null || initiateAisConsent.getBody() == null) {
                log.error("Initiate PIIS consent response or bearer token is NULL");
                this.authRequestInterceptor.setAccessToken(null);
                return null;
            }
            SCAConsentResponseTO body = initiateAisConsent.getBody();
            if (body.getBearerToken() != null) {
                this.authRequestInterceptor.setAccessToken(body.getBearerToken().getAccess_token());
            }
            body.setAuthorisationId(str);
            if (body.getScaStatus() == ScaStatusTO.EXEMPTED) {
                GlobalScaResponseTO globalScaResponse = this.scaResponseMapper.toGlobalScaResponse(body);
                this.authRequestInterceptor.setAccessToken(null);
                return globalScaResponse;
            }
            StartScaOprTO startScaOprTO = new StartScaOprTO(spiPiisConsent.getId(), OpTypeTO.CONSENT);
            startScaOprTO.setAuthorisationId(str);
            GlobalScaResponseTO body2 = this.redirectScaRestClient.startSca(startScaOprTO).getBody();
            this.authRequestInterceptor.setAccessToken(null);
            return body2;
        } catch (Throwable th) {
            this.authRequestInterceptor.setAccessToken(null);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation.AbstractAuthorisationSpi
    public boolean isFirstInitiationOfMultilevelSca(SpiPiisConsent spiPiisConsent, GlobalScaResponseTO globalScaResponseTO) {
        return !globalScaResponseTO.isMultilevelScaRequired() || spiPiisConsent.getPsuData().size() <= 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation.AbstractAuthorisationSpi
    public GlobalScaResponseTO executeBusinessObject(SpiPiisConsent spiPiisConsent) {
        return null;
    }

    @Override // de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation.AbstractAuthorisationSpi
    protected void updateStatusInCms(String str, SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
    }

    @Override // de.adorsys.psd2.xs2a.spi.service.PiisConsentSpi
    @NotNull
    public SpiResponse<SpiVerifyScaAuthorisationResponse> verifyScaAuthorisation(@NotNull SpiContextData spiContextData, @NotNull SpiScaConfirmation spiScaConfirmation, @NotNull SpiPiisConsent spiPiisConsent, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        try {
            try {
                GlobalScaResponseTO response = this.consentDataService.response(spiAspspConsentDataProvider.loadAspspConsentData());
                this.authRequestInterceptor.setAccessToken(response.getBearerToken().getAccess_token());
                ResponseEntity<GlobalScaResponseTO> validateScaCode = this.redirectScaRestClient.validateScaCode(response.getAuthorisationId(), spiScaConfirmation.getTanNumber());
                if (validateScaCode == null || validateScaCode.getBody() == null) {
                    log.error("Validate SCA code response is NULL");
                    SpiResponse<SpiVerifyScaAuthorisationResponse> build = SpiResponse.builder().error(new TppMessage(MessageErrorCode.FORMAT_ERROR, new Object[0])).build();
                    this.authRequestInterceptor.setAccessToken(null);
                    return build;
                }
                GlobalScaResponseTO body = validateScaCode.getBody();
                log.info(SCA_STATUS_LOG, response.getScaStatus().name());
                spiAspspConsentDataProvider.updateAspspConsentData(this.consentDataService.store(body, !body.isPartiallyAuthorised()));
                SpiResponse<SpiVerifyScaAuthorisationResponse> build2 = SpiResponse.builder().payload(new SpiVerifyScaAuthorisationResponse(mapToConsentStatus(body))).build();
                this.authRequestInterceptor.setAccessToken(null);
                return build2;
            } catch (FeignException e) {
                String errorMessage = this.feignExceptionReader.getErrorMessage(e);
                log.error("Verify sca authorisation failed: consent ID {}, devMessage {}", spiPiisConsent.getId(), errorMessage);
                if (LedgersErrorCode.SCA_VALIDATION_ATTEMPT_FAILED.equals(this.feignExceptionReader.getLedgersErrorCode(e))) {
                    SpiResponse<SpiVerifyScaAuthorisationResponse> build3 = SpiResponse.builder().payload(new SpiVerifyScaAuthorisationResponse(spiPiisConsent.getConsentStatus(), SpiAuthorisationStatus.ATTEMPT_FAILURE)).error(FeignExceptionHandler.getFailureMessage(e, MessageErrorCode.PSU_CREDENTIALS_INVALID, errorMessage)).build();
                    this.authRequestInterceptor.setAccessToken(null);
                    return build3;
                }
                SpiResponse<SpiVerifyScaAuthorisationResponse> build4 = SpiResponse.builder().error(FeignExceptionHandler.getFailureMessage(e, MessageErrorCode.PSU_CREDENTIALS_INVALID, errorMessage)).build();
                this.authRequestInterceptor.setAccessToken(null);
                return build4;
            }
        } catch (Throwable th) {
            this.authRequestInterceptor.setAccessToken(null);
            throw th;
        }
    }

    @Override // de.adorsys.psd2.xs2a.spi.service.PiisConsentSpi
    public SpiResponse<SpiInitiatePiisConsentResponse> initiatePiisConsent(@NotNull SpiContextData spiContextData, SpiPiisConsent spiPiisConsent, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        SpiInitiatePiisConsentResponse spiInitiatePiisConsentResponse = new SpiInitiatePiisConsentResponse();
        spiInitiatePiisConsentResponse.setSpiAccountReference(spiPiisConsent.getAccount());
        try {
            boolean isMultilevelScaRequired = this.multilevelScaService.isMultilevelScaRequired(spiContextData.getPsuData(), Collections.singleton(spiPiisConsent.getAccount()));
            GlobalScaResponseTO globalScaResponseTO = new GlobalScaResponseTO();
            globalScaResponseTO.setOpType(OpTypeTO.CONSENT);
            globalScaResponseTO.setScaStatus(ScaStatusTO.STARTED);
            globalScaResponseTO.setMultilevelScaRequired(isMultilevelScaRequired);
            spiAspspConsentDataProvider.updateAspspConsentData(this.consentDataService.store(globalScaResponseTO, false));
            spiInitiatePiisConsentResponse.setMultilevelScaRequired(isMultilevelScaRequired);
            return SpiResponse.builder().payload(spiInitiatePiisConsentResponse).build();
        } catch (FeignException e) {
            log.error("Error during REST call for consent initiation to ledgers for account multilevel checking, PSU ID: {}", spiContextData.getPsuData().getPsuId());
            return SpiResponse.builder().error(new TppMessage(MessageErrorCode.FORMAT_ERROR_UNKNOWN_ACCOUNT, new Object[0])).build();
        }
    }

    @Override // de.adorsys.psd2.xs2a.spi.service.PiisConsentSpi
    public SpiResponse<SpiConsentStatusResponse> getConsentStatus(@NotNull SpiContextData spiContextData, @NotNull SpiPiisConsent spiPiisConsent, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        return SpiResponse.builder().payload(new SpiConsentStatusResponse(spiPiisConsent.getConsentStatus(), null)).build();
    }

    @Override // de.adorsys.psd2.xs2a.spi.service.PiisConsentSpi
    public SpiResponse<SpiResponse.VoidResponse> revokePiisConsent(@NotNull SpiContextData spiContextData, SpiPiisConsent spiPiisConsent, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        return SpiResponse.builder().payload(SpiResponse.voidResponse()).build();
    }

    @Override // de.adorsys.psd2.xs2a.spi.service.PiisConsentSpi
    @NotNull
    public SpiResponse<SpiConsentConfirmationCodeValidationResponse> checkConfirmationCode(@NotNull SpiContextData spiContextData, @NotNull SpiCheckConfirmationCodeRequest spiCheckConfirmationCodeRequest, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        return this.authConfirmationCodeService.checkConfirmationCode(spiCheckConfirmationCodeRequest, spiAspspConsentDataProvider);
    }

    @Override // de.adorsys.psd2.xs2a.spi.service.PiisConsentSpi
    @NotNull
    public SpiResponse<SpiConsentConfirmationCodeValidationResponse> notifyConfirmationCodeValidation(@NotNull SpiContextData spiContextData, boolean z, @NotNull SpiPiisConsent spiPiisConsent, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        return this.authConfirmationCodeService.completeAuthConfirmation(z, spiAspspConsentDataProvider);
    }

    @Override // de.adorsys.psd2.xs2a.spi.service.PiisConsentSpi
    public boolean checkConfirmationCodeInternally(String str, String str2, String str3, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        return this.authConfirmationCodeService.checkConfirmationCodeInternally(str, str2, str3, spiAspspConsentDataProvider);
    }

    ConsentStatus mapToConsentStatus(GlobalScaResponseTO globalScaResponseTO) {
        return (globalScaResponseTO != null && globalScaResponseTO.isPartiallyAuthorised() && ScaStatusTO.FINALISED.equals(globalScaResponseTO.getScaStatus())) ? ConsentStatus.PARTIALLY_AUTHORISED : ConsentStatus.VALID;
    }

    @Override // de.adorsys.psd2.xs2a.spi.service.PiisConsentSpi
    public /* bridge */ /* synthetic */ SpiResponse requestAvailableScaMethods(@NotNull SpiContextData spiContextData, SpiPiisConsent spiPiisConsent, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        return super.requestAvailableScaMethods(spiContextData, (SpiContextData) spiPiisConsent, spiAspspConsentDataProvider);
    }

    @Override // de.adorsys.psd2.xs2a.spi.service.PiisConsentSpi
    @NotNull
    public /* bridge */ /* synthetic */ SpiResponse requestAuthorisationCode(@NotNull SpiContextData spiContextData, @NotNull String str, @NotNull SpiPiisConsent spiPiisConsent, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        return super.requestAuthorisationCode(spiContextData, str, (String) spiPiisConsent, spiAspspConsentDataProvider);
    }

    @Override // de.adorsys.psd2.xs2a.spi.service.PiisConsentSpi
    public /* bridge */ /* synthetic */ SpiResponse authorisePsu(@NotNull SpiContextData spiContextData, @NotNull String str, @NotNull SpiPsuData spiPsuData, String str2, SpiPiisConsent spiPiisConsent, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        return super.authorisePsu(spiContextData, str, spiPsuData, str2, (String) spiPiisConsent, spiAspspConsentDataProvider);
    }
}
