package de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation;

import de.adorsys.aspsp.xs2a.connector.spi.converter.ScaMethodConverter;
import de.adorsys.aspsp.xs2a.connector.spi.impl.AspspConsentDataService;
import de.adorsys.aspsp.xs2a.connector.spi.impl.FeignExceptionHandler;
import de.adorsys.aspsp.xs2a.connector.spi.impl.FeignExceptionReader;
import de.adorsys.aspsp.xs2a.connector.spi.impl.LoginAttemptAspspConsentDataService;
import de.adorsys.aspsp.xs2a.connector.spi.impl.LoginAttemptResponse;
import de.adorsys.ledgers.keycloak.client.api.KeycloakTokenService;
import de.adorsys.ledgers.middleware.api.domain.sca.GlobalScaResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.OpTypeTO;
import de.adorsys.ledgers.middleware.api.domain.sca.ScaStatusTO;
import de.adorsys.ledgers.middleware.api.domain.um.ScaUserDataTO;
import de.adorsys.ledgers.rest.client.AuthRequestInterceptor;
import de.adorsys.ledgers.rest.client.RedirectScaRestClient;
import de.adorsys.psd2.xs2a.core.error.MessageErrorCode;
import de.adorsys.psd2.xs2a.core.error.TppMessage;
import de.adorsys.psd2.xs2a.core.sca.ScaStatus;
import de.adorsys.psd2.xs2a.spi.domain.SpiAspspConsentDataProvider;
import de.adorsys.psd2.xs2a.spi.domain.SpiContextData;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiAuthorisationDecoupledScaResponse;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiAuthorisationStatus;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiAuthorizationCodeResult;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiAvailableScaMethodsResponse;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiPsuAuthorisationResponse;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiScaInformationResponse;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiScaStatusResponse;
import de.adorsys.psd2.xs2a.spi.domain.psu.SpiPsuData;
import de.adorsys.psd2.xs2a.spi.domain.response.SpiResponse;
import feign.FeignException;
import java.util.Arrays;
import java.util.Collections;
import java.util.EnumSet;
import java.util.List;
import java.util.Optional;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;

/* loaded from: input_file:BOOT-INF/lib/xs2a-connector-10.2.jar:de/adorsys/aspsp/xs2a/connector/spi/impl/authorisation/AbstractAuthorisationSpi.class */
public abstract class AbstractAuthorisationSpi<T> {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AbstractAuthorisationSpi.class);
    private static final String DECOUPLED_PSU_MESSAGE = "Please check your app to continue...";
    private static final String LOGIN_AMOUNT_ATTEMPTS_REMAINING_MESSAGE = "You have %s attempts to enter valid credentials";
    private static final String PSU_MESSAGE = "Mocked PSU message from SPI.";
    private final AuthRequestInterceptor authRequestInterceptor;
    private final AspspConsentDataService consentDataService;
    private final GeneralAuthorisationService authorisationService;
    private final ScaMethodConverter scaMethodConverter;
    private final FeignExceptionReader feignExceptionReader;
    private final KeycloakTokenService keycloakTokenService;
    private final RedirectScaRestClient redirectScaRestClient;

    protected ResponseEntity<GlobalScaResponseTO> getSelectMethodResponse(@NotNull String str, GlobalScaResponseTO globalScaResponseTO) {
        ResponseEntity<GlobalScaResponseTO> selectMethod = this.redirectScaRestClient.selectMethod(globalScaResponseTO.getAuthorisationId(), str);
        return selectMethod.getStatusCode() == HttpStatus.OK ? ResponseEntity.ok(selectMethod.getBody()) : ResponseEntity.badRequest().build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public GlobalScaResponseTO getScaObjectResponse(SpiAspspConsentDataProvider spiAspspConsentDataProvider, boolean z) {
        return this.consentDataService.response(spiAspspConsentDataProvider.loadAspspConsentData(), z);
    }

    protected abstract String getBusinessObjectId(T t);

    protected abstract OpTypeTO getOpType();

    protected abstract TppMessage getAuthorisePsuFailureMessage(T t);

    protected abstract GlobalScaResponseTO initiateBusinessObject(T t, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider, String str);

    protected abstract boolean isFirstInitiationOfMultilevelSca(T t, GlobalScaResponseTO globalScaResponseTO);

    protected abstract GlobalScaResponseTO executeBusinessObject(T t);

    protected abstract void updateStatusInCms(String str, SpiAspspConsentDataProvider spiAspspConsentDataProvider);

    protected String generatePsuMessage(@NotNull SpiContextData spiContextData, @NotNull String str, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider, SpiResponse<SpiAuthorizationCodeResult> spiResponse) {
        return DECOUPLED_PSU_MESSAGE;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean validateStatuses(T t, GlobalScaResponseTO globalScaResponseTO) {
        return false;
    }

    public SpiResponse<SpiPsuAuthorisationResponse> authorisePsu(@NotNull SpiContextData spiContextData, @NotNull String str, @NotNull SpiPsuData spiPsuData, String str2, T t, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        try {
            this.authRequestInterceptor.setAccessToken(this.keycloakTokenService.login(spiContextData.getPsuData().getPsuId(), str2).getAccess_token());
            try {
                GlobalScaResponseTO initiateBusinessObject = initiateBusinessObject(t, spiAspspConsentDataProvider, str);
                if (initiateBusinessObject.getScaStatus() != ScaStatusTO.EXEMPTED || !isFirstInitiationOfMultilevelSca(t, initiateBusinessObject)) {
                    log.info("Authorising user with login: {}", spiPsuData.getPsuId());
                    SpiResponse<SpiPsuAuthorisationResponse> authorisePsuInternal = this.authorisationService.authorisePsuInternal(getBusinessObjectId(t), str, getOpType(), initiateBusinessObject, spiAspspConsentDataProvider);
                    if (isFirstInitiationOfMultilevelSca(t, initiateBusinessObject)) {
                        updateStatusInCms(getBusinessObjectId(t), spiAspspConsentDataProvider);
                    }
                    return authorisePsuInternal;
                }
                try {
                    this.authRequestInterceptor.setAccessToken(initiateBusinessObject.getBearerToken().getAccess_token());
                    GlobalScaResponseTO executeBusinessObject = executeBusinessObject(t);
                    if (executeBusinessObject == null) {
                        executeBusinessObject = initiateBusinessObject;
                    }
                    executeBusinessObject.setBearerToken(initiateBusinessObject.getBearerToken());
                    executeBusinessObject.setScaStatus(initiateBusinessObject.getScaStatus());
                    spiAspspConsentDataProvider.updateAspspConsentData(this.consentDataService.store(executeBusinessObject));
                    log.info("SCA status is: {}", initiateBusinessObject.getScaStatus().name());
                    return SpiResponse.builder().payload(new SpiPsuAuthorisationResponse(true, SpiAuthorisationStatus.SUCCESS)).build();
                } catch (FeignException e) {
                    log.info("Processing of successful authorisation failed: devMessage '{}'", this.feignExceptionReader.getErrorMessage(e));
                    return SpiResponse.builder().error(FeignExceptionHandler.getFailureMessage(e, MessageErrorCode.FORMAT_ERROR)).build();
                }
            } catch (FeignException e2) {
                return resolveErrorResponse(t, e2);
            }
        } catch (FeignException e3) {
            return handleLoginFailureError(t, spiAspspConsentDataProvider, e3);
        }
    }

    protected SpiResponse<SpiPsuAuthorisationResponse> resolveErrorResponse(T t, FeignException feignException) {
        log.info("Initiate business object error: business object ID: {}, devMessage: {}", getBusinessObjectId(t), this.feignExceptionReader.getErrorMessage(feignException));
        return SpiResponse.builder().payload(new SpiPsuAuthorisationResponse(false, SpiAuthorisationStatus.FAILURE)).build();
    }

    public SpiResponse<SpiAvailableScaMethodsResponse> requestAvailableScaMethods(@NotNull SpiContextData spiContextData, T t, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        try {
            GlobalScaResponseTO scaObjectResponse = getScaObjectResponse(spiAspspConsentDataProvider, true);
            if (validateStatuses(t, scaObjectResponse)) {
                return SpiResponse.builder().payload(new SpiAvailableScaMethodsResponse(Collections.emptyList())).build();
            }
            this.authRequestInterceptor.setAccessToken(scaObjectResponse.getBearerToken().getAccess_token());
            if (scaObjectResponse.getScaStatus() == ScaStatusTO.EXEMPTED) {
                return SpiResponse.builder().payload(new SpiAvailableScaMethodsResponse(true, Collections.emptyList())).build();
            }
            ResponseEntity<GlobalScaResponseTO> sca = this.redirectScaRestClient.getSCA(scaObjectResponse.getAuthorisationId());
            List<ScaUserDataTO> emptyList = sca != null ? (List) Optional.ofNullable(sca.getBody()).map((v0) -> {
                return v0.getScaMethods();
            }).orElse(Collections.emptyList()) : Collections.emptyList();
            if (emptyList.isEmpty()) {
                return SpiResponse.builder().error(new TppMessage(MessageErrorCode.SCA_METHOD_UNKNOWN_PROCESS_MISMATCH, new Object[0])).build();
            }
            return SpiResponse.builder().payload(new SpiAvailableScaMethodsResponse(this.scaMethodConverter.toAuthenticationObjectList(emptyList))).build();
        } catch (FeignException e) {
            log.error("Request available SCA methods failed: business object ID: {}, devMessage: {}", getBusinessObjectId(t), this.feignExceptionReader.getErrorMessage(e));
            return SpiResponse.builder().error(FeignExceptionHandler.getFailureMessage(e, MessageErrorCode.FORMAT_ERROR_SCA_METHODS)).build();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Optional<List<ScaUserDataTO>> getScaMethods(GlobalScaResponseTO globalScaResponseTO) {
        return Optional.ofNullable(globalScaResponseTO.getScaMethods());
    }

    @NotNull
    public SpiResponse<SpiAuthorizationCodeResult> requestAuthorisationCode(@NotNull SpiContextData spiContextData, @NotNull String str, @NotNull T t, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        GlobalScaResponseTO scaObjectResponse = getScaObjectResponse(spiAspspConsentDataProvider, true);
        try {
            if (!EnumSet.of(ScaStatusTO.PSUIDENTIFIED, ScaStatusTO.PSUAUTHENTICATED).contains(scaObjectResponse.getScaStatus())) {
                return this.authorisationService.getResponseIfScaSelected(spiAspspConsentDataProvider, scaObjectResponse, str);
            }
            try {
                this.authRequestInterceptor.setAccessToken(scaObjectResponse.getBearerToken().getAccess_token());
                GlobalScaResponseTO body = getSelectMethodResponse(str, scaObjectResponse).getBody();
                if (body != null && body.getBearerToken() == null) {
                    body.setBearerToken(scaObjectResponse.getBearerToken());
                }
                SpiResponse<SpiAuthorizationCodeResult> returnScaMethodSelection = this.authorisationService.returnScaMethodSelection(spiAspspConsentDataProvider, body, str);
                this.authRequestInterceptor.setAccessToken(null);
                return returnScaMethodSelection;
            } catch (FeignException e) {
                log.error("Request authorisation code failed: business object ID: {}, devMessage: {}", getBusinessObjectId(t), this.feignExceptionReader.getErrorMessage(e));
                SpiResponse<T> build = SpiResponse.builder().error(new TppMessage(getMessageErrorCodeByStatus(e.status()), new Object[0])).build();
                this.authRequestInterceptor.setAccessToken(null);
                return build;
            }
        } catch (Throwable th) {
            this.authRequestInterceptor.setAccessToken(null);
            throw th;
        }
    }

    @NotNull
    public SpiResponse<SpiAuthorisationDecoupledScaResponse> startScaDecoupled(@NotNull SpiContextData spiContextData, @NotNull String str, @Nullable String str2, @NotNull T t, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        if (str2 == null) {
            return SpiResponse.builder().error(new TppMessage(MessageErrorCode.SERVICE_NOT_SUPPORTED, new Object[0])).build();
        }
        SpiResponse<SpiAuthorizationCodeResult> requestAuthorisationCode = requestAuthorisationCode(spiContextData, str2, t, spiAspspConsentDataProvider);
        if (requestAuthorisationCode.hasError()) {
            return SpiResponse.builder().error(requestAuthorisationCode.getErrors()).build();
        }
        return SpiResponse.builder().payload(new SpiAuthorisationDecoupledScaResponse(requestAuthorisationCode.getPayload().getScaStatus(), generatePsuMessage(spiContextData, str, spiAspspConsentDataProvider, requestAuthorisationCode))).build();
    }

    public SpiResponse<SpiScaInformationResponse> getScaInformation(@NotNull SpiContextData spiContextData, @NotNull String str, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        return SpiResponse.builder().payload(new SpiScaInformationResponse(false, PSU_MESSAGE)).build();
    }

    public SpiResponse<SpiScaStatusResponse> getScaStatus(@NotNull ScaStatus scaStatus, @NotNull SpiContextData spiContextData, @NotNull String str, @NotNull T t, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        return SpiResponse.builder().payload(new SpiScaStatusResponse(scaStatus, false, PSU_MESSAGE)).build();
    }

    private SpiResponse<SpiPsuAuthorisationResponse> handleLoginFailureError(T t, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider, FeignException feignException) {
        log.info("Login to IDP in authorise PSU failed: business object ID: {}, devMessage: {}", getBusinessObjectId(t), this.feignExceptionReader.getErrorMessage(feignException));
        byte[] loadAspspConsentData = spiAspspConsentDataProvider.loadAspspConsentData();
        LoginAttemptAspspConsentDataService loginAttemptAspspConsentDataService = this.consentDataService.getLoginAttemptAspspConsentDataService();
        LoginAttemptResponse response = loginAttemptAspspConsentDataService.response(loadAspspConsentData);
        if (response == null) {
            response = new LoginAttemptResponse();
        }
        int remainingLoginAttempts = loginAttemptAspspConsentDataService.getRemainingLoginAttempts(response.getLoginFailedCount());
        response.incrementLoginFailedCount();
        spiAspspConsentDataProvider.updateAspspConsentData(loginAttemptAspspConsentDataService.store(response));
        if (remainingLoginAttempts <= 0) {
            return SpiResponse.builder().payload(new SpiPsuAuthorisationResponse(false, SpiAuthorisationStatus.FAILURE)).build();
        }
        String format = String.format(LOGIN_AMOUNT_ATTEMPTS_REMAINING_MESSAGE, Integer.valueOf(remainingLoginAttempts));
        log.info(format);
        return SpiResponse.builder().payload(new SpiPsuAuthorisationResponse(false, SpiAuthorisationStatus.ATTEMPT_FAILURE)).error(FeignExceptionHandler.getFailureMessage(feignException, MessageErrorCode.PSU_CREDENTIALS_INVALID, format)).build();
    }

    private MessageErrorCode getMessageErrorCodeByStatus(int i) {
        return i == 501 ? MessageErrorCode.SCA_METHOD_UNKNOWN : Arrays.asList(400, 401, 403).contains(Integer.valueOf(i)) ? MessageErrorCode.FORMAT_ERROR : i == 404 ? MessageErrorCode.PSU_CREDENTIALS_INVALID : MessageErrorCode.INTERNAL_SERVER_ERROR;
    }

    public AbstractAuthorisationSpi(AuthRequestInterceptor authRequestInterceptor, AspspConsentDataService aspspConsentDataService, GeneralAuthorisationService generalAuthorisationService, ScaMethodConverter scaMethodConverter, FeignExceptionReader feignExceptionReader, KeycloakTokenService keycloakTokenService, RedirectScaRestClient redirectScaRestClient) {
        this.authRequestInterceptor = authRequestInterceptor;
        this.consentDataService = aspspConsentDataService;
        this.authorisationService = generalAuthorisationService;
        this.scaMethodConverter = scaMethodConverter;
        this.feignExceptionReader = feignExceptionReader;
        this.keycloakTokenService = keycloakTokenService;
        this.redirectScaRestClient = redirectScaRestClient;
    }
}
