package de.adorsys.psd2.xs2a.service;

import de.adorsys.psd2.core.data.piis.v1.PiisConsent;
import de.adorsys.psd2.event.core.model.EventType;
import de.adorsys.psd2.logger.context.LoggingContextService;
import de.adorsys.psd2.xs2a.core.authorisation.Authorisation;
import de.adorsys.psd2.xs2a.core.authorisation.AuthorisationType;
import de.adorsys.psd2.xs2a.core.domain.TppMessageInformation;
import de.adorsys.psd2.xs2a.core.error.ErrorType;
import de.adorsys.psd2.xs2a.core.error.MessageError;
import de.adorsys.psd2.xs2a.core.error.MessageErrorCode;
import de.adorsys.psd2.xs2a.core.profile.ScaApproach;
import de.adorsys.psd2.xs2a.core.psu.PsuIdData;
import de.adorsys.psd2.xs2a.core.sca.ScaStatus;
import de.adorsys.psd2.xs2a.core.service.validator.ValidationResult;
import de.adorsys.psd2.xs2a.domain.ResponseObject;
import de.adorsys.psd2.xs2a.domain.authorisation.AuthorisationResponse;
import de.adorsys.psd2.xs2a.domain.consent.ConfirmationOfFundsConsentScaStatus;
import de.adorsys.psd2.xs2a.domain.consent.CreateConsentAuthorizationResponse;
import de.adorsys.psd2.xs2a.domain.consent.UpdateConsentPsuDataReq;
import de.adorsys.psd2.xs2a.domain.consent.UpdateConsentPsuDataResponse;
import de.adorsys.psd2.xs2a.domain.consent.Xs2aAuthorisationSubResources;
import de.adorsys.psd2.xs2a.service.authorization.AuthorisationChainResponsibilityService;
import de.adorsys.psd2.xs2a.service.authorization.Xs2aAuthorisationService;
import de.adorsys.psd2.xs2a.service.authorization.piis.PiisAuthorisationConfirmationService;
import de.adorsys.psd2.xs2a.service.authorization.piis.PiisScaAuthorisationServiceResolver;
import de.adorsys.psd2.xs2a.service.authorization.processor.model.PiisAuthorisationProcessorRequest;
import de.adorsys.psd2.xs2a.service.consent.Xs2aPiisConsentService;
import de.adorsys.psd2.xs2a.service.event.EventAuthorisationType;
import de.adorsys.psd2.xs2a.service.event.EventTypeService;
import de.adorsys.psd2.xs2a.service.event.Xs2aEventService;
import de.adorsys.psd2.xs2a.service.validator.ConsentEndpointAccessCheckerService;
import de.adorsys.psd2.xs2a.service.validator.piis.dto.CreatePiisConsentAuthorisationObject;
import java.beans.ConstructorProperties;
import java.util.EnumSet;
import java.util.Objects;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/lib/xs2a-impl-11.0-SNAPSHOT.jar:de/adorsys/psd2/xs2a/service/PiisConsentAuthorisationService.class */
public class PiisConsentAuthorisationService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) PiisConsentAuthorisationService.class);
    private static final MessageError PIIS_CONSENT_NOT_FOUND_MESSAGE_ERROR = new MessageError(ErrorType.PIIS_403, TppMessageInformation.of(MessageErrorCode.CONSENT_UNKNOWN_403));
    private final Xs2aEventService xs2aEventService;
    private final Xs2aPiisConsentService xs2aPiisConsentService;
    private final PiisScaAuthorisationServiceResolver piisScaAuthorisationServiceResolver;
    private final ConfirmationOfFundsConsentValidationService confirmationOfFundsConsentValidationService;
    private final Xs2aAuthorisationService xs2aAuthorisationService;
    private final ConsentEndpointAccessCheckerService endpointAccessCheckerService;
    private final PiisAuthorisationConfirmationService piisAuthorisationConfirmationService;
    private final AuthorisationChainResponsibilityService authorisationChainResponsibilityService;
    private final LoggingContextService loggingContextService;
    private final PsuIdDataAuthorisationService psuIdDataAuthorisationService;
    private final Xs2aAuthorisationService authorisationService;
    private final EventTypeService eventTypeService;

    public ResponseObject<UpdateConsentPsuDataResponse> updateConsentPsuData(UpdateConsentPsuDataReq updateConsentPsuDataReq) {
        this.xs2aEventService.recordConsentTppRequest(updateConsentPsuDataReq.getConsentId(), this.eventTypeService.getEventType(updateConsentPsuDataReq, EventAuthorisationType.PIIS), updateConsentPsuDataReq);
        String consentId = updateConsentPsuDataReq.getConsentId();
        Optional<PiisConsent> piisConsentById = this.xs2aPiisConsentService.getPiisConsentById(consentId);
        if (piisConsentById.isEmpty()) {
            log.info("Consent-ID: [{}]. Update consent PSU data failed: consent not found by id", consentId);
            return ResponseObject.builder().fail(ErrorType.PIIS_403, TppMessageInformation.of(MessageErrorCode.CONSENT_UNKNOWN_403)).build();
        }
        String authorizationId = updateConsentPsuDataReq.getAuthorizationId();
        if (!this.endpointAccessCheckerService.isEndpointAccessible(authorizationId, StringUtils.isNotBlank(updateConsentPsuDataReq.getConfirmationCode()))) {
            log.info("Consent-ID: [{}], Authorisation-ID [{}]. Update consent PSU data failed: update endpoint is blocked for current authorisation", consentId, authorizationId);
            return ResponseObject.builder().fail(ErrorType.PIIS_403, TppMessageInformation.of(MessageErrorCode.SERVICE_BLOCKED)).build();
        }
        PiisConsent piisConsent = piisConsentById.get();
        this.loggingContextService.storeConsentStatus(piisConsent.getConsentStatus());
        ValidationResult validateConsentPsuDataOnUpdate = this.confirmationOfFundsConsentValidationService.validateConsentPsuDataOnUpdate(piisConsent, updateConsentPsuDataReq);
        if (validateConsentPsuDataOnUpdate.isNotValid()) {
            if (EnumSet.of(MessageErrorCode.PSU_CREDENTIALS_INVALID, MessageErrorCode.FORMAT_ERROR_NO_PSU).contains(validateConsentPsuDataOnUpdate.getMessageError().getTppMessage().getMessageErrorCode())) {
                this.xs2aAuthorisationService.updateAuthorisationStatus(authorizationId, ScaStatus.FAILED);
            }
            log.info("Consent-ID: [{}], Authorisation-ID [{}]. Update consent PSU data - validation failed: {}", consentId, authorizationId, validateConsentPsuDataOnUpdate.getMessageError());
            return ResponseObject.builder().fail(validateConsentPsuDataOnUpdate.getMessageError()).build();
        }
        if (!piisConsent.isExpired()) {
            return getUpdateConsentPsuDataResponse(updateConsentPsuDataReq);
        }
        log.info("Consent-ID: [{}]. Update consent PSU data failed: consent expired", consentId);
        return ResponseObject.builder().fail(ErrorType.PIIS_401, TppMessageInformation.of(MessageErrorCode.CONSENT_EXPIRED)).build();
    }

    private ResponseObject<UpdateConsentPsuDataResponse> getUpdateConsentPsuDataResponse(UpdateConsentPsuDataReq updateConsentPsuDataReq) {
        Optional<Authorisation> consentAuthorizationById = this.piisScaAuthorisationServiceResolver.getService(updateConsentPsuDataReq.getAuthorizationId()).getConsentAuthorizationById(updateConsentPsuDataReq.getAuthorizationId());
        if (consentAuthorizationById.isEmpty()) {
            log.info("Authorisation-ID: [{}]. Update consent PSU data failed: authorisation not found by id", updateConsentPsuDataReq.getAuthorizationId());
            return ResponseObject.builder().fail(ErrorType.PIIS_403, TppMessageInformation.of(MessageErrorCode.CONSENT_UNKNOWN_403)).build();
        }
        Authorisation authorisation = consentAuthorizationById.get();
        if (authorisation.getChosenScaApproach() == ScaApproach.REDIRECT) {
            return this.piisAuthorisationConfirmationService.processAuthorisationConfirmation(updateConsentPsuDataReq);
        }
        UpdateConsentPsuDataResponse updateConsentPsuDataResponse = (UpdateConsentPsuDataResponse) this.authorisationChainResponsibilityService.apply(new PiisAuthorisationProcessorRequest(authorisation.getChosenScaApproach(), authorisation.getScaStatus(), updateConsentPsuDataReq, authorisation));
        this.loggingContextService.storeScaStatus(updateConsentPsuDataResponse.getScaStatus());
        Optional map = Optional.ofNullable(updateConsentPsuDataResponse).map(updateConsentPsuDataResponse2 -> {
            Optional map2 = Optional.ofNullable(updateConsentPsuDataResponse2.getErrorHolder()).map(errorHolder -> {
                return ResponseObject.builder().fail(errorHolder).build();
            });
            ResponseObject.ResponseBuilder body = ResponseObject.builder().body(updateConsentPsuDataResponse);
            Objects.requireNonNull(body);
            return (ResponseObject) map2.orElseGet(body::build);
        });
        ResponseObject.ResponseBuilder fail = ResponseObject.builder().fail(ErrorType.PIIS_400, TppMessageInformation.of(MessageErrorCode.FORMAT_ERROR));
        Objects.requireNonNull(fail);
        return (ResponseObject) map.orElseGet(fail::build);
    }

    public ResponseObject<AuthorisationResponse> createPiisAuthorisation(PsuIdData psuIdData, String str, String str2) {
        ResponseObject<CreateConsentAuthorizationResponse> createConsentAuthorizationWithResponse = createConsentAuthorizationWithResponse(psuIdData, str);
        if (createConsentAuthorizationWithResponse.hasError()) {
            return ResponseObject.builder().fail(createConsentAuthorizationWithResponse.getError()).build();
        }
        PsuIdData psuIdData2 = createConsentAuthorizationWithResponse.getBody().getPsuIdData();
        if (psuIdData2 == null || psuIdData2.isEmpty() || StringUtils.isBlank(str2)) {
            this.loggingContextService.storeScaStatus(createConsentAuthorizationWithResponse.getBody().getScaStatus());
            return ResponseObject.builder().body(createConsentAuthorizationWithResponse.getBody()).build();
        }
        String authorisationId = createConsentAuthorizationWithResponse.getBody().getAuthorisationId();
        UpdateConsentPsuDataReq updateConsentPsuDataReq = new UpdateConsentPsuDataReq();
        updateConsentPsuDataReq.setPsuData(psuIdData);
        updateConsentPsuDataReq.setConsentId(str);
        updateConsentPsuDataReq.setAuthorizationId(authorisationId);
        updateConsentPsuDataReq.setPassword(str2);
        ResponseObject<UpdateConsentPsuDataResponse> updateConsentPsuData = updateConsentPsuData(updateConsentPsuDataReq);
        return updateConsentPsuData.hasError() ? ResponseObject.builder().fail(updateConsentPsuData.getError()).build() : ResponseObject.builder().body(updateConsentPsuData.getBody()).build();
    }

    private ResponseObject<CreateConsentAuthorizationResponse> createConsentAuthorizationWithResponse(PsuIdData psuIdData, String str) {
        this.xs2aEventService.recordConsentTppRequest(str, EventType.START_PIIS_CONSENT_AUTHORISATION_REQUEST_RECEIVED);
        Optional<PiisConsent> piisConsentById = this.xs2aPiisConsentService.getPiisConsentById(str);
        if (piisConsentById.isEmpty()) {
            log.info("Consent-ID: [{}]. Create consent authorisation with response failed: consent not found by id", str);
            return ResponseObject.builder().fail(PIIS_CONSENT_NOT_FOUND_MESSAGE_ERROR).build();
        }
        PiisConsent piisConsent = piisConsentById.get();
        ValidationResult validateConsentAuthorisationOnCreate = this.confirmationOfFundsConsentValidationService.validateConsentAuthorisationOnCreate(new CreatePiisConsentAuthorisationObject(piisConsent, psuIdData));
        if (validateConsentAuthorisationOnCreate.isNotValid()) {
            log.info("Consent-ID: [{}]. Create consent authorisation with response - validation failed: {}", str, validateConsentAuthorisationOnCreate.getMessageError());
            return ResponseObject.builder().fail(validateConsentAuthorisationOnCreate.getMessageError()).build();
        }
        Optional<U> map = this.piisScaAuthorisationServiceResolver.getService().createConsentAuthorization(getActualPsuData(psuIdData, piisConsent), str).map(createConsentAuthorizationResponse -> {
            return ResponseObject.builder().body(createConsentAuthorizationResponse).build();
        });
        ResponseObject.ResponseBuilder fail = ResponseObject.builder().fail(PIIS_CONSENT_NOT_FOUND_MESSAGE_ERROR);
        Objects.requireNonNull(fail);
        return (ResponseObject) map.orElseGet(fail::build);
    }

    public ResponseObject<Xs2aAuthorisationSubResources> getConsentInitiationAuthorisations(String str) {
        this.xs2aEventService.recordConsentTppRequest(str, EventType.GET_PIIS_CONSENT_AUTHORISATION_REQUEST_RECEIVED);
        Optional<PiisConsent> piisConsentById = this.xs2aPiisConsentService.getPiisConsentById(str);
        if (piisConsentById.isEmpty()) {
            log.info("Consent-ID: [{}]. Get consent initiation authorisations failed: consent not found by id", str);
            return ResponseObject.builder().fail(PIIS_CONSENT_NOT_FOUND_MESSAGE_ERROR).build();
        }
        ValidationResult validateConsentAuthorisationOnGettingById = this.confirmationOfFundsConsentValidationService.validateConsentAuthorisationOnGettingById(piisConsentById.get());
        if (!validateConsentAuthorisationOnGettingById.isNotValid()) {
            return (ResponseObject) getAuthorisationSubResources(str).map(xs2aAuthorisationSubResources -> {
                return ResponseObject.builder().body(xs2aAuthorisationSubResources).build();
            }).orElseGet(() -> {
                log.info("Consent-ID: [{}]. Get consent initiation authorisations failed: authorisation not found at CMS by consent id", str);
                return ResponseObject.builder().fail(ErrorType.PIIS_404, TppMessageInformation.of(MessageErrorCode.RESOURCE_UNKNOWN_404)).build();
            });
        }
        log.info("Consent-ID: [{}]. Get consent authorisations - validation failed: {}", str, validateConsentAuthorisationOnGettingById.getMessageError());
        return ResponseObject.builder().fail(validateConsentAuthorisationOnGettingById.getMessageError()).build();
    }

    public ResponseObject<ConfirmationOfFundsConsentScaStatus> getConsentAuthorisationScaStatus(String str, String str2) {
        this.xs2aEventService.recordConsentTppRequest(str, EventType.GET_PIIS_CONSENT_SCA_STATUS_REQUEST_RECEIVED);
        Optional<PiisConsent> piisConsentById = this.xs2aPiisConsentService.getPiisConsentById(str);
        if (piisConsentById.isEmpty()) {
            log.info("Consent-ID: [{}]. Get consent authorisation SCA status failed: consent not found by id", str);
            return ResponseObject.builder().fail(PIIS_CONSENT_NOT_FOUND_MESSAGE_ERROR).build();
        }
        PiisConsent piisConsent = piisConsentById.get();
        ValidationResult validateConsentAuthorisationScaStatus = this.confirmationOfFundsConsentValidationService.validateConsentAuthorisationScaStatus(piisConsent, str2);
        if (validateConsentAuthorisationScaStatus.isNotValid()) {
            log.info("Consent-ID: [{}], Authorisation-ID [{}]. Get consent authorisation SCA status - validation failed: {}", str, str2, validateConsentAuthorisationScaStatus.getMessageError());
            return ResponseObject.builder().fail(validateConsentAuthorisationScaStatus.getMessageError()).build();
        }
        Optional<ScaStatus> authorisationScaStatus = this.piisScaAuthorisationServiceResolver.getService(str2).getAuthorisationScaStatus(str, str2);
        if (!authorisationScaStatus.isEmpty()) {
            return ResponseObject.builder().body(new ConfirmationOfFundsConsentScaStatus(this.psuIdDataAuthorisationService.getPsuIdData(str2, piisConsent.getPsuIdDataList()), piisConsent, authorisationScaStatus.get())).build();
        }
        log.info("Consent-ID: [{}]. Get consent authorisation SCA status failed: consent not found at CMS by id", str);
        return ResponseObject.builder().fail(ErrorType.PIIS_403, TppMessageInformation.of(MessageErrorCode.RESOURCE_UNKNOWN_403)).build();
    }

    private Optional<Xs2aAuthorisationSubResources> getAuthorisationSubResources(String str) {
        return this.authorisationService.getAuthorisationSubResources(str, AuthorisationType.CONSENT).map(Xs2aAuthorisationSubResources::new);
    }

    private PsuIdData getActualPsuData(PsuIdData psuIdData, PiisConsent piisConsent) {
        return (psuIdData.isNotEmpty() || piisConsent.isMultilevelScaRequired()) ? psuIdData : piisConsent.getPsuIdDataList().stream().findFirst().orElse(psuIdData);
    }

    @ConstructorProperties({"xs2aEventService", "xs2aPiisConsentService", "piisScaAuthorisationServiceResolver", "confirmationOfFundsConsentValidationService", "xs2aAuthorisationService", "endpointAccessCheckerService", "piisAuthorisationConfirmationService", "authorisationChainResponsibilityService", "loggingContextService", "psuIdDataAuthorisationService", "authorisationService", "eventTypeService"})
    public PiisConsentAuthorisationService(Xs2aEventService xs2aEventService, Xs2aPiisConsentService xs2aPiisConsentService, PiisScaAuthorisationServiceResolver piisScaAuthorisationServiceResolver, ConfirmationOfFundsConsentValidationService confirmationOfFundsConsentValidationService, Xs2aAuthorisationService xs2aAuthorisationService, ConsentEndpointAccessCheckerService consentEndpointAccessCheckerService, PiisAuthorisationConfirmationService piisAuthorisationConfirmationService, AuthorisationChainResponsibilityService authorisationChainResponsibilityService, LoggingContextService loggingContextService, PsuIdDataAuthorisationService psuIdDataAuthorisationService, Xs2aAuthorisationService xs2aAuthorisationService2, EventTypeService eventTypeService) {
        this.xs2aEventService = xs2aEventService;
        this.xs2aPiisConsentService = xs2aPiisConsentService;
        this.piisScaAuthorisationServiceResolver = piisScaAuthorisationServiceResolver;
        this.confirmationOfFundsConsentValidationService = confirmationOfFundsConsentValidationService;
        this.xs2aAuthorisationService = xs2aAuthorisationService;
        this.endpointAccessCheckerService = consentEndpointAccessCheckerService;
        this.piisAuthorisationConfirmationService = piisAuthorisationConfirmationService;
        this.authorisationChainResponsibilityService = authorisationChainResponsibilityService;
        this.loggingContextService = loggingContextService;
        this.psuIdDataAuthorisationService = psuIdDataAuthorisationService;
        this.authorisationService = xs2aAuthorisationService2;
        this.eventTypeService = eventTypeService;
    }
}
