package de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation;

import ch.qos.logback.core.joran.util.beans.BeanUtil;
import de.adorsys.aspsp.xs2a.connector.spi.converter.AisConsentMapper;
import de.adorsys.aspsp.xs2a.connector.spi.converter.LedgersSpiAccountMapper;
import de.adorsys.aspsp.xs2a.connector.spi.converter.ScaLoginMapper;
import de.adorsys.aspsp.xs2a.connector.spi.converter.ScaMethodConverter;
import de.adorsys.aspsp.xs2a.connector.spi.impl.AspspConsentDataService;
import de.adorsys.aspsp.xs2a.connector.spi.impl.FeignExceptionHandler;
import de.adorsys.aspsp.xs2a.connector.spi.impl.FeignExceptionReader;
import de.adorsys.ledgers.middleware.api.domain.sca.OpTypeTO;
import de.adorsys.ledgers.middleware.api.domain.sca.SCAConsentResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.SCALoginResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.SCAResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.ScaStatusTO;
import de.adorsys.ledgers.middleware.api.domain.um.BearerTokenTO;
import de.adorsys.ledgers.middleware.api.service.TokenStorageService;
import de.adorsys.ledgers.rest.client.AccountRestClient;
import de.adorsys.ledgers.rest.client.AuthRequestInterceptor;
import de.adorsys.ledgers.rest.client.ConsentRestClient;
import de.adorsys.psd2.xs2a.core.consent.ConsentStatus;
import de.adorsys.psd2.xs2a.core.error.MessageErrorCode;
import de.adorsys.psd2.xs2a.core.error.TppMessage;
import de.adorsys.psd2.xs2a.spi.domain.SpiAspspConsentDataProvider;
import de.adorsys.psd2.xs2a.spi.domain.SpiContextData;
import de.adorsys.psd2.xs2a.spi.domain.account.SpiAccountConsent;
import de.adorsys.psd2.xs2a.spi.domain.account.SpiAccountReference;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiAuthenticationObject;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiAuthorizationCodeResult;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiScaConfirmation;
import de.adorsys.psd2.xs2a.spi.domain.consent.SpiAccountAccess;
import de.adorsys.psd2.xs2a.spi.domain.consent.SpiInitiateAisConsentResponse;
import de.adorsys.psd2.xs2a.spi.domain.consent.SpiVerifyScaAuthorisationResponse;
import de.adorsys.psd2.xs2a.spi.domain.response.SpiResponse;
import de.adorsys.psd2.xs2a.spi.service.AisConsentSpi;
import feign.FeignException;
import java.io.IOException;
import java.time.LocalDateTime;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.reflect.FieldUtils;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/xs2a-connector-4.6.jar:de/adorsys/aspsp/xs2a/connector/spi/impl/authorisation/AisConsentSpiImpl.class */
public class AisConsentSpiImpl extends AbstractAuthorisationSpi<SpiAccountConsent, SCAConsentResponseTO> implements AisConsentSpi {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AisConsentSpiImpl.class);
    private static final String USER_LOGIN = "{userLogin}";
    private static final String CONSENT_ID = "{consentId}";
    private static final String AUTH_ID = "{authorizationId}";
    private static final String TAN = "{tan}";
    private static final String DECOUPLED_USR_MSG = "Please check your app to continue... %s";
    private static final String SCA_STATUS_LOG = "SCA status is {}";
    private final ConsentRestClient consentRestClient;
    private final AccountRestClient accountRestClient;
    private final LedgersSpiAccountMapper accountMapper;
    private final TokenStorageService tokenStorageService;
    private final AisConsentMapper aisConsentMapper;
    private final AuthRequestInterceptor authRequestInterceptor;
    private final AspspConsentDataService consentDataService;
    private final ScaLoginMapper scaLoginMapper;
    private final FeignExceptionReader feignExceptionReader;

    @Value("${online-banking.url}")
    private String onlineBankingUrl;

    public AisConsentSpiImpl(ConsentRestClient consentRestClient, TokenStorageService tokenStorageService, AisConsentMapper aisConsentMapper, AuthRequestInterceptor authRequestInterceptor, AspspConsentDataService aspspConsentDataService, GeneralAuthorisationService generalAuthorisationService, ScaMethodConverter scaMethodConverter, ScaLoginMapper scaLoginMapper, FeignExceptionReader feignExceptionReader, AccountRestClient accountRestClient, LedgersSpiAccountMapper ledgersSpiAccountMapper) {
        super(authRequestInterceptor, aspspConsentDataService, generalAuthorisationService, scaMethodConverter, feignExceptionReader, tokenStorageService);
        this.consentRestClient = consentRestClient;
        this.tokenStorageService = tokenStorageService;
        this.aisConsentMapper = aisConsentMapper;
        this.authRequestInterceptor = authRequestInterceptor;
        this.consentDataService = aspspConsentDataService;
        this.scaLoginMapper = scaLoginMapper;
        this.feignExceptionReader = feignExceptionReader;
        this.accountRestClient = accountRestClient;
        this.accountMapper = ledgersSpiAccountMapper;
    }

    @Override // de.adorsys.psd2.xs2a.spi.service.AisConsentSpi
    public SpiResponse<SpiInitiateAisConsentResponse> initiateAisConsent(@NotNull SpiContextData spiContextData, SpiAccountConsent spiAccountConsent, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        byte[] loadAspspConsentData = spiAspspConsentDataProvider.loadAspspConsentData();
        if (ArrayUtils.isEmpty(loadAspspConsentData)) {
            return firstCallInstantiatingConsent(spiAccountConsent, spiAspspConsentDataProvider, new SpiInitiateAisConsentResponse());
        }
        try {
            SCAConsentResponseTO initiateConsentInternal = initiateConsentInternal(spiAccountConsent, loadAspspConsentData);
            logger.info(SCA_STATUS_LOG, initiateConsentInternal.getScaStatus());
            spiAspspConsentDataProvider.updateAspspConsentData(this.consentDataService.store(initiateConsentInternal));
            return SpiResponse.builder().payload(new SpiInitiateAisConsentResponse(spiAccountConsent.getAccess(), false, "")).build();
        } catch (FeignException e) {
            logger.error("Initiate AIS consent failed: consent ID {}, devMessage {}", spiAccountConsent.getId(), this.feignExceptionReader.getErrorMessage(e));
            return SpiResponse.builder().error(FeignExceptionHandler.getFailureMessage(e, MessageErrorCode.FORMAT_ERROR_UNKNOWN_ACCOUNT)).build();
        }
    }

    @Override // de.adorsys.psd2.xs2a.spi.service.AisConsentSpi
    public SpiResponse<SpiResponse.VoidResponse> revokeAisConsent(@NotNull SpiContextData spiContextData, SpiAccountConsent spiAccountConsent, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        try {
            SCAConsentResponseTO sCAConsentResponseTO = (SCAConsentResponseTO) this.consentDataService.response(spiAspspConsentDataProvider.loadAspspConsentData(), SCAConsentResponseTO.class, false);
            sCAConsentResponseTO.setScaStatus(ScaStatusTO.FINALISED);
            sCAConsentResponseTO.setStatusDate(LocalDateTime.now());
            sCAConsentResponseTO.setBearerToken(new BearerTokenTO());
            logger.info(SCA_STATUS_LOG, sCAConsentResponseTO.getScaStatus().name());
            spiAspspConsentDataProvider.updateAspspConsentData(this.consentDataService.store(sCAConsentResponseTO));
            return SpiResponse.builder().payload(SpiResponse.voidResponse()).build();
        } catch (FeignException e) {
            logger.error("Revoke AIS consent failed: consent ID {}, devMessage {}", spiAccountConsent.getId(), this.feignExceptionReader.getErrorMessage(e));
            return SpiResponse.builder().error(FeignExceptionHandler.getFailureMessage(e, MessageErrorCode.PSU_CREDENTIALS_INVALID, e.getMessage())).build();
        }
    }

    @Override // de.adorsys.psd2.xs2a.spi.service.AisConsentSpi
    @NotNull
    public SpiResponse<SpiVerifyScaAuthorisationResponse> verifyScaAuthorisation(@NotNull SpiContextData spiContextData, @NotNull SpiScaConfirmation spiScaConfirmation, @NotNull SpiAccountConsent spiAccountConsent, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        try {
            try {
                SCAConsentResponseTO sCAConsentResponseTO = (SCAConsentResponseTO) this.consentDataService.response(spiAspspConsentDataProvider.loadAspspConsentData(), SCAConsentResponseTO.class);
                this.authRequestInterceptor.setAccessToken(sCAConsentResponseTO.getBearerToken().getAccess_token());
                SCAConsentResponseTO body = this.consentRestClient.authorizeConsent(sCAConsentResponseTO.getConsentId(), sCAConsentResponseTO.getAuthorisationId(), spiScaConfirmation.getTanNumber()).getBody();
                logger.info(SCA_STATUS_LOG, sCAConsentResponseTO.getScaStatus().name());
                spiAspspConsentDataProvider.updateAspspConsentData(this.consentDataService.store(body, !body.isPartiallyAuthorised()));
                SpiResponse<SpiVerifyScaAuthorisationResponse> build = SpiResponse.builder().payload(new SpiVerifyScaAuthorisationResponse(getConsentStatus(body))).build();
                this.authRequestInterceptor.setAccessToken(null);
                return build;
            } catch (FeignException e) {
                String errorMessage = this.feignExceptionReader.getErrorMessage(e);
                logger.error("Verify sca authorisation failed: consent ID {}, devMessage {}", spiAccountConsent.getId(), errorMessage);
                SpiResponse<SpiVerifyScaAuthorisationResponse> build2 = SpiResponse.builder().error(FeignExceptionHandler.getFailureMessage(e, MessageErrorCode.PSU_CREDENTIALS_INVALID, errorMessage)).build();
                this.authRequestInterceptor.setAccessToken(null);
                return build2;
            }
        } catch (Throwable th) {
            this.authRequestInterceptor.setAccessToken(null);
            throw th;
        }
    }

    ConsentStatus getConsentStatus(SCAConsentResponseTO sCAConsentResponseTO) {
        return (sCAConsentResponseTO != null && sCAConsentResponseTO.isPartiallyAuthorised() && ScaStatusTO.FINALISED.equals(sCAConsentResponseTO.getScaStatus())) ? ConsentStatus.PARTIALLY_AUTHORISED : ConsentStatus.VALID;
    }

    @Override // de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation.AbstractAuthorisationSpi
    protected String generatePsuMessage(@NotNull SpiContextData spiContextData, @NotNull String str, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider, SpiResponse<SpiAuthorizationCodeResult> spiResponse) {
        List asList = Arrays.asList(spiResponse.getPayload().getChallengeData().getAdditionalInformation().split(" "));
        int indexOf = asList.indexOf(BeanUtil.PREFIX_GETTER_IS) + 1;
        String str2 = "";
        try {
            str2 = (String) FieldUtils.readField((Object) spiAspspConsentDataProvider, "encryptedConsentId", true);
        } catch (IllegalAccessException e) {
            logger.error("could not read encrypted consent id");
        }
        return String.format(DECOUPLED_USR_MSG, this.onlineBankingUrl.replace(USER_LOGIN, spiContextData.getPsuData().getPsuId()).replace(CONSENT_ID, str2).replace(AUTH_ID, str).replace(TAN, (CharSequence) asList.get(indexOf)));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation.AbstractAuthorisationSpi
    public boolean isFirstInitiationOfMultilevelSca(SpiAccountConsent spiAccountConsent) {
        return spiAccountConsent.getPsuData().size() <= 1;
    }

    private <T extends SpiInitiateAisConsentResponse> SpiResponse<T> firstCallInstantiatingConsent(@NotNull SpiAccountConsent spiAccountConsent, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider, T t) {
        SCAConsentResponseTO sCAConsentResponseTO = new SCAConsentResponseTO();
        sCAConsentResponseTO.setScaStatus(ScaStatusTO.STARTED);
        t.setAccountAccess(spiAccountConsent.getAccess());
        spiAspspConsentDataProvider.updateAspspConsentData(this.consentDataService.store(sCAConsentResponseTO, false));
        return SpiResponse.builder().payload(t).build();
    }

    @Override // de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation.AbstractAuthorisationSpi
    protected OpTypeTO getOtpType() {
        return OpTypeTO.CONSENT;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation.AbstractAuthorisationSpi
    public TppMessage getAuthorisePsuFailureMessage(SpiAccountConsent spiAccountConsent) {
        logger.error("Initiate consent failed: consent ID {}", spiAccountConsent.getId());
        return new TppMessage(MessageErrorCode.FORMAT_ERROR_UNKNOWN_ACCOUNT, new Object[0]);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation.AbstractAuthorisationSpi
    public ResponseEntity<SCAConsentResponseTO> getSelectMethodResponse(@NotNull String str, SCAConsentResponseTO sCAConsentResponseTO) {
        return this.consentRestClient.selectMethod(sCAConsentResponseTO.getConsentId(), sCAConsentResponseTO.getAuthorisationId(), str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation.AbstractAuthorisationSpi
    public SCAConsentResponseTO getSCAConsentResponse(@NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider, boolean z) {
        return (SCAConsentResponseTO) this.consentDataService.response(spiAspspConsentDataProvider.loadAspspConsentData(), SCAConsentResponseTO.class, z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation.AbstractAuthorisationSpi
    public String getBusinessObjectId(SpiAccountConsent spiAccountConsent) {
        return spiAccountConsent.getId();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation.AbstractAuthorisationSpi
    public SCAResponseTO initiateBusinessObject(SpiAccountConsent spiAccountConsent, byte[] bArr) {
        return initiateConsentInternal(spiAccountConsent, bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation.AbstractAuthorisationSpi
    public SCAConsentResponseTO mapToScaResponse(SpiAccountConsent spiAccountConsent, byte[] bArr, SCAConsentResponseTO sCAConsentResponseTO) throws IOException {
        SCAConsentResponseTO consentResponse = this.scaLoginMapper.toConsentResponse((SCALoginResponseTO) this.tokenStorageService.fromBytes(bArr, SCALoginResponseTO.class));
        consentResponse.setObjectType(SCAConsentResponseTO.class.getSimpleName());
        consentResponse.setConsentId(spiAccountConsent.getId());
        return consentResponse;
    }

    @Override // de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation.AbstractAuthorisationSpi
    SpiResponse<List<SpiAuthenticationObject>> getForZeroScaMethods(ScaStatusTO scaStatusTO) {
        return SpiResponse.builder().payload(Collections.emptyList()).build();
    }

    private SCAConsentResponseTO initiateConsentInternal(SpiAccountConsent spiAccountConsent, byte[] bArr) {
        try {
            SCAResponseTO response = this.consentDataService.response(bArr);
            this.authRequestInterceptor.setAccessToken(response.getBearerToken().getAccess_token());
            SpiAccountAccess access = spiAccountConsent.getAccess();
            boolean z = access.getAvailableAccounts() != null;
            boolean z2 = access.getAvailableAccountsWithBalance() != null;
            boolean z3 = access.getAllPsd2() != null;
            if (z || z2 || z3) {
                List<SpiAccountReference> references = getReferences();
                access.setAccounts(references);
                if (z2 || z3) {
                    access.setBalances(references);
                }
                if (z3) {
                    access.setTransactions(references);
                }
            }
            SCAConsentResponseTO body = this.consentRestClient.startSCA(spiAccountConsent.getId(), this.aisConsentMapper.mapToAisConsent(spiAccountConsent)).getBody();
            if (body != null && body.getBearerToken() == null) {
                body.setBearerToken(response.getBearerToken());
            }
            return body;
        } finally {
            this.authRequestInterceptor.setAccessToken(null);
        }
    }

    private List<SpiAccountReference> getReferences() {
        return (List) Optional.ofNullable(this.accountRestClient.getListOfAccounts().getBody()).map(list -> {
            Stream stream = list.stream();
            LedgersSpiAccountMapper ledgersSpiAccountMapper = this.accountMapper;
            ledgersSpiAccountMapper.getClass();
            return (List) stream.map(ledgersSpiAccountMapper::toSpiAccountDetails).map(SpiAccountReference::new).collect(Collectors.toList());
        }).orElseGet(Collections::emptyList);
    }
}
