package de.adorsys.aspsp.xs2a.connector.spi.impl.authorisation;

import de.adorsys.aspsp.xs2a.connector.spi.converter.ChallengeDataMapper;
import de.adorsys.aspsp.xs2a.connector.spi.converter.ScaMethodConverter;
import de.adorsys.aspsp.xs2a.connector.spi.impl.AspspConsentDataService;
import de.adorsys.aspsp.xs2a.connector.spi.impl.FeignExceptionHandler;
import de.adorsys.aspsp.xs2a.connector.spi.impl.FeignExceptionReader;
import de.adorsys.ledgers.middleware.api.domain.sca.OpTypeTO;
import de.adorsys.ledgers.middleware.api.domain.sca.SCALoginResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.SCAResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.ScaStatusTO;
import de.adorsys.ledgers.middleware.api.domain.um.BearerTokenTO;
import de.adorsys.ledgers.rest.client.AuthRequestInterceptor;
import de.adorsys.ledgers.rest.client.UserMgmtRestClient;
import de.adorsys.ledgers.util.Ids;
import de.adorsys.psd2.xs2a.core.error.MessageErrorCode;
import de.adorsys.psd2.xs2a.core.error.TppMessage;
import de.adorsys.psd2.xs2a.core.sca.ChallengeData;
import de.adorsys.psd2.xs2a.spi.domain.SpiAspspConsentDataProvider;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiAuthorisationStatus;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiAuthorizationCodeResult;
import de.adorsys.psd2.xs2a.spi.domain.authorisation.SpiPsuAuthorisationResponse;
import de.adorsys.psd2.xs2a.spi.domain.psu.SpiPsuData;
import de.adorsys.psd2.xs2a.spi.domain.response.SpiResponse;
import feign.FeignException;
import java.util.Optional;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/xs2a-connector-5.11.jar:de/adorsys/aspsp/xs2a/connector/spi/impl/authorisation/GeneralAuthorisationService.class */
public class GeneralAuthorisationService {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) GeneralAuthorisationService.class);
    private final UserMgmtRestClient userMgmtRestClient;
    private final AuthRequestInterceptor authRequestInterceptor;
    private final ChallengeDataMapper challengeDataMapper;
    private final ScaMethodConverter scaMethodConverter;
    private final AspspConsentDataService consentDataService;
    private final FeignExceptionReader feignExceptionReader;

    public GeneralAuthorisationService(UserMgmtRestClient userMgmtRestClient, AuthRequestInterceptor authRequestInterceptor, ChallengeDataMapper challengeDataMapper, ScaMethodConverter scaMethodConverter, AspspConsentDataService aspspConsentDataService, FeignExceptionReader feignExceptionReader) {
        this.userMgmtRestClient = userMgmtRestClient;
        this.authRequestInterceptor = authRequestInterceptor;
        this.challengeDataMapper = challengeDataMapper;
        this.scaMethodConverter = scaMethodConverter;
        this.consentDataService = aspspConsentDataService;
        this.feignExceptionReader = feignExceptionReader;
    }

    public <T extends SCAResponseTO> SpiResponse<SpiPsuAuthorisationResponse> authorisePsuForConsent(@NotNull SpiPsuData spiPsuData, String str, String str2, OpTypeTO opTypeTO, @NotNull SpiAspspConsentDataProvider spiAspspConsentDataProvider) {
        String id = Ids.id();
        try {
            String psuId = spiPsuData.getPsuId();
            logger.info("Authorise user with login: {}", psuId);
            ResponseEntity<SCALoginResponseTO> authoriseForConsent = this.userMgmtRestClient.authoriseForConsent(psuId, str, str2, id, opTypeTO);
            SpiAuthorisationStatus spiAuthorisationStatus = (authoriseForConsent == null || authoriseForConsent.getBody() == null || authoriseForConsent.getBody().getBearerToken() == null) ? SpiAuthorisationStatus.FAILURE : SpiAuthorisationStatus.SUCCESS;
            logger.info("Authorisation status is: {}", spiAuthorisationStatus);
            spiAspspConsentDataProvider.updateAspspConsentData(this.consentDataService.store((SCAResponseTO) Optional.ofNullable(authoriseForConsent).map((v0) -> {
                return v0.getBody();
            }).orElseGet(SCALoginResponseTO::new)));
            return SpiResponse.builder().payload(new SpiPsuAuthorisationResponse(false, spiAuthorisationStatus)).build();
        } catch (FeignException e) {
            String errorMessage = this.feignExceptionReader.getErrorMessage(e);
            logger.error("Authorise PSU for consent failed: authorisation ID {}, consent ID {}, devMessage {}", id, str2, errorMessage);
            return SpiResponse.builder().error(FeignExceptionHandler.getFailureMessage(e, MessageErrorCode.PSU_CREDENTIALS_INVALID, errorMessage)).build();
        }
    }

    public BearerTokenTO validateToken(String str) {
        try {
            this.authRequestInterceptor.setAccessToken(str);
            return this.userMgmtRestClient.validate(str).getBody();
        } finally {
            this.authRequestInterceptor.setAccessToken(null);
        }
    }

    public SpiResponse<SpiAuthorizationCodeResult> getResponseIfScaSelected(SpiAspspConsentDataProvider spiAspspConsentDataProvider, SCAResponseTO sCAResponseTO) {
        return ScaStatusTO.SCAMETHODSELECTED.equals(sCAResponseTO.getScaStatus()) ? returnScaMethodSelection(spiAspspConsentDataProvider, sCAResponseTO) : SpiResponse.builder().error(new TppMessage(MessageErrorCode.FORMAT_ERROR_SCA_STATUS, ScaStatusTO.SCAMETHODSELECTED.toString(), ScaStatusTO.PSUIDENTIFIED.toString(), sCAResponseTO.getScaStatus().toString())).build();
    }

    public SpiResponse<SpiAuthorizationCodeResult> returnScaMethodSelection(SpiAspspConsentDataProvider spiAspspConsentDataProvider, SCAResponseTO sCAResponseTO) {
        SpiAuthorizationCodeResult spiAuthorizationCodeResult = new SpiAuthorizationCodeResult();
        spiAuthorizationCodeResult.setChallengeData((ChallengeData) Optional.ofNullable(this.challengeDataMapper.toChallengeData(sCAResponseTO.getChallengeData())).orElse(new ChallengeData()));
        spiAuthorizationCodeResult.setSelectedScaMethod(this.scaMethodConverter.toAuthenticationObject(sCAResponseTO.getChosenScaMethod()));
        spiAspspConsentDataProvider.updateAspspConsentData(this.consentDataService.store(sCAResponseTO));
        return SpiResponse.builder().payload(spiAuthorizationCodeResult).build();
    }
}
