package de.adorsys.opba.protocol.facade.services;

import com.google.common.base.Strings;
import de.adorsys.opba.api.security.internal.config.TppTokenProperties;
import de.adorsys.opba.api.security.internal.service.TokenBasedAuthService;
import de.adorsys.opba.db.domain.entity.sessions.AuthSession;
import de.adorsys.opba.db.repository.jpa.AuthorizationSessionRepository;
import de.adorsys.opba.db.repository.jpa.ServiceSessionRepository;
import de.adorsys.opba.protocol.api.dto.context.ServiceContext;
import de.adorsys.opba.protocol.api.dto.request.FacadeServiceableGetter;
import de.adorsys.opba.protocol.api.dto.request.FacadeServiceableRequest;
import de.adorsys.opba.protocol.api.dto.result.body.AuthStateBody;
import de.adorsys.opba.protocol.api.dto.result.body.ReturnableProcessErrorResult;
import de.adorsys.opba.protocol.api.dto.result.fromprotocol.Result;
import de.adorsys.opba.protocol.api.dto.result.fromprotocol.dialog.AuthorizationDeniedResult;
import de.adorsys.opba.protocol.api.dto.result.fromprotocol.dialog.AuthorizationRequiredResult;
import de.adorsys.opba.protocol.api.dto.result.fromprotocol.dialog.ConsentAcquiredResult;
import de.adorsys.opba.protocol.api.dto.result.fromprotocol.dialog.ConsentIncompatibleResult;
import de.adorsys.opba.protocol.api.dto.result.fromprotocol.dialog.RedirectToAspspResult;
import de.adorsys.opba.protocol.api.dto.result.fromprotocol.dialog.RedirectionResult;
import de.adorsys.opba.protocol.api.dto.result.fromprotocol.dialog.ValidationErrorResult;
import de.adorsys.opba.protocol.api.dto.result.fromprotocol.error.ErrorResult;
import de.adorsys.opba.protocol.api.dto.result.fromprotocol.ok.SuccessResult;
import de.adorsys.opba.protocol.facade.config.encryption.SecretKeyWithIv;
import de.adorsys.opba.protocol.facade.dto.result.torest.FacadeResult;
import de.adorsys.opba.protocol.facade.dto.result.torest.redirectable.FacadeRedirectErrorResult;
import de.adorsys.opba.protocol.facade.dto.result.torest.redirectable.FacadeRedirectResult;
import de.adorsys.opba.protocol.facade.dto.result.torest.redirectable.FacadeResultRedirectable;
import de.adorsys.opba.protocol.facade.dto.result.torest.redirectable.FacadeRuntimeErrorResult;
import de.adorsys.opba.protocol.facade.dto.result.torest.redirectable.FacadeRuntimeErrorResultWithOwnResponseCode;
import de.adorsys.opba.protocol.facade.dto.result.torest.redirectable.FacadeStartAuthorizationResult;
import de.adorsys.opba.protocol.facade.dto.result.torest.staticres.FacadeSuccessResult;
import de.adorsys.opba.protocol.facade.services.scoped.RequestScopedProvider;
import java.beans.ConstructorProperties;
import java.net.URI;
import java.util.Optional;
import java.util.UUID;
import lombok.Generated;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;

@Service
/* loaded from: input_file:BOOT-INF/lib/opba-banking-protocol-facade-0.20.0.2-RC1.jar:de/adorsys/opba/protocol/facade/services/ProtocolResultHandler.class */
public class ProtocolResultHandler {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ProtocolResultHandler.class);
    private final RequestScopedProvider provider;
    private final AuthSessionHandler authSessionHandler;
    private final ServiceSessionRepository sessions;
    private final AuthorizationSessionRepository authorizationSessions;
    private final TokenBasedAuthService authService;
    private final TppTokenProperties tppTokenProperties;

    @Transactional(propagation = Propagation.REQUIRES_NEW)
    public <RESULT, REQUEST extends FacadeServiceableGetter> FacadeResult<RESULT> handleResult(Result<RESULT> result, FacadeServiceableRequest facadeServiceableRequest, ServiceContext<REQUEST> serviceContext) {
        return doHandleResult(result, facadeServiceableRequest, serviceContext, this.provider.deregister(serviceContext.getRequestScoped()).getKey());
    }

    private <RESULT, REQUEST extends FacadeServiceableGetter> FacadeResult<RESULT> doHandleResult(Result<RESULT> result, FacadeServiceableRequest facadeServiceableRequest, ServiceContext<REQUEST> serviceContext, SecretKeyWithIv secretKeyWithIv) {
        if (result instanceof SuccessResult) {
            return handleSuccess((SuccessResult) result, facadeServiceableRequest.getRequestId(), serviceContext);
        }
        if (result instanceof ConsentAcquiredResult) {
            return handleConsentAcquired((ConsentAcquiredResult) result);
        }
        if (result instanceof ErrorResult) {
            return handleError((ErrorResult) result, facadeServiceableRequest.getRequestId(), serviceContext, facadeServiceableRequest);
        }
        if (result instanceof RedirectionResult) {
            return handleRedirect((RedirectionResult) result, facadeServiceableRequest, serviceContext, secretKeyWithIv);
        }
        if (result instanceof ReturnableProcessErrorResult) {
            return handleReturnableError((ReturnableProcessErrorResult) result, facadeServiceableRequest, serviceContext);
        }
        throw new IllegalStateException("Can't handle protocol result: " + result.getClass());
    }

    @NotNull
    private <RESULT, REQUEST extends FacadeServiceableGetter> FacadeResult<RESULT> handleReturnableError(ReturnableProcessErrorResult returnableProcessErrorResult, FacadeServiceableRequest facadeServiceableRequest, ServiceContext<REQUEST> serviceContext) {
        FacadeRuntimeErrorResultWithOwnResponseCode map = FacadeRuntimeErrorResultWithOwnResponseCode.ERROR_FROM_PROTOCOL.map(returnableProcessErrorResult);
        map.setServiceSessionId(serviceContext.getServiceSessionId().toString());
        map.setXRequestId(facadeServiceableRequest.getRequestId());
        return map;
    }

    @NotNull
    protected <RESULT, REQUEST extends FacadeServiceableGetter> FacadeResult<RESULT> handleSuccess(SuccessResult<RESULT> successResult, UUID uuid, ServiceContext<REQUEST> serviceContext) {
        FacadeSuccessResult map = FacadeSuccessResult.FROM_PROTOCOL.map(successResult);
        map.setServiceSessionId(serviceContext.getServiceSessionId().toString());
        map.setXRequestId(uuid);
        return map;
    }

    protected <RESULT, REQUEST extends FacadeServiceableGetter> FacadeResult<RESULT> handleError(ErrorResult<RESULT> errorResult, UUID uuid, ServiceContext<REQUEST> serviceContext, FacadeServiceableRequest facadeServiceableRequest) {
        return (Strings.isNullOrEmpty(facadeServiceableRequest.getFintechRedirectUrlNok()) || !errorResult.isCanRedirectBackToFintech()) ? handleNonRedirectableError(errorResult, uuid, serviceContext) : handleRedirectableError(errorResult, uuid, serviceContext, facadeServiceableRequest);
    }

    protected <RESULT, REQUEST extends FacadeServiceableGetter> FacadeResult<RESULT> handleNonRedirectableError(ErrorResult<RESULT> errorResult, UUID uuid, ServiceContext<REQUEST> serviceContext) {
        FacadeRuntimeErrorResult map = FacadeRuntimeErrorResult.ERROR_FROM_PROTOCOL.map(errorResult);
        map.setServiceSessionId(serviceContext.getServiceSessionId().toString());
        map.setXRequestId(uuid);
        return map;
    }

    protected <RESULT, REQUEST extends FacadeServiceableGetter> FacadeResult<RESULT> handleRedirectableError(ErrorResult<RESULT> errorResult, UUID uuid, ServiceContext<REQUEST> serviceContext, FacadeServiceableRequest facadeServiceableRequest) {
        FacadeRedirectErrorResult map = FacadeRedirectErrorResult.ERROR_FROM_PROTOCOL.map(errorResult);
        map.setServiceSessionId(serviceContext.getServiceSessionId().toString());
        map.setRedirectionTo(URI.create(facadeServiceableRequest.getFintechRedirectUrlNok()));
        map.setXRequestId(uuid);
        addAuthorizationSessionDataIfAvailable(errorResult, facadeServiceableRequest, serviceContext, map);
        return map;
    }

    protected <RESULT> FacadeResult<RESULT> handleConsentAcquired(ConsentAcquiredResult<RESULT, ?> consentAcquiredResult) {
        FacadeRedirectResult map = FacadeRedirectResult.FROM_PROTOCOL.map(consentAcquiredResult);
        map.setRedirectionTo(consentAcquiredResult.getRedirectionTo());
        return map;
    }

    protected <RESULT, REQUEST extends FacadeServiceableGetter> FacadeResultRedirectable<RESULT, AuthStateBody> handleRedirect(RedirectionResult<RESULT, ?> redirectionResult, FacadeServiceableRequest facadeServiceableRequest, ServiceContext<REQUEST> serviceContext, SecretKeyWithIv secretKeyWithIv) {
        return redirectionResult instanceof AuthorizationDeniedResult ? doHandleAbortAuthorization(redirectionResult, facadeServiceableRequest.getRequestId(), serviceContext) : (FacadeResultRedirectable) this.authorizationSessions.findByParentId(serviceContext.getServiceSessionId()).map(authSession -> {
            return handleExistingAuthSession(authSession, redirectionResult, facadeServiceableRequest, serviceContext, secretKeyWithIv);
        }).orElseGet(() -> {
            return handleNewAuthSession(redirectionResult, facadeServiceableRequest, serviceContext, secretKeyWithIv);
        });
    }

    @NotNull
    private <RESULT, REQUEST extends FacadeServiceableGetter> FacadeResultRedirectable<RESULT, AuthStateBody> handleExistingAuthSession(AuthSession authSession, RedirectionResult<RESULT, ?> redirectionResult, FacadeServiceableRequest facadeServiceableRequest, ServiceContext<REQUEST> serviceContext, SecretKeyWithIv secretKeyWithIv) {
        return redirectionResult instanceof ConsentIncompatibleResult ? handleAuthRequiredForExistingAuthSession(redirectionResult, facadeServiceableRequest, serviceContext, secretKeyWithIv, authSession) : handleExistingAuthSessionForAuthContinuation(redirectionResult, facadeServiceableRequest, serviceContext, authSession);
    }

    protected <RESULT> FacadeRedirectResult<RESULT, AuthStateBody> doHandleAbortAuthorization(RedirectionResult<RESULT, ?> redirectionResult, UUID uuid, ServiceContext serviceContext) {
        FacadeRedirectResult<RESULT, AuthStateBody> map = FacadeRedirectResult.FROM_PROTOCOL.map(redirectionResult);
        if (this.sessions.findById(serviceContext.getServiceSessionId()).isPresent()) {
            this.sessions.deleteById(serviceContext.getServiceSessionId());
        }
        map.setCause(mapCause(redirectionResult));
        map.setXRequestId(uuid);
        return map;
    }

    protected <RESULT> void setAspspRedirectCodeIfRequired(RedirectionResult<RESULT, ?> redirectionResult, AuthSession authSession, ServiceContext serviceContext) {
        if (redirectionResult instanceof AuthorizationRequiredResult) {
            authSession.setAspspRedirectCode(serviceContext.getFutureAspspRedirectCode().toString());
        }
    }

    protected <REQUEST, RESULT extends FacadeServiceableGetter> void addAuthorizationSessionDataIfAvailable(Result<REQUEST> result, FacadeServiceableRequest facadeServiceableRequest, ServiceContext<RESULT> serviceContext, FacadeResultRedirectable facadeResultRedirectable) {
        Optional<AuthSession> findByParentId = this.authorizationSessions.findByParentId(serviceContext.getServiceSessionId());
        if (findByParentId.isPresent()) {
            addAuthorizationSessionData(result, findByParentId.get(), facadeServiceableRequest, serviceContext, facadeResultRedirectable);
        }
    }

    protected <RESULT> AuthSession addAuthorizationSessionData(Result<RESULT> result, AuthSession authSession, FacadeServiceableRequest facadeServiceableRequest, ServiceContext serviceContext, FacadeResultRedirectable<RESULT, ?> facadeResultRedirectable) {
        authSession.setRedirectCode(serviceContext.getFutureRedirectCode().toString());
        authSession.setContext(result.authContext());
        this.authorizationSessions.save(authSession);
        facadeResultRedirectable.setAuthorizationSessionId(authSession.getId().toString());
        facadeResultRedirectable.setServiceSessionId(authSession.getParent().getId().toString());
        facadeResultRedirectable.setXRequestId(facadeServiceableRequest.getRequestId());
        facadeResultRedirectable.setRedirectCode(authSession.getRedirectCode());
        return authSession;
    }

    @NotNull
    private <RESULT, REQUEST extends FacadeServiceableGetter> FacadeResultRedirectable<RESULT, AuthStateBody> handleExistingAuthSessionForAuthContinuation(RedirectionResult<RESULT, ?> redirectionResult, FacadeServiceableRequest facadeServiceableRequest, ServiceContext<REQUEST> serviceContext, AuthSession authSession) {
        FacadeRedirectResult map = FacadeRedirectResult.FROM_PROTOCOL.map(redirectionResult);
        if (redirectionResult instanceof RedirectToAspspResult) {
            setAspspRedirectTokenIfRequired(facadeServiceableRequest.getAuthorizationKey(), map);
        }
        addAuthorizationSessionData(redirectionResult, authSession, facadeServiceableRequest, serviceContext, map);
        map.setCause(mapCause(redirectionResult));
        setAspspRedirectCodeIfRequired(redirectionResult, authSession, serviceContext);
        return map;
    }

    @NotNull
    private <RESULT, REQUEST extends FacadeServiceableGetter> FacadeResultRedirectable<RESULT, AuthStateBody> handleNewAuthSession(RedirectionResult<RESULT, ?> redirectionResult, FacadeServiceableRequest facadeServiceableRequest, ServiceContext<REQUEST> serviceContext, SecretKeyWithIv secretKeyWithIv) {
        FacadeStartAuthorizationResult map = FacadeStartAuthorizationResult.FROM_PROTOCOL.map(redirectionResult);
        AuthSession createNewAuthSessionAndEnhanceResult = this.authSessionHandler.createNewAuthSessionAndEnhanceResult(facadeServiceableRequest, secretKeyWithIv, serviceContext, map);
        addAuthorizationSessionData(redirectionResult, createNewAuthSessionAndEnhanceResult, facadeServiceableRequest, serviceContext, map);
        map.setCause(mapCause(redirectionResult));
        setAspspRedirectCodeIfRequired(redirectionResult, createNewAuthSessionAndEnhanceResult, serviceContext);
        return map;
    }

    @NotNull
    private <RESULT, REQUEST extends FacadeServiceableGetter> FacadeResultRedirectable<RESULT, AuthStateBody> handleAuthRequiredForExistingAuthSession(RedirectionResult<RESULT, ?> redirectionResult, FacadeServiceableRequest facadeServiceableRequest, ServiceContext<REQUEST> serviceContext, SecretKeyWithIv secretKeyWithIv, AuthSession authSession) {
        FacadeStartAuthorizationResult map = FacadeStartAuthorizationResult.FROM_PROTOCOL.map(redirectionResult);
        AuthSession reuseAuthSessionAndEnhanceResult = this.authSessionHandler.reuseAuthSessionAndEnhanceResult(authSession, secretKeyWithIv, serviceContext, map);
        addAuthorizationSessionData(redirectionResult, reuseAuthSessionAndEnhanceResult, facadeServiceableRequest, serviceContext, map);
        map.setCause(mapCause(redirectionResult));
        setAspspRedirectCodeIfRequired(redirectionResult, reuseAuthSessionAndEnhanceResult, serviceContext);
        return map;
    }

    private void setAspspRedirectTokenIfRequired(String str, FacadeRedirectResult facadeRedirectResult) {
        if (Strings.isNullOrEmpty(str)) {
            return;
        }
        facadeRedirectResult.setToken(this.authService.generateToken(str, this.tppTokenProperties.getRedirectTokenValidityDuration()));
    }

    protected AuthStateBody mapCause(RedirectionResult redirectionResult) {
        if (!(redirectionResult instanceof ValidationErrorResult) || null == redirectionResult.getCause()) {
            return null;
        }
        return (AuthStateBody) redirectionResult.getCause();
    }

    @Generated
    @ConstructorProperties({"provider", "authSessionHandler", "sessions", "authorizationSessions", "authService", "tppTokenProperties"})
    public ProtocolResultHandler(RequestScopedProvider requestScopedProvider, AuthSessionHandler authSessionHandler, ServiceSessionRepository serviceSessionRepository, AuthorizationSessionRepository authorizationSessionRepository, TokenBasedAuthService tokenBasedAuthService, TppTokenProperties tppTokenProperties) {
        this.provider = requestScopedProvider;
        this.authSessionHandler = authSessionHandler;
        this.sessions = serviceSessionRepository;
        this.authorizationSessions = authorizationSessionRepository;
        this.authService = tokenBasedAuthService;
        this.tppTokenProperties = tppTokenProperties;
    }
}
