package de.adorsys.opba.protocol.facade.services.context;

import com.google.common.base.Strings;
import de.adorsys.opba.db.domain.entity.BankProfile;
import de.adorsys.opba.db.domain.entity.sessions.AuthSession;
import de.adorsys.opba.db.domain.entity.sessions.ServiceSession;
import de.adorsys.opba.db.repository.jpa.AuthorizationSessionRepository;
import de.adorsys.opba.db.repository.jpa.BankProfileJpaRepository;
import de.adorsys.opba.db.repository.jpa.ServiceSessionRepository;
import de.adorsys.opba.protocol.api.dto.context.Context;
import de.adorsys.opba.protocol.api.dto.context.ServiceContext;
import de.adorsys.opba.protocol.api.dto.request.FacadeServiceableGetter;
import de.adorsys.opba.protocol.api.dto.request.FacadeServiceableRequest;
import de.adorsys.opba.protocol.api.services.scoped.RequestScoped;
import de.adorsys.opba.protocol.facade.config.encryption.ConsentAuthorizationEncryptionServiceProvider;
import de.adorsys.opba.protocol.facade.services.EncryptionKeySerde;
import de.adorsys.opba.protocol.facade.services.InternalContext;
import de.adorsys.opba.protocol.facade.services.fintech.FintechAuthenticator;
import de.adorsys.opba.protocol.facade.services.scoped.RequestScopedProvider;
import java.beans.ConstructorProperties;
import java.util.Objects;
import java.util.UUID;
import lombok.Generated;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service(ServiceContextProviderForFintech.FINTECH_CONTEXT_PROVIDER)
/* loaded from: input_file:BOOT-INF/lib/opba-banking-protocol-facade-0.20.0.2.jar:de/adorsys/opba/protocol/facade/services/context/ServiceContextProviderForFintech.class */
public class ServiceContextProviderForFintech implements ServiceContextProvider {
    public static final String FINTECH_CONTEXT_PROVIDER = "FINTECH_CONTEXT_PROVIDER";
    protected final AuthorizationSessionRepository authSessions;
    private final FintechAuthenticator authenticator;
    private final BankProfileJpaRepository profileJpaRepository;
    private final ConsentAuthorizationEncryptionServiceProvider consentAuthorizationEncryptionServiceProvider;
    private final RequestScopedProvider provider;
    private final EncryptionKeySerde encryptionKeySerde;
    private final ServiceSessionRepository serviceSessions;

    @Override // de.adorsys.opba.protocol.facade.services.context.ServiceContextProvider
    @Transactional
    public <REQUEST extends FacadeServiceableGetter, ACTION> InternalContext<REQUEST, ACTION> provide(REQUEST request) {
        if (null == request.getFacadeServiceable()) {
            throw new IllegalArgumentException("No serviceable body");
        }
        AuthSession extractAndValidateAuthSession = extractAndValidateAuthSession(request);
        ServiceSession extractOrCreateServiceSession = extractOrCreateServiceSession(request, extractAndValidateAuthSession);
        return InternalContext.builder().serviceCtx(Context.builder().serviceSessionId(extractOrCreateServiceSession.getId()).authorizationBankProtocolId(null == extractAndValidateAuthSession ? null : extractAndValidateAuthSession.getAction().getId()).bankId(request.getFacadeServiceable().getBankId()).authSessionId(null == extractAndValidateAuthSession ? null : extractAndValidateAuthSession.getId()).authContext(null == extractAndValidateAuthSession ? null : extractAndValidateAuthSession.getContext()).futureAuthSessionId(extractOrCreateServiceSession.getId()).futureRedirectCode(UUID.randomUUID()).futureAspspRedirectCode(UUID.randomUUID()).request(request).build()).authSession(extractAndValidateAuthSession).session(extractOrCreateServiceSession).build();
    }

    @Override // de.adorsys.opba.protocol.facade.services.context.ServiceContextProvider
    public <REQUEST extends FacadeServiceableGetter, ACTION> ServiceContext<REQUEST> provideRequestScoped(REQUEST request, InternalContext<REQUEST, ACTION> internalContext) {
        return ServiceContext.builder().ctx(internalContext.getServiceCtx()).requestScoped(getRequestScoped(request, internalContext.getSession(), internalContext.getAuthSession(), internalContext.getServiceCtx().getServiceBankProtocolId().longValue())).build();
    }

    protected <REQUEST extends FacadeServiceableGetter> void validateRedirectCode(REQUEST request, AuthSession authSession) {
        if (Strings.isNullOrEmpty(request.getFacadeServiceable().getRedirectCode())) {
            throw new IllegalArgumentException("Missing redirect code");
        }
        if (!Objects.equals(authSession.getRedirectCode(), request.getFacadeServiceable().getRedirectCode())) {
            throw new IllegalArgumentException("Wrong redirect code");
        }
    }

    private <REQUEST extends FacadeServiceableGetter> AuthSession readAndValidateAuthSession(REQUEST request) {
        UUID fromString = UUID.fromString(request.getFacadeServiceable().getAuthorizationSessionId());
        AuthSession orElseThrow = this.authSessions.findById(fromString).orElseThrow(() -> {
            return new IllegalStateException("No auth session " + fromString);
        });
        validateRedirectCode(request, orElseThrow);
        return orElseThrow;
    }

    private <REQUEST extends FacadeServiceableGetter> ServiceSession extractOrCreateServiceSession(REQUEST request, AuthSession authSession) {
        return null != authSession ? authSession.getParent() : readOrCreateServiceSessionFromRequest(request.getFacadeServiceable());
    }

    private ServiceSession readOrCreateServiceSessionFromRequest(FacadeServiceableRequest facadeServiceableRequest) {
        UUID serviceSessionId = facadeServiceableRequest.getServiceSessionId();
        return null == serviceSessionId ? createServiceSession(UUID.randomUUID(), facadeServiceableRequest) : this.serviceSessions.findById(serviceSessionId).orElseGet(() -> {
            return createServiceSession(serviceSessionId, facadeServiceableRequest);
        });
    }

    @NotNull
    private ServiceSession createServiceSession(UUID uuid, FacadeServiceableRequest facadeServiceableRequest) {
        ServiceSession serviceSession = new ServiceSession();
        serviceSession.setId(uuid);
        serviceSession.setBankProfile(getBankProfileFromRequest(facadeServiceableRequest));
        return (ServiceSession) this.serviceSessions.save(serviceSession);
    }

    private <REQUEST extends FacadeServiceableGetter> AuthSession extractAndValidateAuthSession(REQUEST request) {
        return null == request.getFacadeServiceable().getAuthorizationSessionId() ? handleNoAuthSession(request) : readAndValidateAuthSession(request);
    }

    private <REQUEST extends FacadeServiceableGetter> AuthSession handleNoAuthSession(REQUEST request) {
        if (Strings.isNullOrEmpty(request.getFacadeServiceable().getRedirectCode())) {
            return null;
        }
        throw new IllegalArgumentException("Unexpected redirect code as no auth session is present");
    }

    @Nullable
    private <REQUEST extends FacadeServiceableGetter> RequestScoped getRequestScoped(REQUEST request, ServiceSession serviceSession, AuthSession authSession, long j) {
        return null == request.getFacadeServiceable().getAuthorizationKey() ? fintechFacingSecretKeyBasedEncryption(request, serviceSession, j) : psuCookieBasedKeyEncryption(request, authSession, j);
    }

    private <REQUEST extends FacadeServiceableGetter> RequestScoped psuCookieBasedKeyEncryption(REQUEST request, AuthSession authSession, long j) {
        if (null == authSession) {
            throw new IllegalArgumentException("Missing authorization session");
        }
        return this.provider.registerForPsuSession(authSession, this.consentAuthorizationEncryptionServiceProvider, j, this.encryptionKeySerde.fromString(request.getFacadeServiceable().getAuthorizationKey()));
    }

    private <REQUEST extends FacadeServiceableGetter> RequestScoped fintechFacingSecretKeyBasedEncryption(REQUEST request, ServiceSession serviceSession, long j) {
        BankProfile bankProfileFromRequest = getBankProfileFromRequest(request.getFacadeServiceable());
        return this.provider.registerForFintechSession(this.authenticator.authenticateOrCreateFintech(request.getFacadeServiceable()), bankProfileFromRequest, serviceSession, j, this.consentAuthorizationEncryptionServiceProvider, this.consentAuthorizationEncryptionServiceProvider.generateKey(), () -> {
            return request.getFacadeServiceable().getSessionPassword().toCharArray();
        });
    }

    private BankProfile getBankProfileFromRequest(FacadeServiceableRequest facadeServiceableRequest) {
        return this.profileJpaRepository.findByBankUuid(facadeServiceableRequest.getBankId()).orElseThrow(() -> {
            return new IllegalArgumentException("No bank profile for bank: " + facadeServiceableRequest.getBankId());
        });
    }

    @Generated
    @ConstructorProperties({"authSessions", "authenticator", "profileJpaRepository", "consentAuthorizationEncryptionServiceProvider", "provider", "encryptionKeySerde", "serviceSessions"})
    public ServiceContextProviderForFintech(AuthorizationSessionRepository authorizationSessionRepository, FintechAuthenticator fintechAuthenticator, BankProfileJpaRepository bankProfileJpaRepository, ConsentAuthorizationEncryptionServiceProvider consentAuthorizationEncryptionServiceProvider, RequestScopedProvider requestScopedProvider, EncryptionKeySerde encryptionKeySerde, ServiceSessionRepository serviceSessionRepository) {
        this.authSessions = authorizationSessionRepository;
        this.authenticator = fintechAuthenticator;
        this.profileJpaRepository = bankProfileJpaRepository;
        this.consentAuthorizationEncryptionServiceProvider = consentAuthorizationEncryptionServiceProvider;
        this.provider = requestScopedProvider;
        this.encryptionKeySerde = encryptionKeySerde;
        this.serviceSessions = serviceSessionRepository;
    }
}
