package de.adorsys.opba.protocol.facade.services.scoped.paymentaccess;

import de.adorsys.opba.db.domain.entity.Payment;
import de.adorsys.opba.db.domain.entity.fintech.Fintech;
import de.adorsys.opba.db.domain.entity.fintech.FintechPrvKey;
import de.adorsys.opba.db.domain.entity.fintech.FintechPsuAspspPrvKey;
import de.adorsys.opba.db.domain.entity.sessions.ServiceSession;
import de.adorsys.opba.db.repository.jpa.PaymentRepository;
import de.adorsys.opba.db.repository.jpa.fintech.FintechPsuAspspPrvKeyRepository;
import de.adorsys.opba.protocol.api.services.EncryptionService;
import de.adorsys.opba.protocol.api.services.scoped.consent.PaymentAccess;
import de.adorsys.opba.protocol.api.services.scoped.consent.ProtocolFacingPayment;
import de.adorsys.opba.protocol.facade.config.encryption.PsuEncryptionServiceProvider;
import de.adorsys.opba.protocol.facade.config.encryption.impl.fintech.FintechSecureStorage;
import java.beans.ConstructorProperties;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import javax.persistence.EntityManager;
import lombok.Generated;

/* loaded from: input_file:BOOT-INF/lib/opba-banking-protocol-facade-0.20.0.2.jar:de/adorsys/opba/protocol/facade/services/scoped/paymentaccess/FintechPaymentAccess.class */
public class FintechPaymentAccess implements PaymentAccess {
    private final Fintech fintech;
    private final PsuEncryptionServiceProvider encryptionService;
    private final FintechPsuAspspPrvKeyRepository keys;
    private final FintechSecureStorage fintechVault;
    private final PaymentRepository payments;
    private final EntityManager entityManager;
    private final UUID serviceSessionId;
    private final Supplier<char[]> fintechPassword;

    @Override // de.adorsys.opba.protocol.api.services.scoped.consent.PaymentAccess
    public boolean isFinTechScope() {
        return true;
    }

    @Override // de.adorsys.opba.protocol.api.services.scoped.consent.PaymentAccess
    public ProtocolFacingPayment createDoNotPersist() {
        throw new IllegalStateException("No PSU present - can't create payment");
    }

    @Override // de.adorsys.opba.protocol.api.services.scoped.consent.PaymentAccess
    public void save(ProtocolFacingPayment protocolFacingPayment) {
        throw new IllegalStateException("No PSU present - can't save payment");
    }

    @Override // de.adorsys.opba.protocol.api.services.scoped.consent.PaymentAccess
    public void delete(ProtocolFacingPayment protocolFacingPayment) {
        throw new IllegalStateException("No PSU present - can't delete payment");
    }

    @Override // de.adorsys.opba.protocol.api.services.scoped.consent.PaymentAccess
    public List<ProtocolFacingPayment> findByCurrentServiceSessionOrderByModifiedDesc() {
        ServiceSession serviceSession = (ServiceSession) this.entityManager.find(ServiceSession.class, this.serviceSessionId);
        if (null == serviceSession || null == serviceSession.getAuthSession()) {
            return Collections.emptyList();
        }
        List<Payment> findByServiceSessionIdOrderByModifiedAtDesc = this.payments.findByServiceSessionIdOrderByModifiedAtDesc(serviceSession.getId());
        if (findByServiceSessionIdOrderByModifiedAtDesc.isEmpty()) {
            return Collections.emptyList();
        }
        EncryptionService psuKeyBasedEncryptionService = !serviceSession.getAuthSession().isPsuAnonymous() ? psuKeyBasedEncryptionService(serviceSession) : null;
        return (List) findByServiceSessionIdOrderByModifiedAtDesc.stream().map(payment -> {
            return toProtocolFacingPayment(payment, serviceSession, psuKeyBasedEncryptionService);
        }).collect(Collectors.toList());
    }

    private ProtocolFacingPaymentImpl toProtocolFacingPayment(Payment payment, ServiceSession serviceSession, EncryptionService encryptionService) {
        return null == payment.getPsu() ? anonymousPayment(payment) : psuPayment(payment, serviceSession, encryptionService);
    }

    private ProtocolFacingPaymentImpl psuPayment(Payment payment, ServiceSession serviceSession, EncryptionService encryptionService) {
        if (payment.getPsu().getId().equals(serviceSession.getAuthSession().getPsu().getId())) {
            return new ProtocolFacingPaymentImpl(payment, encryptionService);
        }
        throw new IllegalStateException(String.format("Payment %s is for %d but session is for %d", payment.getId().toString(), payment.getPsu().getId(), serviceSession.getAuthSession().getPsu().getId()));
    }

    private ProtocolFacingPaymentImpl anonymousPayment(Payment payment) {
        return new ProtocolFacingPaymentImpl(payment, anonymousEncryptionService(payment.getFintechPubKey().getPrvKey()));
    }

    private EncryptionService psuKeyBasedEncryptionService(ServiceSession serviceSession) {
        Optional<FintechPsuAspspPrvKey> findByFintechIdAndPsuIdAndAspspId = this.keys.findByFintechIdAndPsuIdAndAspspId(this.fintech.getId().longValue(), serviceSession.getAuthSession().getPsu().getId().longValue(), serviceSession.getAuthSession().getAction().getBankProfile().getBank().getId().longValue());
        if (!findByFintechIdAndPsuIdAndAspspId.isPresent()) {
            return null;
        }
        return this.encryptionService.forPrivateKey(findByFintechIdAndPsuIdAndAspspId.get().getId(), this.fintechVault.psuAspspKeyFromPrivate(serviceSession, this.fintech, this.fintechPassword));
    }

    private EncryptionService anonymousEncryptionService(FintechPrvKey fintechPrvKey) {
        return this.encryptionService.forPrivateKey(fintechPrvKey.getId(), this.fintechVault.fintechOnlyPrvKeyFromPrivate(fintechPrvKey, this.fintech, this.fintechPassword));
    }

    @Generated
    @ConstructorProperties({"fintech", "encryptionService", "keys", "fintechVault", "payments", "entityManager", "serviceSessionId", "fintechPassword"})
    public FintechPaymentAccess(Fintech fintech, PsuEncryptionServiceProvider psuEncryptionServiceProvider, FintechPsuAspspPrvKeyRepository fintechPsuAspspPrvKeyRepository, FintechSecureStorage fintechSecureStorage, PaymentRepository paymentRepository, EntityManager entityManager, UUID uuid, Supplier<char[]> supplier) {
        this.fintech = fintech;
        this.encryptionService = psuEncryptionServiceProvider;
        this.keys = fintechPsuAspspPrvKeyRepository;
        this.fintechVault = fintechSecureStorage;
        this.payments = paymentRepository;
        this.entityManager = entityManager;
        this.serviceSessionId = uuid;
        this.fintechPassword = supplier;
    }
}
