package de.adorsys.psd2.xs2a.service;

import de.adorsys.psd2.core.data.ais.AisConsent;
import de.adorsys.psd2.event.core.model.EventType;
import de.adorsys.psd2.logger.context.LoggingContextService;
import de.adorsys.psd2.xs2a.core.authorisation.Authorisation;
import de.adorsys.psd2.xs2a.core.domain.TppMessageInformation;
import de.adorsys.psd2.xs2a.core.error.ErrorType;
import de.adorsys.psd2.xs2a.core.error.MessageErrorCode;
import de.adorsys.psd2.xs2a.core.profile.ScaApproach;
import de.adorsys.psd2.xs2a.core.psu.PsuIdData;
import de.adorsys.psd2.xs2a.core.sca.ScaStatus;
import de.adorsys.psd2.xs2a.domain.ResponseObject;
import de.adorsys.psd2.xs2a.domain.authorisation.AuthorisationResponse;
import de.adorsys.psd2.xs2a.domain.consent.ConsentScaStatus;
import de.adorsys.psd2.xs2a.domain.consent.CreateConsentAuthorizationResponse;
import de.adorsys.psd2.xs2a.domain.consent.UpdateConsentPsuDataReq;
import de.adorsys.psd2.xs2a.domain.consent.UpdateConsentPsuDataResponse;
import de.adorsys.psd2.xs2a.domain.consent.Xs2aAuthorisationSubResources;
import de.adorsys.psd2.xs2a.service.authorization.AuthorisationChainResponsibilityService;
import de.adorsys.psd2.xs2a.service.authorization.Xs2aAuthorisationService;
import de.adorsys.psd2.xs2a.service.authorization.ais.AisAuthorisationConfirmationService;
import de.adorsys.psd2.xs2a.service.authorization.ais.AisScaAuthorisationServiceResolver;
import de.adorsys.psd2.xs2a.service.authorization.processor.model.AisAuthorisationProcessorRequest;
import de.adorsys.psd2.xs2a.service.consent.Xs2aAisConsentService;
import de.adorsys.psd2.xs2a.service.event.Xs2aEventService;
import de.adorsys.psd2.xs2a.service.validator.AisEndpointAccessCheckerService;
import de.adorsys.psd2.xs2a.service.validator.ValidationResult;
import de.adorsys.psd2.xs2a.service.validator.ais.consent.dto.CreateConsentAuthorisationObject;
import java.beans.ConstructorProperties;
import java.util.EnumSet;
import java.util.Objects;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/lib/xs2a-impl-7.6.12.jar:de/adorsys/psd2/xs2a/service/ConsentAuthorisationService.class */
public class ConsentAuthorisationService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ConsentAuthorisationService.class);
    private final Xs2aAuthorisationService xs2aAuthorisationService;
    private final Xs2aAisConsentService aisConsentService;
    private final AisScaAuthorisationServiceResolver aisScaAuthorisationServiceResolver;
    private final AisEndpointAccessCheckerService endpointAccessCheckerService;
    private final Xs2aEventService xs2aEventService;
    private final ConsentValidationService consentValidationService;
    private final AuthorisationChainResponsibilityService authorisationChainResponsibilityService;
    private final LoggingContextService loggingContextService;
    private final AisAuthorisationConfirmationService aisAuthorisationConfirmationService;
    private final PsuIdDataAuthorisationService psuIdDataAuthorisationService;

    public ResponseObject<AuthorisationResponse> createAisAuthorisation(PsuIdData psuIdData, String str, String str2) {
        ResponseObject<CreateConsentAuthorizationResponse> createConsentAuthorizationWithResponse = createConsentAuthorizationWithResponse(psuIdData, str);
        if (createConsentAuthorizationWithResponse.hasError()) {
            return ResponseObject.builder().fail(createConsentAuthorizationWithResponse.getError()).build();
        }
        PsuIdData psuIdData2 = createConsentAuthorizationWithResponse.getBody().getPsuIdData();
        if (psuIdData2 == null || psuIdData2.isEmpty() || StringUtils.isBlank(str2)) {
            this.loggingContextService.storeScaStatus(createConsentAuthorizationWithResponse.getBody().getScaStatus());
            return ResponseObject.builder().body(createConsentAuthorizationWithResponse.getBody()).build();
        }
        String authorisationId = createConsentAuthorizationWithResponse.getBody().getAuthorisationId();
        UpdateConsentPsuDataReq updateConsentPsuDataReq = new UpdateConsentPsuDataReq();
        updateConsentPsuDataReq.setPsuData(psuIdData);
        updateConsentPsuDataReq.setConsentId(str);
        updateConsentPsuDataReq.setAuthorizationId(authorisationId);
        updateConsentPsuDataReq.setPassword(str2);
        ResponseObject<UpdateConsentPsuDataResponse> updateConsentPsuData = updateConsentPsuData(updateConsentPsuDataReq);
        return updateConsentPsuData.hasError() ? ResponseObject.builder().fail(updateConsentPsuData.getError()).build() : ResponseObject.builder().body(updateConsentPsuData.getBody()).build();
    }

    public ResponseObject<Xs2aAuthorisationSubResources> getConsentInitiationAuthorisations(String str) {
        this.xs2aEventService.recordAisTppRequest(str, EventType.GET_CONSENT_AUTHORISATION_REQUEST_RECEIVED);
        Optional<AisConsent> accountConsentById = this.aisConsentService.getAccountConsentById(str);
        if (accountConsentById.isEmpty()) {
            log.info("Consent-ID: [{}]. Get consent initiation authorisations failed: consent not found by id", str);
            return ResponseObject.builder().fail(ErrorType.AIS_403, TppMessageInformation.of(MessageErrorCode.CONSENT_UNKNOWN_403)).build();
        }
        AisConsent aisConsent = accountConsentById.get();
        ValidationResult validateConsentAuthorisationOnGettingById = this.consentValidationService.validateConsentAuthorisationOnGettingById(aisConsent);
        if (validateConsentAuthorisationOnGettingById.isNotValid()) {
            log.info("Consent-ID: [{}]. Get consent authorisations - validation failed: {}", str, validateConsentAuthorisationOnGettingById.getMessageError());
            return ResponseObject.builder().fail(validateConsentAuthorisationOnGettingById.getMessageError()).build();
        }
        this.loggingContextService.storeConsentStatus(aisConsent.getConsentStatus());
        return (ResponseObject) getAuthorisationSubResources(str).map(xs2aAuthorisationSubResources -> {
            return ResponseObject.builder().body(xs2aAuthorisationSubResources).build();
        }).orElseGet(() -> {
            log.info("Consent-ID: [{}]. Get consent initiation authorisations failed: authorisation not found at CMS by consent id", str);
            return ResponseObject.builder().fail(ErrorType.AIS_404, TppMessageInformation.of(MessageErrorCode.RESOURCE_UNKNOWN_404)).build();
        });
    }

    public ResponseObject<ConsentScaStatus> getConsentAuthorisationScaStatus(String str, String str2) {
        this.xs2aEventService.recordAisTppRequest(str, EventType.GET_CONSENT_SCA_STATUS_REQUEST_RECEIVED);
        Optional<AisConsent> accountConsentById = this.aisConsentService.getAccountConsentById(str);
        if (accountConsentById.isEmpty()) {
            log.info("Consent-ID: [{}]. Get consent authorisation SCA status failed: consent not found by id", str);
            return ResponseObject.builder().fail(ErrorType.AIS_403, TppMessageInformation.of(MessageErrorCode.CONSENT_UNKNOWN_403)).build();
        }
        AisConsent aisConsent = accountConsentById.get();
        ValidationResult validateConsentAuthorisationScaStatus = this.consentValidationService.validateConsentAuthorisationScaStatus(aisConsent, str2);
        if (validateConsentAuthorisationScaStatus.isNotValid()) {
            log.info("Consent-ID: [{}], Authorisation-ID [{}]. Get consent authorisation SCA status - validation failed: {}", str, str2, validateConsentAuthorisationScaStatus.getMessageError());
            return ResponseObject.builder().fail(validateConsentAuthorisationScaStatus.getMessageError()).build();
        }
        Optional<ScaStatus> authorisationScaStatus = this.aisScaAuthorisationServiceResolver.getService(str2).getAuthorisationScaStatus(str, str2);
        if (authorisationScaStatus.isEmpty()) {
            log.info("Consent-ID: [{}]. Get consent authorisation SCA status failed: consent not found at CMS by id", str);
            return ResponseObject.builder().fail(ErrorType.AIS_403, TppMessageInformation.of(MessageErrorCode.RESOURCE_UNKNOWN_403)).build();
        }
        ScaStatus scaStatus = authorisationScaStatus.get();
        ConsentScaStatus consentScaStatus = new ConsentScaStatus(this.psuIdDataAuthorisationService.getPsuIdData(str2, aisConsent.getPsuIdDataList()), aisConsent, scaStatus);
        this.loggingContextService.storeConsentStatus(aisConsent.getConsentStatus());
        this.loggingContextService.storeScaStatus(scaStatus);
        return ResponseObject.builder().body(consentScaStatus).build();
    }

    public ResponseObject<UpdateConsentPsuDataResponse> updateConsentPsuData(UpdateConsentPsuDataReq updateConsentPsuDataReq) {
        this.xs2aEventService.recordAisTppRequest(updateConsentPsuDataReq.getConsentId(), EventType.UPDATE_AIS_CONSENT_PSU_DATA_REQUEST_RECEIVED, updateConsentPsuDataReq);
        String consentId = updateConsentPsuDataReq.getConsentId();
        Optional<AisConsent> accountConsentById = this.aisConsentService.getAccountConsentById(consentId);
        if (accountConsentById.isEmpty()) {
            log.info("Consent-ID: [{}]. Update consent PSU data failed: consent not found by id", consentId);
            return ResponseObject.builder().fail(ErrorType.AIS_403, TppMessageInformation.of(MessageErrorCode.CONSENT_UNKNOWN_403)).build();
        }
        String authorizationId = updateConsentPsuDataReq.getAuthorizationId();
        if (!this.endpointAccessCheckerService.isEndpointAccessible(authorizationId, StringUtils.isNotBlank(updateConsentPsuDataReq.getConfirmationCode()))) {
            log.info("Consent-ID: [{}], Authorisation-ID [{}]. Update consent PSU data failed: update endpoint is blocked for current authorisation", consentId, authorizationId);
            return ResponseObject.builder().fail(ErrorType.AIS_403, TppMessageInformation.of(MessageErrorCode.SERVICE_BLOCKED)).build();
        }
        AisConsent aisConsent = accountConsentById.get();
        this.loggingContextService.storeConsentStatus(aisConsent.getConsentStatus());
        ValidationResult validateConsentPsuDataOnUpdate = this.consentValidationService.validateConsentPsuDataOnUpdate(aisConsent, updateConsentPsuDataReq);
        if (validateConsentPsuDataOnUpdate.isNotValid()) {
            if (EnumSet.of(MessageErrorCode.PSU_CREDENTIALS_INVALID, MessageErrorCode.FORMAT_ERROR_NO_PSU).contains(validateConsentPsuDataOnUpdate.getMessageError().getTppMessage().getMessageErrorCode())) {
                this.xs2aAuthorisationService.updateAuthorisationStatus(authorizationId, ScaStatus.FAILED);
            }
            log.info("Consent-ID: [{}], Authorisation-ID [{}]. Update consent PSU data - validation failed: {}", consentId, authorizationId, validateConsentPsuDataOnUpdate.getMessageError());
            return ResponseObject.builder().fail(validateConsentPsuDataOnUpdate.getMessageError()).build();
        }
        if (!aisConsent.isExpired()) {
            return getUpdateConsentPsuDataResponse(updateConsentPsuDataReq);
        }
        log.info("Consent-ID: [{}]. Update consent PSU data failed: consent expired", consentId);
        return ResponseObject.builder().fail(ErrorType.AIS_401, TppMessageInformation.of(MessageErrorCode.CONSENT_EXPIRED)).build();
    }

    private ResponseObject<UpdateConsentPsuDataResponse> getUpdateConsentPsuDataResponse(UpdateConsentPsuDataReq updateConsentPsuDataReq) {
        Optional<Authorisation> accountConsentAuthorizationById = this.aisScaAuthorisationServiceResolver.getService(updateConsentPsuDataReq.getAuthorizationId()).getAccountConsentAuthorizationById(updateConsentPsuDataReq.getAuthorizationId());
        if (accountConsentAuthorizationById.isEmpty()) {
            log.info("Authorisation-ID: [{}]. Update consent PSU data failed: authorisation not found by id", updateConsentPsuDataReq.getAuthorizationId());
            return ResponseObject.builder().fail(ErrorType.AIS_403, TppMessageInformation.of(MessageErrorCode.CONSENT_UNKNOWN_403)).build();
        }
        Authorisation authorisation = accountConsentAuthorizationById.get();
        if (authorisation.getChosenScaApproach() == ScaApproach.REDIRECT) {
            return this.aisAuthorisationConfirmationService.processAuthorisationConfirmation(updateConsentPsuDataReq);
        }
        UpdateConsentPsuDataResponse updateConsentPsuDataResponse = (UpdateConsentPsuDataResponse) this.authorisationChainResponsibilityService.apply(new AisAuthorisationProcessorRequest(authorisation.getChosenScaApproach(), authorisation.getScaStatus(), updateConsentPsuDataReq, authorisation));
        this.loggingContextService.storeScaStatus(updateConsentPsuDataResponse.getScaStatus());
        Optional map = Optional.ofNullable(updateConsentPsuDataResponse).map(updateConsentPsuDataResponse2 -> {
            Optional map2 = Optional.ofNullable(updateConsentPsuDataResponse2.getErrorHolder()).map(errorHolder -> {
                return ResponseObject.builder().fail(errorHolder).build();
            });
            ResponseObject.ResponseBuilder body = ResponseObject.builder().body(updateConsentPsuDataResponse);
            Objects.requireNonNull(body);
            return (ResponseObject) map2.orElseGet(body::build);
        });
        ResponseObject.ResponseBuilder fail = ResponseObject.builder().fail(ErrorType.AIS_400, TppMessageInformation.of(MessageErrorCode.FORMAT_ERROR));
        Objects.requireNonNull(fail);
        return (ResponseObject) map.orElseGet(fail::build);
    }

    private ResponseObject<CreateConsentAuthorizationResponse> createConsentAuthorizationWithResponse(PsuIdData psuIdData, String str) {
        this.xs2aEventService.recordAisTppRequest(str, EventType.START_AIS_CONSENT_AUTHORISATION_REQUEST_RECEIVED);
        Optional<AisConsent> accountConsentById = this.aisConsentService.getAccountConsentById(str);
        if (accountConsentById.isEmpty()) {
            log.info("Consent-ID: [{}]. Create consent authorisation with response failed: consent not found by id", str);
            return ResponseObject.builder().fail(ErrorType.AIS_403, TppMessageInformation.of(MessageErrorCode.CONSENT_UNKNOWN_403)).build();
        }
        AisConsent aisConsent = accountConsentById.get();
        ValidationResult validateConsentAuthorisationOnCreate = this.consentValidationService.validateConsentAuthorisationOnCreate(new CreateConsentAuthorisationObject(aisConsent, psuIdData));
        if (validateConsentAuthorisationOnCreate.isNotValid()) {
            log.info("Consent-ID: [{}]. Create consent authorisation with response - validation failed: {}", str, validateConsentAuthorisationOnCreate.getMessageError());
            return ResponseObject.builder().fail(validateConsentAuthorisationOnCreate.getMessageError()).build();
        }
        if (aisConsent.isExpired()) {
            log.info("Consent-ID: [{}]. Create consent authorisation with response failed: consent expired", str);
            return ResponseObject.builder().fail(ErrorType.AIS_401, TppMessageInformation.of(MessageErrorCode.CONSENT_EXPIRED)).build();
        }
        this.loggingContextService.storeConsentStatus(aisConsent.getConsentStatus());
        Optional<U> map = this.aisScaAuthorisationServiceResolver.getService().createConsentAuthorization(getActualPsuData(psuIdData, aisConsent), str).map(createConsentAuthorizationResponse -> {
            return ResponseObject.builder().body(createConsentAuthorizationResponse).build();
        });
        ResponseObject.ResponseBuilder fail = ResponseObject.builder().fail(ErrorType.AIS_403, TppMessageInformation.of(MessageErrorCode.CONSENT_UNKNOWN_403));
        Objects.requireNonNull(fail);
        return (ResponseObject) map.orElseGet(fail::build);
    }

    private PsuIdData getActualPsuData(PsuIdData psuIdData, AisConsent aisConsent) {
        return (psuIdData.isNotEmpty() || aisConsent.isMultilevelScaRequired()) ? psuIdData : aisConsent.getPsuIdDataList().stream().findFirst().orElse(psuIdData);
    }

    private Optional<Xs2aAuthorisationSubResources> getAuthorisationSubResources(String str) {
        return this.aisConsentService.getAuthorisationSubResources(str).map(Xs2aAuthorisationSubResources::new);
    }

    @ConstructorProperties({"xs2aAuthorisationService", "aisConsentService", "aisScaAuthorisationServiceResolver", "endpointAccessCheckerService", "xs2aEventService", "consentValidationService", "authorisationChainResponsibilityService", "loggingContextService", "aisAuthorisationConfirmationService", "psuIdDataAuthorisationService"})
    public ConsentAuthorisationService(Xs2aAuthorisationService xs2aAuthorisationService, Xs2aAisConsentService xs2aAisConsentService, AisScaAuthorisationServiceResolver aisScaAuthorisationServiceResolver, AisEndpointAccessCheckerService aisEndpointAccessCheckerService, Xs2aEventService xs2aEventService, ConsentValidationService consentValidationService, AuthorisationChainResponsibilityService authorisationChainResponsibilityService, LoggingContextService loggingContextService, AisAuthorisationConfirmationService aisAuthorisationConfirmationService, PsuIdDataAuthorisationService psuIdDataAuthorisationService) {
        this.xs2aAuthorisationService = xs2aAuthorisationService;
        this.aisConsentService = xs2aAisConsentService;
        this.aisScaAuthorisationServiceResolver = aisScaAuthorisationServiceResolver;
        this.endpointAccessCheckerService = aisEndpointAccessCheckerService;
        this.xs2aEventService = xs2aEventService;
        this.consentValidationService = consentValidationService;
        this.authorisationChainResponsibilityService = authorisationChainResponsibilityService;
        this.loggingContextService = loggingContextService;
        this.aisAuthorisationConfirmationService = aisAuthorisationConfirmationService;
        this.psuIdDataAuthorisationService = psuIdDataAuthorisationService;
    }
}
