package de.adorsys.ledgers.oba.service.impl.service;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.adorsys.ledgers.middleware.api.domain.sca.SCAConsentResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.SCAResponseTO;
import de.adorsys.ledgers.middleware.api.domain.um.AisAccountAccessInfoTO;
import de.adorsys.ledgers.middleware.api.domain.um.AisConsentTO;
import de.adorsys.ledgers.middleware.client.rest.AuthRequestInterceptor;
import de.adorsys.ledgers.middleware.client.rest.ConsentRestClient;
import de.adorsys.ledgers.oba.service.api.domain.CreatePiisConsentRequestTO;
import de.adorsys.ledgers.oba.service.api.domain.ObaAisConsent;
import de.adorsys.ledgers.oba.service.api.domain.exception.ObaErrorCode;
import de.adorsys.ledgers.oba.service.api.domain.exception.ObaException;
import de.adorsys.ledgers.oba.service.api.service.ConsentService;
import de.adorsys.ledgers.oba.service.impl.mapper.CreatePiisConsentRequestMapper;
import de.adorsys.psd2.consent.api.AspspDataService;
import de.adorsys.psd2.consent.api.CmsAspspConsentDataBase64;
import de.adorsys.psd2.consent.api.ais.CmsAisAccountConsent;
import de.adorsys.psd2.consent.service.security.SecurityDataService;
import de.adorsys.psd2.xs2a.core.sca.AuthenticationDataHolder;
import feign.FeignException;
import java.io.IOException;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import org.adorsys.ledgers.consent.aspsp.rest.client.CmsAspspPiisClient;
import org.adorsys.ledgers.consent.aspsp.rest.client.CreatePiisConsentRequest;
import org.adorsys.ledgers.consent.aspsp.rest.client.CreatePiisConsentResponse;
import org.adorsys.ledgers.consent.psu.rest.client.CmsPsuAisClient;
import org.adorsys.ledgers.consent.xs2a.rest.client.AspspConsentDataClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:de/adorsys/ledgers/oba/service/impl/service/ConsentServiceImpl.class */
public class ConsentServiceImpl implements ConsentService {
    private static final Logger log = LoggerFactory.getLogger(ConsentServiceImpl.class);
    private static final String RESPONSE_ERROR = "Error in response from CMS, please contact admin.";
    private static final String GET_CONSENTS_ERROR_MSG = "Failed to retrieve consents for user: %s, code: %s, message: %s";
    private static final String CONSENT_COULD_NOT_BE_FOUND = "Consent %s could not be found";
    private static final String FAILED_TO_CONFIRM_THE_CONSENT_MSG = "Failed to confirm the consent %s msg: %s";
    private static final String UPDATE_FAILED_MSG = "Update %s failed msg: %s";
    private static final String COULD_NOT_RETRIEVE_ASPSP_CONSENT_DATA = "Could not retrieve ASPSP consent data.";
    private static final String DEFAULT_SERVICE_INSTANCE_ID = "UNDEFINED";
    private final CmsPsuAisClient cmsPsuAisClient;
    private final SecurityDataService securityDataService;
    private final AspspConsentDataClient consentDataClient;
    private final ConsentRestClient consentRestClient;
    private final AuthRequestInterceptor authInterceptor;
    private final ObjectMapper objectMapper;
    private final AspspDataService aspspDataService;
    private final CmsAspspPiisClient cmsAspspPiisClient;
    private final CreatePiisConsentRequestMapper createPiisConsentRequestMapper;

    public List<ObaAisConsent> getListOfConsents(String str) {
        try {
            return toObaAisConsent((List) Optional.ofNullable(this.cmsPsuAisClient.getConsentsForPsu(str, (String) null, (String) null, (String) null, DEFAULT_SERVICE_INSTANCE_ID).getBody()).orElse(Collections.emptyList()));
        } catch (FeignException e) {
            log.error(String.format(GET_CONSENTS_ERROR_MSG, str, Integer.valueOf(e.status()), e.getMessage()));
            throw ObaException.builder().devMessage(RESPONSE_ERROR).obaErrorCode(ObaErrorCode.AIS_BAD_REQUEST).build();
        }
    }

    public boolean revokeConsent(String str) {
        return ((Boolean) Optional.ofNullable(this.cmsPsuAisClient.revokeConsent(str, (String) null, (String) null, (String) null, (String) null, DEFAULT_SERVICE_INSTANCE_ID).getBody()).orElse(false)).booleanValue();
    }

    public void confirmAisConsentDecoupled(String str, String str2, String str3, String str4) {
        String decryptedConsentId = getDecryptedConsentId(str2);
        setActiveAccessTokenFromConsentData(str2);
        SCAConsentResponseTO authorizeConsentAtLedgers = authorizeConsentAtLedgers(decryptedConsentId, str3, str4);
        confirmConsentAtCms(str, decryptedConsentId);
        updateCmsAuthorization(str, str3, decryptedConsentId);
        updateAspspConsentDataForConsent(str2, authorizeConsentAtLedgers);
        this.authInterceptor.setAccessToken((String) null);
    }

    public SCAConsentResponseTO createConsent(CreatePiisConsentRequestTO createPiisConsentRequestTO, String str) {
        CreatePiisConsentRequest fromCreatePiisConsentRequest = this.createPiisConsentRequestMapper.fromCreatePiisConsentRequest(createPiisConsentRequestTO);
        return (SCAConsentResponseTO) this.consentRestClient.grantPIISConsent(new AisConsentTO(((CreatePiisConsentResponse) Optional.ofNullable((CreatePiisConsentResponse) this.cmsAspspPiisClient.createConsent(fromCreatePiisConsentRequest, str, (String) null, (String) null, (String) null).getBody()).orElseGet(CreatePiisConsentResponse::new)).getConsentId(), str, fromCreatePiisConsentRequest.getTppAuthorisationNumber(), 100, buildAccountAccess(fromCreatePiisConsentRequest.getAccount().getIban()), fromCreatePiisConsentRequest.getValidUntil(), true)).getBody();
    }

    private AisAccountAccessInfoTO buildAccountAccess(String str) {
        AisAccountAccessInfoTO aisAccountAccessInfoTO = new AisAccountAccessInfoTO();
        aisAccountAccessInfoTO.setAccounts(Collections.singletonList(str));
        return aisAccountAccessInfoTO;
    }

    private void updateCmsAuthorization(String str, String str2, String str3) {
        try {
            this.cmsPsuAisClient.updateAuthorisationStatus(str3, "FINALISED", str2, str, (String) null, (String) null, (String) null, DEFAULT_SERVICE_INSTANCE_ID, new AuthenticationDataHolder((String) null, (String) null));
        } catch (FeignException e) {
            String format = String.format(UPDATE_FAILED_MSG, "authorization", e.getMessage());
            log.error(format);
            throw ObaException.builder().devMessage(format).obaErrorCode(ObaErrorCode.AIS_BAD_REQUEST).build();
        }
    }

    private void updateAspspConsentDataForConsent(String str, SCAConsentResponseTO sCAConsentResponseTO) {
        try {
            this.consentDataClient.updateAspspConsentData(str, new CmsAspspConsentDataBase64(str, writeScaResponseAsString(sCAConsentResponseTO)));
        } catch (FeignException e) {
            String format = String.format(UPDATE_FAILED_MSG, "aspsp consent data", e.getMessage());
            log.error(format);
            throw ObaException.builder().devMessage(format).obaErrorCode(ObaErrorCode.AIS_BAD_REQUEST).build();
        }
    }

    private void confirmConsentAtCms(String str, String str2) {
        try {
            this.cmsPsuAisClient.confirmConsent(str2, str, (String) null, (String) null, (String) null, DEFAULT_SERVICE_INSTANCE_ID).getBody();
        } catch (FeignException e) {
            String format = e.status() == 404 ? String.format(CONSENT_COULD_NOT_BE_FOUND, str2) : String.format(FAILED_TO_CONFIRM_THE_CONSENT_MSG, str2, e.getMessage());
            log.error(format);
            throw ObaException.builder().devMessage(format).obaErrorCode(e.status() == 404 ? ObaErrorCode.NOT_FOUND : ObaErrorCode.CONNECTION_ERROR).build();
        }
    }

    private String getDecryptedConsentId(String str) {
        return (String) this.securityDataService.decryptId(str).orElseThrow(() -> {
            return ObaException.builder().devMessage("Error decrypting consent id").obaErrorCode(ObaErrorCode.AIS_BAD_REQUEST).build();
        });
    }

    private String writeScaResponseAsString(SCAResponseTO sCAResponseTO) {
        try {
            return Base64.getEncoder().encodeToString(this.objectMapper.writeValueAsBytes(sCAResponseTO));
        } catch (JsonProcessingException e) {
            throw ObaException.builder().devMessage("Could not encode ledgers consent confirmation response.").obaErrorCode(ObaErrorCode.AIS_BAD_REQUEST).build();
        }
    }

    private SCAConsentResponseTO authorizeConsentAtLedgers(String str, String str2, String str3) {
        try {
            return (SCAConsentResponseTO) this.consentRestClient.authorizeConsent(str, str2, str3).getBody();
        } catch (FeignException e) {
            throw ObaException.builder().devMessage(getDevMessageFromFeignException(e)).obaErrorCode(ObaErrorCode.AIS_BAD_REQUEST).build();
        }
    }

    private String getDevMessageFromFeignException(FeignException feignException) {
        try {
            return this.objectMapper.readTree(feignException.content()).get("devMessage").asText();
        } catch (IOException e) {
            return "Could not extract exception message from ASPSP response";
        }
    }

    private void setActiveAccessTokenFromConsentData(String str) {
        try {
            this.authInterceptor.setAccessToken((String) Optional.ofNullable(this.objectMapper.readTree((byte[]) this.aspspDataService.readAspspConsentData(str).map((v0) -> {
                return v0.getAspspConsentData();
            }).orElseThrow(() -> {
                return ObaException.builder().devMessage(COULD_NOT_RETRIEVE_ASPSP_CONSENT_DATA).obaErrorCode(ObaErrorCode.AIS_BAD_REQUEST).build();
            })).get("bearerToken")).map(jsonNode -> {
                return jsonNode.get("access_token");
            }).map((v0) -> {
                return v0.asText();
            }).orElseThrow(() -> {
                return ObaException.builder().devMessage("No AccessToken present in ASPSP consent data").obaErrorCode(ObaErrorCode.AIS_BAD_REQUEST).build();
            }));
        } catch (IOException e) {
            throw ObaException.builder().devMessage("Could not parse ASPSP consent data").obaErrorCode(ObaErrorCode.AIS_BAD_REQUEST).build();
        }
    }

    private List<ObaAisConsent> toObaAisConsent(List<CmsAisAccountConsent> list) {
        return (List) list.stream().map(cmsAisAccountConsent -> {
            return new ObaAisConsent((String) this.securityDataService.encryptId(cmsAisAccountConsent.getId()).orElse(""), cmsAisAccountConsent);
        }).collect(Collectors.toList());
    }

    public ConsentServiceImpl(CmsPsuAisClient cmsPsuAisClient, SecurityDataService securityDataService, AspspConsentDataClient aspspConsentDataClient, ConsentRestClient consentRestClient, AuthRequestInterceptor authRequestInterceptor, ObjectMapper objectMapper, AspspDataService aspspDataService, CmsAspspPiisClient cmsAspspPiisClient, CreatePiisConsentRequestMapper createPiisConsentRequestMapper) {
        this.cmsPsuAisClient = cmsPsuAisClient;
        this.securityDataService = securityDataService;
        this.consentDataClient = aspspConsentDataClient;
        this.consentRestClient = consentRestClient;
        this.authInterceptor = authRequestInterceptor;
        this.objectMapper = objectMapper;
        this.aspspDataService = aspspDataService;
        this.cmsAspspPiisClient = cmsAspspPiisClient;
        this.createPiisConsentRequestMapper = createPiisConsentRequestMapper;
    }
}
