package de.adorsys.ledgers.oba.service.impl.service;

import de.adorsys.ledgers.middleware.api.domain.account.AccountDetailsTO;
import de.adorsys.ledgers.middleware.api.domain.sca.GlobalScaResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.OpTypeTO;
import de.adorsys.ledgers.middleware.api.domain.sca.SCAConsentResponseTO;
import de.adorsys.ledgers.middleware.api.domain.sca.StartScaOprTO;
import de.adorsys.ledgers.middleware.api.domain.um.AisAccountAccessInfoTO;
import de.adorsys.ledgers.middleware.api.domain.um.AisConsentTO;
import de.adorsys.ledgers.middleware.api.domain.um.BearerTokenTO;
import de.adorsys.ledgers.middleware.client.rest.AuthRequestInterceptor;
import de.adorsys.ledgers.middleware.client.rest.ConsentRestClient;
import de.adorsys.ledgers.middleware.client.rest.RedirectScaRestClient;
import de.adorsys.ledgers.oba.service.api.domain.ConsentAuthorizeResponse;
import de.adorsys.ledgers.oba.service.api.domain.ConsentReference;
import de.adorsys.ledgers.oba.service.api.domain.ConsentWorkflow;
import de.adorsys.ledgers.oba.service.api.domain.exception.ObaErrorCode;
import de.adorsys.ledgers.oba.service.api.domain.exception.ObaException;
import de.adorsys.ledgers.oba.service.api.service.CmsAspspConsentDataService;
import de.adorsys.ledgers.oba.service.api.service.ConsentReferencePolicy;
import de.adorsys.ledgers.oba.service.api.service.RedirectConsentService;
import de.adorsys.ledgers.oba.service.impl.mapper.ObaAisConsentMapper;
import de.adorsys.psd2.consent.api.CmsAspspConsentDataBase64;
import de.adorsys.psd2.consent.api.ais.AisAccountAccess;
import de.adorsys.psd2.consent.api.ais.CmsAisConsentResponse;
import de.adorsys.psd2.consent.psu.api.ais.CmsAisConsentAccessRequest;
import de.adorsys.psd2.xs2a.core.consent.AisConsentRequestType;
import de.adorsys.psd2.xs2a.core.consent.ConsentStatus;
import de.adorsys.psd2.xs2a.core.sca.AuthenticationDataHolder;
import feign.FeignException;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.adorsys.ledgers.consent.psu.rest.client.CmsPsuAisClient;
import org.adorsys.ledgers.consent.psu.rest.client.CmsPsuPiisV2Client;
import org.adorsys.ledgers.consent.xs2a.rest.client.AspspConsentDataClient;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:de/adorsys/ledgers/oba/service/impl/service/RedirectConsentServiceImpl.class */
public class RedirectConsentServiceImpl implements RedirectConsentService {
    private static final Logger log = LoggerFactory.getLogger(RedirectConsentServiceImpl.class);
    private final CmsPsuAisClient cmsPsuAisClient;
    private final CmsPsuPiisV2Client cmsPsuPiisV2Client;
    private final ConsentRestClient consentRestClient;
    private final AuthRequestInterceptor authInterceptor;
    private final ObaAisConsentMapper consentMapper;
    private final ConsentReferencePolicy referencePolicy;
    private final CmsAspspConsentDataService dataService;
    private final AspspConsentDataClient aspspConsentDataClient;
    private final RedirectScaRestClient redirectScaClient;

    public void selectScaMethod(String str, String str2, ConsentWorkflow consentWorkflow) {
        try {
            this.authInterceptor.setAccessToken(consentWorkflow.bearerToken().getAccess_token());
            consentWorkflow.storeSCAResponse((GlobalScaResponseTO) this.redirectScaClient.selectMethod(((GlobalScaResponseTO) Objects.requireNonNull((GlobalScaResponseTO) this.redirectScaClient.startSca(new StartScaOprTO(consentWorkflow.consentId(), str2, consentWorkflow.authId(), OpTypeTO.CONSENT)).getBody())).getAuthorisationId(), str).getBody());
            this.authInterceptor.setAccessToken((String) null);
        } catch (Throwable th) {
            this.authInterceptor.setAccessToken((String) null);
            throw th;
        }
    }

    public ConsentWorkflow authorizeConsent(ConsentWorkflow consentWorkflow, String str) {
        this.authInterceptor.setAccessToken(consentWorkflow.bearerToken().getAccess_token());
        GlobalScaResponseTO globalScaResponseTO = (GlobalScaResponseTO) this.redirectScaClient.validateScaCode(consentWorkflow.authId(), str).getBody();
        consentWorkflow.storeSCAResponse(globalScaResponseTO);
        consentWorkflow.setConsentStatus(((GlobalScaResponseTO) Objects.requireNonNull(globalScaResponseTO)).isPartiallyAuthorised() ? ConsentStatus.PARTIALLY_AUTHORISED.name() : ConsentStatus.VALID.name());
        return consentWorkflow;
    }

    public void updateAccessByConsentType(ConsentWorkflow consentWorkflow, List<AccountDetailsTO> list) {
        AisConsentRequestType aisConsentRequestType = consentWorkflow.getConsentResponse().getAccountConsent().getAisConsentRequestType();
        if (!EnumSet.of(AisConsentRequestType.BANK_OFFERED, AisConsentRequestType.DEDICATED_ACCOUNTS).contains(aisConsentRequestType)) {
            AisAccountAccessInfoTO access = consentWorkflow.getAuthResponse().getConsent().getAccess();
            List<String> extractUserIbans = extractUserIbans(list);
            access.setAccounts(extractUserIbans);
            if (AisConsentRequestType.ALL_AVAILABLE_ACCOUNTS == aisConsentRequestType && requestedConsentWithBalance(consentWorkflow)) {
                access.setBalances(extractUserIbans);
            }
            if (AisConsentRequestType.GLOBAL == aisConsentRequestType) {
                access.setBalances(extractUserIbans);
                access.setTransactions(extractUserIbans);
            }
        }
        if (AisConsentRequestType.DEDICATED_ACCOUNTS == aisConsentRequestType) {
            checkAccess(extractIbansFromAccess(consentWorkflow.getConsentResponse().getAccountConsent().getAccess()), new HashSet(extractUserIbans(list)));
        }
    }

    private void checkAccess(Set<String> set, Set<String> set2) {
        if (!set2.containsAll(set)) {
            throw ObaException.builder().obaErrorCode(ObaErrorCode.LOGIN_FAILED).devMessage("Operation you're logging in is not meant for current user").build();
        }
    }

    private Set<String> extractIbansFromAccess(AisAccountAccess aisAccountAccess) {
        return (Set) Stream.of((Object[]) new List[]{aisAccountAccess.getAccounts(), aisAccountAccess.getBalances(), aisAccountAccess.getTransactions()}).flatMap(list -> {
            return list.stream().map((v0) -> {
                return v0.getIban();
            });
        }).collect(Collectors.toSet());
    }

    private List<String> extractUserIbans(List<AccountDetailsTO> list) {
        return (List) list.stream().map((v0) -> {
            return v0.getIban();
        }).collect(Collectors.toList());
    }

    public void updateScaStatusAndConsentData(String str, ConsentWorkflow consentWorkflow) {
        updateCmsAuthorizationScaStatus(consentWorkflow, str);
        updateAspspConsentData(consentWorkflow);
    }

    private void updateCmsAuthorizationScaStatus(ConsentWorkflow consentWorkflow, String str) {
        String name = consentWorkflow.getAuthResponse().getScaStatus().name();
        try {
            this.cmsPsuAisClient.updateAuthorisationStatus(consentWorkflow.consentId(), name, consentWorkflow.authId(), str, (String) null, (String) null, (String) null, "UNDEFINED", new AuthenticationDataHolder((String) null, consentWorkflow.getScaResponse().getAuthConfirmationCode()));
        } catch (FeignException e) {
            if (e.status() == 400 || e.status() == 404) {
                this.cmsPsuPiisV2Client.updateAuthorisationStatus(consentWorkflow.consentId(), name, consentWorkflow.authId(), str, (String) null, (String) null, (String) null, "UNDEFINED", new AuthenticationDataHolder((String) null, consentWorkflow.getScaResponse().getAuthConfirmationCode()));
            }
        }
    }

    private void updateAspspConsentData(ConsentWorkflow consentWorkflow) {
        this.aspspConsentDataClient.updateAspspConsentData(consentWorkflow.getConsentReference().getEncryptedConsentId(), new CmsAspspConsentDataBase64(consentWorkflow.consentId(), this.dataService.toBase64String(consentWorkflow.getScaResponse())));
    }

    public void startConsent(ConsentWorkflow consentWorkflow, AisConsentTO aisConsentTO, List<AccountDetailsTO> list) {
        try {
            this.cmsPsuAisClient.putAccountAccessInConsent(consentWorkflow.consentId(), new CmsAisConsentAccessRequest(this.consentMapper.accountAccess(aisConsentTO.getAccess(), list), aisConsentTO.getValidUntil(), aisConsentTO.getFrequencyPerDay(), false, Boolean.valueOf(aisConsentTO.isRecurringIndicator())), "UNDEFINED");
        } catch (FeignException e) {
            log.error("Consent not found expecting it is a PIIS consent");
        }
        AisConsentTO to = this.consentMapper.toTo(consentWorkflow.getConsentResponse().getAccountConsent());
        to.setAccess(aisConsentTO.getAccess());
        consentWorkflow.getAuthResponse().setConsent(to);
        this.authInterceptor.setAccessToken(consentWorkflow.bearerToken().getAccess_token());
        consentWorkflow.storeSCAResponse(this.dataService.mapToGlobalResponse((SCAConsentResponseTO) Objects.requireNonNull((SCAConsentResponseTO) this.consentRestClient.initiateAisConsent(consentWorkflow.consentId(), to).getBody()), OpTypeTO.CONSENT));
    }

    public ConsentWorkflow identifyConsent(String str, String str2, boolean z, String str3, BearerTokenTO bearerTokenTO) {
        ConsentReference fromRequest = this.referencePolicy.fromRequest(str, str2, str3, z);
        CmsAisConsentResponse loadConsentByRedirectId = loadConsentByRedirectId(fromRequest);
        ConsentWorkflow consentWorkflow = new ConsentWorkflow(loadConsentByRedirectId, fromRequest);
        consentWorkflow.setAuthResponse(new ConsentAuthorizeResponse(this.consentMapper.toTo(((CmsAisConsentResponse) Objects.requireNonNull(loadConsentByRedirectId)).getAccountConsent())));
        consentWorkflow.getAuthResponse().setAuthorisationId(loadConsentByRedirectId.getAuthorisationId());
        consentWorkflow.getAuthResponse().setEncryptedConsentId(str);
        if (bearerTokenTO != null) {
            SCAConsentResponseTO sCAConsentResponseTO = new SCAConsentResponseTO();
            sCAConsentResponseTO.setBearerToken(bearerTokenTO);
            consentWorkflow.setScaResponse(this.dataService.mapToGlobalResponse(sCAConsentResponseTO, OpTypeTO.CONSENT));
        }
        return consentWorkflow;
    }

    private CmsAisConsentResponse loadConsentByRedirectId(ConsentReference consentReference) {
        return (CmsAisConsentResponse) this.cmsPsuAisClient.getConsentIdByRedirectId(consentReference.getRedirectId(), "UNDEFINED").getBody();
    }

    private boolean requestedConsentWithBalance(ConsentWorkflow consentWorkflow) {
        return StringUtils.isNotBlank(consentWorkflow.getConsentResponse().getAccountConsent().getAccess().getAvailableAccountsWithBalance());
    }

    public RedirectConsentServiceImpl(CmsPsuAisClient cmsPsuAisClient, CmsPsuPiisV2Client cmsPsuPiisV2Client, ConsentRestClient consentRestClient, AuthRequestInterceptor authRequestInterceptor, ObaAisConsentMapper obaAisConsentMapper, ConsentReferencePolicy consentReferencePolicy, CmsAspspConsentDataService cmsAspspConsentDataService, AspspConsentDataClient aspspConsentDataClient, RedirectScaRestClient redirectScaRestClient) {
        this.cmsPsuAisClient = cmsPsuAisClient;
        this.cmsPsuPiisV2Client = cmsPsuPiisV2Client;
        this.consentRestClient = consentRestClient;
        this.authInterceptor = authRequestInterceptor;
        this.consentMapper = obaAisConsentMapper;
        this.referencePolicy = consentReferencePolicy;
        this.dataService = cmsAspspConsentDataService;
        this.aspspConsentDataClient = aspspConsentDataClient;
        this.redirectScaClient = redirectScaRestClient;
    }
}
