package de.adorsys.xs2a.adapter.crealogix;

import de.adorsys.xs2a.adapter.api.EmbeddedPreAuthorisationService;
import de.adorsys.xs2a.adapter.api.RequestHeaders;
import de.adorsys.xs2a.adapter.api.Response;
import de.adorsys.xs2a.adapter.api.config.AdapterConfig;
import de.adorsys.xs2a.adapter.api.http.HttpClient;
import de.adorsys.xs2a.adapter.api.http.HttpClientFactory;
import de.adorsys.xs2a.adapter.api.http.HttpLogSanitizer;
import de.adorsys.xs2a.adapter.api.model.Aspsp;
import de.adorsys.xs2a.adapter.api.model.EmbeddedPreAuthorisationRequest;
import de.adorsys.xs2a.adapter.api.model.TokenResponse;
import de.adorsys.xs2a.adapter.crealogix.model.CrealogixValidationResponse;
import de.adorsys.xs2a.adapter.impl.http.JacksonObjectMapper;
import de.adorsys.xs2a.adapter.impl.http.JsonMapper;
import de.adorsys.xs2a.adapter.impl.security.AccessTokenException;
import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.nio.charset.Charset;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.ws.rs.core.Response;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.mapstruct.factory.Mappers;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/adorsys/xs2a/adapter/crealogix/CrealogixEmbeddedPreAuthorisationService.class */
public class CrealogixEmbeddedPreAuthorisationService implements EmbeddedPreAuthorisationService {
    public static final String TOKEN_CONSUMER_KEY_PROPERTY = ".token.consumer_key";
    public static final String TOKEN_CONSUMER_SECRET_PROPERTY = ".token.consumer_secret";
    public static final String TOKEN_CONSUMER_SECRET_TPP_ID = ".token.tpp_id";
    public static final String TOKEN_CONSUMER_SECRET_TPP_MANAGEMENT = ".token.tpp_secret";
    public static final String PSD2_TOKEN_URL = ".psd2_token.url";
    private static final String CREDENTIALS_JSON_BODY = "{\"username\":\"%s\",\"password\":\"%s\"}";
    private final Aspsp aspsp;
    private static final String TOKEN_URL = "/token";
    private static final Map<String, String> tppHeaders = new HashMap();
    private final HttpClient httpClient;
    private final HttpLogSanitizer logSanitizer;
    private final String psd2AuthorizationValue;
    private final String psd2TokenUrl;
    private final Logger logger = LoggerFactory.getLogger(CrealogixEmbeddedPreAuthorisationService.class);
    private final CrealogixMapper mapper = (CrealogixMapper) Mappers.getMapper(CrealogixMapper.class);
    private final JsonMapper jsonMapper = new JacksonObjectMapper();

    public CrealogixEmbeddedPreAuthorisationService(CrealogixClient crealogixClient, Aspsp aspsp, HttpClientFactory httpClientFactory) {
        this.aspsp = aspsp;
        this.httpClient = httpClientFactory.getHttpClient(aspsp.getAdapterId());
        this.logSanitizer = httpClientFactory.getHttpClientConfig().getLogSanitizer();
        String prefix = crealogixClient.getPrefix();
        String readProperty = AdapterConfig.readProperty(prefix + TOKEN_CONSUMER_KEY_PROPERTY, "");
        String readProperty2 = AdapterConfig.readProperty(prefix + TOKEN_CONSUMER_SECRET_PROPERTY, "");
        String readProperty3 = AdapterConfig.readProperty(prefix + TOKEN_CONSUMER_SECRET_TPP_ID, "");
        String readProperty4 = AdapterConfig.readProperty(prefix + TOKEN_CONSUMER_SECRET_TPP_MANAGEMENT, "");
        this.psd2TokenUrl = AdapterConfig.readProperty(prefix + PSD2_TOKEN_URL, "");
        if (StringUtils.isAnyEmpty(new CharSequence[]{readProperty, readProperty2, readProperty3, readProperty4, this.psd2TokenUrl})) {
            throw new AccessTokenException("Consumer Key, Consumer Secret, TPP ID, TPP Secret, or PSD2 Token URL is not provided");
        }
        this.psd2AuthorizationValue = "Basic " + buildBasicAuthorization(readProperty3, readProperty4);
        tppHeaders.put("Authorization", "Basic " + buildBasicAuthorization(readProperty, readProperty2));
        tppHeaders.put("Content-Type", "application/x-www-form-urlencoded");
    }

    public TokenResponse getToken(EmbeddedPreAuthorisationRequest embeddedPreAuthorisationRequest, RequestHeaders requestHeaders) {
        String retrieveTppToken = retrieveTppToken();
        String retrievePsd2AuthorisationToken = retrievePsd2AuthorisationToken(embeddedPreAuthorisationRequest.getUsername(), embeddedPreAuthorisationRequest.getPassword(), retrieveTppToken);
        TokenResponse tokenResponse = new TokenResponse();
        tokenResponse.setAccessToken(new CrealogixAuthorisationToken(retrieveTppToken, retrievePsd2AuthorisationToken).encode());
        return tokenResponse;
    }

    private String retrieveTppToken() {
        return ((TokenResponse) this.httpClient.post(adjustIdpUrl(this.aspsp.getIdpUrl()) + TOKEN_URL).urlEncodedBody(Collections.singletonMap("grant_type", "client_credentials")).headers(tppHeaders).send(responseHandler(TokenResponse.class)).getBody()).getAccessToken();
    }

    private String retrievePsd2AuthorisationToken(String str, String str2, String str3) {
        HashMap hashMap = new HashMap(3);
        hashMap.put("Content-Type", "application/json");
        hashMap.put("Authorization", "Bearer " + str3);
        hashMap.put("PSD2-AUTHORIZATION", this.psd2AuthorizationValue);
        Response send = this.httpClient.post(adjustIdpUrl(this.aspsp.getIdpUrl()) + this.psd2TokenUrl).jsonBody(String.format(CREDENTIALS_JSON_BODY, str, str2)).headers(hashMap).send(responseHandler(CrealogixValidationResponse.class));
        CrealogixMapper crealogixMapper = this.mapper;
        crealogixMapper.getClass();
        return ((TokenResponse) send.map(crealogixMapper::toTokenResponse).getBody()).getAccessToken();
    }

    <T> HttpClient.ResponseHandler<T> responseHandler(Class<T> cls) {
        return (i, inputStream, responseHeaders) -> {
            if (isSuccess(i)) {
                return this.jsonMapper.readValue(inputStream, cls);
            }
            this.logger.error("Failed to retrieve Token. Status code: {}\nBank response: {}", Integer.valueOf(i), this.logSanitizer.sanitize(toString(inputStream)));
            throw new AccessTokenException("Can't retrieve access token by provided credentials");
        };
    }

    private String toString(InputStream inputStream) {
        try {
            return IOUtils.toString(inputStream, Charset.defaultCharset());
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    private boolean isSuccess(int i) {
        return Response.Status.Family.SUCCESSFUL.equals(Response.Status.Family.familyOf(i));
    }

    private static String buildBasicAuthorization(String str, String str2) {
        return new String(Base64.getEncoder().encode((str + ":" + str2).getBytes()));
    }

    private static String adjustIdpUrl(String str) {
        return str.endsWith("/") ? str.substring(0, str.length() - 1) : str;
    }
}
