package de.adorsys.ledgers.middleware.rest.security;

import de.adorsys.ledgers.middleware.api.domain.account.AccountIdentifierTypeTO;
import de.adorsys.ledgers.middleware.api.domain.um.AccessTokenTO;
import de.adorsys.ledgers.middleware.api.domain.um.AccountAccessTO;
import de.adorsys.ledgers.middleware.api.domain.um.AisAccountAccessInfoTO;
import de.adorsys.ledgers.middleware.api.domain.um.AisConsentTO;
import de.adorsys.ledgers.middleware.api.domain.um.TokenUsageTO;
import de.adorsys.ledgers.middleware.api.domain.um.UserRoleTO;
import de.adorsys.ledgers.middleware.api.service.MiddlewareAccountManagementService;
import de.adorsys.ledgers.middleware.api.service.MiddlewarePaymentService;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:de/adorsys/ledgers/middleware/rest/security/AccountAccessMethodSecurityExpressionRoot.class */
public class AccountAccessMethodSecurityExpressionRoot extends SecurityExpressionAdapter {
    public AccountAccessMethodSecurityExpressionRoot(Authentication authentication, MiddlewareAccountManagementService middlewareAccountManagementService, MiddlewarePaymentService middlewarePaymentService) {
        super(authentication, middlewareAccountManagementService, middlewarePaymentService);
    }

    public boolean accountInfoByIdentifier(AccountIdentifierTypeTO accountIdentifierTypeTO, String str) {
        return accountIdentifierTypeTO == AccountIdentifierTypeTO.IBAN ? accountInfoByIban(str) : accountInfoById(str);
    }

    public boolean accountInfoById(String str) {
        return checkAccountInfoAccess(this.accountService.iban(str));
    }

    public boolean accountInfoByIban(String str) {
        return checkAccountInfoAccess(str);
    }

    public boolean accountInfoFor(AisConsentTO aisConsentTO) {
        AisAccountAccessInfoTO access = aisConsentTO.getAccess();
        return access != null && accountInfoByIbanList(access.getAccounts()) && accountInfoByIbanList(access.getTransactions()) && accountInfoByIbanList(access.getBalances());
    }

    public boolean tokenUsage(String str) {
        return checkTokenUsage(str);
    }

    public boolean tokenUsages(String str, String str2) {
        return checkTokenUsage(str) || checkTokenUsage(str2);
    }

    public boolean loginToken(String str, String str2) {
        AccessTokenTO accessTokenTO = getAccessTokenTO();
        return checkTokenUsage(TokenUsageTO.LOGIN.name()) && str.equals(accessTokenTO.getScaId()) && str2.equals(accessTokenTO.getAuthorisationId());
    }

    public boolean paymentInitById(String str) {
        return checkPaymentInitAccess(this.paymentService.iban(str));
    }

    public boolean paymentInfoById(String str) {
        String iban = this.paymentService.iban(str);
        return checkAccountInfoAccess(iban) || checkPaymentInitAccess(iban);
    }

    private boolean checkPaymentInitAccess(String str) {
        AccessTokenTO accessTokenTO = getAccessTokenTO();
        return EnumSet.of(UserRoleTO.CUSTOMER, UserRoleTO.STAFF).contains(accessTokenTO.getRole()) ? getAccountAccesses(accessTokenTO.getSub()).stream().anyMatch(accountAccessTO -> {
            return accountAccessTO.hasPaymentAccess(str);
        }) : UserRoleTO.SYSTEM == accessTokenTO.getRole();
    }

    private List<AccountAccessTO> getAccountAccesses(String str) {
        return this.accountService.getAccountAccesses(str);
    }

    private boolean checkAccountInfoAccess(String str) {
        if (StringUtils.isBlank(str)) {
            return false;
        }
        AccessTokenTO accessTokenTO = getAccessTokenTO();
        if (UserRoleTO.SYSTEM == accessTokenTO.getRole()) {
            return true;
        }
        if (EnumSet.of(UserRoleTO.CUSTOMER, UserRoleTO.STAFF).contains(accessTokenTO.getRole())) {
            return getAccountAccesses(accessTokenTO.getSub()).stream().anyMatch(accountAccessTO -> {
                return accountAccessTO.hasIban(str);
            }) || checkConsentAccess(accessTokenTO, str);
        }
        return false;
    }

    private boolean checkConsentAccess(AccessTokenTO accessTokenTO, String str) {
        return accessTokenTO.hasValidConsent() && checkConsentAccess(str, accessTokenTO.getConsent().getAccess());
    }

    private boolean checkConsentAccess(String str, AisAccountAccessInfoTO aisAccountAccessInfoTO) {
        return aisAccountAccessInfoTO != null && aisAccountAccessInfoTO.hasIbanInAccess(str);
    }

    private boolean accountInfoByIbanList(List<String> list) {
        if (CollectionUtils.isEmpty(list)) {
            return true;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (!checkAccountInfoAccess(it.next())) {
                return false;
            }
        }
        return true;
    }

    private boolean checkTokenUsage(String str) {
        AccessTokenTO accessTokenTO = getAccessTokenTO();
        return accessTokenTO.getTokenUsage() != null && accessTokenTO.getTokenUsage().name().equals(str);
    }

    private AccessTokenTO getAccessTokenTO() {
        return getAuthentication().getBearerToken().getAccessTokenObject();
    }
}
