package ca.uhn.fhir.rest.server.interceptor.auth;

import ca.uhn.fhir.context.FhirContext;
import ca.uhn.fhir.context.RuntimeResourceDefinition;
import ca.uhn.fhir.rest.api.RequestTypeEnum;
import ca.uhn.fhir.rest.api.RestOperationTypeEnum;
import ca.uhn.fhir.rest.method.RequestDetails;
import ca.uhn.fhir.rest.server.exceptions.InvalidRequestException;
import ca.uhn.fhir.rest.server.interceptor.auth.AuthorizationInterceptor;
import ca.uhn.fhir.util.BundleUtil;
import ca.uhn.fhir.util.FhirTerser;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.apache.commons.lang3.builder.ToStringStyle;
import org.hl7.fhir.instance.model.api.IBaseBundle;
import org.hl7.fhir.instance.model.api.IBaseResource;
import org.hl7.fhir.instance.model.api.IIdType;
import org.hl7.fhir.utilities.xml.XMLWriter;

/* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleImplOp.class */
class RuleImplOp extends BaseRule {
    private AppliesTypeEnum myAppliesTo;
    private Set<?> myAppliesToTypes;
    private String myClassifierCompartmentName;
    private Collection<? extends IIdType> myClassifierCompartmentOwners;
    private ClassifierTypeEnum myClassifierType;
    private RuleOpEnum myOp;
    private TransactionAppliesToEnum myTransactionAppliesToOp;
    private List<IIdType> myAppliesToInstances;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: ca.uhn.fhir.rest.server.interceptor.auth.RuleImplOp$1, reason: invalid class name */
    /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleImplOp$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$AppliesTypeEnum;
        static final /* synthetic */ int[] $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$ClassifierTypeEnum = new int[ClassifierTypeEnum.values().length];

        static {
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$ClassifierTypeEnum[ClassifierTypeEnum.ANY_ID.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$ClassifierTypeEnum[ClassifierTypeEnum.IN_COMPARTMENT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$AppliesTypeEnum = new int[AppliesTypeEnum.values().length];
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$AppliesTypeEnum[AppliesTypeEnum.INSTANCES.ordinal()] = 1;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$AppliesTypeEnum[AppliesTypeEnum.ALL_RESOURCES.ordinal()] = 2;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$AppliesTypeEnum[AppliesTypeEnum.TYPES.ordinal()] = 3;
            } catch (NoSuchFieldError e5) {
            }
            $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum = new int[RuleOpEnum.values().length];
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum[RuleOpEnum.READ.ordinal()] = 1;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum[RuleOpEnum.WRITE.ordinal()] = 2;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum[RuleOpEnum.DELETE.ordinal()] = 3;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum[RuleOpEnum.BATCH.ordinal()] = 4;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum[RuleOpEnum.TRANSACTION.ordinal()] = 5;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum[RuleOpEnum.ALLOW_ALL.ordinal()] = 6;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum[RuleOpEnum.DENY_ALL.ordinal()] = 7;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum[RuleOpEnum.METADATA.ordinal()] = 8;
            } catch (NoSuchFieldError e13) {
            }
            $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum = new int[RestOperationTypeEnum.values().length];
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.READ.ordinal()] = 1;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.VREAD.ordinal()] = 2;
            } catch (NoSuchFieldError e15) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.SEARCH_SYSTEM.ordinal()] = 3;
            } catch (NoSuchFieldError e16) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.SEARCH_TYPE.ordinal()] = 4;
            } catch (NoSuchFieldError e17) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.HISTORY_INSTANCE.ordinal()] = 5;
            } catch (NoSuchFieldError e18) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.HISTORY_SYSTEM.ordinal()] = 6;
            } catch (NoSuchFieldError e19) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.HISTORY_TYPE.ordinal()] = 7;
            } catch (NoSuchFieldError e20) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.CREATE.ordinal()] = 8;
            } catch (NoSuchFieldError e21) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.UPDATE.ordinal()] = 9;
            } catch (NoSuchFieldError e22) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.ADD_TAGS.ordinal()] = 10;
            } catch (NoSuchFieldError e23) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.DELETE_TAGS.ordinal()] = 11;
            } catch (NoSuchFieldError e24) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.META_ADD.ordinal()] = 12;
            } catch (NoSuchFieldError e25) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.META_DELETE.ordinal()] = 13;
            } catch (NoSuchFieldError e26) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.PATCH.ordinal()] = 14;
            } catch (NoSuchFieldError e27) {
            }
        }
    }

    public RuleImplOp(String str) {
        super(str);
    }

    @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRule
    public AuthorizationInterceptor.Verdict applyRule(RestOperationTypeEnum restOperationTypeEnum, RequestDetails requestDetails, IBaseResource iBaseResource, IIdType iIdType, IBaseResource iBaseResource2, IRuleApplier iRuleApplier) {
        AuthorizationInterceptor.Verdict applyRulesAndReturnDecision;
        RestOperationTypeEnum restOperationTypeEnum2;
        IBaseResource iBaseResource3;
        FhirContext fhirContext = requestDetails.getServer().getFhirContext();
        IIdType iIdType2 = null;
        String str = null;
        switch (AnonymousClass1.$SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum[this.myOp.ordinal()]) {
            case XMLWriter.LINE_WINDOWS /* 1 */:
                if (iBaseResource2 == null) {
                    switch (AnonymousClass1.$SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[restOperationTypeEnum.ordinal()]) {
                        case XMLWriter.LINE_WINDOWS /* 1 */:
                        case 2:
                            iIdType2 = iIdType;
                            str = iIdType.getResourceType();
                            break;
                        case 3:
                        case 4:
                        case 5:
                        case 6:
                        case 7:
                            return new AuthorizationInterceptor.Verdict(PolicyEnum.ALLOW, this);
                        default:
                            return null;
                    }
                }
                iBaseResource3 = iBaseResource2;
                if (iBaseResource2 != null) {
                    iIdType2 = iBaseResource2.getIdElement();
                    break;
                }
                break;
            case 2:
                if (iBaseResource == null && iIdType == null) {
                    return null;
                }
                switch (restOperationTypeEnum) {
                    case CREATE:
                    case UPDATE:
                    case ADD_TAGS:
                    case DELETE_TAGS:
                    case META_ADD:
                    case META_DELETE:
                    case PATCH:
                        iBaseResource3 = iBaseResource;
                        iIdType2 = iIdType;
                        break;
                    default:
                        return null;
                }
            case 3:
                if (restOperationTypeEnum != RestOperationTypeEnum.DELETE) {
                    return null;
                }
                if (iBaseResource == null) {
                    return newVerdict();
                }
                iBaseResource3 = iBaseResource;
                break;
            case 4:
            case 5:
                if (restOperationTypeEnum != RestOperationTypeEnum.TRANSACTION) {
                    return null;
                }
                if (iBaseResource == null || !requestAppliesToTransaction(fhirContext, this.myOp, iBaseResource)) {
                    if (iBaseResource2 == null) {
                        return null;
                    }
                    AuthorizationInterceptor.Verdict verdict = null;
                    for (BundleUtil.BundleEntryParts bundleEntryParts : BundleUtil.toListOfEntries(fhirContext, (IBaseBundle) iBaseResource)) {
                        if (bundleEntryParts.getResource() != null && (applyRulesAndReturnDecision = iRuleApplier.applyRulesAndReturnDecision(RestOperationTypeEnum.READ, requestDetails, null, null, bundleEntryParts.getResource())) != null) {
                            if (verdict == null) {
                                verdict = applyRulesAndReturnDecision;
                            } else if (verdict.getDecision() == PolicyEnum.ALLOW && applyRulesAndReturnDecision.getDecision() == PolicyEnum.DENY) {
                                verdict = applyRulesAndReturnDecision;
                            }
                        }
                    }
                    return verdict;
                }
                if (getMode() == PolicyEnum.DENY) {
                    return new AuthorizationInterceptor.Verdict(PolicyEnum.DENY, this);
                }
                AuthorizationInterceptor.Verdict verdict2 = null;
                for (BundleUtil.BundleEntryParts bundleEntryParts2 : BundleUtil.toListOfEntries(fhirContext, (IBaseBundle) iBaseResource)) {
                    IBaseResource resource = bundleEntryParts2.getResource();
                    if (bundleEntryParts2.getRequestType() != RequestTypeEnum.GET) {
                        if (bundleEntryParts2.getRequestType() == RequestTypeEnum.POST) {
                            restOperationTypeEnum2 = RestOperationTypeEnum.CREATE;
                        } else {
                            if (bundleEntryParts2.getRequestType() != RequestTypeEnum.PUT) {
                                throw new InvalidRequestException("Can not handle transaction with operation of type " + bundleEntryParts2.getRequestType());
                            }
                            restOperationTypeEnum2 = RestOperationTypeEnum.UPDATE;
                        }
                        RuntimeResourceDefinition resourceDefinition = fhirContext.getResourceDefinition(bundleEntryParts2.getResource());
                        if ("Parameters".equals(resourceDefinition.getName()) || "Bundle".equals(resourceDefinition.getName())) {
                            throw new InvalidRequestException("Can not handle transaction with nested resource of type " + resourceDefinition.getName());
                        }
                        AuthorizationInterceptor.Verdict applyRulesAndReturnDecision2 = iRuleApplier.applyRulesAndReturnDecision(restOperationTypeEnum2, requestDetails, resource, null, null);
                        if (applyRulesAndReturnDecision2 != null) {
                            if (verdict2 == null) {
                                verdict2 = applyRulesAndReturnDecision2;
                            } else if (verdict2.getDecision() == PolicyEnum.ALLOW && applyRulesAndReturnDecision2.getDecision() == PolicyEnum.DENY) {
                                verdict2 = applyRulesAndReturnDecision2;
                            }
                        }
                    }
                }
                return verdict2;
            case 6:
                return new AuthorizationInterceptor.Verdict(PolicyEnum.ALLOW, this);
            case 7:
                return new AuthorizationInterceptor.Verdict(PolicyEnum.DENY, this);
            case 8:
                if (restOperationTypeEnum == RestOperationTypeEnum.METADATA) {
                    return newVerdict();
                }
                return null;
            default:
                throw new IllegalStateException("Unable to apply security to event of type " + restOperationTypeEnum);
        }
        switch (AnonymousClass1.$SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$AppliesTypeEnum[this.myAppliesTo.ordinal()]) {
            case XMLWriter.LINE_WINDOWS /* 1 */:
                if (iIdType2 == null) {
                    return null;
                }
                for (IIdType iIdType3 : this.myAppliesToInstances) {
                    if (!StringUtils.isNotBlank(iIdType3.getResourceType()) || iIdType3.getResourceType().equals(iIdType2.getResourceType())) {
                        if (iIdType3.getIdPart().equals(iIdType2.getIdPart())) {
                            return newVerdict();
                        }
                    }
                }
                return null;
            case 2:
                if (str != null) {
                    return new AuthorizationInterceptor.Verdict(PolicyEnum.ALLOW, this);
                }
                break;
            case 3:
                if (iBaseResource3 != null && !this.myAppliesToTypes.contains(iBaseResource3.getClass())) {
                    return null;
                }
                if (iIdType2 != null) {
                    if (!this.myAppliesToTypes.contains(requestDetails.getServer().getFhirContext().getResourceDefinition(iIdType2.getResourceType()).getImplementingClass())) {
                        return null;
                    }
                }
                if (str != null) {
                    if (this.myAppliesToTypes.contains(requestDetails.getServer().getFhirContext().getResourceDefinition(str).getImplementingClass())) {
                        return new AuthorizationInterceptor.Verdict(PolicyEnum.ALLOW, this);
                    }
                }
                break;
            default:
                throw new IllegalStateException("Unable to apply security to event of applies to type " + this.myAppliesTo);
        }
        switch (AnonymousClass1.$SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$ClassifierTypeEnum[this.myClassifierType.ordinal()]) {
            case XMLWriter.LINE_WINDOWS /* 1 */:
                break;
            case 2:
                FhirTerser newTerser = fhirContext.newTerser();
                boolean z = false;
                Iterator<? extends IIdType> it = this.myClassifierCompartmentOwners.iterator();
                while (true) {
                    if (it.hasNext()) {
                        IIdType next = it.next();
                        if (iBaseResource3 != null && newTerser.isSourceInCompartmentForTarget(this.myClassifierCompartmentName, iBaseResource3, next)) {
                            z = true;
                        } else if (iIdType2 != null && iIdType2.hasResourceType() && iIdType2.hasIdPart() && iIdType2.toUnqualifiedVersionless().getValue().equals(next.toUnqualifiedVersionless().getValue())) {
                            z = true;
                        }
                    }
                }
                if (!z) {
                    return null;
                }
                break;
            default:
                throw new IllegalStateException("Unable to apply security to event of applies to type " + this.myAppliesTo);
        }
        return newVerdict();
    }

    public String toString() {
        ToStringBuilder toStringBuilder = new ToStringBuilder(this, ToStringStyle.SHORT_PREFIX_STYLE);
        toStringBuilder.append("op", this.myOp);
        toStringBuilder.append("transactionAppliesToOp", this.myTransactionAppliesToOp);
        toStringBuilder.append("appliesTo", this.myAppliesTo);
        toStringBuilder.append("appliesToTypes", this.myAppliesToTypes);
        toStringBuilder.append("classifierCompartmentName", this.myClassifierCompartmentName);
        toStringBuilder.append("classifierCompartmentOwners", this.myClassifierCompartmentOwners);
        toStringBuilder.append("classifierType", this.myClassifierType);
        return toStringBuilder.toString();
    }

    private boolean requestAppliesToTransaction(FhirContext fhirContext, RuleOpEnum ruleOpEnum, IBaseResource iBaseResource) {
        if (!"Bundle".equals(fhirContext.getResourceDefinition(iBaseResource).getName())) {
            return false;
        }
        String bundleType = BundleUtil.getBundleType(fhirContext, (IBaseBundle) iBaseResource);
        switch (ruleOpEnum) {
            case BATCH:
                return "batch".equals(bundleType);
            case TRANSACTION:
                return "transaction".equals(bundleType);
            default:
                return false;
        }
    }

    public TransactionAppliesToEnum getTransactionAppliesToOp() {
        return this.myTransactionAppliesToOp;
    }

    public void setAppliesTo(AppliesTypeEnum appliesTypeEnum) {
        this.myAppliesTo = appliesTypeEnum;
    }

    public void setAppliesToTypes(Set<?> set) {
        this.myAppliesToTypes = set;
    }

    public void setClassifierCompartmentName(String str) {
        this.myClassifierCompartmentName = str;
    }

    public void setClassifierCompartmentOwners(Collection<? extends IIdType> collection) {
        this.myClassifierCompartmentOwners = collection;
    }

    public void setClassifierType(ClassifierTypeEnum classifierTypeEnum) {
        this.myClassifierType = classifierTypeEnum;
    }

    public RuleImplOp setOp(RuleOpEnum ruleOpEnum) {
        this.myOp = ruleOpEnum;
        return this;
    }

    public void setTransactionAppliesToOp(TransactionAppliesToEnum transactionAppliesToEnum) {
        this.myTransactionAppliesToOp = transactionAppliesToEnum;
    }

    public void setAppliesToInstances(List<IIdType> list) {
        this.myAppliesToInstances = list;
    }
}
