package ca.uhn.fhir.rest.server.interceptor.auth;

import ca.uhn.fhir.context.FhirContext;
import ca.uhn.fhir.context.support.IValidationSupport;
import ca.uhn.fhir.i18n.Msg;
import ca.uhn.fhir.interceptor.api.Hook;
import ca.uhn.fhir.interceptor.api.Interceptor;
import ca.uhn.fhir.interceptor.api.Pointcut;
import ca.uhn.fhir.rest.api.RestOperationTypeEnum;
import ca.uhn.fhir.rest.api.server.IPreResourceShowDetails;
import ca.uhn.fhir.rest.api.server.RequestDetails;
import ca.uhn.fhir.rest.api.server.bulk.BulkDataExportOptions;
import ca.uhn.fhir.rest.server.BasePagingProvider;
import ca.uhn.fhir.rest.server.exceptions.ForbiddenOperationException;
import ca.uhn.fhir.rest.server.interceptor.consent.ConsentInterceptor;
import ca.uhn.fhir.rest.server.provider.ServerCapabilityStatementProvider;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.atomic.AtomicInteger;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.Validate;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.apache.commons.lang3.builder.ToStringStyle;
import org.hl7.fhir.instance.model.api.IBaseBundle;
import org.hl7.fhir.instance.model.api.IBaseParameters;
import org.hl7.fhir.instance.model.api.IBaseResource;
import org.hl7.fhir.instance.model.api.IIdType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Interceptor(order = AuthorizationConstants.ORDER_AUTH_INTERCEPTOR)
/* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/AuthorizationInterceptor.class */
public class AuthorizationInterceptor implements IRuleApplier {
    public static final String REQUEST_ATTRIBUTE_BULK_DATA_EXPORT_OPTIONS = AuthorizationInterceptor.class.getName() + "_BulkDataExportOptions";
    private static final AtomicInteger ourInstanceCount = new AtomicInteger(0);
    private static final Logger ourLog = LoggerFactory.getLogger(AuthorizationInterceptor.class);
    private final int myInstanceIndex;
    private final String myRequestSeenResourcesKey;
    private final String myRequestRuleListKey;
    private PolicyEnum myDefaultPolicy;
    private Set<AuthorizationFlagsEnum> myFlags;
    private IValidationSupport myValidationSupport;
    private Logger myTroubleshootingLog;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: ca.uhn.fhir.rest.server.interceptor.auth.AuthorizationInterceptor$1, reason: invalid class name */
    /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/AuthorizationInterceptor$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum;
        static final /* synthetic */ int[] $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$AuthorizationInterceptor$OperationExamineDirection = new int[OperationExamineDirection.values().length];

        static {
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$AuthorizationInterceptor$OperationExamineDirection[OperationExamineDirection.IN.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$AuthorizationInterceptor$OperationExamineDirection[OperationExamineDirection.BOTH.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$AuthorizationInterceptor$OperationExamineDirection[OperationExamineDirection.OUT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$AuthorizationInterceptor$OperationExamineDirection[OperationExamineDirection.NONE.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum = new int[RestOperationTypeEnum.values().length];
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.ADD_TAGS.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.DELETE_TAGS.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.GET_TAGS.ordinal()] = 3;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.EXTENDED_OPERATION_INSTANCE.ordinal()] = 4;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.EXTENDED_OPERATION_SERVER.ordinal()] = 5;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.EXTENDED_OPERATION_TYPE.ordinal()] = 6;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.METADATA.ordinal()] = 7;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.DELETE.ordinal()] = 8;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.CREATE.ordinal()] = 9;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.UPDATE.ordinal()] = 10;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.PATCH.ordinal()] = 11;
            } catch (NoSuchFieldError e15) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.META.ordinal()] = 12;
            } catch (NoSuchFieldError e16) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.META_ADD.ordinal()] = 13;
            } catch (NoSuchFieldError e17) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.META_DELETE.ordinal()] = 14;
            } catch (NoSuchFieldError e18) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.GET_PAGE.ordinal()] = 15;
            } catch (NoSuchFieldError e19) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.HISTORY_INSTANCE.ordinal()] = 16;
            } catch (NoSuchFieldError e20) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.HISTORY_SYSTEM.ordinal()] = 17;
            } catch (NoSuchFieldError e21) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.HISTORY_TYPE.ordinal()] = 18;
            } catch (NoSuchFieldError e22) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.READ.ordinal()] = 19;
            } catch (NoSuchFieldError e23) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.SEARCH_SYSTEM.ordinal()] = 20;
            } catch (NoSuchFieldError e24) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.SEARCH_TYPE.ordinal()] = 21;
            } catch (NoSuchFieldError e25) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.VREAD.ordinal()] = 22;
            } catch (NoSuchFieldError e26) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.TRANSACTION.ordinal()] = 23;
            } catch (NoSuchFieldError e27) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.VALIDATE.ordinal()] = 24;
            } catch (NoSuchFieldError e28) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.GRAPHQL_REQUEST.ordinal()] = 25;
            } catch (NoSuchFieldError e29) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/AuthorizationInterceptor$OperationExamineDirection.class */
    public enum OperationExamineDirection {
        BOTH,
        IN,
        NONE,
        OUT
    }

    /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/AuthorizationInterceptor$Verdict.class */
    public static class Verdict {
        private final IAuthRule myDecidingRule;
        private final PolicyEnum myDecision;

        public Verdict(PolicyEnum policyEnum, IAuthRule iAuthRule) {
            Validate.notNull(policyEnum);
            this.myDecision = policyEnum;
            this.myDecidingRule = iAuthRule;
        }

        IAuthRule getDecidingRule() {
            return this.myDecidingRule;
        }

        public PolicyEnum getDecision() {
            return this.myDecision;
        }

        public String toString() {
            ToStringBuilder toStringBuilder = new ToStringBuilder(this, ToStringStyle.SHORT_PREFIX_STYLE);
            toStringBuilder.append("rule", this.myDecidingRule != null ? this.myDecidingRule.getName() : "(none)");
            toStringBuilder.append("decision", this.myDecision.name());
            return toStringBuilder.build();
        }
    }

    public AuthorizationInterceptor() {
        this.myInstanceIndex = ourInstanceCount.incrementAndGet();
        this.myRequestSeenResourcesKey = AuthorizationInterceptor.class.getName() + "_" + this.myInstanceIndex + "_SEENRESOURCES";
        this.myRequestRuleListKey = AuthorizationInterceptor.class.getName() + "_" + this.myInstanceIndex + "_RULELIST";
        this.myDefaultPolicy = PolicyEnum.DENY;
        this.myFlags = Collections.emptySet();
        setTroubleshootingLog(ourLog);
    }

    public AuthorizationInterceptor(PolicyEnum policyEnum) {
        this();
        setDefaultPolicy(policyEnum);
    }

    @Override // ca.uhn.fhir.rest.server.interceptor.auth.IRuleApplier
    @Nonnull
    public Logger getTroubleshootingLog() {
        return this.myTroubleshootingLog;
    }

    public void setTroubleshootingLog(@Nonnull Logger logger) {
        Validate.notNull(logger, "theTroubleshootingLog must not be null", new Object[0]);
        this.myTroubleshootingLog = logger;
    }

    private void applyRulesAndFailIfDeny(RestOperationTypeEnum restOperationTypeEnum, RequestDetails requestDetails, IBaseResource iBaseResource, IIdType iIdType, IBaseResource iBaseResource2, Pointcut pointcut) {
        Verdict applyRulesAndReturnDecision = applyRulesAndReturnDecision(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, pointcut);
        if (applyRulesAndReturnDecision.getDecision() == PolicyEnum.ALLOW) {
            return;
        }
        handleDeny(requestDetails, applyRulesAndReturnDecision);
    }

    @Override // ca.uhn.fhir.rest.server.interceptor.auth.IRuleApplier
    public Verdict applyRulesAndReturnDecision(RestOperationTypeEnum restOperationTypeEnum, RequestDetails requestDetails, IBaseResource iBaseResource, IIdType iIdType, IBaseResource iBaseResource2, Pointcut pointcut) {
        List<IAuthRule> list = (List) requestDetails.getUserData().get(this.myRequestRuleListKey);
        if (list == null) {
            list = buildRuleList(requestDetails);
            requestDetails.getUserData().put(this.myRequestRuleListKey, list);
        }
        Set<AuthorizationFlagsEnum> flags = getFlags();
        Logger logger = ourLog;
        Object[] objArr = new Object[4];
        objArr[0] = Integer.valueOf(list.size());
        objArr[1] = restOperationTypeEnum;
        objArr[2] = (iBaseResource == null || iBaseResource.getIdElement() == null) ? "" : iBaseResource.getIdElement().getResourceType();
        objArr[3] = (iBaseResource2 == null || iBaseResource2.getIdElement() == null) ? "" : iBaseResource2.getIdElement().getResourceType();
        logger.trace("Applying {} rules to render an auth decision for operation {}, theInputResource type={}, theOutputResource type={} ", objArr);
        Verdict verdict = null;
        Iterator<IAuthRule> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            IAuthRule next = it.next();
            ourLog.trace("Rule being applied - {}", next);
            verdict = next.applyRule(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, this, flags, pointcut);
            if (verdict != null) {
                ourLog.trace("Rule {} returned decision {}", next, verdict.getDecision());
                break;
            }
        }
        if (verdict != null) {
            return verdict;
        }
        ourLog.trace("No rules returned a decision, applying default {}", this.myDefaultPolicy);
        return new Verdict(getDefaultPolicy(), null);
    }

    @Override // ca.uhn.fhir.rest.server.interceptor.auth.IRuleApplier
    @Nullable
    public IValidationSupport getValidationSupport() {
        return this.myValidationSupport;
    }

    public AuthorizationInterceptor setValidationSupport(IValidationSupport iValidationSupport) {
        this.myValidationSupport = iValidationSupport;
        return this;
    }

    public List<IAuthRule> buildRuleList(RequestDetails requestDetails) {
        return new ArrayList();
    }

    private OperationExamineDirection determineOperationDirection(RestOperationTypeEnum restOperationTypeEnum, IBaseResource iBaseResource) {
        switch (AnonymousClass1.$SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[restOperationTypeEnum.ordinal()]) {
            case ServerCapabilityStatementProvider.DEFAULT_REST_RESOURCE_REV_INCLUDES_ENABLED /* 1 */:
            case 2:
            case 3:
                return OperationExamineDirection.NONE;
            case 4:
            case 5:
            case 6:
                return OperationExamineDirection.BOTH;
            case 7:
                return OperationExamineDirection.IN;
            case 8:
                return OperationExamineDirection.IN;
            case 9:
            case BasePagingProvider.DEFAULT_DEFAULT_PAGE_SIZE /* 10 */:
            case 11:
                return OperationExamineDirection.IN;
            case 12:
            case 13:
            case 14:
                return OperationExamineDirection.NONE;
            case 15:
            case 16:
            case 17:
            case 18:
            case 19:
            case 20:
            case 21:
            case 22:
                return OperationExamineDirection.OUT;
            case 23:
                return OperationExamineDirection.BOTH;
            case 24:
                return OperationExamineDirection.NONE;
            case 25:
                return OperationExamineDirection.BOTH;
            default:
                throw new IllegalStateException(Msg.code(332) + "Unable to apply security to event of type " + restOperationTypeEnum);
        }
    }

    public PolicyEnum getDefaultPolicy() {
        return this.myDefaultPolicy;
    }

    public AuthorizationInterceptor setDefaultPolicy(PolicyEnum policyEnum) {
        Validate.notNull(policyEnum, "theDefaultPolicy must not be null", new Object[0]);
        this.myDefaultPolicy = policyEnum;
        return this;
    }

    public Set<AuthorizationFlagsEnum> getFlags() {
        return Collections.unmodifiableSet(this.myFlags);
    }

    public AuthorizationInterceptor setFlags(Collection<AuthorizationFlagsEnum> collection) {
        Validate.notNull(collection, "theFlags must not be null", new Object[0]);
        this.myFlags = new HashSet(collection);
        return this;
    }

    public AuthorizationInterceptor setFlags(AuthorizationFlagsEnum... authorizationFlagsEnumArr) {
        Validate.notNull(authorizationFlagsEnumArr, "theFlags must not be null", new Object[0]);
        return setFlags(Lists.newArrayList(authorizationFlagsEnumArr));
    }

    protected void handleDeny(RequestDetails requestDetails, Verdict verdict) {
        handleDeny(verdict);
    }

    protected void handleDeny(Verdict verdict) {
        if (verdict.getDecidingRule() == null) {
            throw new ForbiddenOperationException(Msg.code(334) + "Access denied by default policy (no applicable rules)");
        }
        throw new ForbiddenOperationException(Msg.code(333) + "Access denied by rule: " + StringUtils.defaultString(verdict.getDecidingRule().getName(), "(unnamed rule)"));
    }

    private void handleUserOperation(RequestDetails requestDetails, IBaseResource iBaseResource, RestOperationTypeEnum restOperationTypeEnum, Pointcut pointcut) {
        applyRulesAndFailIfDeny(restOperationTypeEnum, requestDetails, iBaseResource, iBaseResource.getIdElement(), null, pointcut);
    }

    @Hook(Pointcut.SERVER_INCOMING_REQUEST_PRE_HANDLED)
    public void incomingRequestPreHandled(RequestDetails requestDetails, Pointcut pointcut) {
        IBaseResource iBaseResource = null;
        IIdType iIdType = null;
        switch (AnonymousClass1.$SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$AuthorizationInterceptor$OperationExamineDirection[determineOperationDirection(requestDetails.getRestOperationType(), requestDetails.getResource()).ordinal()]) {
            case ServerCapabilityStatementProvider.DEFAULT_REST_RESOURCE_REV_INCLUDES_ENABLED /* 1 */:
            case 2:
                iBaseResource = requestDetails.getResource();
                iIdType = requestDetails.getId();
                if (iIdType == null && StringUtils.isNotBlank(requestDetails.getResourceName())) {
                    iIdType = requestDetails.getFhirContext().getVersion().newIdType();
                    iIdType.setParts((String) null, requestDetails.getResourceName(), (String) null, (String) null);
                    break;
                }
                break;
            case 3:
                iIdType = requestDetails.getId();
                break;
            case 4:
                return;
        }
        applyRulesAndFailIfDeny(requestDetails.getRestOperationType(), requestDetails, iBaseResource, iIdType, null, pointcut);
    }

    @Hook(Pointcut.STORAGE_PRESHOW_RESOURCES)
    public void hookPreShow(RequestDetails requestDetails, IPreResourceShowDetails iPreResourceShowDetails, Pointcut pointcut) {
        for (int i = 0; i < iPreResourceShowDetails.size(); i++) {
            checkOutgoingResourceAndFailIfDeny(requestDetails, iPreResourceShowDetails.getResource(i), pointcut);
        }
    }

    @Hook(Pointcut.SERVER_OUTGOING_RESPONSE)
    public void hookOutgoingResponse(RequestDetails requestDetails, IBaseResource iBaseResource, Pointcut pointcut) {
        checkOutgoingResourceAndFailIfDeny(requestDetails, iBaseResource, pointcut);
    }

    @Hook(Pointcut.STORAGE_CASCADE_DELETE)
    public void hookCascadeDeleteForConflict(RequestDetails requestDetails, Pointcut pointcut, IBaseResource iBaseResource) {
        Validate.notNull(iBaseResource);
        checkPointcutAndFailIfDeny(requestDetails, pointcut, iBaseResource);
    }

    @Hook(Pointcut.STORAGE_PRE_DELETE_EXPUNGE)
    public void hookDeleteExpunge(RequestDetails requestDetails, Pointcut pointcut) {
        applyRulesAndFailIfDeny(requestDetails.getRestOperationType(), requestDetails, null, null, null, pointcut);
    }

    @Hook(Pointcut.STORAGE_INITIATE_BULK_EXPORT)
    public void initiateBulkExport(RequestDetails requestDetails, BulkDataExportOptions bulkDataExportOptions, Pointcut pointcut) {
        RestOperationTypeEnum restOperationTypeEnum = RestOperationTypeEnum.EXTENDED_OPERATION_SERVER;
        if (requestDetails != null) {
            requestDetails.setAttribute(REQUEST_ATTRIBUTE_BULK_DATA_EXPORT_OPTIONS, bulkDataExportOptions);
        }
        applyRulesAndFailIfDeny(restOperationTypeEnum, requestDetails, null, null, null, pointcut);
    }

    private void checkPointcutAndFailIfDeny(RequestDetails requestDetails, Pointcut pointcut, @Nonnull IBaseResource iBaseResource) {
        applyRulesAndFailIfDeny(requestDetails.getRestOperationType(), requestDetails, iBaseResource, iBaseResource.getIdElement(), null, pointcut);
    }

    private void checkOutgoingResourceAndFailIfDeny(RequestDetails requestDetails, IBaseResource iBaseResource, Pointcut pointcut) {
        switch (AnonymousClass1.$SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$AuthorizationInterceptor$OperationExamineDirection[determineOperationDirection(requestDetails.getRestOperationType(), null).ordinal()]) {
            case ServerCapabilityStatementProvider.DEFAULT_REST_RESOURCE_REV_INCLUDES_ENABLED /* 1 */:
            case 4:
                return;
            case 2:
            case 3:
            default:
                if (ConsentInterceptor.getAlreadySeenResourcesMap(requestDetails, this.myRequestSeenResourcesKey).putIfAbsent(iBaseResource, Boolean.TRUE) != null) {
                    return;
                }
                FhirContext fhirContext = requestDetails.getServer().getFhirContext();
                List<IBaseResource> emptyList = Collections.emptyList();
                switch (AnonymousClass1.$SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[requestDetails.getRestOperationType().ordinal()]) {
                    case 4:
                    case 5:
                    case 6:
                    case 15:
                    case 16:
                    case 17:
                    case 18:
                    case 20:
                    case 21:
                    case 23:
                        if (iBaseResource != null) {
                            emptyList = toListOfResourcesAndExcludeContainer(iBaseResource, fhirContext);
                            break;
                        }
                        break;
                    case 7:
                    case 8:
                    case 9:
                    case BasePagingProvider.DEFAULT_DEFAULT_PAGE_SIZE /* 10 */:
                    case 11:
                    case 12:
                    case 13:
                    case 14:
                    case 19:
                    case 22:
                    default:
                        if (iBaseResource != null) {
                            emptyList = Collections.singletonList(iBaseResource);
                            break;
                        }
                        break;
                }
                Iterator<IBaseResource> it = emptyList.iterator();
                while (it.hasNext()) {
                    applyRulesAndFailIfDeny(requestDetails.getRestOperationType(), requestDetails, null, null, it.next(), pointcut);
                }
                return;
        }
    }

    @Hook(Pointcut.STORAGE_PRESTORAGE_RESOURCE_CREATED)
    public void hookResourcePreCreate(RequestDetails requestDetails, IBaseResource iBaseResource, Pointcut pointcut) {
        handleUserOperation(requestDetails, iBaseResource, RestOperationTypeEnum.CREATE, pointcut);
    }

    @Hook(Pointcut.STORAGE_PRESTORAGE_RESOURCE_DELETED)
    public void hookResourcePreDelete(RequestDetails requestDetails, IBaseResource iBaseResource, Pointcut pointcut) {
        handleUserOperation(requestDetails, iBaseResource, RestOperationTypeEnum.DELETE, pointcut);
    }

    @Hook(Pointcut.STORAGE_PRESTORAGE_RESOURCE_UPDATED)
    public void hookResourcePreUpdate(RequestDetails requestDetails, IBaseResource iBaseResource, IBaseResource iBaseResource2, Pointcut pointcut) {
        if (iBaseResource != null) {
            handleUserOperation(requestDetails, iBaseResource, RestOperationTypeEnum.UPDATE, pointcut);
        }
        handleUserOperation(requestDetails, iBaseResource2, RestOperationTypeEnum.UPDATE, pointcut);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<IBaseResource> toListOfResourcesAndExcludeContainer(IBaseResource iBaseResource, FhirContext fhirContext) {
        if (iBaseResource == null) {
            return Collections.emptyList();
        }
        boolean z = false;
        if (iBaseResource instanceof IBaseBundle) {
            z = true;
        } else if (iBaseResource instanceof IBaseParameters) {
            z = true;
        }
        if (!z) {
            return Collections.singletonList(iBaseResource);
        }
        List<IBaseResource> allPopulatedChildElementsOfType = fhirContext.newTerser().getAllPopulatedChildElementsOfType(iBaseResource, IBaseResource.class);
        if (allPopulatedChildElementsOfType.size() > 0 && allPopulatedChildElementsOfType.get(0) == iBaseResource) {
            allPopulatedChildElementsOfType = allPopulatedChildElementsOfType.subList(1, allPopulatedChildElementsOfType.size());
        }
        return allPopulatedChildElementsOfType;
    }
}
