package ca.uhn.fhir.rest.server.interceptor.auth;

import ca.uhn.fhir.context.FhirContext;
import ca.uhn.fhir.context.FhirVersionEnum;
import ca.uhn.fhir.context.RuntimeResourceDefinition;
import ca.uhn.fhir.i18n.Msg;
import ca.uhn.fhir.interceptor.api.Pointcut;
import ca.uhn.fhir.rest.api.QualifiedParamList;
import ca.uhn.fhir.rest.api.RequestTypeEnum;
import ca.uhn.fhir.rest.api.RestOperationTypeEnum;
import ca.uhn.fhir.rest.api.server.RequestDetails;
import ca.uhn.fhir.rest.server.BasePagingProvider;
import ca.uhn.fhir.rest.server.exceptions.InvalidRequestException;
import ca.uhn.fhir.rest.server.exceptions.UnprocessableEntityException;
import ca.uhn.fhir.rest.server.interceptor.auth.AuthorizationInterceptor;
import ca.uhn.fhir.rest.server.provider.ServerCapabilityStatementProvider;
import ca.uhn.fhir.util.BundleUtil;
import ca.uhn.fhir.util.UrlUtil;
import ca.uhn.fhir.util.bundle.BundleEntryParts;
import com.google.common.annotations.VisibleForTesting;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.hl7.fhir.instance.model.api.IBaseBundle;
import org.hl7.fhir.instance.model.api.IBaseResource;
import org.hl7.fhir.instance.model.api.IIdType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleImplOp.class */
class RuleImplOp extends BaseRule {
    private static final Logger ourLog = LoggerFactory.getLogger(RuleImplOp.class);
    private AppliesTypeEnum myAppliesTo;
    private Set<String> myAppliesToTypes;
    private String myClassifierCompartmentName;
    private Collection<? extends IIdType> myClassifierCompartmentOwners;
    private ClassifierTypeEnum myClassifierType;
    private RuleOpEnum myOp;
    private TransactionAppliesToEnum myTransactionAppliesToOp;
    private Collection<IIdType> myAppliesToInstances;
    private boolean myAppliesToDeleteCascade;
    private boolean myAppliesToDeleteExpunge;
    private AdditionalCompartmentSearchParameters myAdditionalCompartmentSearchParamMap;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: ca.uhn.fhir.rest.server.interceptor.auth.RuleImplOp$1, reason: invalid class name */
    /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleImplOp$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum;
        static final /* synthetic */ int[] $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum;
        static final /* synthetic */ int[] $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$AppliesTypeEnum;
        static final /* synthetic */ int[] $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$ClassifierTypeEnum = new int[ClassifierTypeEnum.values().length];

        static {
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$ClassifierTypeEnum[ClassifierTypeEnum.ANY_ID.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$ClassifierTypeEnum[ClassifierTypeEnum.IN_COMPARTMENT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$AppliesTypeEnum = new int[AppliesTypeEnum.values().length];
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$AppliesTypeEnum[AppliesTypeEnum.INSTANCES.ordinal()] = 1;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$AppliesTypeEnum[AppliesTypeEnum.ALL_RESOURCES.ordinal()] = 2;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$AppliesTypeEnum[AppliesTypeEnum.TYPES.ordinal()] = 3;
            } catch (NoSuchFieldError e5) {
            }
            $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum = new int[RuleOpEnum.values().length];
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum[RuleOpEnum.READ.ordinal()] = 1;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum[RuleOpEnum.WRITE.ordinal()] = 2;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum[RuleOpEnum.CREATE.ordinal()] = 3;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum[RuleOpEnum.DELETE.ordinal()] = 4;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum[RuleOpEnum.GRAPHQL.ordinal()] = 5;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum[RuleOpEnum.TRANSACTION.ordinal()] = 6;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum[RuleOpEnum.ALL.ordinal()] = 7;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum[RuleOpEnum.METADATA.ordinal()] = 8;
            } catch (NoSuchFieldError e13) {
            }
            $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum = new int[RestOperationTypeEnum.values().length];
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.READ.ordinal()] = 1;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.VREAD.ordinal()] = 2;
            } catch (NoSuchFieldError e15) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.SEARCH_SYSTEM.ordinal()] = 3;
            } catch (NoSuchFieldError e16) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.HISTORY_SYSTEM.ordinal()] = 4;
            } catch (NoSuchFieldError e17) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.SEARCH_TYPE.ordinal()] = 5;
            } catch (NoSuchFieldError e18) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.HISTORY_TYPE.ordinal()] = 6;
            } catch (NoSuchFieldError e19) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.HISTORY_INSTANCE.ordinal()] = 7;
            } catch (NoSuchFieldError e20) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.GET_PAGE.ordinal()] = 8;
            } catch (NoSuchFieldError e21) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.ADD_TAGS.ordinal()] = 9;
            } catch (NoSuchFieldError e22) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.DELETE_TAGS.ordinal()] = 10;
            } catch (NoSuchFieldError e23) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.GET_TAGS.ordinal()] = 11;
            } catch (NoSuchFieldError e24) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.GRAPHQL_REQUEST.ordinal()] = 12;
            } catch (NoSuchFieldError e25) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.EXTENDED_OPERATION_SERVER.ordinal()] = 13;
            } catch (NoSuchFieldError e26) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.EXTENDED_OPERATION_TYPE.ordinal()] = 14;
            } catch (NoSuchFieldError e27) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.EXTENDED_OPERATION_INSTANCE.ordinal()] = 15;
            } catch (NoSuchFieldError e28) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.CREATE.ordinal()] = 16;
            } catch (NoSuchFieldError e29) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.DELETE.ordinal()] = 17;
            } catch (NoSuchFieldError e30) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.TRANSACTION.ordinal()] = 18;
            } catch (NoSuchFieldError e31) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.UPDATE.ordinal()] = 19;
            } catch (NoSuchFieldError e32) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.VALIDATE.ordinal()] = 20;
            } catch (NoSuchFieldError e33) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.METADATA.ordinal()] = 21;
            } catch (NoSuchFieldError e34) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.META_ADD.ordinal()] = 22;
            } catch (NoSuchFieldError e35) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.META.ordinal()] = 23;
            } catch (NoSuchFieldError e36) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.META_DELETE.ordinal()] = 24;
            } catch (NoSuchFieldError e37) {
            }
            try {
                $SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[RestOperationTypeEnum.PATCH.ordinal()] = 25;
            } catch (NoSuchFieldError e38) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RuleImplOp(String str) {
        super(str);
    }

    @VisibleForTesting
    Collection<IIdType> getAppliesToInstances() {
        return this.myAppliesToInstances;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setAppliesToInstances(Collection<IIdType> collection) {
        this.myAppliesToInstances = collection;
    }

    @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRule
    public AuthorizationInterceptor.Verdict applyRule(RestOperationTypeEnum restOperationTypeEnum, RequestDetails requestDetails, IBaseResource iBaseResource, IIdType iIdType, IBaseResource iBaseResource2, IRuleApplier iRuleApplier, Set<AuthorizationFlagsEnum> set, Pointcut pointcut) {
        FhirContext fhirContext = requestDetails.getFhirContext();
        RuleTarget ruleTarget = new RuleTarget();
        switch (AnonymousClass1.$SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$RuleOpEnum[this.myOp.ordinal()]) {
            case ServerCapabilityStatementProvider.DEFAULT_REST_RESOURCE_REV_INCLUDES_ENABLED /* 1 */:
                if (iBaseResource2 == null) {
                    switch (AnonymousClass1.$SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[restOperationTypeEnum.ordinal()]) {
                        case ServerCapabilityStatementProvider.DEFAULT_REST_RESOURCE_REV_INCLUDES_ENABLED /* 1 */:
                        case 2:
                            ruleTarget.resourceIds = Collections.singleton(iIdType);
                            ruleTarget.resourceType = iIdType.getResourceType();
                            break;
                        case 3:
                        case 4:
                            if (set.contains(AuthorizationFlagsEnum.DO_NOT_PROACTIVELY_BLOCK_COMPARTMENT_READ_ACCESS)) {
                                return newVerdict(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, iRuleApplier);
                            }
                            break;
                        case 5:
                            if (set.contains(AuthorizationFlagsEnum.DO_NOT_PROACTIVELY_BLOCK_COMPARTMENT_READ_ACCESS)) {
                                return newVerdict(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, iRuleApplier);
                            }
                            ruleTarget.resourceType = requestDetails.getResourceName();
                            ruleTarget.setSearchParams(requestDetails);
                            if (requestDetails.getParameters().containsKey("_id")) {
                                setTargetFromResourceId(requestDetails, fhirContext, ruleTarget);
                                break;
                            }
                            break;
                        case 6:
                            if (set.contains(AuthorizationFlagsEnum.DO_NOT_PROACTIVELY_BLOCK_COMPARTMENT_READ_ACCESS)) {
                                return newVerdict(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, iRuleApplier);
                            }
                            ruleTarget.resourceType = requestDetails.getResourceName();
                            break;
                        case 7:
                            if (set.contains(AuthorizationFlagsEnum.DO_NOT_PROACTIVELY_BLOCK_COMPARTMENT_READ_ACCESS)) {
                                return newVerdict(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, iRuleApplier);
                            }
                            ruleTarget.resourceIds = Collections.singleton(iIdType);
                            break;
                        case 8:
                            return newVerdict(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, iRuleApplier);
                        case 9:
                        case BasePagingProvider.DEFAULT_DEFAULT_PAGE_SIZE /* 10 */:
                        case 11:
                        case 12:
                        case 13:
                        case 14:
                        case 15:
                        case 16:
                        case 17:
                        case 18:
                        case 19:
                        case 20:
                        case 21:
                        case 22:
                        case 23:
                        case 24:
                        case 25:
                        default:
                            return null;
                    }
                }
                ruleTarget.resource = iBaseResource2;
                if (iBaseResource2 != null) {
                    ruleTarget.resourceIds = Collections.singleton(iBaseResource2.getIdElement());
                    break;
                }
                break;
            case 2:
                if (iBaseResource == null && iIdType == null) {
                    return null;
                }
                if (requestDetails.isRewriteHistory() && requestDetails.getId() != null && requestDetails.getId().hasVersionIdPart() && restOperationTypeEnum == RestOperationTypeEnum.UPDATE) {
                    return null;
                }
                switch (AnonymousClass1.$SwitchMap$ca$uhn$fhir$rest$api$RestOperationTypeEnum[restOperationTypeEnum.ordinal()]) {
                    case 9:
                    case BasePagingProvider.DEFAULT_DEFAULT_PAGE_SIZE /* 10 */:
                    case 16:
                    case 19:
                    case 22:
                    case 24:
                        ruleTarget.resource = iBaseResource;
                        if (iIdType != null) {
                            ruleTarget.resourceIds = Collections.singletonList(iIdType);
                            break;
                        }
                        break;
                    case 11:
                    case 12:
                    case 13:
                    case 14:
                    case 15:
                    case 17:
                    case 18:
                    case 20:
                    case 21:
                    case 23:
                    default:
                        return null;
                    case 25:
                        ruleTarget.resource = null;
                        if (iIdType == null) {
                            return null;
                        }
                        ruleTarget.resourceIds = Collections.singletonList(iIdType);
                        break;
                }
            case 3:
                if ((iBaseResource == null && iIdType == null) || restOperationTypeEnum != RestOperationTypeEnum.CREATE) {
                    return null;
                }
                ruleTarget.resource = iBaseResource;
                if (iIdType != null) {
                    ruleTarget.resourceIds = Collections.singletonList(iIdType);
                    break;
                }
                break;
            case 4:
                if (restOperationTypeEnum != RestOperationTypeEnum.DELETE) {
                    return null;
                }
                if (pointcut == Pointcut.STORAGE_PRE_DELETE_EXPUNGE && this.myAppliesToDeleteExpunge) {
                    return newVerdict(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, iRuleApplier);
                }
                if (this.myAppliesToDeleteCascade != (pointcut == Pointcut.STORAGE_CASCADE_DELETE) || iIdType == null) {
                    return null;
                }
                if (!iIdType.hasIdPart()) {
                    return newVerdict(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, iRuleApplier);
                }
                if (iBaseResource == null && this.myClassifierCompartmentOwners != null && this.myClassifierCompartmentOwners.size() > 0) {
                    return newVerdict(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, iRuleApplier);
                }
                ruleTarget.resource = iBaseResource;
                ruleTarget.resourceIds = Collections.singleton(iIdType);
                break;
                break;
            case 5:
                return applyRuleToGraphQl(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, pointcut, iRuleApplier);
            case 6:
                return applyRuleToTransaction(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, iRuleApplier, pointcut, fhirContext);
            case 7:
                return newVerdict(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, iRuleApplier);
            case 8:
                if (restOperationTypeEnum == RestOperationTypeEnum.METADATA) {
                    return newVerdict(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, iRuleApplier);
                }
                return null;
            default:
                throw new IllegalStateException(Msg.code(335) + "Unable to apply security to event of type " + restOperationTypeEnum);
        }
        switch (AnonymousClass1.$SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$AppliesTypeEnum[this.myAppliesTo.ordinal()]) {
            case ServerCapabilityStatementProvider.DEFAULT_REST_RESOURCE_REV_INCLUDES_ENABLED /* 1 */:
                return applyRuleToInstances(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, ruleTarget, iRuleApplier);
            case 2:
                if (ruleTarget.resourceType != null && this.myClassifierType == ClassifierTypeEnum.ANY_ID) {
                    return newVerdict(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, iRuleApplier);
                }
                break;
            case 3:
                if (ruleTarget.resource != null && this.myClassifierType == ClassifierTypeEnum.ANY_ID) {
                    if (!this.myAppliesToTypes.contains(requestDetails.getFhirContext().getResourceType(ruleTarget.resource))) {
                        return null;
                    }
                }
                if (ruleTarget.resourceIds != null) {
                    for (IIdType iIdType2 : ruleTarget.resourceIds) {
                        if (iIdType2.hasResourceType()) {
                            if (!this.myAppliesToTypes.contains(iIdType2.getResourceType())) {
                                return null;
                            }
                        }
                    }
                }
                if (ruleTarget.resourceType != null) {
                    if (!this.myAppliesToTypes.contains(ruleTarget.resourceType)) {
                        return null;
                    }
                    if (this.myClassifierType == ClassifierTypeEnum.ANY_ID) {
                        return newVerdict(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, iRuleApplier);
                    }
                    if (this.myClassifierType == ClassifierTypeEnum.IN_COMPARTMENT) {
                    }
                }
                break;
            default:
                throw new IllegalStateException(Msg.code(336) + "Unable to apply security to event of applies to type " + this.myAppliesTo);
        }
        return applyRuleLogic(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, set, fhirContext, ruleTarget, iRuleApplier);
    }

    protected AuthorizationInterceptor.Verdict applyRuleLogic(RestOperationTypeEnum restOperationTypeEnum, RequestDetails requestDetails, IBaseResource iBaseResource, IIdType iIdType, IBaseResource iBaseResource2, Set<AuthorizationFlagsEnum> set, FhirContext fhirContext, RuleTarget ruleTarget, IRuleApplier iRuleApplier) {
        ourLog.trace("applyRuleLogic {} {}", restOperationTypeEnum, ruleTarget);
        switch (AnonymousClass1.$SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$ClassifierTypeEnum[this.myClassifierType.ordinal()]) {
            case ServerCapabilityStatementProvider.DEFAULT_REST_RESOURCE_REV_INCLUDES_ENABLED /* 1 */:
                return newVerdict(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, iRuleApplier);
            case 2:
                return applyRuleToCompartment(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, set, fhirContext, ruleTarget, iRuleApplier);
            default:
                throw new IllegalStateException(Msg.code(337) + "Unable to apply security to event of applies to type " + this.myAppliesTo);
        }
    }

    @Nullable
    private AuthorizationInterceptor.Verdict applyRuleToGraphQl(RestOperationTypeEnum restOperationTypeEnum, RequestDetails requestDetails, IBaseResource iBaseResource, IIdType iIdType, IBaseResource iBaseResource2, Pointcut pointcut, IRuleApplier iRuleApplier) {
        if (restOperationTypeEnum != RestOperationTypeEnum.GRAPHQL_REQUEST || isResourceAccess(pointcut)) {
            return null;
        }
        return newVerdict(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, iRuleApplier);
    }

    /* JADX WARN: Code restructure failed: missing block: B:21:0x0214, code lost:
    
        if (r22 != false) goto L60;
     */
    /* JADX WARN: Code restructure failed: missing block: B:22:0x0217, code lost:
    
        return null;
     */
    /* JADX WARN: Code restructure failed: missing block: B:25:0x0226, code lost:
    
        return newVerdict(r12, r13, r14, r15, r16, r20);
     */
    @javax.annotation.Nullable
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private ca.uhn.fhir.rest.server.interceptor.auth.AuthorizationInterceptor.Verdict applyRuleToCompartment(ca.uhn.fhir.rest.api.RestOperationTypeEnum r12, ca.uhn.fhir.rest.api.server.RequestDetails r13, org.hl7.fhir.instance.model.api.IBaseResource r14, org.hl7.fhir.instance.model.api.IIdType r15, org.hl7.fhir.instance.model.api.IBaseResource r16, java.util.Set<ca.uhn.fhir.rest.server.interceptor.auth.AuthorizationFlagsEnum> r17, ca.uhn.fhir.context.FhirContext r18, ca.uhn.fhir.rest.server.interceptor.auth.RuleTarget r19, ca.uhn.fhir.rest.server.interceptor.auth.IRuleApplier r20) {
        /*
            Method dump skipped, instructions count: 551
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ca.uhn.fhir.rest.server.interceptor.auth.RuleImplOp.applyRuleToCompartment(ca.uhn.fhir.rest.api.RestOperationTypeEnum, ca.uhn.fhir.rest.api.server.RequestDetails, org.hl7.fhir.instance.model.api.IBaseResource, org.hl7.fhir.instance.model.api.IIdType, org.hl7.fhir.instance.model.api.IBaseResource, java.util.Set, ca.uhn.fhir.context.FhirContext, ca.uhn.fhir.rest.server.interceptor.auth.RuleTarget, ca.uhn.fhir.rest.server.interceptor.auth.IRuleApplier):ca.uhn.fhir.rest.server.interceptor.auth.AuthorizationInterceptor$Verdict");
    }

    @Nullable
    private AuthorizationInterceptor.Verdict applyRuleToInstances(RestOperationTypeEnum restOperationTypeEnum, RequestDetails requestDetails, IBaseResource iBaseResource, IIdType iIdType, IBaseResource iBaseResource2, RuleTarget ruleTarget, IRuleApplier iRuleApplier) {
        if (ruleTarget.resourceIds == null || ruleTarget.resourceIds.size() <= 0) {
            return null;
        }
        int i = 0;
        for (IIdType iIdType2 : ruleTarget.resourceIds) {
            Iterator<IIdType> it = this.myAppliesToInstances.iterator();
            while (true) {
                if (it.hasNext()) {
                    IIdType next = it.next();
                    if (!StringUtils.isNotBlank(next.getResourceType()) || next.getResourceType().equals(iIdType2.getResourceType())) {
                        if (next.getIdPart().equals(iIdType2.getIdPart())) {
                            i++;
                            break;
                        }
                    }
                }
            }
        }
        if (i == ruleTarget.resourceIds.size()) {
            return newVerdict(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, iRuleApplier);
        }
        return null;
    }

    @Nullable
    private AuthorizationInterceptor.Verdict applyRuleToTransaction(RestOperationTypeEnum restOperationTypeEnum, RequestDetails requestDetails, IBaseResource iBaseResource, IIdType iIdType, IBaseResource iBaseResource2, IRuleApplier iRuleApplier, Pointcut pointcut, FhirContext fhirContext) {
        AuthorizationInterceptor.Verdict applyRulesAndReturnDecision;
        RestOperationTypeEnum restOperationTypeEnum2;
        if (restOperationTypeEnum != RestOperationTypeEnum.TRANSACTION) {
            return null;
        }
        if (iBaseResource == null || !requestAppliesToTransaction(fhirContext, this.myOp, iBaseResource)) {
            if (iBaseResource2 == null) {
                return null;
            }
            AuthorizationInterceptor.Verdict verdict = null;
            for (IBaseResource iBaseResource3 : AuthorizationInterceptor.toListOfResourcesAndExcludeContainer(iBaseResource2, requestDetails.getFhirContext())) {
                if (iBaseResource3 != null && (applyRulesAndReturnDecision = iRuleApplier.applyRulesAndReturnDecision(RestOperationTypeEnum.READ, requestDetails, null, null, iBaseResource3, pointcut)) != null) {
                    if (verdict == null) {
                        verdict = applyRulesAndReturnDecision;
                    } else if (verdict.getDecision() == PolicyEnum.ALLOW && applyRulesAndReturnDecision.getDecision() == PolicyEnum.DENY) {
                        verdict = applyRulesAndReturnDecision;
                    }
                }
            }
            return verdict;
        }
        if (getMode() == PolicyEnum.DENY) {
            return newVerdict(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, iRuleApplier);
        }
        AuthorizationInterceptor.Verdict verdict2 = null;
        boolean z = true;
        for (BundleEntryParts bundleEntryParts : BundleUtil.toListOfEntries(fhirContext, (IBaseBundle) iBaseResource)) {
            IBaseResource resource = bundleEntryParts.getResource();
            IIdType iIdType2 = null;
            if (StringUtils.isNotBlank(bundleEntryParts.getUrl())) {
                UrlUtil.UrlParts parseUrl = UrlUtil.parseUrl(bundleEntryParts.getUrl());
                iIdType2 = requestDetails.getFhirContext().getVersion().newIdType();
                iIdType2.setParts((String) null, parseUrl.getResourceType(), parseUrl.getResourceId(), (String) null);
            }
            if (bundleEntryParts.getRequestType() != RequestTypeEnum.GET) {
                z = false;
                if (bundleEntryParts.getRequestType() == RequestTypeEnum.POST) {
                    restOperationTypeEnum2 = RestOperationTypeEnum.CREATE;
                } else if (bundleEntryParts.getRequestType() == RequestTypeEnum.PUT) {
                    restOperationTypeEnum2 = RestOperationTypeEnum.UPDATE;
                } else if (bundleEntryParts.getRequestType() == RequestTypeEnum.DELETE) {
                    restOperationTypeEnum2 = RestOperationTypeEnum.DELETE;
                } else if (bundleEntryParts.getRequestType() == RequestTypeEnum.PATCH) {
                    restOperationTypeEnum2 = RestOperationTypeEnum.PATCH;
                } else {
                    if (bundleEntryParts.getRequestType() != null || requestDetails.getServer().getFhirContext().getVersion().getVersion() != FhirVersionEnum.DSTU3 || !BundleUtil.isDstu3TransactionPatch(requestDetails.getFhirContext(), bundleEntryParts.getResource())) {
                        throw new InvalidRequestException(Msg.code(338) + "Can not handle transaction with operation of type " + bundleEntryParts.getRequestType());
                    }
                    restOperationTypeEnum2 = RestOperationTypeEnum.PATCH;
                }
                if (bundleEntryParts.getResource() != null) {
                    RuntimeResourceDefinition resourceDefinition = fhirContext.getResourceDefinition(bundleEntryParts.getResource());
                    if ("Parameters".equals(resourceDefinition.getName()) || "Bundle".equals(resourceDefinition.getName())) {
                        throw new InvalidRequestException(Msg.code(339) + "Can not handle transaction with nested resource of type " + resourceDefinition.getName());
                    }
                }
                String fixedConditionalUrl = requestDetails.getFixedConditionalUrl();
                requestDetails.setFixedConditionalUrl(bundleEntryParts.getConditionalUrl());
                AuthorizationInterceptor.Verdict applyRulesAndReturnDecision2 = iRuleApplier.applyRulesAndReturnDecision(restOperationTypeEnum2, requestDetails, resource, iIdType2, null, pointcut);
                requestDetails.setFixedConditionalUrl(fixedConditionalUrl);
                if (applyRulesAndReturnDecision2 != null) {
                    if (verdict2 == null) {
                        verdict2 = applyRulesAndReturnDecision2;
                    } else if (verdict2.getDecision() == PolicyEnum.ALLOW && applyRulesAndReturnDecision2.getDecision() == PolicyEnum.DENY) {
                        verdict2 = applyRulesAndReturnDecision2;
                    }
                }
            }
        }
        return z ? newVerdict(restOperationTypeEnum, requestDetails, iBaseResource, iIdType, iBaseResource2, iRuleApplier) : verdict2;
    }

    private void setTargetFromResourceId(RequestDetails requestDetails, FhirContext fhirContext, RuleTarget ruleTarget) {
        String[] strArr = requestDetails.getParameters().get("_id");
        ruleTarget.resourceIds = new ArrayList();
        for (String str : strArr) {
            Iterator it = QualifiedParamList.splitQueryStringByCommasIgnoreEscape((String) null, str).iterator();
            while (it.hasNext()) {
                IIdType value = fhirContext.getVersion().newIdType().setValue((String) it.next());
                if (value.hasIdPart()) {
                    if (!value.hasResourceType()) {
                        value = value.withResourceType(ruleTarget.resourceType);
                    }
                    if (value.getResourceType().equals(ruleTarget.resourceType)) {
                        ruleTarget.resourceIds.add(value);
                    }
                }
            }
        }
        if (ruleTarget.resourceIds.isEmpty()) {
            ruleTarget.resourceIds = null;
        }
    }

    private AuthorizationInterceptor.Verdict checkForSearchParameterMatchingCompartmentAndReturnSuccessfulVerdictOrNull(Map<String, String[]> map, IIdType iIdType, String str, RestOperationTypeEnum restOperationTypeEnum, RequestDetails requestDetails, IBaseResource iBaseResource, IIdType iIdType2, IBaseResource iBaseResource2, IRuleApplier iRuleApplier) {
        String[] strArr;
        AuthorizationInterceptor.Verdict verdict = null;
        if (map != null && (strArr = map.get(str)) != null) {
            for (String str2 : strArr) {
                Iterator it = QualifiedParamList.splitQueryStringByCommasIgnoreEscape((String) null, str2).iterator();
                while (true) {
                    if (it.hasNext()) {
                        String str3 = (String) it.next();
                        if (str3.equals(iIdType.getValue())) {
                            verdict = newVerdict(restOperationTypeEnum, requestDetails, iBaseResource, iIdType2, iBaseResource2, iRuleApplier);
                            break;
                        }
                        if (str3.equals(iIdType.getIdPart())) {
                            verdict = newVerdict(restOperationTypeEnum, requestDetails, iBaseResource, iIdType2, iBaseResource2, iRuleApplier);
                            break;
                        }
                    }
                }
            }
        }
        return verdict;
    }

    public void setTransactionAppliesToOp(TransactionAppliesToEnum transactionAppliesToEnum) {
        this.myTransactionAppliesToOp = transactionAppliesToEnum;
    }

    private boolean requestAppliesToTransaction(FhirContext fhirContext, RuleOpEnum ruleOpEnum, IBaseResource iBaseResource) {
        if (!"Bundle".equals(fhirContext.getResourceType(iBaseResource))) {
            return false;
        }
        String defaultString = StringUtils.defaultString(BundleUtil.getBundleType(fhirContext, (IBaseBundle) iBaseResource));
        if (ruleOpEnum != RuleOpEnum.TRANSACTION) {
            return false;
        }
        if ("transaction".equals(defaultString) || "batch".equals(defaultString)) {
            return true;
        }
        throw new UnprocessableEntityException(Msg.code(340) + fhirContext.getLocalizer().getMessage(RuleImplOp.class, "invalidRequestBundleTypeForTransaction", new Object[]{"\"" + defaultString + "\""}));
    }

    public void setAppliesTo(AppliesTypeEnum appliesTypeEnum) {
        this.myAppliesTo = appliesTypeEnum;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setAppliesToTypes(Set<String> set) {
        this.myAppliesToTypes = set;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setClassifierCompartmentName(String str) {
        this.myClassifierCompartmentName = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setClassifierCompartmentOwners(Collection<? extends IIdType> collection) {
        this.myClassifierCompartmentOwners = collection;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setClassifierType(ClassifierTypeEnum classifierTypeEnum) {
        this.myClassifierType = classifierTypeEnum;
    }

    public RuleImplOp setOp(RuleOpEnum ruleOpEnum) {
        this.myOp = ruleOpEnum;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // ca.uhn.fhir.rest.server.interceptor.auth.BaseRule
    @Nonnull
    public ToStringBuilder toStringBuilder() {
        ToStringBuilder stringBuilder = super.toStringBuilder();
        stringBuilder.append("op", this.myOp);
        stringBuilder.append("transactionAppliesToOp", this.myTransactionAppliesToOp);
        stringBuilder.append("appliesTo", this.myAppliesTo);
        stringBuilder.append("appliesToTypes", this.myAppliesToTypes);
        stringBuilder.append("classifierCompartmentName", this.myClassifierCompartmentName);
        stringBuilder.append("classifierCompartmentOwners", this.myClassifierCompartmentOwners);
        stringBuilder.append("classifierType", this.myClassifierType);
        return stringBuilder;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setAppliesToDeleteCascade(boolean z) {
        this.myAppliesToDeleteCascade = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setAppliesToDeleteExpunge(boolean z) {
        this.myAppliesToDeleteExpunge = z;
    }

    public void addClassifierCompartmentOwner(IIdType iIdType) {
        ArrayList arrayList = new ArrayList(this.myClassifierCompartmentOwners);
        arrayList.add(iIdType);
        this.myClassifierCompartmentOwners = arrayList;
    }

    public boolean matches(RuleOpEnum ruleOpEnum, AppliesTypeEnum appliesTypeEnum, Collection<IIdType> collection, Set<String> set, ClassifierTypeEnum classifierTypeEnum, String str) {
        if (ruleOpEnum != this.myOp || appliesTypeEnum != this.myAppliesTo || classifierTypeEnum != this.myClassifierType) {
            return false;
        }
        switch (AnonymousClass1.$SwitchMap$ca$uhn$fhir$rest$server$interceptor$auth$AppliesTypeEnum[appliesTypeEnum.ordinal()]) {
            case ServerCapabilityStatementProvider.DEFAULT_REST_RESOURCE_REV_INCLUDES_ENABLED /* 1 */:
                return collection.equals(this.myAppliesToInstances) && str.equals(this.myClassifierCompartmentName);
            case 2:
                return str.equals(this.myClassifierCompartmentName);
            case 3:
                return set.equals(this.myAppliesToTypes) && str.equals(this.myClassifierCompartmentName);
            default:
                return false;
        }
    }

    public void setAdditionalSearchParamsForCompartmentTypes(AdditionalCompartmentSearchParameters additionalCompartmentSearchParameters) {
        this.myAdditionalCompartmentSearchParamMap = additionalCompartmentSearchParameters;
    }
}
