package ca.uhn.fhir.rest.server.interceptor.auth;

import ca.uhn.fhir.context.FhirContext;
import ca.uhn.fhir.context.RuntimeResourceDefinition;
import ca.uhn.fhir.context.RuntimeSearchParam;
import ca.uhn.fhir.interceptor.api.Hook;
import ca.uhn.fhir.interceptor.api.Pointcut;
import ca.uhn.fhir.rest.api.QualifiedParamList;
import ca.uhn.fhir.rest.api.RestOperationTypeEnum;
import ca.uhn.fhir.rest.api.server.RequestDetails;
import ca.uhn.fhir.rest.param.ParameterUtil;
import ca.uhn.fhir.rest.server.exceptions.AuthenticationException;
import ca.uhn.fhir.rest.server.servlet.ServletRequestDetails;
import ca.uhn.fhir.rest.server.servlet.ServletSubRequestDetails;
import ca.uhn.fhir.rest.server.util.ServletRequestUtil;
import ca.uhn.fhir.util.BundleUtil;
import ca.uhn.fhir.util.bundle.ModifiableBundleEntry;
import com.google.common.collect.ArrayListMultimap;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.function.Consumer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections4.ListUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.Validate;
import org.hl7.fhir.instance.model.api.IAnyResource;
import org.hl7.fhir.instance.model.api.IBaseBundle;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/hapi-fhir-server-4.1.0.jar:ca/uhn/fhir/rest/server/interceptor/auth/SearchNarrowingInterceptor.class */
public class SearchNarrowingInterceptor {
    private static final Logger ourLog = LoggerFactory.getLogger(SearchNarrowingInterceptor.class);

    /* loaded from: input_file:lib/hapi-fhir-server-4.1.0.jar:ca/uhn/fhir/rest/server/interceptor/auth/SearchNarrowingInterceptor$BundleEntryUrlProcessor.class */
    private class BundleEntryUrlProcessor implements Consumer<ModifiableBundleEntry> {
        private final FhirContext myFhirContext;
        private final ServletRequestDetails myRequestDetails;
        private final HttpServletRequest myRequest;
        private final HttpServletResponse myResponse;

        public BundleEntryUrlProcessor(FhirContext fhirContext, ServletRequestDetails servletRequestDetails, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
            this.myFhirContext = fhirContext;
            this.myRequestDetails = servletRequestDetails;
            this.myRequest = httpServletRequest;
            this.myResponse = httpServletResponse;
        }

        @Override // java.util.function.Consumer
        public void accept(ModifiableBundleEntry modifiableBundleEntry) {
            ArrayListMultimap create = ArrayListMultimap.create();
            String requestUrl = modifiableBundleEntry.getRequestUrl();
            ServletSubRequestDetails servletSubRequestDetails = ServletRequestUtil.getServletSubRequestDetails(this.myRequestDetails, requestUrl, create);
            servletSubRequestDetails.setRestOperationType(servletSubRequestDetails.getServer().determineResourceMethod(servletSubRequestDetails, requestUrl).getRestOperationType());
            SearchNarrowingInterceptor.this.incomingRequestPostProcessed(servletSubRequestDetails, this.myRequest, this.myResponse);
            modifiableBundleEntry.setRequestUrl(this.myFhirContext, ServletRequestUtil.extractUrl(servletSubRequestDetails));
        }
    }

    protected AuthorizedList buildAuthorizedList(RequestDetails requestDetails) {
        return null;
    }

    @Hook(Pointcut.SERVER_INCOMING_REQUEST_POST_PROCESSED)
    public boolean incomingRequestPostProcessed(RequestDetails requestDetails, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        Validate.isTrue(requestDetails.getRestOperationType() != RestOperationTypeEnum.SEARCH_SYSTEM);
        if (requestDetails.getRestOperationType() != RestOperationTypeEnum.SEARCH_TYPE) {
            return true;
        }
        RuntimeResourceDefinition resourceDefinition = requestDetails.getServer().getFhirContext().getResourceDefinition(requestDetails.getResourceName());
        HashMap<String, List<String>> hashMap = new HashMap<>();
        AuthorizedList buildAuthorizedList = buildAuthorizedList(requestDetails);
        if (buildAuthorizedList == null) {
            return true;
        }
        List<String> allowedCompartments = buildAuthorizedList.getAllowedCompartments();
        if (allowedCompartments != null) {
            processResourcesOrCompartments(requestDetails, resourceDefinition, hashMap, allowedCompartments, true);
        }
        List<String> allowedInstances = buildAuthorizedList.getAllowedInstances();
        if (allowedInstances != null) {
            processResourcesOrCompartments(requestDetails, resourceDefinition, hashMap, allowedInstances, false);
        }
        if (hashMap.size() <= 0) {
            return true;
        }
        HashMap hashMap2 = new HashMap(requestDetails.getParameters());
        for (Map.Entry<String, List<String>> entry : hashMap.entrySet()) {
            String key = entry.getKey();
            List<String> value = entry.getValue();
            if (hashMap2.containsKey(key)) {
                String[] strArr = hashMap2.get(key);
                boolean z = false;
                for (int i = 0; i < strArr.length; i++) {
                    List intersection = ListUtils.intersection(QualifiedParamList.splitQueryStringByCommasIgnoreEscape(null, strArr[i]), value);
                    if (intersection.size() > 0) {
                        z = true;
                        strArr[i] = ParameterUtil.escapeAndJoinOrList(intersection);
                    }
                }
                if (!z) {
                    String[] strArr2 = (String[]) Arrays.copyOf(strArr, strArr.length + 1);
                    strArr2[strArr.length] = ParameterUtil.escapeAndJoinOrList(value);
                    hashMap2.put(key, strArr2);
                }
            } else {
                hashMap2.put(key, new String[]{ParameterUtil.escapeAndJoinOrList(value)});
            }
        }
        requestDetails.setParameters(hashMap2);
        return true;
    }

    @Hook(Pointcut.SERVER_INCOMING_REQUEST_PRE_HANDLED)
    public void incomingRequestPreHandled(ServletRequestDetails servletRequestDetails, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        if (servletRequestDetails.getRestOperationType() != RestOperationTypeEnum.TRANSACTION) {
            return;
        }
        IBaseBundle iBaseBundle = (IBaseBundle) servletRequestDetails.getResource();
        FhirContext fhirContext = servletRequestDetails.getFhirContext();
        BundleUtil.processEntries(fhirContext, iBaseBundle, new BundleEntryUrlProcessor(fhirContext, servletRequestDetails, httpServletRequest, httpServletResponse));
    }

    private void processResourcesOrCompartments(RequestDetails requestDetails, RuntimeResourceDefinition runtimeResourceDefinition, HashMap<String, List<String>> hashMap, Collection<String> collection, boolean z) {
        String str = null;
        String str2 = null;
        for (String str3 : collection) {
            Validate.isTrue(StringUtils.countMatches(str3, '/') == 1, "Invalid compartment name (must be in form \"ResourceType/xxx\": %s", new Object[]{str3});
            String substring = str3.substring(0, str3.indexOf(47));
            String str4 = null;
            if (substring.equalsIgnoreCase(str)) {
                str4 = str2;
            } else {
                if (substring.equalsIgnoreCase(requestDetails.getResourceName())) {
                    str4 = IAnyResource.SP_RES_ID;
                } else if (z) {
                    List<RuntimeSearchParam> searchParamsForCompartmentName = runtimeResourceDefinition.getSearchParamsForCompartmentName(substring);
                    if (searchParamsForCompartmentName.size() > 0) {
                        str4 = searchParamsForCompartmentName.stream().filter(runtimeSearchParam -> {
                            return runtimeSearchParam.getName().equalsIgnoreCase(substring);
                        }).findFirst().orElse(searchParamsForCompartmentName.get(0)).getName();
                    }
                }
                str = substring;
                str2 = str4;
            }
            if (str4 != null) {
                hashMap.computeIfAbsent(str4, str5 -> {
                    return new ArrayList();
                }).add(str3);
            }
        }
    }
}
