package ca.uhn.fhir.rest.server.interceptor.auth;

import ca.uhn.fhir.interceptor.model.RequestPartitionId;
import ca.uhn.fhir.model.api.annotation.ResourceDef;
import ca.uhn.fhir.model.primitive.IdDt;
import ca.uhn.fhir.rest.api.Constants;
import ca.uhn.fhir.rest.api.RestOperationTypeEnum;
import ca.uhn.fhir.rest.api.server.RequestDetails;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.Validate;
import org.hl7.fhir.instance.model.api.IBaseResource;
import org.hl7.fhir.instance.model.api.IIdType;
import org.springframework.beans.factory.support.PropertiesBeanDefinitionReader;

/* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder.class */
public class RuleBuilder implements IAuthRuleBuilder {
    private static final ConcurrentHashMap<Class<? extends IBaseResource>, String> ourTypeToName = new ConcurrentHashMap<>();
    private final ArrayList<IAuthRule> myRules = new ArrayList<>();
    private IAuthRuleBuilderRule myAllow;
    private IAuthRuleBuilderRule myDeny;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder$RuleBuilderFinished.class */
    public class RuleBuilderFinished implements IAuthRuleFinished, IAuthRuleBuilderRuleOpClassifierFinished, IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId {
        protected final BaseRule myOpRule;
        private List<IAuthRuleTester> myTesters;
        static final /* synthetic */ boolean $assertionsDisabled;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder$RuleBuilderFinished$TenantCheckingTester.class */
        public class TenantCheckingTester implements IAuthRuleTester {
            private final Collection<String> myTenantIds;
            private final boolean myOutcome;

            public TenantCheckingTester(Collection<String> collection, boolean z) {
                this.myTenantIds = collection;
                this.myOutcome = z;
            }

            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleTester
            public boolean matches(RestOperationTypeEnum restOperationTypeEnum, RequestDetails requestDetails, IIdType iIdType, IBaseResource iBaseResource) {
                return !this.myTenantIds.contains(requestDetails.getTenantId()) ? !this.myOutcome : matchesResource(iBaseResource);
            }

            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleTester
            public boolean matchesOutput(RestOperationTypeEnum restOperationTypeEnum, RequestDetails requestDetails, IBaseResource iBaseResource) {
                return !this.myTenantIds.contains(requestDetails.getTenantId()) ? !this.myOutcome : matchesResource(iBaseResource);
            }

            private boolean matchesResource(IBaseResource iBaseResource) {
                RequestPartitionId requestPartitionId;
                String firstPartitionNameOrNull;
                return (iBaseResource == null || (requestPartitionId = (RequestPartitionId) iBaseResource.getUserData(Constants.RESOURCE_PARTITION_ID)) == null || ((firstPartitionNameOrNull = requestPartitionId.getFirstPartitionNameOrNull()) != null && this.myTenantIds.contains(firstPartitionNameOrNull))) ? this.myOutcome : !this.myOutcome;
            }
        }

        RuleBuilderFinished(BaseRule baseRule) {
            if (!$assertionsDisabled && baseRule == null) {
                throw new AssertionError();
            }
            this.myOpRule = baseRule;
        }

        @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleFinished
        public IAuthRuleBuilder andThen() {
            doBuildRule();
            return RuleBuilder.this;
        }

        @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleFinished
        public List<IAuthRule> build() {
            doBuildRule();
            return RuleBuilder.this.myRules;
        }

        protected void doBuildRule() {
        }

        @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleOpClassifierFinished
        public IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId forTenantIds(String... strArr) {
            return forTenantIds(Arrays.asList((String[]) ObjectUtils.defaultIfNull(strArr, Constants.EMPTY_STRING_ARRAY)));
        }

        @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleOpClassifierFinished
        public IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId forTenantIds(Collection<String> collection) {
            withTester(new TenantCheckingTester(collection, true));
            return this;
        }

        List<IAuthRuleTester> getTesters() {
            return this.myTesters == null ? Collections.emptyList() : this.myTesters;
        }

        @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleOpClassifierFinished
        public IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId notForTenantIds(String... strArr) {
            return notForTenantIds(Arrays.asList((String[]) ObjectUtils.defaultIfNull(strArr, Constants.EMPTY_STRING_ARRAY)));
        }

        @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleOpClassifierFinished
        public IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId notForTenantIds(Collection<String> collection) {
            withTester(new TenantCheckingTester(collection, false));
            return this;
        }

        @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleFinished
        public IAuthRuleFinished withTester(IAuthRuleTester iAuthRuleTester) {
            if (iAuthRuleTester != null) {
                if (this.myTesters == null) {
                    this.myTesters = new ArrayList();
                }
                this.myTesters.add(iAuthRuleTester);
                this.myOpRule.addTester(iAuthRuleTester);
            }
            return this;
        }

        static {
            $assertionsDisabled = !RuleBuilder.class.desiredAssertionStatus();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder$RuleBuilderRule.class */
    public class RuleBuilderRule implements IAuthRuleBuilderRule {
        private final PolicyEnum myRuleMode;
        private final String myRuleName;
        private RuleBuilderRuleOp myReadRuleBuilder;
        private RuleBuilderRuleOp myWriteRuleBuilder;

        /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder$RuleBuilderRule$PatchBuilder.class */
        private class PatchBuilder implements IAuthRuleBuilderPatch {
            PatchBuilder() {
            }

            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderPatch
            public IAuthRuleFinished allRequests() {
                BaseRule mode = new RuleImplPatch(RuleBuilderRule.this.myRuleName).setAllRequests(true).setMode(RuleBuilderRule.this.myRuleMode);
                RuleBuilder.this.myRules.add(mode);
                return new RuleBuilderFinished(mode);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder$RuleBuilderRule$RuleBuilderBulkExport.class */
        public class RuleBuilderBulkExport implements IAuthRuleBuilderRuleBulkExport {

            /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder$RuleBuilderRule$RuleBuilderBulkExport$RuleBuilderBulkExportWithTarget.class */
            private class RuleBuilderBulkExportWithTarget extends RuleBuilderFinished implements IAuthRuleBuilderRuleBulkExportWithTarget {
                private final RuleBulkExportImpl myRule;

                private RuleBuilderBulkExportWithTarget(RuleBulkExportImpl ruleBulkExportImpl) {
                    super(ruleBulkExportImpl);
                    this.myRule = ruleBulkExportImpl;
                }

                @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleBulkExportWithTarget
                public IAuthRuleBuilderRuleBulkExportWithTarget withResourceTypes(Collection<String> collection) {
                    this.myRule.setResourceTypes(collection);
                    return this;
                }
            }

            private RuleBuilderBulkExport() {
            }

            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleBulkExport
            public IAuthRuleBuilderRuleBulkExportWithTarget groupExportOnGroup(@Nonnull String str) {
                RuleBulkExportImpl ruleBulkExportImpl = new RuleBulkExportImpl(RuleBuilderRule.this.myRuleName);
                ruleBulkExportImpl.setAppliesToGroupExportOnGroup(str);
                ruleBulkExportImpl.setMode(RuleBuilderRule.this.myRuleMode);
                RuleBuilder.this.myRules.add(ruleBulkExportImpl);
                return new RuleBuilderBulkExportWithTarget(ruleBulkExportImpl);
            }

            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleBulkExport
            public IAuthRuleBuilderRuleBulkExportWithTarget patientExportOnGroup(@Nonnull String str) {
                RuleBulkExportImpl ruleBulkExportImpl = new RuleBulkExportImpl(RuleBuilderRule.this.myRuleName);
                ruleBulkExportImpl.setAppliesToPatientExportOnGroup(str);
                ruleBulkExportImpl.setMode(RuleBuilderRule.this.myRuleMode);
                RuleBuilder.this.myRules.add(ruleBulkExportImpl);
                return new RuleBuilderBulkExportWithTarget(ruleBulkExportImpl);
            }

            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleBulkExport
            public IAuthRuleBuilderRuleBulkExportWithTarget systemExport() {
                RuleBulkExportImpl ruleBulkExportImpl = new RuleBulkExportImpl(RuleBuilderRule.this.myRuleName);
                ruleBulkExportImpl.setAppliesToSystem();
                ruleBulkExportImpl.setMode(RuleBuilderRule.this.myRuleMode);
                RuleBuilder.this.myRules.add(ruleBulkExportImpl);
                return new RuleBuilderBulkExportWithTarget(ruleBulkExportImpl);
            }

            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleBulkExport
            public IAuthRuleBuilderRuleBulkExportWithTarget any() {
                RuleBulkExportImpl ruleBulkExportImpl = new RuleBulkExportImpl(RuleBuilderRule.this.myRuleName);
                ruleBulkExportImpl.setAppliesToAny();
                ruleBulkExportImpl.setMode(RuleBuilderRule.this.myRuleMode);
                RuleBuilder.this.myRules.add(ruleBulkExportImpl);
                return new RuleBuilderBulkExportWithTarget(ruleBulkExportImpl);
            }
        }

        /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder$RuleBuilderRule$RuleBuilderGraphQL.class */
        private class RuleBuilderGraphQL implements IAuthRuleBuilderGraphQL {
            private RuleBuilderGraphQL() {
            }

            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderGraphQL
            public IAuthRuleFinished any() {
                RuleImplOp ruleImplOp = new RuleImplOp(RuleBuilderRule.this.myRuleName);
                ruleImplOp.setOp(RuleOpEnum.GRAPHQL);
                ruleImplOp.setMode(RuleBuilderRule.this.myRuleMode);
                RuleBuilder.this.myRules.add(ruleImplOp);
                return new RuleBuilderFinished(ruleImplOp);
            }
        }

        /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder$RuleBuilderRule$RuleBuilderRuleConditional.class */
        private class RuleBuilderRuleConditional implements IAuthRuleBuilderRuleConditional {
            private AppliesTypeEnum myAppliesTo;
            private Set<String> myAppliesToTypes;
            private final RestOperationTypeEnum myOperationType;

            /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder$RuleBuilderRule$RuleBuilderRuleConditional$RuleBuilderRuleConditionalClassifier.class */
            public class RuleBuilderRuleConditionalClassifier extends RuleBuilderFinished implements IAuthRuleBuilderRuleConditionalClassifier {
                RuleBuilderRuleConditionalClassifier() {
                    super(new RuleImplConditional(RuleBuilderRule.this.myRuleName));
                }

                @Override // ca.uhn.fhir.rest.server.interceptor.auth.RuleBuilder.RuleBuilderFinished
                protected void doBuildRule() {
                    RuleImplConditional ruleImplConditional = (RuleImplConditional) this.myOpRule;
                    ruleImplConditional.setMode(RuleBuilderRule.this.myRuleMode);
                    ruleImplConditional.setOperationType(RuleBuilderRuleConditional.this.myOperationType);
                    ruleImplConditional.setAppliesTo(RuleBuilderRuleConditional.this.myAppliesTo);
                    ruleImplConditional.setAppliesToTypes(RuleBuilderRuleConditional.this.myAppliesToTypes);
                    ruleImplConditional.addTesters(getTesters());
                    RuleBuilder.this.myRules.add(ruleImplConditional);
                }

                @Override // ca.uhn.fhir.rest.server.interceptor.auth.RuleBuilder.RuleBuilderFinished, ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleFinished
                public /* bridge */ /* synthetic */ IAuthRuleFinished withTester(IAuthRuleTester iAuthRuleTester) {
                    return super.withTester(iAuthRuleTester);
                }

                @Override // ca.uhn.fhir.rest.server.interceptor.auth.RuleBuilder.RuleBuilderFinished, ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleOpClassifierFinished
                public /* bridge */ /* synthetic */ IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId notForTenantIds(Collection collection) {
                    return super.notForTenantIds((Collection<String>) collection);
                }

                @Override // ca.uhn.fhir.rest.server.interceptor.auth.RuleBuilder.RuleBuilderFinished, ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleOpClassifierFinished
                public /* bridge */ /* synthetic */ IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId notForTenantIds(String[] strArr) {
                    return super.notForTenantIds(strArr);
                }

                @Override // ca.uhn.fhir.rest.server.interceptor.auth.RuleBuilder.RuleBuilderFinished, ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleOpClassifierFinished
                public /* bridge */ /* synthetic */ IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId forTenantIds(Collection collection) {
                    return super.forTenantIds((Collection<String>) collection);
                }

                @Override // ca.uhn.fhir.rest.server.interceptor.auth.RuleBuilder.RuleBuilderFinished, ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleOpClassifierFinished
                public /* bridge */ /* synthetic */ IAuthRuleBuilderRuleOpClassifierFinishedWithTenantId forTenantIds(String[] strArr) {
                    return super.forTenantIds(strArr);
                }

                @Override // ca.uhn.fhir.rest.server.interceptor.auth.RuleBuilder.RuleBuilderFinished, ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleFinished
                public /* bridge */ /* synthetic */ List build() {
                    return super.build();
                }

                @Override // ca.uhn.fhir.rest.server.interceptor.auth.RuleBuilder.RuleBuilderFinished, ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleFinished
                public /* bridge */ /* synthetic */ IAuthRuleBuilder andThen() {
                    return super.andThen();
                }
            }

            RuleBuilderRuleConditional(RestOperationTypeEnum restOperationTypeEnum) {
                this.myOperationType = restOperationTypeEnum;
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderAppliesTo
            public IAuthRuleBuilderRuleConditionalClassifier allResources() {
                this.myAppliesTo = AppliesTypeEnum.ALL_RESOURCES;
                return new RuleBuilderRuleConditionalClassifier();
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderAppliesTo
            public IAuthRuleBuilderRuleConditionalClassifier resourcesOfType(Class<? extends IBaseResource> cls) {
                Validate.notNull(cls, "theType must not be null", new Object[0]);
                return resourcesOfType(RuleBuilder.toTypeName(cls));
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderAppliesTo
            public IAuthRuleBuilderRuleConditionalClassifier resourcesOfType(String str) {
                this.myAppliesTo = AppliesTypeEnum.TYPES;
                this.myAppliesToTypes = Collections.singleton(str);
                return new RuleBuilderRuleConditionalClassifier();
            }

            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderAppliesTo
            public /* bridge */ /* synthetic */ IAuthRuleBuilderRuleConditionalClassifier resourcesOfType(Class cls) {
                return resourcesOfType((Class<? extends IBaseResource>) cls);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder$RuleBuilderRule$RuleBuilderRuleOp.class */
        public class RuleBuilderRuleOp implements IAuthRuleBuilderRuleOp, IAuthRuleBuilderRuleOpDelete {
            private final RuleOpEnum myRuleOp;
            private RuleBuilderRuleOpClassifier myInstancesBuilder;
            private boolean myOnCascade;
            private boolean myOnExpunge;

            /* JADX INFO: Access modifiers changed from: private */
            /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder$RuleBuilderRule$RuleBuilderRuleOp$RuleBuilderRuleOpClassifier.class */
            public class RuleBuilderRuleOpClassifier implements IAuthRuleBuilderRuleOpClassifier {
                private final AppliesTypeEnum myAppliesTo;
                private final Set<String> myAppliesToTypes;
                private ClassifierTypeEnum myClassifierType;
                private String myInCompartmentName;
                private Collection<? extends IIdType> myInCompartmentOwners;
                private Collection<IIdType> myAppliesToInstances;
                private RuleImplOp myRule;

                RuleBuilderRuleOpClassifier(AppliesTypeEnum appliesTypeEnum, Set<String> set) {
                    this.myAppliesTo = appliesTypeEnum;
                    this.myAppliesToTypes = set;
                }

                RuleBuilderRuleOpClassifier(Collection<IIdType> collection) {
                    this.myAppliesToInstances = collection;
                    this.myAppliesTo = AppliesTypeEnum.INSTANCES;
                    this.myAppliesToTypes = null;
                }

                /* JADX INFO: Access modifiers changed from: private */
                public RuleBuilderFinished finished() {
                    Validate.isTrue(this.myRule == null, "Can not call finished() twice", new Object[0]);
                    this.myRule = new RuleImplOp(RuleBuilderRule.this.myRuleName);
                    this.myRule.setMode(RuleBuilderRule.this.myRuleMode);
                    this.myRule.setOp(RuleBuilderRuleOp.this.myRuleOp);
                    this.myRule.setAppliesTo(this.myAppliesTo);
                    this.myRule.setAppliesToTypes(this.myAppliesToTypes);
                    this.myRule.setAppliesToInstances(this.myAppliesToInstances);
                    this.myRule.setClassifierType(this.myClassifierType);
                    this.myRule.setClassifierCompartmentName(this.myInCompartmentName);
                    this.myRule.setClassifierCompartmentOwners(this.myInCompartmentOwners);
                    this.myRule.setAppliesToDeleteCascade(RuleBuilderRuleOp.this.myOnCascade);
                    this.myRule.setAppliesToDeleteExpunge(RuleBuilderRuleOp.this.myOnExpunge);
                    RuleBuilder.this.myRules.add(this.myRule);
                    return new RuleBuilderFinished(this.myRule);
                }

                @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleOpClassifier
                public IAuthRuleBuilderRuleOpClassifierFinished inCompartment(String str, Collection<? extends IIdType> collection) {
                    Validate.notBlank(str, "theCompartmentName must not be null", new Object[0]);
                    Validate.notNull(collection, "theOwners must not be null", new Object[0]);
                    Validate.noNullElements(collection, "theOwners must not contain any null elements", new Object[0]);
                    Iterator<? extends IIdType> it = collection.iterator();
                    while (it.hasNext()) {
                        validateOwner(it.next());
                    }
                    this.myInCompartmentName = str;
                    this.myInCompartmentOwners = collection;
                    this.myClassifierType = ClassifierTypeEnum.IN_COMPARTMENT;
                    return finished();
                }

                @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleOpClassifier
                public IAuthRuleBuilderRuleOpClassifierFinished inCompartment(String str, IIdType iIdType) {
                    Validate.notBlank(str, "theCompartmentName must not be null", new Object[0]);
                    Validate.notNull(iIdType, "theOwner must not be null", new Object[0]);
                    validateOwner(iIdType);
                    this.myClassifierType = ClassifierTypeEnum.IN_COMPARTMENT;
                    this.myInCompartmentName = str;
                    Optional<RuleImplOp> findMatchingRule = findMatchingRule();
                    if (!findMatchingRule.isPresent()) {
                        this.myInCompartmentOwners = Collections.singletonList(iIdType);
                        return finished();
                    }
                    RuleImplOp ruleImplOp = findMatchingRule.get();
                    ruleImplOp.addClassifierCompartmentOwner(iIdType);
                    return new RuleBuilderFinished(ruleImplOp);
                }

                private Optional<RuleImplOp> findMatchingRule() {
                    Stream stream = RuleBuilder.this.myRules.stream();
                    Class<RuleImplOp> cls = RuleImplOp.class;
                    Objects.requireNonNull(RuleImplOp.class);
                    Stream filter = stream.filter((v1) -> {
                        return r1.isInstance(v1);
                    });
                    Class<RuleImplOp> cls2 = RuleImplOp.class;
                    Objects.requireNonNull(RuleImplOp.class);
                    return filter.map((v1) -> {
                        return r1.cast(v1);
                    }).filter(ruleImplOp -> {
                        return ruleImplOp.matches(RuleBuilderRuleOp.this.myRuleOp, this.myAppliesTo, this.myAppliesToInstances, this.myAppliesToTypes, this.myClassifierType, this.myInCompartmentName);
                    }).findFirst();
                }

                private void validateOwner(IIdType iIdType) {
                    Validate.notBlank(iIdType.getIdPart(), "owner.getIdPart() must not be null or empty", new Object[0]);
                    Validate.notBlank(iIdType.getIdPart(), "owner.getResourceType() must not be null or empty", new Object[0]);
                }

                @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleOpClassifier
                public IAuthRuleBuilderRuleOpClassifierFinished withAnyId() {
                    this.myClassifierType = ClassifierTypeEnum.ANY_ID;
                    return finished();
                }

                RuleBuilderFinished addInstances(Collection<IIdType> collection) {
                    this.myAppliesToInstances.addAll(collection);
                    return new RuleBuilderFinished(this.myRule);
                }
            }

            RuleBuilderRuleOp(RuleOpEnum ruleOpEnum) {
                this.myRuleOp = ruleOpEnum;
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderAppliesTo
            public IAuthRuleBuilderRuleOpClassifier allResources() {
                return new RuleBuilderRuleOpClassifier(AppliesTypeEnum.ALL_RESOURCES, null);
            }

            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleOp
            public IAuthRuleFinished instance(String str) {
                Validate.notBlank(str, "theId must not be null or empty", new Object[0]);
                return instance(new IdDt(str));
            }

            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleOp
            public IAuthRuleFinished instance(IIdType iIdType) {
                Validate.notNull(iIdType, "theId must not be null", new Object[0]);
                Validate.notBlank(iIdType.getValue(), "theId.getValue() must not be null or empty", new Object[0]);
                Validate.notBlank(iIdType.getIdPart(), "theId must contain an ID part", new Object[0]);
                return instances((Collection<IIdType>) Lists.newArrayList(iIdType));
            }

            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleOp
            public RuleBuilderFinished instances(Collection<IIdType> collection) {
                Validate.notNull(collection, "theInstances must not be null", new Object[0]);
                Validate.notEmpty(collection, "theInstances must not be empty", new Object[0]);
                if (this.myInstancesBuilder != null) {
                    return this.myInstancesBuilder.addInstances(collection);
                }
                RuleBuilderRuleOpClassifier ruleBuilderRuleOpClassifier = new RuleBuilderRuleOpClassifier(collection);
                this.myInstancesBuilder = ruleBuilderRuleOpClassifier;
                return ruleBuilderRuleOpClassifier.finished();
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderAppliesTo
            public IAuthRuleBuilderRuleOpClassifier resourcesOfType(Class<? extends IBaseResource> cls) {
                Validate.notNull(cls, "theType must not be null", new Object[0]);
                return resourcesOfType(RuleBuilder.toTypeName(cls));
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderAppliesTo
            public IAuthRuleBuilderRuleOpClassifier resourcesOfType(String str) {
                Validate.notNull(str, "theType must not be null", new Object[0]);
                return new RuleBuilderRuleOpClassifier(AppliesTypeEnum.TYPES, Collections.singleton(str));
            }

            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleOpDelete
            public IAuthRuleBuilderRuleOp onCascade() {
                this.myOnCascade = true;
                return this;
            }

            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleOpDelete
            public IAuthRuleBuilderRuleOp onExpunge() {
                this.myOnExpunge = true;
                return this;
            }

            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleOp
            public /* bridge */ /* synthetic */ IAuthRuleFinished instances(Collection collection) {
                return instances((Collection<IIdType>) collection);
            }

            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderAppliesTo
            public /* bridge */ /* synthetic */ IAuthRuleBuilderRuleOpClassifier resourcesOfType(Class cls) {
                return resourcesOfType((Class<? extends IBaseResource>) cls);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder$RuleBuilderRule$RuleBuilderRuleOperation.class */
        public class RuleBuilderRuleOperation implements IAuthRuleBuilderOperation {

            /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder$RuleBuilderRule$RuleBuilderRuleOperation$RuleBuilderRuleOperationNamed.class */
            private class RuleBuilderRuleOperationNamed implements IAuthRuleBuilderOperationNamed {
                private final String myOperationName;

                /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder$RuleBuilderRule$RuleBuilderRuleOperation$RuleBuilderRuleOperationNamed$RuleBuilderOperationNamedAndScoped.class */
                private class RuleBuilderOperationNamedAndScoped implements IAuthRuleBuilderOperationNamedAndScoped {
                    private final OperationRule myRule;

                    RuleBuilderOperationNamedAndScoped(OperationRule operationRule) {
                        this.myRule = operationRule;
                    }

                    @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderOperationNamedAndScoped
                    public IAuthRuleBuilderRuleOpClassifierFinished andAllowAllResponses() {
                        this.myRule.allowAllResponses();
                        RuleBuilder.this.myRules.add(this.myRule);
                        return new RuleBuilderFinished(this.myRule);
                    }

                    @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderOperationNamedAndScoped
                    public IAuthRuleBuilderRuleOpClassifierFinished andRequireExplicitResponseAuthorization() {
                        RuleBuilder.this.myRules.add(this.myRule);
                        return new RuleBuilderFinished(this.myRule);
                    }
                }

                RuleBuilderRuleOperationNamed(String str) {
                    if (str == null || str.startsWith(PropertiesBeanDefinitionReader.CONSTRUCTOR_ARG_PREFIX)) {
                        this.myOperationName = str;
                    } else {
                        this.myOperationName = '$' + str;
                    }
                }

                private OperationRule createRule() {
                    OperationRule operationRule = new OperationRule(RuleBuilderRule.this.myRuleName);
                    operationRule.setOperationName(this.myOperationName);
                    operationRule.setMode(RuleBuilderRule.this.myRuleMode);
                    return operationRule;
                }

                @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderOperationNamed
                public IAuthRuleBuilderOperationNamedAndScoped onAnyInstance() {
                    OperationRule createRule = createRule();
                    createRule.appliesToAnyInstance();
                    return new RuleBuilderOperationNamedAndScoped(createRule);
                }

                @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderOperationNamed
                public IAuthRuleBuilderOperationNamedAndScoped atAnyLevel() {
                    OperationRule createRule = createRule();
                    createRule.appliesAtAnyLevel(true);
                    return new RuleBuilderOperationNamedAndScoped(createRule);
                }

                @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderOperationNamed
                public IAuthRuleBuilderOperationNamedAndScoped onAnyType() {
                    OperationRule createRule = createRule();
                    createRule.appliesToAnyType();
                    return new RuleBuilderOperationNamedAndScoped(createRule);
                }

                @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderOperationNamed
                public IAuthRuleBuilderOperationNamedAndScoped onInstance(IIdType iIdType) {
                    Validate.notNull(iIdType, "theInstanceId must not be null", new Object[0]);
                    Validate.notBlank(iIdType.getResourceType(), "theInstanceId does not have a resource type", new Object[0]);
                    Validate.notBlank(iIdType.getIdPart(), "theInstanceId does not have an ID part", new Object[0]);
                    OperationRule createRule = createRule();
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(iIdType);
                    createRule.appliesToInstances(arrayList);
                    return new RuleBuilderOperationNamedAndScoped(createRule);
                }

                @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderOperationNamed
                public IAuthRuleBuilderOperationNamedAndScoped onInstancesOfType(Class<? extends IBaseResource> cls) {
                    validateType(cls);
                    OperationRule createRule = createRule();
                    createRule.appliesToInstancesOfType(toTypeSet(cls));
                    return new RuleBuilderOperationNamedAndScoped(createRule);
                }

                @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderOperationNamed
                public IAuthRuleBuilderOperationNamedAndScoped onServer() {
                    OperationRule createRule = createRule();
                    createRule.appliesToServer();
                    return new RuleBuilderOperationNamedAndScoped(createRule);
                }

                @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderOperationNamed
                public IAuthRuleBuilderOperationNamedAndScoped onType(Class<? extends IBaseResource> cls) {
                    validateType(cls);
                    OperationRule createRule = createRule();
                    createRule.appliesToTypes(toTypeSet(cls));
                    return new RuleBuilderOperationNamedAndScoped(createRule);
                }

                private HashSet<Class<? extends IBaseResource>> toTypeSet(Class<? extends IBaseResource> cls) {
                    HashSet<Class<? extends IBaseResource>> hashSet = new HashSet<>();
                    hashSet.add(cls);
                    return hashSet;
                }

                private void validateType(Class<? extends IBaseResource> cls) {
                    Validate.notNull(cls, "theType must not be null", new Object[0]);
                }
            }

            private RuleBuilderRuleOperation() {
            }

            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderOperation
            public IAuthRuleBuilderOperationNamed named(String str) {
                Validate.notBlank(str, "theOperationName must not be null or empty", new Object[0]);
                return new RuleBuilderRuleOperationNamed(str);
            }

            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderOperation
            public IAuthRuleBuilderOperationNamed withAnyName() {
                return new RuleBuilderRuleOperationNamed(null);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder$RuleBuilderRule$RuleBuilderRuleTransaction.class */
        public class RuleBuilderRuleTransaction implements IAuthRuleBuilderRuleTransaction {

            /* loaded from: input_file:ca/uhn/fhir/rest/server/interceptor/auth/RuleBuilder$RuleBuilderRule$RuleBuilderRuleTransaction$RuleBuilderRuleTransactionOp.class */
            private class RuleBuilderRuleTransactionOp implements IAuthRuleBuilderRuleTransactionOp {
                private RuleBuilderRuleTransactionOp() {
                }

                @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleTransactionOp
                public IAuthRuleBuilderRuleOpClassifierFinished andApplyNormalRules() {
                    RuleImplOp ruleImplOp = new RuleImplOp(RuleBuilderRule.this.myRuleName);
                    ruleImplOp.setMode(RuleBuilderRule.this.myRuleMode);
                    ruleImplOp.setOp(RuleOpEnum.TRANSACTION);
                    ruleImplOp.setTransactionAppliesToOp(TransactionAppliesToEnum.ANY_OPERATION);
                    RuleBuilder.this.myRules.add(ruleImplOp);
                    return new RuleBuilderFinished(ruleImplOp);
                }
            }

            private RuleBuilderRuleTransaction() {
            }

            @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleTransaction
            public IAuthRuleBuilderRuleTransactionOp withAnyOperation() {
                return new RuleBuilderRuleTransactionOp();
            }
        }

        RuleBuilderRule(PolicyEnum policyEnum, String str) {
            this.myRuleMode = policyEnum;
            this.myRuleName = str;
        }

        @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRule
        public IAuthRuleBuilderRuleConditional createConditional() {
            return new RuleBuilderRuleConditional(RestOperationTypeEnum.CREATE);
        }

        @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRule
        public IAuthRuleBuilderRuleOpDelete delete() {
            return new RuleBuilderRuleOp(RuleOpEnum.DELETE);
        }

        @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRule
        public IAuthRuleBuilderRuleConditional deleteConditional() {
            return new RuleBuilderRuleConditional(RestOperationTypeEnum.DELETE);
        }

        @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRule
        public RuleBuilderFinished metadata() {
            RuleImplOp ruleImplOp = new RuleImplOp(this.myRuleName);
            ruleImplOp.setOp(RuleOpEnum.METADATA);
            ruleImplOp.setMode(this.myRuleMode);
            RuleBuilder.this.myRules.add(ruleImplOp);
            return new RuleBuilderFinished(ruleImplOp);
        }

        @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRule
        public IAuthRuleBuilderOperation operation() {
            return new RuleBuilderRuleOperation();
        }

        @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRule
        public IAuthRuleBuilderPatch patch() {
            return new PatchBuilder();
        }

        @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRule
        public IAuthRuleBuilderRuleOp read() {
            if (this.myReadRuleBuilder == null) {
                this.myReadRuleBuilder = new RuleBuilderRuleOp(RuleOpEnum.READ);
            }
            return this.myReadRuleBuilder;
        }

        @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRule
        public IAuthRuleBuilderRuleTransaction transaction() {
            return new RuleBuilderRuleTransaction();
        }

        @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRule
        public IAuthRuleBuilderRuleConditional updateConditional() {
            return new RuleBuilderRuleConditional(RestOperationTypeEnum.UPDATE);
        }

        @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRule
        public IAuthRuleBuilderRuleOp write() {
            if (this.myWriteRuleBuilder == null) {
                this.myWriteRuleBuilder = new RuleBuilderRuleOp(RuleOpEnum.WRITE);
            }
            return this.myWriteRuleBuilder;
        }

        @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRule
        public IAuthRuleBuilderRuleOp create() {
            if (this.myWriteRuleBuilder == null) {
                this.myWriteRuleBuilder = new RuleBuilderRuleOp(RuleOpEnum.CREATE);
            }
            return this.myWriteRuleBuilder;
        }

        @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRule
        public IAuthRuleBuilderGraphQL graphQL() {
            return new RuleBuilderGraphQL();
        }

        @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRule
        public IAuthRuleBuilderRuleBulkExport bulkExport() {
            return new RuleBuilderBulkExport();
        }
    }

    @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilder
    public IAuthRuleBuilderRule allow() {
        if (this.myAllow == null) {
            this.myAllow = allow(null);
        }
        return this.myAllow;
    }

    @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilder
    public IAuthRuleBuilderRule allow(String str) {
        return new RuleBuilderRule(PolicyEnum.ALLOW, str);
    }

    @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilder
    public IAuthRuleBuilderRuleOpClassifierFinished allowAll() {
        return allowAll(null);
    }

    @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilder
    public IAuthRuleBuilderRuleOpClassifierFinished allowAll(String str) {
        RuleImplOp ruleImplOp = new RuleImplOp(str);
        ruleImplOp.setOp(RuleOpEnum.ALL);
        ruleImplOp.setMode(PolicyEnum.ALLOW);
        this.myRules.add(ruleImplOp);
        return new RuleBuilderFinished(ruleImplOp);
    }

    @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilder
    public List<IAuthRule> build() {
        return this.myRules;
    }

    @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilder
    public IAuthRuleBuilderRule deny() {
        if (this.myDeny == null) {
            this.myDeny = deny(null);
        }
        return this.myDeny;
    }

    @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilder
    public IAuthRuleBuilderRule deny(String str) {
        return new RuleBuilderRule(PolicyEnum.DENY, str);
    }

    @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilder
    public IAuthRuleBuilderRuleOpClassifierFinished denyAll() {
        return denyAll(null);
    }

    @Override // ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilder
    public IAuthRuleBuilderRuleOpClassifierFinished denyAll(String str) {
        RuleImplOp ruleImplOp = new RuleImplOp(str);
        ruleImplOp.setOp(RuleOpEnum.ALL);
        ruleImplOp.setMode(PolicyEnum.DENY);
        this.myRules.add(ruleImplOp);
        return new RuleBuilderFinished(ruleImplOp);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String toTypeName(Class<? extends IBaseResource> cls) {
        String str = ourTypeToName.get(cls);
        if (str == null) {
            str = ((ResourceDef) cls.getAnnotation(ResourceDef.class)).name();
            Validate.notBlank(str, "Could not determine resource type of class %s", new Object[]{cls});
            ourTypeToName.put(cls, str);
        }
        return str;
    }
}
