package ca.uhn.hapi.fhir.docs;

import ca.uhn.fhir.i18n.Msg;
import ca.uhn.fhir.interceptor.api.HookParams;
import ca.uhn.fhir.interceptor.api.IInterceptorBroadcaster;
import ca.uhn.fhir.interceptor.api.Pointcut;
import ca.uhn.fhir.rest.annotation.ConditionalUrlParam;
import ca.uhn.fhir.rest.annotation.IdParam;
import ca.uhn.fhir.rest.annotation.ResourceParam;
import ca.uhn.fhir.rest.annotation.Update;
import ca.uhn.fhir.rest.api.MethodOutcome;
import ca.uhn.fhir.rest.api.server.RequestDetails;
import ca.uhn.fhir.rest.api.server.storage.TransactionDetails;
import ca.uhn.fhir.rest.server.IResourceProvider;
import ca.uhn.fhir.rest.server.exceptions.AuthenticationException;
import ca.uhn.fhir.rest.server.interceptor.auth.AdditionalCompartmentSearchParameters;
import ca.uhn.fhir.rest.server.interceptor.auth.AuthorizationInterceptor;
import ca.uhn.fhir.rest.server.interceptor.auth.AuthorizedList;
import ca.uhn.fhir.rest.server.interceptor.auth.IAuthRule;
import ca.uhn.fhir.rest.server.interceptor.auth.IAuthRuleBuilderRuleOpClassifier;
import ca.uhn.fhir.rest.server.interceptor.auth.PolicyEnum;
import ca.uhn.fhir.rest.server.interceptor.auth.RuleBuilder;
import ca.uhn.fhir.rest.server.interceptor.auth.SearchNarrowingInterceptor;
import ca.uhn.fhir.rest.server.servlet.ServletRequestDetails;
import com.google.common.collect.Lists;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.hl7.fhir.dstu3.model.IdType;
import org.hl7.fhir.instance.model.api.IBaseResource;
import org.hl7.fhir.r4.model.Patient;

/* loaded from: input_file:ca/uhn/hapi/fhir/docs/AuthorizationInterceptors.class */
public class AuthorizationInterceptors {

    /* loaded from: input_file:ca/uhn/hapi/fhir/docs/AuthorizationInterceptors$MyPatientSearchNarrowingInterceptor.class */
    public class MyPatientSearchNarrowingInterceptor extends SearchNarrowingInterceptor {
        public MyPatientSearchNarrowingInterceptor() {
        }

        protected AuthorizedList buildAuthorizedList(RequestDetails requestDetails) {
            String header = requestDetails.getHeader("Authorization");
            if ("Bearer dfw98h38r".equals(header)) {
                return new AuthorizedList().addCompartment("Patient/123").addCompartment("Patient/456");
            }
            if ("Bearer 39ff939jgg".equals(header)) {
                return new AuthorizedList();
            }
            throw new AuthenticationException(Msg.code(645) + "Unknown bearer token");
        }
    }

    /* loaded from: input_file:ca/uhn/hapi/fhir/docs/AuthorizationInterceptors$PatientAndAdminAuthorizationInterceptor.class */
    public class PatientAndAdminAuthorizationInterceptor extends AuthorizationInterceptor {
        public PatientAndAdminAuthorizationInterceptor() {
        }

        public List<IAuthRule> buildRuleList(RequestDetails requestDetails) {
            IdType idType = null;
            boolean z = false;
            String header = requestDetails.getHeader("Authorization");
            if ("Bearer dfw98h38r".equals(header)) {
                idType = new IdType("Patient", 1L);
            } else {
                if (!"Bearer 39ff939jgg".equals(header)) {
                    throw new AuthenticationException(Msg.code(644) + "Missing or invalid Authorization header value");
                }
                z = true;
            }
            return idType != null ? ((IAuthRuleBuilderRuleOpClassifier) ((IAuthRuleBuilderRuleOpClassifier) new RuleBuilder().allow().read().allResources()).inCompartment("Patient", idType).andThen().allow().write().allResources()).inCompartment("Patient", idType).andThen().denyAll().build() : z ? new RuleBuilder().allowAll().build() : new RuleBuilder().denyAll().build();
        }
    }

    /* loaded from: input_file:ca/uhn/hapi/fhir/docs/AuthorizationInterceptors$PatientResourceProvider.class */
    public class PatientResourceProvider implements IResourceProvider {
        public PatientResourceProvider() {
        }

        public Class<? extends IBaseResource> getResourceType() {
            return Patient.class;
        }

        public MethodOutcome create(@ResourceParam Patient patient, RequestDetails requestDetails) {
            return new MethodOutcome();
        }
    }

    @Update
    public MethodOutcome update(@IdParam IdType idType, @ResourceParam Patient patient, @ConditionalUrlParam String str, ServletRequestDetails servletRequestDetails, IInterceptorBroadcaster iInterceptorBroadcaster) {
        if (StringUtils.isNotBlank(str)) {
            new IdType("Patient", "1123");
        }
        patient.setId(idType.withVersion("2"));
        iInterceptorBroadcaster.callHooks(Pointcut.STORAGE_PRESTORAGE_RESOURCE_UPDATED, new HookParams().add(IBaseResource.class, patient).add(IBaseResource.class, patient).add(RequestDetails.class, servletRequestDetails).add(ServletRequestDetails.class, servletRequestDetails).add(TransactionDetails.class, new TransactionDetails()));
        MethodOutcome methodOutcome = new MethodOutcome();
        methodOutcome.setCreated(true);
        methodOutcome.setResource(patient);
        return methodOutcome;
    }

    public void authorizeTenantAction() {
        new AuthorizationInterceptor(PolicyEnum.DENY) { // from class: ca.uhn.hapi.fhir.docs.AuthorizationInterceptors.1
            public List<IAuthRule> buildRuleList(RequestDetails requestDetails) {
                return ((IAuthRuleBuilderRuleOpClassifier) new RuleBuilder().allow().read().resourcesOfType(Patient.class)).withAnyId().forTenantIds(new String[]{"TENANTA"}).andThen().build();
            }
        };
        new AuthorizationInterceptor(PolicyEnum.DENY) { // from class: ca.uhn.hapi.fhir.docs.AuthorizationInterceptors.2
            public List<IAuthRule> buildRuleList(RequestDetails requestDetails) {
                return ((IAuthRuleBuilderRuleOpClassifier) new RuleBuilder().allow().patch().allRequests().andThen().allow().write().allResources()).inCompartment("Patient", new IdType("Patient/123")).andThen().build();
            }
        };
        new AuthorizationInterceptor(PolicyEnum.DENY) { // from class: ca.uhn.hapi.fhir.docs.AuthorizationInterceptors.3
            public List<IAuthRule> buildRuleList(RequestDetails requestDetails) {
                return new RuleBuilder().allow().bulkExport().systemExport().withResourceTypes(Lists.newArrayList(new String[]{"Patient", "Encounter", "Observation"})).build();
            }
        };
        new AuthorizationInterceptor(PolicyEnum.DENY) { // from class: ca.uhn.hapi.fhir.docs.AuthorizationInterceptors.4
            public List<IAuthRule> buildRuleList(RequestDetails requestDetails) {
                AdditionalCompartmentSearchParameters additionalCompartmentSearchParameters = new AdditionalCompartmentSearchParameters();
                additionalCompartmentSearchParameters.addSearchParameters(new String[]{"device:patient", "device:subject"});
                return ((IAuthRuleBuilderRuleOpClassifier) new RuleBuilder().allow().read().allResources()).inCompartmentWithAdditionalSearchParams("Patient", new IdType("Patient/123"), additionalCompartmentSearchParameters).build();
            }
        };
    }
}
