package dev.dsf.fhir.authorization;

import dev.dsf.common.auth.conf.Identity;
import dev.dsf.fhir.authentication.OrganizationProvider;
import dev.dsf.fhir.authorization.read.ReadAccessHelper;
import dev.dsf.fhir.dao.EndpointDao;
import dev.dsf.fhir.dao.provider.DaoProvider;
import dev.dsf.fhir.help.ParameterConverter;
import dev.dsf.fhir.search.SearchQuery;
import dev.dsf.fhir.search.SearchQueryParameterError;
import dev.dsf.fhir.search.parameters.EndpointAddress;
import dev.dsf.fhir.service.ReferenceResolver;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.hl7.fhir.r4.model.Endpoint;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dev/dsf/fhir/authorization/EndpointAuthorizationRule.class */
public class EndpointAuthorizationRule extends AbstractMetaTagAuthorizationRule<Endpoint, EndpointDao> {
    private static final String ENDPOINT_IDENTIFIER_SYSTEM = "http://dsf.dev/sid/endpoint-identifier";
    private static final Logger logger = LoggerFactory.getLogger(EndpointAuthorizationRule.class);
    private static final String ENDPOINT_ADDRESS_PATTERN_STRING = "https://([0-9a-zA-Z\\.-]+)+(:\\d{1,4})?([-\\w/]*)";
    private static final Pattern ENDPOINT_ADDRESS_PATTERN = Pattern.compile(ENDPOINT_ADDRESS_PATTERN_STRING);

    public EndpointAuthorizationRule(DaoProvider daoProvider, String str, ReferenceResolver referenceResolver, OrganizationProvider organizationProvider, ReadAccessHelper readAccessHelper, ParameterConverter parameterConverter) {
        super(Endpoint.class, daoProvider, str, referenceResolver, organizationProvider, readAccessHelper, parameterConverter);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // dev.dsf.fhir.authorization.AbstractMetaTagAuthorizationRule
    public Optional<String> newResourceOkForCreate(Connection connection, Identity identity, Endpoint endpoint) {
        return newResourceOk(connection, identity, endpoint);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // dev.dsf.fhir.authorization.AbstractMetaTagAuthorizationRule
    public Optional<String> newResourceOkForUpdate(Connection connection, Identity identity, Endpoint endpoint) {
        return newResourceOk(connection, identity, endpoint);
    }

    private Optional<String> newResourceOk(Connection connection, Identity identity, Endpoint endpoint) {
        ArrayList arrayList = new ArrayList();
        if (!endpoint.hasIdentifier()) {
            arrayList.add("Endpoint.identifier missing");
        } else if (endpoint.getIdentifier().stream().filter(identifier -> {
            return identifier.hasSystem() && identifier.hasValue() && ENDPOINT_IDENTIFIER_SYSTEM.equals(identifier.getSystem());
        }).count() != 1) {
            arrayList.add("Endpoint.identifier one with system 'http://dsf.dev/sid/endpoint-identifier' and non empty value expected");
        }
        if (!endpoint.hasAddress()) {
            arrayList.add("Endpoint.address missing");
        } else if (!ENDPOINT_ADDRESS_PATTERN.matcher(endpoint.getAddress()).matches()) {
            arrayList.add("Endpoint.address not matching https://([0-9a-zA-Z\\.-]+)+(:\\d{1,4})?([-\\w/]*) pattern");
        }
        if (!hasValidReadAccessTag(connection, endpoint)) {
            arrayList.add("Endpoint is missing valid read access tag");
        }
        return arrayList.isEmpty() ? Optional.empty() : Optional.of((String) arrayList.stream().collect(Collectors.joining(", ")));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // dev.dsf.fhir.authorization.AbstractMetaTagAuthorizationRule
    public boolean resourceExists(Connection connection, Endpoint endpoint) {
        return endpointWithAddressExists(connection, endpoint.getAddress()) || endpointWithIdentifierExists(connection, (String) endpoint.getIdentifier().stream().filter(identifier -> {
            return identifier.hasSystem() && identifier.hasValue() && ENDPOINT_IDENTIFIER_SYSTEM.equals(identifier.getSystem());
        }).map(identifier2 -> {
            return identifier2.getValue();
        }).findFirst().orElseThrow());
    }

    private boolean endpointWithAddressExists(Connection connection, String str) {
        Map<String, List<String>> of = Map.of(EndpointAddress.PARAMETER_NAME, Collections.singletonList(str));
        EndpointDao endpointDao = (EndpointDao) getDao();
        SearchQuery configureParameters = endpointDao.createSearchQueryWithoutUserFilter(0, 0).configureParameters(of);
        List<SearchQueryParameterError> unsupportedQueryParameters = configureParameters.getUnsupportedQueryParameters();
        if (!unsupportedQueryParameters.isEmpty()) {
            logger.warn("Unable to search for Endpoint: Unsupported query parameters: {}", unsupportedQueryParameters);
            throw new IllegalStateException("Unable to search for Endpoint: Unsupported query parameters");
        }
        try {
            return endpointDao.searchWithTransaction(connection, configureParameters).getTotal() >= 1;
        } catch (SQLException e) {
            logger.warn("Unable to search for Endpoint", e);
            throw new RuntimeException("Unable to search for Endpoint", e);
        }
    }

    private boolean endpointWithIdentifierExists(Connection connection, String str) {
        Map<String, List<String>> of = Map.of("identifier", Collections.singletonList("http://dsf.dev/sid/endpoint-identifier|" + str));
        EndpointDao endpointDao = (EndpointDao) getDao();
        SearchQuery configureParameters = endpointDao.createSearchQueryWithoutUserFilter(0, 0).configureParameters(of);
        List<SearchQueryParameterError> unsupportedQueryParameters = configureParameters.getUnsupportedQueryParameters();
        if (!unsupportedQueryParameters.isEmpty()) {
            logger.warn("Unable to search for Endpoint: Unsupported query parameters: {}", unsupportedQueryParameters);
            throw new IllegalStateException("Unable to search for Endpoint: Unsupported query parameters");
        }
        try {
            return endpointDao.searchWithTransaction(connection, configureParameters).getTotal() >= 1;
        } catch (SQLException e) {
            logger.warn("Unable to search for Endpoint", e);
            throw new RuntimeException("Unable to search for Endpoint", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // dev.dsf.fhir.authorization.AbstractMetaTagAuthorizationRule
    public boolean modificationsOk(Connection connection, Endpoint endpoint, Endpoint endpoint2) {
        return endpoint.getAddress().equals(endpoint2.getAddress()) && ((String) endpoint.getIdentifier().stream().filter(identifier -> {
            return ENDPOINT_IDENTIFIER_SYSTEM.equals(identifier.getSystem());
        }).map(identifier2 -> {
            return identifier2.getValue();
        }).findFirst().orElseThrow()).equals((String) endpoint2.getIdentifier().stream().filter(identifier3 -> {
            return ENDPOINT_IDENTIFIER_SYSTEM.equals(identifier3.getSystem());
        }).map(identifier4 -> {
            return identifier4.getValue();
        }).findFirst().orElseThrow());
    }
}
