package dev.dsf.fhir.webservice.secure;

import ca.uhn.fhir.model.api.annotation.ResourceDef;
import ca.uhn.fhir.validation.ResultSeverityEnum;
import ca.uhn.fhir.validation.ValidationResult;
import dev.dsf.fhir.authorization.AuthorizationRule;
import dev.dsf.fhir.dao.ResourceDao;
import dev.dsf.fhir.help.ExceptionHandler;
import dev.dsf.fhir.help.ParameterConverter;
import dev.dsf.fhir.help.ResponseGenerator;
import dev.dsf.fhir.history.filter.HistoryIdentityFilter;
import dev.dsf.fhir.prefer.PreferReturnType;
import dev.dsf.fhir.search.PageAndCount;
import dev.dsf.fhir.search.PartialResult;
import dev.dsf.fhir.search.SearchQuery;
import dev.dsf.fhir.search.SearchQueryParameterError;
import dev.dsf.fhir.service.ReferenceCleaner;
import dev.dsf.fhir.service.ReferenceExtractor;
import dev.dsf.fhir.service.ReferenceResolver;
import dev.dsf.fhir.service.ResourceReference;
import dev.dsf.fhir.validation.ResourceValidator;
import dev.dsf.fhir.webservice.specification.BasicResourceService;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.MultivaluedMap;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriInfo;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Consumer;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.hl7.fhir.r4.model.IdType;
import org.hl7.fhir.r4.model.OperationOutcome;
import org.hl7.fhir.r4.model.Resource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.CollectionUtils;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:dev/dsf/fhir/webservice/secure/AbstractResourceServiceSecure.class */
public abstract class AbstractResourceServiceSecure<D extends ResourceDao<R>, R extends Resource, S extends BasicResourceService<R>> extends AbstractServiceSecure<S> implements BasicResourceService<R>, InitializingBean {
    private static final Logger logger = LoggerFactory.getLogger(AbstractResourceServiceSecure.class);
    protected final ReferenceCleaner referenceCleaner;
    protected final ReferenceExtractor referenceExtractor;
    protected final Class<R> resourceType;
    protected final String resourceTypeName;
    protected final D dao;
    protected final ExceptionHandler exceptionHandler;
    protected final ParameterConverter parameterConverter;
    protected final AuthorizationRule<R> authorizationRule;
    protected final ResourceValidator resourceValidator;

    public AbstractResourceServiceSecure(S s, String str, ResponseGenerator responseGenerator, ReferenceResolver referenceResolver, ReferenceCleaner referenceCleaner, ReferenceExtractor referenceExtractor, Class<R> cls, D d, ExceptionHandler exceptionHandler, ParameterConverter parameterConverter, AuthorizationRule<R> authorizationRule, ResourceValidator resourceValidator) {
        super(s, str, responseGenerator, referenceResolver);
        this.referenceCleaner = referenceCleaner;
        this.referenceExtractor = referenceExtractor;
        this.resourceType = cls;
        this.resourceTypeName = cls.getAnnotation(ResourceDef.class).name();
        this.dao = d;
        this.exceptionHandler = exceptionHandler;
        this.parameterConverter = parameterConverter;
        this.authorizationRule = authorizationRule;
        this.resourceValidator = resourceValidator;
    }

    @Override // dev.dsf.fhir.webservice.secure.AbstractServiceSecure, dev.dsf.fhir.webservice.base.AbstractDelegatingBasicService
    public void afterPropertiesSet() throws Exception {
        super.afterPropertiesSet();
        Objects.requireNonNull(this.referenceCleaner, "referenceCleaner");
        Objects.requireNonNull(this.referenceExtractor, "referenceExtractor");
        Objects.requireNonNull(this.resourceType, "resourceType");
        Objects.requireNonNull(this.resourceTypeName, "resourceTypeName");
        Objects.requireNonNull(this.dao, "dao");
        Objects.requireNonNull(this.exceptionHandler, "exceptionHandler");
        Objects.requireNonNull(this.parameterConverter, "parameterConverter");
        Objects.requireNonNull(this.authorizationRule, "authorizationRule");
        Objects.requireNonNull(this.resourceValidator, "resourceValidator");
    }

    private String toValidationLogMessage(ValidationResult validationResult) {
        return (String) validationResult.getMessages().stream().map(singleValidationMessage -> {
            return singleValidationMessage.getLocationString() + " " + singleValidationMessage.getLocationLine() + ":" + singleValidationMessage.getLocationCol() + " - " + String.valueOf(singleValidationMessage.getSeverity()) + ": " + singleValidationMessage.getMessage();
        }).collect(Collectors.joining(", ", "[", "]"));
    }

    private Response withResourceValidation(R r, UriInfo uriInfo, HttpHeaders httpHeaders, String str, Supplier<Response> supplier) {
        this.referenceCleaner.cleanReferenceResourcesIfBundle(r);
        ValidationResult validate = this.resourceValidator.validate(r);
        if (!validate.getMessages().stream().anyMatch(singleValidationMessage -> {
            return ResultSeverityEnum.ERROR.equals(singleValidationMessage.getSeverity()) || ResultSeverityEnum.FATAL.equals(singleValidationMessage.getSeverity());
        })) {
            if (!validate.getMessages().isEmpty()) {
                logger.warn("Resource {} validated with messages: {}", r.fhirType(), toValidationLogMessage(validate));
            }
            return supplier.get();
        }
        logger.warn("{} of {} unauthorized, resource not valid: {}", new Object[]{str, r.fhirType(), toValidationLogMessage(validate)});
        Resource operationOutcome = new OperationOutcome();
        validate.populateOperationOutcome(operationOutcome);
        return this.responseGenerator.response(Response.Status.FORBIDDEN, operationOutcome, this.parameterConverter.getMediaTypeThrowIfNotSupported(uriInfo, httpHeaders)).build();
    }

    @Override // dev.dsf.fhir.webservice.specification.BasicResourceService
    public Response create(R r, UriInfo uriInfo, HttpHeaders httpHeaders) {
        resolveLiteralInternalRelatedArtifactOrAttachmentUrls(r);
        Optional<String> reasonCreateAllowed = this.authorizationRule.reasonCreateAllowed(getCurrentIdentity(), r);
        if (!reasonCreateAllowed.isEmpty()) {
            return withResourceValidation(r, uriInfo, httpHeaders, "Create", () -> {
                audit.info("Create of resource {} allowed for user '{}', reason: {}", new Object[]{this.resourceTypeName, getCurrentIdentity().getName(), reasonCreateAllowed.get()});
                Response logResultStatus = logResultStatus(() -> {
                    return ((BasicResourceService) this.delegate).create(r, uriInfo, httpHeaders);
                }, statusType -> {
                    audit.info("Create of resource {} for user '{}' successful, status: {} {}", new Object[]{this.resourceTypeName, getCurrentIdentity().getName(), Integer.valueOf(statusType.getStatusCode()), statusType.getReasonPhrase()});
                }, statusType2 -> {
                    audit.info("Create of resource {} for user '{}' failed, status: {} {}", new Object[]{this.resourceTypeName, getCurrentIdentity().getName(), Integer.valueOf(statusType2.getStatusCode()), statusType2.getReasonPhrase()});
                });
                if (logResultStatus.hasEntity() && !this.resourceType.isInstance(logResultStatus.getEntity()) && !(logResultStatus.getEntity() instanceof OperationOutcome)) {
                    logger.warn("Create returned with entity of type {}", logResultStatus.getEntity().getClass().getName());
                } else if (!logResultStatus.hasEntity() && !PreferReturnType.MINIMAL.equals(this.parameterConverter.getPreferReturn(httpHeaders))) {
                    logger.warn("Create returned with status {} {}, but no entity", Integer.valueOf(logResultStatus.getStatusInfo().getStatusCode()), logResultStatus.getStatusInfo().getReasonPhrase());
                }
                return logResultStatus;
            });
        }
        audit.info("Create of resource {} denied for user '{}'", this.resourceTypeName, getCurrentIdentity().getName());
        return forbidden("create");
    }

    private void resolveLiteralInternalRelatedArtifactOrAttachmentUrls(R r) {
        if (r == null) {
            return;
        }
        this.referenceExtractor.getReferences(r).filter(resourceReference -> {
            return ResourceReference.ReferenceType.RELATED_ARTEFACT_LITERAL_INTERNAL_URL.equals(resourceReference.getType(this.serverBase)) || ResourceReference.ReferenceType.ATTACHMENT_LITERAL_INTERNAL_URL.equals(resourceReference.getType(this.serverBase));
        }).forEach(this::resolveLiteralInternalRelatedArtifactOrAttachmentUrl);
    }

    private void resolveLiteralInternalRelatedArtifactOrAttachmentUrl(ResourceReference resourceReference) {
        if (resourceReference.hasRelatedArtifact() || resourceReference.hasAttachment()) {
            IdType idType = new IdType(resourceReference.getValue());
            String value = idType.withServerBase(this.serverBase, idType.getResourceType()).getValue();
            if (resourceReference.hasRelatedArtifact()) {
                resourceReference.getRelatedArtifact().setUrl(value);
            } else if (resourceReference.hasAttachment()) {
                resourceReference.getAttachment().setUrl(value);
            }
        }
    }

    @Override // dev.dsf.fhir.webservice.specification.BasicResourceService
    public Response read(String str, UriInfo uriInfo, HttpHeaders httpHeaders) {
        Response read = ((BasicResourceService) this.delegate).read(str, uriInfo, httpHeaders);
        if (read.hasEntity() && this.resourceType.isInstance(read.getEntity())) {
            R cast = this.resourceType.cast(read.getEntity());
            String idPart = cast.getIdElement().getIdPart();
            long longValue = cast.getIdElement().getVersionIdPartAsLong().longValue();
            Optional<String> reasonReadAllowed = this.authorizationRule.reasonReadAllowed(getCurrentIdentity(), cast);
            if (reasonReadAllowed.isEmpty()) {
                audit.info("Read of {}/{}/_history/{} denied for identity '{}'", new Object[]{this.resourceTypeName, idPart, Long.valueOf(longValue), getCurrentIdentity().getName()});
                return forbidden("read");
            }
            audit.info("Read of {}/{}/_history/{} allowed for identity '{}', reason: {}", new Object[]{this.resourceTypeName, idPart, Long.valueOf(longValue), getCurrentIdentity().getName(), reasonReadAllowed.get()});
            return logResultStatus(() -> {
                return Response.Status.NOT_MODIFIED.getStatusCode() == read.getStatus() ? Response.notModified(read.getEntityTag()).lastModified(cast.getMeta().getLastUpdated()).build() : read;
            }, statusType -> {
                audit.info("Read of {}/{}/_history/{} for identity '{}' successful, status: {} {}", new Object[]{this.resourceTypeName, idPart, Long.valueOf(longValue), getCurrentIdentity().getName(), Integer.valueOf(read.getStatusInfo().getStatusCode()), read.getStatusInfo().getReasonPhrase()});
            }, statusType2 -> {
                audit.info("Read of {}/{}/_history/{} for identity '{}' failed, status: {} {}", new Object[]{this.resourceTypeName, idPart, Long.valueOf(longValue), getCurrentIdentity().getName(), Integer.valueOf(read.getStatusInfo().getStatusCode()), read.getStatusInfo().getReasonPhrase()});
            });
        }
        if (read.hasEntity() && (read.getEntity() instanceof OperationOutcome)) {
            audit.info("Read of {} for identity '{}' returned with OperationOutcome, status {} {}", new Object[]{this.resourceTypeName, getCurrentIdentity().getName(), Integer.valueOf(read.getStatusInfo().getStatusCode()), read.getStatusInfo().getReasonPhrase()});
            logger.info("Returning with OperationOutcome, status {} {}", Integer.valueOf(read.getStatusInfo().getStatusCode()), read.getStatusInfo().getReasonPhrase());
            return read;
        }
        if (read.hasEntity()) {
            audit.info("Read of {} denied for identity '{}', not a {}", new Object[]{this.resourceTypeName, getCurrentIdentity().getName(), this.resourceTypeName});
            return forbidden("read");
        }
        audit.info("Read of {} for identity '{}' returned without entity, status {} {}", new Object[]{this.resourceTypeName, getCurrentIdentity().getName(), Integer.valueOf(read.getStatusInfo().getStatusCode()), read.getStatusInfo().getReasonPhrase()});
        logger.info("Returning with status {} {}, but no entity", Integer.valueOf(read.getStatusInfo().getStatusCode()), read.getStatusInfo().getReasonPhrase());
        return read;
    }

    @Override // dev.dsf.fhir.webservice.specification.BasicResourceService
    public Response vread(String str, long j, UriInfo uriInfo, HttpHeaders httpHeaders) {
        Response vread = ((BasicResourceService) this.delegate).vread(str, j, uriInfo, httpHeaders);
        if (vread.hasEntity() && this.resourceType.isInstance(vread.getEntity())) {
            R cast = this.resourceType.cast(vread.getEntity());
            String idPart = cast.getIdElement().getIdPart();
            long longValue = cast.getIdElement().getVersionIdPartAsLong().longValue();
            Optional<String> reasonReadAllowed = this.authorizationRule.reasonReadAllowed(getCurrentIdentity(), cast);
            if (reasonReadAllowed.isEmpty()) {
                audit.info("Read of {}/{}/_history/{} denied for identity '{}'", new Object[]{this.resourceTypeName, idPart, Long.valueOf(longValue), getCurrentIdentity().getName()});
                return forbidden("read");
            }
            audit.info("Read of {}/{}/_history/{} allowed for identity '{}', reason: {}", new Object[]{this.resourceTypeName, idPart, Long.valueOf(longValue), getCurrentIdentity().getName(), reasonReadAllowed.get()});
            return logResultStatus(() -> {
                return Response.Status.NOT_MODIFIED.getStatusCode() == vread.getStatus() ? Response.notModified(vread.getEntityTag()).lastModified(cast.getMeta().getLastUpdated()).build() : vread;
            }, statusType -> {
                audit.info("Read of {}/{}/_history/{} for identity '{}' successful, status: {} {}", new Object[]{this.resourceTypeName, idPart, Long.valueOf(longValue), getCurrentIdentity().getName(), Integer.valueOf(vread.getStatusInfo().getStatusCode()), vread.getStatusInfo().getReasonPhrase()});
            }, statusType2 -> {
                audit.info("Read of {}/{}/_history/{} for identity '{}' failed, status: {} {}", new Object[]{this.resourceTypeName, idPart, Long.valueOf(longValue), getCurrentIdentity().getName(), Integer.valueOf(vread.getStatusInfo().getStatusCode()), vread.getStatusInfo().getReasonPhrase()});
            });
        }
        if (vread.hasEntity() && (vread.getEntity() instanceof OperationOutcome)) {
            audit.info("Read of {} for identity '{}' returned with OperationOutcome, status: {} {}", new Object[]{this.resourceTypeName, getCurrentIdentity().getName(), Integer.valueOf(vread.getStatusInfo().getStatusCode()), vread.getStatusInfo().getReasonPhrase()});
            logger.info("Returning with OperationOutcome, status {} {}", Integer.valueOf(vread.getStatusInfo().getStatusCode()), vread.getStatusInfo().getReasonPhrase());
            return vread;
        }
        if (vread.hasEntity()) {
            audit.info("Read of {} denied for identity '{}', not a {}", new Object[]{this.resourceTypeName, getCurrentIdentity().getName(), this.resourceTypeName});
            return forbidden("read");
        }
        audit.info("Read of {} for identity '{}' returned without entity, status: {} {}", new Object[]{this.resourceTypeName, getCurrentIdentity().getName(), Integer.valueOf(vread.getStatusInfo().getStatusCode()), vread.getStatusInfo().getReasonPhrase()});
        logger.info("Returning with status {} {}, but no entity", Integer.valueOf(vread.getStatusInfo().getStatusCode()), vread.getStatusInfo().getReasonPhrase());
        return vread;
    }

    @Override // dev.dsf.fhir.webservice.specification.BasicResourceService
    public Response history(UriInfo uriInfo, HttpHeaders httpHeaders) {
        Optional<String> reasonHistoryAllowed = this.authorizationRule.reasonHistoryAllowed(getCurrentIdentity());
        if (reasonHistoryAllowed.isEmpty()) {
            audit.info("History of {} denied for identity '{}'", this.resourceTypeName, getCurrentIdentity().getName());
            return forbidden(HistoryIdentityFilter.RESOURCE_TABLE);
        }
        audit.info("History of {} allowed for identity '{}', reason: {}", new Object[]{this.resourceTypeName, getCurrentIdentity().getName(), reasonHistoryAllowed.get()});
        return logResultStatus(() -> {
            return ((BasicResourceService) this.delegate).history(uriInfo, httpHeaders);
        }, statusType -> {
            audit.info("History of {} for identity '{}' successful: {} {}", new Object[]{this.resourceTypeName, getCurrentIdentity().getName(), Integer.valueOf(statusType.getStatusCode()), statusType.getReasonPhrase()});
        }, statusType2 -> {
            audit.info("History of {} for identity '{}' failed: {} {}", new Object[]{this.resourceTypeName, getCurrentIdentity().getName(), Integer.valueOf(statusType2.getStatusCode()), statusType2.getReasonPhrase()});
        });
    }

    @Override // dev.dsf.fhir.webservice.specification.BasicResourceService
    public Response history(String str, UriInfo uriInfo, HttpHeaders httpHeaders) {
        Optional<String> reasonHistoryAllowed = this.authorizationRule.reasonHistoryAllowed(getCurrentIdentity());
        if (reasonHistoryAllowed.isEmpty()) {
            audit.info("History of {} denied for identity '{}'", this.resourceTypeName, getCurrentIdentity().getName());
            return forbidden(HistoryIdentityFilter.RESOURCE_TABLE);
        }
        audit.info("History of {} allowed for identity '{}', reason: {}", new Object[]{this.resourceTypeName, getCurrentIdentity().getName(), reasonHistoryAllowed.get()});
        return logResultStatus(() -> {
            return ((BasicResourceService) this.delegate).history(str, uriInfo, httpHeaders);
        }, statusType -> {
            audit.info("History of {} for identity '{}' successful: {} {}", new Object[]{this.resourceTypeName, getCurrentIdentity().getName(), Integer.valueOf(statusType.getStatusCode()), statusType.getReasonPhrase()});
        }, statusType2 -> {
            audit.info("History of {} for identity '{}' failed: {} {}", new Object[]{this.resourceTypeName, getCurrentIdentity().getName(), Integer.valueOf(statusType2.getStatusCode()), statusType2.getReasonPhrase()});
        });
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // dev.dsf.fhir.webservice.specification.BasicResourceService
    public Response update(String str, R r, UriInfo uriInfo, HttpHeaders httpHeaders) {
        Optional optional = (Optional) this.exceptionHandler.handleSqlAndResourceDeletedException(this.serverBase, this.resourceTypeName, () -> {
            return this.dao.read(this.parameterConverter.toUuid(this.resourceTypeName, str));
        });
        if (!optional.isEmpty()) {
            return update(str, r, uriInfo, httpHeaders, this.referenceCleaner.cleanLiteralReferences((Resource) optional.get()));
        }
        audit.info("Create as update of non existing {} denied for identity '{}'", this.resourceTypeName, getCurrentIdentity().getName());
        return this.responseGenerator.updateAsCreateNotAllowed(this.resourceTypeName);
    }

    private Response update(String str, R r, UriInfo uriInfo, HttpHeaders httpHeaders, R r2) {
        resolveLiteralInternalRelatedArtifactOrAttachmentUrls(r);
        String idPart = r2.getIdElement().getIdPart();
        long longValue = r2.getIdElement().getVersionIdPartAsLong().longValue();
        Optional<String> reasonUpdateAllowed = this.authorizationRule.reasonUpdateAllowed(getCurrentIdentity(), r2, r);
        if (!reasonUpdateAllowed.isEmpty()) {
            return withResourceValidation(r, uriInfo, httpHeaders, "Update", () -> {
                audit.info("Update of {}/{}/_history/{} allowed for identity '{}', reason: {}", new Object[]{this.resourceTypeName, idPart, Long.valueOf(longValue), getCurrentIdentity().getName(), reasonUpdateAllowed.get()});
                Response logResultStatus = logResultStatus(() -> {
                    return ((BasicResourceService) this.delegate).update(str, r, uriInfo, httpHeaders);
                }, statusType -> {
                    audit.info("Update of {}/{}/_history/{} for identity '{}' successful, status: {} {}", new Object[]{this.resourceTypeName, idPart, Long.valueOf(longValue), getCurrentIdentity().getName(), Integer.valueOf(statusType.getStatusCode()), statusType.getReasonPhrase()});
                }, statusType2 -> {
                    audit.info("Update of {}/{}/_history/{} for identity '{}' failed, status: {} {}", new Object[]{this.resourceTypeName, idPart, Long.valueOf(longValue), getCurrentIdentity().getName(), Integer.valueOf(statusType2.getStatusCode()), statusType2.getReasonPhrase()});
                });
                if (logResultStatus.hasEntity() && !this.resourceType.isInstance(logResultStatus.getEntity()) && !(logResultStatus.getEntity() instanceof OperationOutcome)) {
                    logger.warn("Update returned with entity of type {}", logResultStatus.getEntity().getClass().getName());
                } else if (!logResultStatus.hasEntity() && !PreferReturnType.MINIMAL.equals(this.parameterConverter.getPreferReturn(httpHeaders))) {
                    logger.warn("Update returned with status {} {}, but no entity", Integer.valueOf(logResultStatus.getStatusInfo().getStatusCode()), logResultStatus.getStatusInfo().getReasonPhrase());
                }
                return logResultStatus;
            });
        }
        audit.info("Update of {}/{}/_history/{} denied for identity '{}'", new Object[]{this.resourceTypeName, idPart, Long.valueOf(longValue), getCurrentIdentity().getName()});
        return forbidden("update");
    }

    @Override // dev.dsf.fhir.webservice.specification.BasicResourceService
    public Response update(R r, UriInfo uriInfo, HttpHeaders httpHeaders) {
        MultivaluedMap queryParameters = uriInfo.getQueryParameters();
        PartialResult<R> existing = getExisting(queryParameters);
        if (existing.getTotal() <= 0 && !r.hasId()) {
            return create(r, uriInfo, httpHeaders);
        }
        if (existing.getTotal() <= 0 && r.hasId()) {
            audit.info("Create as update of non existing {} denied for identity '{}'", this.resourceTypeName, getCurrentIdentity().getName());
            return this.responseGenerator.updateAsCreateNotAllowed(this.resourceTypeName);
        }
        if (existing.getTotal() != 1) {
            audit.info("Update of {} denied for identity '{}', conditional update criteria not selective enough, multiple matches", this.resourceTypeName, getCurrentIdentity().getName());
            return this.responseGenerator.multipleExists(this.resourceTypeName, UriComponentsBuilder.newInstance().replaceQueryParams(CollectionUtils.toMultiValueMap(queryParameters)).toUriString());
        }
        IdType idElement = existing.getPartialResult().get(0).getIdElement();
        if (!r.hasId()) {
            r.setIdElement(idElement);
            return update(r.getIdElement().getIdPart(), r, uriInfo, httpHeaders, r);
        }
        if (r.hasId() && ((!r.getIdElement().hasBaseUrl() || this.serverBase.equals(r.getIdElement().getBaseUrl())) && ((!r.getIdElement().hasResourceType() || this.resourceTypeName.equals(r.getIdElement().getResourceType())) && idElement.getIdPart().equals(r.getIdElement().getIdPart())))) {
            return update(r.getIdElement().getIdPart(), r, uriInfo, httpHeaders, r);
        }
        audit.info("Update of {}/{}/_history/{} denied for identity '{}', new resource has different id", new Object[]{this.resourceTypeName, idElement.getValue(), idElement.getVersionIdPart(), getCurrentIdentity().getName()});
        return this.responseGenerator.badRequestIdsNotMatching(idElement.withServerBase(this.serverBase, this.resourceTypeName), (r.getIdElement().hasBaseUrl() && r.getIdElement().hasResourceType()) ? r.getIdElement() : r.getIdElement().withServerBase(this.serverBase, this.resourceTypeName));
    }

    private PartialResult<R> getExisting(Map<String, List<String>> map) {
        Stream stream = Arrays.stream(SearchQuery.STANDARD_PARAMETERS);
        Objects.requireNonNull(map);
        if (stream.anyMatch((v1) -> {
            return r1.containsKey(v1);
        })) {
            logger.warn("Query contains parameter not applicable in this conditional update context: '{}', parameters {} will be ignored", UriComponentsBuilder.newInstance().replaceQueryParams(CollectionUtils.toMultiValueMap(map)).toUriString(), Arrays.toString(SearchQuery.STANDARD_PARAMETERS));
            map = (Map) map.entrySet().stream().filter(entry -> {
                return !Arrays.stream(SearchQuery.STANDARD_PARAMETERS).anyMatch(str -> {
                    return str.equals(entry.getKey());
                });
            }).collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, (v0) -> {
                return v0.getValue();
            }));
        }
        SearchQuery<R> createSearchQueryWithoutUserFilter = this.dao.createSearchQueryWithoutUserFilter(PageAndCount.single());
        createSearchQueryWithoutUserFilter.configureParameters(map);
        List<SearchQueryParameterError> unsupportedQueryParameters = createSearchQueryWithoutUserFilter.getUnsupportedQueryParameters();
        if (unsupportedQueryParameters.isEmpty()) {
            return (PartialResult) this.exceptionHandler.handleSqlException(() -> {
                return this.dao.search(createSearchQueryWithoutUserFilter);
            });
        }
        audit.info("Update of resource {} denied for identity '{}', conditional update criteria contains unsupported parameters", this.resourceTypeName, getCurrentIdentity().getName());
        throw new WebApplicationException(this.responseGenerator.badRequest(UriComponentsBuilder.newInstance().replaceQueryParams(CollectionUtils.toMultiValueMap(map)).toUriString(), unsupportedQueryParameters));
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // dev.dsf.fhir.webservice.specification.BasicResourceService
    public Response delete(String str, UriInfo uriInfo, HttpHeaders httpHeaders) {
        Optional optional = (Optional) this.exceptionHandler.handleSqlException(() -> {
            return this.dao.readIncludingDeleted(this.parameterConverter.toUuid(this.resourceTypeName, str));
        });
        if (!optional.isPresent()) {
            audit.info("{} to delete not found for user '{}'", this.resourceTypeName, getCurrentIdentity().getName());
            return this.responseGenerator.notFound(str, this.resourceTypeName);
        }
        Resource resource = (Resource) optional.get();
        String idPart = resource.getIdElement().getIdPart();
        long longValue = resource.getIdElement().getVersionIdPartAsLong().longValue();
        Optional<String> reasonDeleteAllowed = this.authorizationRule.reasonDeleteAllowed(getCurrentIdentity(), resource);
        if (reasonDeleteAllowed.isEmpty()) {
            audit.info("Delete of {}/{}/_history/{} denied for identity '{}'", new Object[]{this.resourceTypeName, idPart, Long.valueOf(longValue), getCurrentIdentity().getName()});
            return forbidden("delete");
        }
        audit.info("Delete of {}/{}/_history/{} allowed for identity '{}', reason: {}", new Object[]{this.resourceTypeName, idPart, Long.valueOf(longValue), getCurrentIdentity().getName(), reasonDeleteAllowed.get()});
        return logResultStatus(() -> {
            return ((BasicResourceService) this.delegate).delete(str, uriInfo, httpHeaders);
        }, statusType -> {
            audit.info("Delete of {}/{}/_history/{} for identity '{}' successful, status: {} {}", new Object[]{this.resourceTypeName, idPart, Long.valueOf(longValue), getCurrentIdentity().getName(), Integer.valueOf(statusType.getStatusCode()), statusType.getReasonPhrase()});
        }, statusType2 -> {
            audit.info("Delete of {}/{}/_history/{} for identity '{}' failed, status: {} {}", new Object[]{this.resourceTypeName, idPart, Long.valueOf(longValue), getCurrentIdentity().getName(), Integer.valueOf(statusType2.getStatusCode()), statusType2.getReasonPhrase()});
        });
    }

    @Override // dev.dsf.fhir.webservice.specification.BasicResourceService
    public Response delete(UriInfo uriInfo, HttpHeaders httpHeaders) {
        Map<String, List<String>> queryParameters = uriInfo.getQueryParameters();
        Stream stream = Arrays.stream(SearchQuery.STANDARD_PARAMETERS);
        Objects.requireNonNull(queryParameters);
        if (stream.anyMatch((v1) -> {
            return r1.containsKey(v1);
        })) {
            logger.warn("Query contains parameter not applicable in this conditional delete context: '{}', parameters {} will be ignored", UriComponentsBuilder.newInstance().replaceQueryParams(CollectionUtils.toMultiValueMap(queryParameters)).toUriString(), Arrays.toString(SearchQuery.STANDARD_PARAMETERS));
            queryParameters = (Map) queryParameters.entrySet().stream().filter(entry -> {
                return !Arrays.stream(SearchQuery.STANDARD_PARAMETERS).anyMatch(str -> {
                    return str.equals(entry.getKey());
                });
            }).collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, (v0) -> {
                return v0.getValue();
            }));
        }
        SearchQuery<R> createSearchQuery = this.dao.createSearchQuery(getCurrentIdentity(), PageAndCount.single());
        createSearchQuery.configureParameters(queryParameters);
        List<SearchQueryParameterError> unsupportedQueryParameters = createSearchQuery.getUnsupportedQueryParameters();
        if (!unsupportedQueryParameters.isEmpty()) {
            audit.info("Delete of {} denied for identity '{}', conditional delete criteria contains unsupported parameters", this.resourceTypeName, getCurrentIdentity().getName());
            return this.responseGenerator.badRequest(UriComponentsBuilder.newInstance().replaceQueryParams(CollectionUtils.toMultiValueMap(queryParameters)).toUriString(), unsupportedQueryParameters);
        }
        PartialResult partialResult = (PartialResult) this.exceptionHandler.handleSqlException(() -> {
            return this.dao.search(createSearchQuery);
        });
        if (partialResult.getTotal() <= 0) {
            audit.info("No {} resource deleted for identity '{}', conditional delete criteria produced no matches", this.resourceTypeName, getCurrentIdentity().getName());
            return Response.noContent().build();
        }
        if (partialResult.getTotal() == 1) {
            return delete(partialResult.getPartialResult().get(0).getIdElement().getIdPart(), uriInfo, httpHeaders);
        }
        audit.info("Delete of {} denied for identity '{}', conditional delete criteria not selective enough, multiple matches", this.resourceTypeName, getCurrentIdentity().getName());
        return this.responseGenerator.multipleExists(this.resourceTypeName, UriComponentsBuilder.newInstance().replaceQueryParams(CollectionUtils.toMultiValueMap(queryParameters)).toUriString());
    }

    @Override // dev.dsf.fhir.webservice.specification.BasicResourceService
    public Response search(UriInfo uriInfo, HttpHeaders httpHeaders) {
        Optional<String> reasonSearchAllowed = this.authorizationRule.reasonSearchAllowed(getCurrentIdentity());
        if (reasonSearchAllowed.isEmpty()) {
            audit.info("Search of {} denied for identity '{}'", this.resourceTypeName, getCurrentIdentity().getName());
            return forbidden("search");
        }
        audit.info("Search of {} allowed for identity '{}', reason: {}", new Object[]{this.resourceTypeName, getCurrentIdentity().getName(), reasonSearchAllowed.get()});
        return logResultStatus(() -> {
            return ((BasicResourceService) this.delegate).search(uriInfo, httpHeaders);
        }, statusType -> {
            audit.info("Search of {} for identity '{} successful, status: {} {}'", new Object[]{this.resourceTypeName, getCurrentIdentity().getName(), Integer.valueOf(statusType.getStatusCode()), statusType.getReasonPhrase()});
        }, statusType2 -> {
            audit.info("Search of {} for identity '{}' failed, status: {} {}", new Object[]{this.resourceTypeName, getCurrentIdentity().getName(), Integer.valueOf(statusType2.getStatusCode()), statusType2.getReasonPhrase()});
        });
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // dev.dsf.fhir.webservice.specification.BasicResourceService
    public Response deletePermanently(String str, String str2, UriInfo uriInfo, HttpHeaders httpHeaders) {
        Optional optional = (Optional) this.exceptionHandler.handleSqlException(() -> {
            return this.dao.readIncludingDeleted(this.parameterConverter.toUuid(this.resourceTypeName, str2));
        });
        if (!optional.isPresent()) {
            audit.info("{} to permanently delete not found for user '{}'", this.resourceTypeName, getCurrentIdentity().getName());
            return this.responseGenerator.notFound(str2, this.resourceTypeName);
        }
        Resource resource = (Resource) optional.get();
        String idPart = resource.getIdElement().getIdPart();
        long longValue = resource.getIdElement().getVersionIdPartAsLong().longValue();
        Optional<String> reasonPermanentDeleteAllowed = this.authorizationRule.reasonPermanentDeleteAllowed(getCurrentIdentity(), resource);
        if (reasonPermanentDeleteAllowed.isEmpty()) {
            audit.info("Permanent delete of {}/{}/_history/{} denied for identity '{}'", new Object[]{this.resourceTypeName, idPart, Long.valueOf(longValue), getCurrentIdentity().getName()});
            return forbidden("delete");
        }
        audit.info("Permanent delete of {}/{}/_history/{} allowed for identity '{}', reason: {}", new Object[]{this.resourceTypeName, idPart, Long.valueOf(longValue), getCurrentIdentity().getName(), reasonPermanentDeleteAllowed.get()});
        return logResultStatus(() -> {
            return ((BasicResourceService) this.delegate).deletePermanently(str, str2, uriInfo, httpHeaders);
        }, statusType -> {
            audit.info("Permanent delete of {}/{}/_history/{} by identity '{}' successful, status: {} {}", new Object[]{this.resourceTypeName, idPart, Long.valueOf(longValue), getCurrentIdentity().getName(), Integer.valueOf(statusType.getStatusCode()), statusType.getReasonPhrase()});
        }, statusType2 -> {
            audit.info("Permanent delete of {}/{}/_history/{} by identity '{}' failed, status: {} {}", new Object[]{this.resourceTypeName, idPart, Long.valueOf(longValue), getCurrentIdentity().getName(), Integer.valueOf(statusType2.getStatusCode()), statusType2.getReasonPhrase()});
        });
    }

    private Response logResultStatus(Supplier<Response> supplier, Consumer<Response.StatusType> consumer, Consumer<Response.StatusType> consumer2) {
        Response.StatusType statusType;
        try {
            Response response = supplier.get();
            if (Response.Status.Family.SUCCESSFUL.equals(response.getStatusInfo().getFamily())) {
                consumer.accept(response.getStatusInfo());
            } else {
                consumer2.accept(response.getStatusInfo());
            }
            return response;
        } catch (Exception e) {
            if (e instanceof WebApplicationException) {
                WebApplicationException webApplicationException = e;
                if (webApplicationException.getResponse() != null) {
                    statusType = webApplicationException.getResponse().getStatusInfo();
                    consumer2.accept(statusType);
                    throw e;
                }
            }
            statusType = Response.Status.INTERNAL_SERVER_ERROR;
            consumer2.accept(statusType);
            throw e;
        }
    }
}
