package dev.dsf.fhir.authorization;

import dev.dsf.common.auth.conf.Identity;
import dev.dsf.fhir.authentication.OrganizationProvider;
import dev.dsf.fhir.authorization.read.ReadAccessHelper;
import dev.dsf.fhir.dao.OrganizationDao;
import dev.dsf.fhir.dao.provider.DaoProvider;
import dev.dsf.fhir.help.ParameterConverter;
import dev.dsf.fhir.service.ReferenceResolver;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.hl7.fhir.r4.model.Identifier;
import org.hl7.fhir.r4.model.Organization;
import org.hl7.fhir.r4.model.StringType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dev/dsf/fhir/authorization/OrganizationAuthorizationRule.class */
public class OrganizationAuthorizationRule extends AbstractMetaTagAuthorizationRule<Organization, OrganizationDao> {
    private static final String DSF_ORGANIZATION = "http://dsf.dev/fhir/StructureDefinition/organization";
    private static final String EXTENSION_THUMBPRINT_URL = "http://dsf.dev/fhir/StructureDefinition/extension-certificate-thumbprint";
    private static final Logger logger = LoggerFactory.getLogger(OrganizationAuthorizationRule.class);
    private static final String EXTENSION_THUMBPRINT_VALUE_PATTERN_STRING = "[a-f0-9]{128}";
    private static final Pattern EXTENSION_THUMBPRINT_VALUE_PATTERN = Pattern.compile(EXTENSION_THUMBPRINT_VALUE_PATTERN_STRING);

    public OrganizationAuthorizationRule(DaoProvider daoProvider, String str, ReferenceResolver referenceResolver, OrganizationProvider organizationProvider, ReadAccessHelper readAccessHelper, ParameterConverter parameterConverter) {
        super(Organization.class, daoProvider, str, referenceResolver, organizationProvider, readAccessHelper, parameterConverter);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // dev.dsf.fhir.authorization.AbstractMetaTagAuthorizationRule
    public Optional<String> newResourceOkForCreate(Connection connection, Identity identity, Organization organization) {
        return newResourceOk(connection, organization);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // dev.dsf.fhir.authorization.AbstractMetaTagAuthorizationRule
    public Optional<String> newResourceOkForUpdate(Connection connection, Identity identity, Organization organization) {
        return newResourceOk(connection, organization);
    }

    private Optional<String> newResourceOk(Connection connection, Organization organization) {
        ArrayList arrayList = new ArrayList();
        if (!organization.hasIdentifier()) {
            arrayList.add("Organization.identifier missing");
        } else if (organization.getIdentifier().stream().filter(identifier -> {
            return identifier.hasSystem() && identifier.hasValue() && OrganizationProvider.ORGANIZATION_IDENTIFIER_SYSTEM.equals(identifier.getSystem());
        }).count() != 1) {
            arrayList.add("Organization.identifier one with system 'http://dsf.dev/sid/organization-identifier' and non empty value expected");
        }
        if (organization.hasExtension() && organization.getExtension().stream().filter((v0) -> {
            return v0.hasUrl();
        }).map((v0) -> {
            return v0.getUrl();
        }).anyMatch(str -> {
            return EXTENSION_THUMBPRINT_URL.equals(str);
        }) && !organization.getExtension().stream().filter((v0) -> {
            return v0.hasUrl();
        }).filter(extension -> {
            return EXTENSION_THUMBPRINT_URL.equals(extension.getUrl());
        }).allMatch(extension2 -> {
            if (extension2.hasValue()) {
                StringType value = extension2.getValue();
                if (value instanceof StringType) {
                    if (EXTENSION_THUMBPRINT_VALUE_PATTERN.matcher((CharSequence) value.getValue()).matches()) {
                        return true;
                    }
                }
            }
            return false;
        })) {
            arrayList.add("Organization with 'http://dsf.dev/fhir/StructureDefinition/extension-certificate-thumbprint' has value not matching pattern: [a-f0-9]{128}");
        }
        if (!hasValidReadAccessTag(connection, organization)) {
            arrayList.add("Organization is missing authorization tag");
        }
        return arrayList.isEmpty() ? Optional.empty() : Optional.of((String) arrayList.stream().collect(Collectors.joining(", ")));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // dev.dsf.fhir.authorization.AbstractMetaTagAuthorizationRule
    public boolean resourceExists(Connection connection, Organization organization) {
        return (organization.getMeta().hasProfile(DSF_ORGANIZATION) && resourceExistsWithThumbprint(connection, organization, Collections.emptyList())) || organizationWithIdentifierExists(connection, (Identifier) organization.getIdentifier().stream().filter(identifier -> {
            return identifier.hasSystem() && identifier.hasValue() && OrganizationProvider.ORGANIZATION_IDENTIFIER_SYSTEM.equals(identifier.getSystem());
        }).findFirst().orElseThrow());
    }

    private Stream<String> getThumbprints(Organization organization) {
        return organization.getExtension().stream().filter(extension -> {
            return EXTENSION_THUMBPRINT_URL.equals(extension.getUrl());
        }).map(extension2 -> {
            return (String) extension2.getValue().getValue();
        });
    }

    private boolean resourceExistsWithThumbprint(Connection connection, Organization organization, List<String> list) {
        return getThumbprints(organization).filter(str -> {
            return !list.contains(str);
        }).map(str2 -> {
            return Boolean.valueOf(organizationWithThumbprintExists(connection, str2));
        }).anyMatch(bool -> {
            return bool.booleanValue();
        });
    }

    private boolean organizationWithThumbprintExists(Connection connection, String str) {
        try {
            return ((OrganizationDao) getDao()).existsNotDeletedByThumbprintWithTransaction(connection, str);
        } catch (SQLException e) {
            logger.debug("Unable to search for Organization", e);
            logger.warn("Unable to search for Organization: {} - {}", e.getClass().getName(), e.getMessage());
            throw new RuntimeException("Unable to search for OrganizationAffiliation", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // dev.dsf.fhir.authorization.AbstractMetaTagAuthorizationRule
    public boolean modificationsOk(Connection connection, Organization organization, Organization organization2) {
        return isIdentifierSame(organization, organization2) && !resourceExistsWithThumbprint(connection, organization2, (List) getThumbprints(organization).collect(Collectors.toList()));
    }

    private boolean isIdentifierSame(Organization organization, Organization organization2) {
        return ((String) organization.getIdentifier().stream().filter(identifier -> {
            return OrganizationProvider.ORGANIZATION_IDENTIFIER_SYSTEM.equals(identifier.getSystem());
        }).map((v0) -> {
            return v0.getValue();
        }).findFirst().orElseThrow()).equals((String) organization2.getIdentifier().stream().filter(identifier2 -> {
            return OrganizationProvider.ORGANIZATION_IDENTIFIER_SYSTEM.equals(identifier2.getSystem());
        }).map((v0) -> {
            return v0.getValue();
        }).findFirst().orElseThrow());
    }
}
