package org.hspconsortium.platform.api.interceptor;

import ca.uhn.fhir.rest.api.RestOperationTypeEnum;
import ca.uhn.fhir.rest.method.RequestDetails;
import ca.uhn.fhir.rest.server.exceptions.AuthenticationException;
import ca.uhn.fhir.rest.server.interceptor.InterceptorAdapter;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.hspconsortium.platform.api.authorization.ScopeBasedAuthorizationParams;
import org.hspconsortium.platform.api.authorization.SmartScope;
import org.hspconsortium.platform.api.oauth2.HspcOAuth2Authentication;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/hspc-reference-api-webapp-base-1.4.1.jar:org/hspconsortium/platform/api/interceptor/ScopeBasedAuthorizationInterceptor.class */
public class ScopeBasedAuthorizationInterceptor extends InterceptorAdapter {
    public static final String LAUNCH_CONTEXT_PATIENT_PARAM_NAME = "patient";

    @Autowired
    private ScopeBasedAuthorizationParams scopeBasedAuthorizationParams;

    @Override // ca.uhn.fhir.rest.server.interceptor.InterceptorAdapter, ca.uhn.fhir.rest.server.interceptor.IServerInterceptor
    public boolean incomingRequestPostProcessed(RequestDetails requestDetails, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        Authentication authentication;
        if (requestDetails.getRestOperationType() != RestOperationTypeEnum.SEARCH_TYPE || (authentication = SecurityContextHolder.getContext().getAuthentication()) == null || !(authentication instanceof HspcOAuth2Authentication)) {
            return true;
        }
        HspcOAuth2Authentication hspcOAuth2Authentication = (HspcOAuth2Authentication) authentication;
        Set<SmartScope> smartScopes = getSmartScopes(hspcOAuth2Authentication);
        Iterator<SmartScope> it = smartScopes.iterator();
        while (it.hasNext()) {
            if (it.next().isUserScope()) {
                return true;
            }
        }
        Iterator<SmartScope> it2 = smartScopes.iterator();
        while (it2.hasNext()) {
            if (it2.next().isPatientScope()) {
                filterToPatientScope(hspcOAuth2Authentication.getLaunchContextParams().get("patient"), requestDetails);
                return true;
            }
        }
        return true;
    }

    private void filterToPatientScope(String str, RequestDetails requestDetails) {
        if (str == null) {
            throw new SecurityException("For patient scope, a launch_context parameter indicating the in-context patient is required, but none was found.");
        }
        String paramForResource = this.scopeBasedAuthorizationParams.getParamForResource(requestDetails.getResourceName());
        if (paramForResource == null) {
            return;
        }
        Map<String, String[]> parameters = requestDetails.getParameters();
        String[] strArr = parameters.get(paramForResource);
        if (strArr == null) {
            parameters.put(paramForResource, new String[]{str});
        } else {
            if (valueAlreadyInParameter(strArr, str)) {
                return;
            }
            parameters.put(paramForResource, addValueToStringArray(strArr, str));
        }
    }

    private String[] addValueToStringArray(String[] strArr, String str) {
        String[] strArr2 = new String[strArr.length + 1];
        for (int i = 0; i < strArr2.length - 1; i++) {
            strArr2[i] = strArr[i];
        }
        strArr2[strArr2.length - 1] = str;
        return strArr2;
    }

    private boolean valueAlreadyInParameter(String[] strArr, String str) {
        for (String str2 : strArr) {
            if (str.equals(str2)) {
                return true;
            }
        }
        return false;
    }

    private Set<SmartScope> getSmartScopes(HspcOAuth2Authentication hspcOAuth2Authentication) {
        HashSet hashSet = new HashSet();
        Iterator it = hspcOAuth2Authentication.getOAuth2Request().getScope().iterator();
        while (it.hasNext()) {
            hashSet.add(new SmartScope((String) it.next()));
        }
        return hashSet;
    }
}
