package org.projecthusky.xua.validation.statement;

import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.concurrent.ThreadSafe;
import javax.xml.namespace.QName;
import org.opensaml.saml.common.assertion.ValidationContext;
import org.opensaml.saml.common.assertion.ValidationResult;
import org.opensaml.saml.saml2.assertion.StatementValidator;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.impl.AttributeValueImpl;
import org.projecthusky.common.enums.CodeSystems;
import org.projecthusky.common.utils.OptionalUtils;
import org.projecthusky.common.utils.datatypes.Oids;
import org.projecthusky.communication.ch.enums.stable.PurposeOfUse;
import org.projecthusky.communication.ch.enums.stable.Role;
import org.projecthusky.xua.hl7v3.impl.CodedWithEquivalentImpl;
import org.projecthusky.xua.validation.ChEprAssertionValidationParameters;
import org.projecthusky.xua.validation.ValidationUtils;

@ThreadSafe
/* loaded from: input_file:org/projecthusky/xua/validation/statement/ChEprAttributeStatementValidator.class */
public class ChEprAttributeStatementValidator implements StatementValidator {
    public static final String ERRMSG_CONTAINS_INVALID_VALUE = "' contains an invalid value";
    public static final String ERRMSG_ATTRIBUTE = "The attribute '";

    public QName getServicedStatement() {
        return AttributeStatement.DEFAULT_ELEMENT_NAME;
    }

    /* JADX WARN: Removed duplicated region for block: B:32:0x0138  */
    /* JADX WARN: Removed duplicated region for block: B:35:0x018d A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:39:? A[LOOP:0: B:5:0x0032->B:39:?, LOOP_END, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:40:0x0144  */
    /* JADX WARN: Removed duplicated region for block: B:41:0x014e  */
    /* JADX WARN: Removed duplicated region for block: B:42:0x0158  */
    /* JADX WARN: Removed duplicated region for block: B:43:0x0162  */
    /* JADX WARN: Removed duplicated region for block: B:44:0x016e  */
    /* JADX WARN: Removed duplicated region for block: B:45:0x017a  */
    /* JADX WARN: Removed duplicated region for block: B:46:0x0180  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public org.opensaml.saml.common.assertion.ValidationResult validate(org.opensaml.saml.saml2.core.Statement r6, org.opensaml.saml.saml2.core.Assertion r7, org.opensaml.saml.common.assertion.ValidationContext r8) {
        /*
            Method dump skipped, instructions count: 407
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.projecthusky.xua.validation.statement.ChEprAttributeStatementValidator.validate(org.opensaml.saml.saml2.core.Statement, org.opensaml.saml.saml2.core.Assertion, org.opensaml.saml.common.assertion.ValidationContext):org.opensaml.saml.common.assertion.ValidationResult");
    }

    ValidationResult validatePurposeOfUse(Attribute attribute, ValidationContext validationContext, Role role) {
        PurposeOfUse purposeOfUse = (PurposeOfUse) Optional.ofNullable(attribute.getAttributeValues()).map(OptionalUtils::getListOnlyElement).map(xMLObject -> {
            return (AttributeValueImpl) OptionalUtils.castOrNull(xMLObject, AttributeValueImpl.class);
        }).map(attributeValueImpl -> {
            return attributeValueImpl.getUnknownXMLObjects(new QName("urn:hl7-org:v3", "PurposeOfUse"));
        }).map(OptionalUtils::getListOnlyElement).map(xMLObject2 -> {
            return (CodedWithEquivalentImpl) OptionalUtils.castOrNull(xMLObject2, CodedWithEquivalentImpl.class);
        }).filter(codedWithEquivalentImpl -> {
            return "2.16.756.5.30.1.127.3.10.5".equals(codedWithEquivalentImpl.getCodeSystem());
        }).map((v0) -> {
            return v0.getCode();
        }).map(PurposeOfUse::getEnum).orElse(null);
        if (purposeOfUse == null) {
            validationContext.setValidationFailureMessage("The attribute 'urn:oasis:names:tc:xspa:1.0:subject:purposeofuse' contains an invalid value");
            return ValidationResult.INVALID;
        }
        if ((role != Role.HEALTHCARE_PROFESSIONAL || purposeOfUse == PurposeOfUse.NORMAL_ACCESS || purposeOfUse == PurposeOfUse.EMERGENCY_ACCESS) && ((role != Role.ASSISTANT || purposeOfUse == PurposeOfUse.NORMAL_ACCESS || purposeOfUse == PurposeOfUse.EMERGENCY_ACCESS) && ((role != Role.TECHNICAL_USER || purposeOfUse == PurposeOfUse.AUTOMATIC_UPLOAD) && ((role != Role.PATIENT || purposeOfUse == PurposeOfUse.NORMAL_ACCESS) && ((role != Role.REPRESENTATIVE || purposeOfUse == PurposeOfUse.NORMAL_ACCESS) && ((role != Role.DOCUMENT_ADMINISTRATOR || purposeOfUse == PurposeOfUse.NORMAL_ACCESS) && (role != Role.POLICY_ADMINISTRATOR || purposeOfUse == PurposeOfUse.NORMAL_ACCESS))))))) {
            validationContext.getDynamicParameters().put(ChEprAssertionValidationParameters.CH_EPR_PURPOSE_OF_USE, purposeOfUse);
            return ValidationResult.VALID;
        }
        validationContext.setValidationFailureMessage(String.format("The attribute '%s' contains an illegal value: %s is not allowed for %s", "urn:oasis:names:tc:xspa:1.0:subject:purposeofuse", purposeOfUse, role));
        return ValidationResult.INVALID;
    }

    ValidationResult validateHomeCommunityId(Attribute attribute, ValidationContext validationContext) {
        String str = (String) Optional.ofNullable(attribute.getAttributeValues()).map(OptionalUtils::getListOnlyElement).map(ValidationUtils::extractXsValue).orElse(null);
        if (str == null) {
            validationContext.setValidationFailureMessage("The attribute 'urn:ihe:iti:xca:2010:homeCommunityId' contains an invalid value");
            return ValidationResult.INVALID;
        }
        validationContext.getDynamicParameters().put(ChEprAssertionValidationParameters.CH_EPR_HOME_COMMUNITY_ID, Oids.normalize(str));
        return ValidationResult.VALID;
    }

    ValidationResult validateResourceId(Attribute attribute, ValidationContext validationContext) {
        String str = (String) Optional.ofNullable(attribute.getAttributeValues()).map(OptionalUtils::getListOnlyElement).map(ValidationUtils::extractXsValue).orElse(null);
        String str2 = "^^^&" + CodeSystems.SWISS_EPR_SPID.getCodeSystemId() + "&ISO";
        if (str == null || !str.endsWith(str2)) {
            validationContext.setValidationFailureMessage("The attribute 'urn:oasis:names:tc:xacml:2.0:resource:resource-id' contains an invalid value");
            return ValidationResult.INVALID;
        }
        String substring = str.substring(0, str.length() - str2.length());
        if (substring.isBlank()) {
            validationContext.setValidationFailureMessage("The attribute 'urn:oasis:names:tc:xacml:2.0:resource:resource-id' contains an invalid value");
            return ValidationResult.INVALID;
        }
        validationContext.getDynamicParameters().put(ChEprAssertionValidationParameters.CH_EPR_PATIENT_EPR_SPID, substring);
        return ValidationResult.VALID;
    }

    ValidationResult validateSubjectId(Attribute attribute, ValidationContext validationContext) {
        String str = (String) Optional.ofNullable(attribute.getAttributeValues()).map(OptionalUtils::getListOnlyElement).map(ValidationUtils::extractXsValue).orElse(null);
        if (str == null) {
            validationContext.setValidationFailureMessage("The attribute 'urn:oasis:names:tc:xspa:1.0:subject:subject-id' contains an invalid value");
            return ValidationResult.INVALID;
        }
        validationContext.getDynamicParameters().put(ChEprAssertionValidationParameters.CH_EPR_SUBJECT_NAME, str);
        return ValidationResult.VALID;
    }

    ValidationResult validateOrganizationsId(Attribute attribute, ValidationContext validationContext, Role role) {
        boolean z = role == Role.POLICY_ADMINISTRATOR || role == Role.DOCUMENT_ADMINISTRATOR || role == Role.PATIENT || role == Role.REPRESENTATIVE;
        List list = ((List) Optional.ofNullable(attribute.getAttributeValues()).orElseGet(Collections::emptyList)).stream().map(ValidationUtils::extractXsValue).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(Oids::normalize).toList();
        if (z) {
            if (list.isEmpty()) {
                return ValidationResult.VALID;
            }
            validationContext.setValidationFailureMessage("The attribute 'urn:oasis:names:tc:xspa:1.0:subject:organization-id' must be empty");
            return ValidationResult.INVALID;
        }
        if (validationContext.getDynamicParameters().containsKey(ChEprAssertionValidationParameters.CH_EPR_ORGANIZATIONS_ID)) {
            validationContext.setValidationFailureMessage("The attribute 'urn:oasis:names:tc:xspa:1.0:subject:organization-id' shall not appear multiple times");
            return ValidationResult.INVALID;
        }
        validationContext.getDynamicParameters().put(ChEprAssertionValidationParameters.CH_EPR_ORGANIZATIONS_ID, list);
        return ValidationResult.VALID;
    }

    ValidationResult validateOrganizationsName(Attribute attribute, ValidationContext validationContext, Role role) {
        boolean z = role == Role.POLICY_ADMINISTRATOR || role == Role.DOCUMENT_ADMINISTRATOR || role == Role.PATIENT || role == Role.REPRESENTATIVE;
        List list = ((List) Optional.ofNullable(attribute.getAttributeValues()).orElseGet(Collections::emptyList)).stream().map(ValidationUtils::extractXsValue).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(Oids::normalize).toList();
        if (z) {
            if (list.isEmpty()) {
                return ValidationResult.VALID;
            }
            validationContext.setValidationFailureMessage("The attribute 'urn:oasis:names:tc:xspa:1.0:subject:organization' must be empty");
            return ValidationResult.INVALID;
        }
        if (validationContext.getDynamicParameters().containsKey(ChEprAssertionValidationParameters.CH_EPR_ORGANIZATIONS_NAME)) {
            validationContext.setValidationFailureMessage("The attribute 'urn:oasis:names:tc:xspa:1.0:subject:organization' shall not appear multiple times");
            return ValidationResult.INVALID;
        }
        validationContext.getDynamicParameters().put(ChEprAssertionValidationParameters.CH_EPR_ORGANIZATIONS_NAME, list);
        return ValidationResult.VALID;
    }
}
