package org.apache.syncope.core.misc.security;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.common.lib.policy.DefaultPasswordRuleConf;
import org.apache.syncope.common.lib.policy.PasswordRuleConf;
import org.apache.syncope.core.misc.policy.InvalidPasswordRuleConf;
import org.apache.syncope.core.misc.policy.PolicyPattern;
import org.apache.syncope.core.persistence.api.dao.RealmDAO;
import org.apache.syncope.core.persistence.api.dao.UserDAO;
import org.apache.syncope.core.persistence.api.entity.Realm;
import org.apache.syncope.core.persistence.api.entity.resource.ExternalResource;
import org.apache.syncope.core.persistence.api.entity.user.User;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:org/apache/syncope/core/misc/security/DefaultPasswordGenerator.class */
public class DefaultPasswordGenerator implements PasswordGenerator {
    private static final char[] SPECIAL_CHARS = {'!', 163, '%', '&', '(', ')', '?', '#', '$'};
    private static final int VERY_MIN_LENGTH = 0;
    private static final int VERY_MAX_LENGTH = 64;
    private static final int MIN_LENGTH_IF_ZERO = 6;

    @Autowired
    private UserDAO userDAO;

    @Autowired
    private RealmDAO realmDAO;

    @Override // org.apache.syncope.core.misc.security.PasswordGenerator
    public String generate(User user) throws InvalidPasswordRuleConf {
        ArrayList arrayList = new ArrayList();
        for (Realm realm : this.realmDAO.findAncestors(user.getRealm())) {
            if (realm.getPasswordPolicy() != null) {
                arrayList.addAll(realm.getPasswordPolicy().getRuleConfs());
            }
        }
        for (ExternalResource externalResource : this.userDAO.findAllResources(user)) {
            if (externalResource.getPasswordPolicy() != null) {
                arrayList.addAll(externalResource.getPasswordPolicy().getRuleConfs());
            }
        }
        return generate(arrayList);
    }

    @Override // org.apache.syncope.core.misc.security.PasswordGenerator
    public String generate(List<PasswordRuleConf> list) throws InvalidPasswordRuleConf {
        ArrayList arrayList = new ArrayList();
        for (PasswordRuleConf passwordRuleConf : list) {
            if (passwordRuleConf instanceof DefaultPasswordRuleConf) {
                arrayList.add((DefaultPasswordRuleConf) passwordRuleConf);
            }
        }
        DefaultPasswordRuleConf merge = merge(arrayList);
        check(merge);
        return generate(merge);
    }

    private DefaultPasswordRuleConf merge(List<DefaultPasswordRuleConf> list) {
        DefaultPasswordRuleConf defaultPasswordRuleConf = new DefaultPasswordRuleConf();
        defaultPasswordRuleConf.setMinLength(VERY_MIN_LENGTH);
        defaultPasswordRuleConf.setMaxLength(VERY_MAX_LENGTH);
        for (DefaultPasswordRuleConf defaultPasswordRuleConf2 : list) {
            if (defaultPasswordRuleConf2.getMinLength() > defaultPasswordRuleConf.getMinLength()) {
                defaultPasswordRuleConf.setMinLength(defaultPasswordRuleConf2.getMinLength());
            }
            if (defaultPasswordRuleConf2.getMaxLength() != 0 && defaultPasswordRuleConf2.getMaxLength() < defaultPasswordRuleConf.getMaxLength()) {
                defaultPasswordRuleConf.setMaxLength(defaultPasswordRuleConf2.getMaxLength());
            }
            defaultPasswordRuleConf.getPrefixesNotPermitted().addAll(defaultPasswordRuleConf2.getPrefixesNotPermitted());
            defaultPasswordRuleConf.getSuffixesNotPermitted().addAll(defaultPasswordRuleConf2.getSuffixesNotPermitted());
            if (!defaultPasswordRuleConf.isNonAlphanumericRequired()) {
                defaultPasswordRuleConf.setNonAlphanumericRequired(defaultPasswordRuleConf2.isNonAlphanumericRequired());
            }
            if (!defaultPasswordRuleConf.isAlphanumericRequired()) {
                defaultPasswordRuleConf.setAlphanumericRequired(defaultPasswordRuleConf2.isAlphanumericRequired());
            }
            if (!defaultPasswordRuleConf.isDigitRequired()) {
                defaultPasswordRuleConf.setDigitRequired(defaultPasswordRuleConf2.isDigitRequired());
            }
            if (!defaultPasswordRuleConf.isLowercaseRequired()) {
                defaultPasswordRuleConf.setLowercaseRequired(defaultPasswordRuleConf2.isLowercaseRequired());
            }
            if (!defaultPasswordRuleConf.isUppercaseRequired()) {
                defaultPasswordRuleConf.setUppercaseRequired(defaultPasswordRuleConf2.isUppercaseRequired());
            }
            if (!defaultPasswordRuleConf.isMustStartWithDigit()) {
                defaultPasswordRuleConf.setMustStartWithDigit(defaultPasswordRuleConf2.isMustStartWithDigit());
            }
            if (!defaultPasswordRuleConf.isMustntStartWithDigit()) {
                defaultPasswordRuleConf.setMustntStartWithDigit(defaultPasswordRuleConf2.isMustntStartWithDigit());
            }
            if (!defaultPasswordRuleConf.isMustEndWithDigit()) {
                defaultPasswordRuleConf.setMustEndWithDigit(defaultPasswordRuleConf2.isMustEndWithDigit());
            }
            if (defaultPasswordRuleConf.isMustntEndWithDigit()) {
                defaultPasswordRuleConf.setMustntEndWithDigit(defaultPasswordRuleConf2.isMustntEndWithDigit());
            }
            if (!defaultPasswordRuleConf.isMustStartWithAlpha()) {
                defaultPasswordRuleConf.setMustStartWithAlpha(defaultPasswordRuleConf2.isMustStartWithAlpha());
            }
            if (!defaultPasswordRuleConf.isMustntStartWithAlpha()) {
                defaultPasswordRuleConf.setMustntStartWithAlpha(defaultPasswordRuleConf2.isMustntStartWithAlpha());
            }
            if (!defaultPasswordRuleConf.isMustStartWithNonAlpha()) {
                defaultPasswordRuleConf.setMustStartWithNonAlpha(defaultPasswordRuleConf2.isMustStartWithNonAlpha());
            }
            if (!defaultPasswordRuleConf.isMustntStartWithNonAlpha()) {
                defaultPasswordRuleConf.setMustntStartWithNonAlpha(defaultPasswordRuleConf2.isMustntStartWithNonAlpha());
            }
            if (!defaultPasswordRuleConf.isMustEndWithNonAlpha()) {
                defaultPasswordRuleConf.setMustEndWithNonAlpha(defaultPasswordRuleConf2.isMustEndWithNonAlpha());
            }
            if (!defaultPasswordRuleConf.isMustntEndWithNonAlpha()) {
                defaultPasswordRuleConf.setMustntEndWithNonAlpha(defaultPasswordRuleConf2.isMustntEndWithNonAlpha());
            }
            if (!defaultPasswordRuleConf.isMustEndWithAlpha()) {
                defaultPasswordRuleConf.setMustEndWithAlpha(defaultPasswordRuleConf2.isMustEndWithAlpha());
            }
            if (!defaultPasswordRuleConf.isMustntEndWithAlpha()) {
                defaultPasswordRuleConf.setMustntEndWithAlpha(defaultPasswordRuleConf2.isMustntEndWithAlpha());
            }
            if (!defaultPasswordRuleConf.isUsernameAllowed()) {
                defaultPasswordRuleConf.setUsernameAllowed(defaultPasswordRuleConf2.isUsernameAllowed());
            }
        }
        if (defaultPasswordRuleConf.getMinLength() == 0) {
            defaultPasswordRuleConf.setMinLength(defaultPasswordRuleConf.getMaxLength() < MIN_LENGTH_IF_ZERO ? defaultPasswordRuleConf.getMaxLength() : MIN_LENGTH_IF_ZERO);
        }
        return defaultPasswordRuleConf;
    }

    private void check(DefaultPasswordRuleConf defaultPasswordRuleConf) throws InvalidPasswordRuleConf {
        if (defaultPasswordRuleConf.isMustEndWithAlpha() && defaultPasswordRuleConf.isMustntEndWithAlpha()) {
            throw new InvalidPasswordRuleConf("mustEndWithAlpha and mustntEndWithAlpha are both true");
        }
        if (defaultPasswordRuleConf.isMustEndWithAlpha() && defaultPasswordRuleConf.isMustEndWithDigit()) {
            throw new InvalidPasswordRuleConf("mustEndWithAlpha and mustEndWithDigit are both true");
        }
        if (defaultPasswordRuleConf.isMustEndWithDigit() && defaultPasswordRuleConf.isMustntEndWithDigit()) {
            throw new InvalidPasswordRuleConf("mustEndWithDigit and mustntEndWithDigit are both true");
        }
        if (defaultPasswordRuleConf.isMustEndWithNonAlpha() && defaultPasswordRuleConf.isMustntEndWithNonAlpha()) {
            throw new InvalidPasswordRuleConf("mustEndWithNonAlpha and mustntEndWithNonAlpha are both true");
        }
        if (defaultPasswordRuleConf.isMustStartWithAlpha() && defaultPasswordRuleConf.isMustntStartWithAlpha()) {
            throw new InvalidPasswordRuleConf("mustStartWithAlpha and mustntStartWithAlpha are both true");
        }
        if (defaultPasswordRuleConf.isMustStartWithAlpha() && defaultPasswordRuleConf.isMustStartWithDigit()) {
            throw new InvalidPasswordRuleConf("mustStartWithAlpha and mustStartWithDigit are both true");
        }
        if (defaultPasswordRuleConf.isMustStartWithDigit() && defaultPasswordRuleConf.isMustntStartWithDigit()) {
            throw new InvalidPasswordRuleConf("mustStartWithDigit and mustntStartWithDigit are both true");
        }
        if (defaultPasswordRuleConf.isMustStartWithNonAlpha() && defaultPasswordRuleConf.isMustntStartWithNonAlpha()) {
            throw new InvalidPasswordRuleConf("mustStartWithNonAlpha and mustntStartWithNonAlpha are both true");
        }
        if (defaultPasswordRuleConf.getMinLength() > defaultPasswordRuleConf.getMaxLength()) {
            throw new InvalidPasswordRuleConf("Minimun length (" + defaultPasswordRuleConf.getMinLength() + ")is greater than maximum length (" + defaultPasswordRuleConf.getMaxLength() + ")");
        }
    }

    private String generate(DefaultPasswordRuleConf defaultPasswordRuleConf) {
        String[] strArr = new String[defaultPasswordRuleConf.getMinLength()];
        for (int i = VERY_MIN_LENGTH; i < strArr.length; i++) {
            strArr[i] = "";
        }
        checkStartChar(strArr, defaultPasswordRuleConf);
        checkEndChar(strArr, defaultPasswordRuleConf);
        checkRequired(strArr, defaultPasswordRuleConf);
        for (int firstEmptyChar = firstEmptyChar(strArr); firstEmptyChar < strArr.length - 1; firstEmptyChar++) {
            strArr[firstEmptyChar] = SecureRandomUtils.generateRandomLetter();
        }
        checkPrefixAndSuffix(strArr, defaultPasswordRuleConf);
        return StringUtils.join(strArr);
    }

    private void checkStartChar(String[] strArr, DefaultPasswordRuleConf defaultPasswordRuleConf) {
        if (defaultPasswordRuleConf.isMustStartWithAlpha()) {
            strArr[VERY_MIN_LENGTH] = SecureRandomUtils.generateRandomLetter();
        }
        if (defaultPasswordRuleConf.isMustStartWithNonAlpha() || defaultPasswordRuleConf.isMustStartWithDigit()) {
            strArr[VERY_MIN_LENGTH] = SecureRandomUtils.generateRandomNumber();
        }
        if (defaultPasswordRuleConf.isMustntStartWithAlpha()) {
            strArr[VERY_MIN_LENGTH] = SecureRandomUtils.generateRandomNumber();
        }
        if (defaultPasswordRuleConf.isMustntStartWithDigit()) {
            strArr[VERY_MIN_LENGTH] = SecureRandomUtils.generateRandomLetter();
        }
        if (defaultPasswordRuleConf.isMustntStartWithNonAlpha()) {
            strArr[VERY_MIN_LENGTH] = SecureRandomUtils.generateRandomLetter();
        }
        if ("".equals(strArr[VERY_MIN_LENGTH])) {
            strArr[VERY_MIN_LENGTH] = SecureRandomUtils.generateRandomLetter();
        }
    }

    private void checkEndChar(String[] strArr, DefaultPasswordRuleConf defaultPasswordRuleConf) {
        if (defaultPasswordRuleConf.isMustEndWithAlpha()) {
            strArr[defaultPasswordRuleConf.getMinLength() - 1] = SecureRandomUtils.generateRandomLetter();
        }
        if (defaultPasswordRuleConf.isMustEndWithNonAlpha() || defaultPasswordRuleConf.isMustEndWithDigit()) {
            strArr[defaultPasswordRuleConf.getMinLength() - 1] = SecureRandomUtils.generateRandomNumber();
        }
        if (defaultPasswordRuleConf.isMustntEndWithAlpha()) {
            strArr[defaultPasswordRuleConf.getMinLength() - 1] = SecureRandomUtils.generateRandomNumber();
        }
        if (defaultPasswordRuleConf.isMustntEndWithDigit()) {
            strArr[defaultPasswordRuleConf.getMinLength() - 1] = SecureRandomUtils.generateRandomLetter();
        }
        if (defaultPasswordRuleConf.isMustntEndWithNonAlpha()) {
            strArr[defaultPasswordRuleConf.getMinLength() - 1] = SecureRandomUtils.generateRandomLetter();
        }
        if ("".equals(strArr[defaultPasswordRuleConf.getMinLength() - 1])) {
            strArr[defaultPasswordRuleConf.getMinLength() - 1] = SecureRandomUtils.generateRandomLetter();
        }
    }

    private int firstEmptyChar(String[] strArr) {
        int i = VERY_MIN_LENGTH;
        while (!strArr[i].isEmpty()) {
            i++;
        }
        return i;
    }

    private void checkRequired(String[] strArr, DefaultPasswordRuleConf defaultPasswordRuleConf) {
        if (defaultPasswordRuleConf.isDigitRequired() && !PolicyPattern.DIGIT.matcher(StringUtils.join(strArr)).matches()) {
            strArr[firstEmptyChar(strArr)] = SecureRandomUtils.generateRandomNumber();
        }
        if (defaultPasswordRuleConf.isUppercaseRequired() && !PolicyPattern.ALPHA_UPPERCASE.matcher(StringUtils.join(strArr)).matches()) {
            strArr[firstEmptyChar(strArr)] = SecureRandomUtils.generateRandomLetter().toUpperCase();
        }
        if (defaultPasswordRuleConf.isLowercaseRequired() && !PolicyPattern.ALPHA_LOWERCASE.matcher(StringUtils.join(strArr)).matches()) {
            strArr[firstEmptyChar(strArr)] = SecureRandomUtils.generateRandomLetter().toLowerCase();
        }
        if (!defaultPasswordRuleConf.isNonAlphanumericRequired() || PolicyPattern.NON_ALPHANUMERIC.matcher(StringUtils.join(strArr)).matches()) {
            return;
        }
        strArr[firstEmptyChar(strArr)] = SecureRandomUtils.generateRandomSpecialCharacter(SPECIAL_CHARS);
    }

    private void checkPrefixAndSuffix(String[] strArr, DefaultPasswordRuleConf defaultPasswordRuleConf) {
        Iterator it = defaultPasswordRuleConf.getPrefixesNotPermitted().iterator();
        while (it.hasNext()) {
            if (StringUtils.join(strArr).startsWith((String) it.next())) {
                checkStartChar(strArr, defaultPasswordRuleConf);
            }
        }
        Iterator it2 = defaultPasswordRuleConf.getSuffixesNotPermitted().iterator();
        while (it2.hasNext()) {
            if (StringUtils.join(strArr).endsWith((String) it2.next())) {
                checkEndChar(strArr, defaultPasswordRuleConf);
            }
        }
    }
}
