package org.apache.syncope.core.persistence.jpa.dao;

import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.common.lib.policy.AccountRuleConf;
import org.apache.syncope.common.lib.policy.DefaultAccountRuleConf;
import org.apache.syncope.core.persistence.api.dao.AccountRule;
import org.apache.syncope.core.persistence.api.dao.AccountRuleConfClass;
import org.apache.syncope.core.persistence.api.entity.GroupablePlainAttr;
import org.apache.syncope.core.persistence.api.entity.user.User;
import org.apache.syncope.core.provisioning.api.utils.policy.AccountPolicyException;
import org.springframework.transaction.annotation.Transactional;

@AccountRuleConfClass(DefaultAccountRuleConf.class)
/* loaded from: input_file:org/apache/syncope/core/persistence/jpa/dao/DefaultAccountRule.class */
public class DefaultAccountRule implements AccountRule {
    private static final Pattern DEFAULT_PATTERN = Pattern.compile("[a-zA-Z0-9-_@. ]+");
    private DefaultAccountRuleConf conf;

    @Transactional(readOnly = true)
    public void enforce(AccountRuleConf accountRuleConf, User user) {
        List valuesAsStrings;
        if (!(accountRuleConf instanceof DefaultAccountRuleConf)) {
            throw new IllegalArgumentException(AccountRuleConf.class.getName() + " expected, got " + accountRuleConf.getClass().getName());
        }
        this.conf = (DefaultAccountRuleConf) DefaultAccountRuleConf.class.cast(accountRuleConf);
        Iterator it = this.conf.getSchemasNotPermitted().iterator();
        while (it.hasNext()) {
            GroupablePlainAttr plainAttr = user.getPlainAttr((String) it.next());
            if (plainAttr != null && (valuesAsStrings = plainAttr.getValuesAsStrings()) != null && !valuesAsStrings.isEmpty()) {
                this.conf.getWordsNotPermitted().add(valuesAsStrings.get(0));
            }
        }
        if (user.getUsername() == null) {
            throw new AccountPolicyException("Invalid account");
        }
        if (this.conf.getMinLength() > 0 && this.conf.getMinLength() > user.getUsername().length()) {
            throw new AccountPolicyException("Username too short");
        }
        if (this.conf.getMaxLength() > 0 && this.conf.getMaxLength() < user.getUsername().length()) {
            throw new AccountPolicyException("Username too long");
        }
        Iterator it2 = this.conf.getWordsNotPermitted().iterator();
        while (it2.hasNext()) {
            if (StringUtils.containsIgnoreCase(user.getUsername(), (String) it2.next())) {
                throw new AccountPolicyException("Used word(s) not permitted");
            }
        }
        if (this.conf.isAllUpperCase() && !user.getUsername().equals(user.getUsername().toUpperCase())) {
            throw new AccountPolicyException("No lowercase characters permitted");
        }
        if (this.conf.isAllLowerCase() && !user.getUsername().equals(user.getUsername().toLowerCase())) {
            throw new AccountPolicyException("No uppercase characters permitted");
        }
        if (!(this.conf.getPattern() == null ? DEFAULT_PATTERN : Pattern.compile(this.conf.getPattern())).matcher(user.getUsername()).matches()) {
            throw new AccountPolicyException("Username does not match pattern");
        }
        Iterator it3 = this.conf.getPrefixesNotPermitted().iterator();
        while (it3.hasNext()) {
            if (user.getUsername().startsWith((String) it3.next())) {
                throw new AccountPolicyException("Prefix not permitted");
            }
        }
        Iterator it4 = this.conf.getSuffixesNotPermitted().iterator();
        while (it4.hasNext()) {
            if (user.getUsername().endsWith((String) it4.next())) {
                throw new AccountPolicyException("Suffix not permitted");
            }
        }
    }
}
