package org.apache.syncope.core.persistence.jpa.dao;

import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.common.lib.policy.DefaultPasswordRuleConf;
import org.apache.syncope.common.lib.policy.PasswordRuleConf;
import org.apache.syncope.core.persistence.api.dao.PasswordRule;
import org.apache.syncope.core.persistence.api.dao.PasswordRuleConfClass;
import org.apache.syncope.core.persistence.api.entity.GroupablePlainAttr;
import org.apache.syncope.core.persistence.api.entity.user.User;
import org.apache.syncope.core.provisioning.api.utils.policy.PasswordPolicyException;
import org.apache.syncope.core.provisioning.api.utils.policy.PolicyPattern;
import org.springframework.transaction.annotation.Transactional;

@PasswordRuleConfClass(DefaultPasswordRuleConf.class)
/* loaded from: input_file:org/apache/syncope/core/persistence/jpa/dao/DefaultPasswordRule.class */
public class DefaultPasswordRule implements PasswordRule {
    private DefaultPasswordRuleConf conf;

    @Transactional(readOnly = true)
    public void enforce(PasswordRuleConf passwordRuleConf, User user) {
        List valuesAsStrings;
        if (!(passwordRuleConf instanceof DefaultPasswordRuleConf)) {
            throw new IllegalArgumentException(PasswordRuleConf.class.getName() + " expected, got " + passwordRuleConf.getClass().getName());
        }
        this.conf = (DefaultPasswordRuleConf) passwordRuleConf;
        Iterator it = this.conf.getSchemasNotPermitted().iterator();
        while (it.hasNext()) {
            GroupablePlainAttr plainAttr = user.getPlainAttr((String) it.next());
            if (plainAttr != null && (valuesAsStrings = plainAttr.getValuesAsStrings()) != null && !valuesAsStrings.isEmpty()) {
                this.conf.getWordsNotPermitted().add(valuesAsStrings.get(0));
            }
        }
        String clearPassword = user.getClearPassword();
        if (user.getPassword() == null || clearPassword == null) {
            return;
        }
        if (this.conf.getMinLength() > 0 && this.conf.getMinLength() > clearPassword.length()) {
            throw new PasswordPolicyException("Password too short");
        }
        if (this.conf.getMaxLength() > 0 && this.conf.getMaxLength() < clearPassword.length()) {
            throw new PasswordPolicyException("Password too long");
        }
        Iterator it2 = this.conf.getWordsNotPermitted().iterator();
        while (it2.hasNext()) {
            if (StringUtils.containsIgnoreCase(clearPassword, (String) it2.next())) {
                throw new PasswordPolicyException("Used word(s) not permitted");
            }
        }
        if (this.conf.isDigitRequired() && !checkDigit(clearPassword)) {
            throw new PasswordPolicyException("Password must contain digit(s)");
        }
        if (this.conf.isLowercaseRequired() && !checkLowercase(clearPassword)) {
            throw new PasswordPolicyException("Password must contain lowercase alphabetic character(s)");
        }
        if (this.conf.isUppercaseRequired() && !checkUppercase(clearPassword)) {
            throw new PasswordPolicyException("Password must contain uppercase alphabetic character(s)");
        }
        Iterator it3 = this.conf.getPrefixesNotPermitted().iterator();
        while (it3.hasNext()) {
            if (clearPassword.startsWith((String) it3.next())) {
                throw new PasswordPolicyException("Prefix not permitted");
            }
        }
        Iterator it4 = this.conf.getSuffixesNotPermitted().iterator();
        while (it4.hasNext()) {
            if (clearPassword.endsWith((String) it4.next())) {
                throw new PasswordPolicyException("Suffix not permitted");
            }
        }
        if (this.conf.isMustStartWithDigit() && !checkFirstDigit(clearPassword)) {
            throw new PasswordPolicyException("Password must start with a digit");
        }
        if (this.conf.isMustntStartWithDigit() && checkFirstDigit(clearPassword)) {
            throw new PasswordPolicyException("Password mustn't start with a digit");
        }
        if (this.conf.isMustEndWithDigit() && !checkLastDigit(clearPassword)) {
            throw new PasswordPolicyException("Password must end with a digit");
        }
        if (this.conf.isMustntEndWithDigit() && checkLastDigit(clearPassword)) {
            throw new PasswordPolicyException("Password mustn't end with a digit");
        }
        if (this.conf.isAlphanumericRequired() && !checkAlphanumeric(clearPassword)) {
            throw new PasswordPolicyException("Password must contain alphanumeric character(s)");
        }
        if (this.conf.isNonAlphanumericRequired() && !checkNonAlphanumeric(clearPassword)) {
            throw new PasswordPolicyException("Password must contain non-alphanumeric character(s)");
        }
        if (this.conf.isMustStartWithAlpha() && !checkFirstAlphanumeric(clearPassword)) {
            throw new PasswordPolicyException("Password must start with an alphanumeric character");
        }
        if (this.conf.isMustntStartWithAlpha() && checkFirstAlphanumeric(clearPassword)) {
            throw new PasswordPolicyException("Password mustn't start with an alphanumeric character");
        }
        if (this.conf.isMustEndWithAlpha() && !checkLastAlphanumeric(clearPassword)) {
            throw new PasswordPolicyException("Password must end with an alphanumeric character");
        }
        if (this.conf.isMustntEndWithAlpha() && checkLastAlphanumeric(clearPassword)) {
            throw new PasswordPolicyException("Password mustn't end with an alphanumeric character");
        }
        if (this.conf.isMustStartWithNonAlpha() && !checkFirstNonAlphanumeric(clearPassword)) {
            throw new PasswordPolicyException("Password must start with a non-alphanumeric character");
        }
        if (this.conf.isMustntStartWithNonAlpha() && checkFirstNonAlphanumeric(clearPassword)) {
            throw new PasswordPolicyException("Password mustn't start with a non-alphanumeric character");
        }
        if (this.conf.isMustEndWithNonAlpha() && !checkLastNonAlphanumeric(clearPassword)) {
            throw new PasswordPolicyException("Password must end with a non-alphanumeric character");
        }
        if (this.conf.isMustntEndWithNonAlpha() && checkLastNonAlphanumeric(clearPassword)) {
            throw new PasswordPolicyException("Password mustn't end with a non-alphanumeric character");
        }
        if (!this.conf.isUsernameAllowed() && user.getUsername() != null && user.getUsername().equals(clearPassword)) {
            throw new PasswordPolicyException("Password mustn't be equal to username");
        }
    }

    private boolean checkDigit(String str) {
        return PolicyPattern.DIGIT.matcher(str).matches();
    }

    private boolean checkLowercase(String str) {
        return PolicyPattern.ALPHA_LOWERCASE.matcher(str).matches();
    }

    private boolean checkUppercase(String str) {
        return PolicyPattern.ALPHA_UPPERCASE.matcher(str).matches();
    }

    private boolean checkFirstDigit(String str) {
        return PolicyPattern.FIRST_DIGIT.matcher(str).matches();
    }

    private boolean checkLastDigit(String str) {
        return PolicyPattern.LAST_DIGIT.matcher(str).matches();
    }

    private boolean checkAlphanumeric(String str) {
        return PolicyPattern.ALPHANUMERIC.matcher(str).matches();
    }

    private boolean checkFirstAlphanumeric(String str) {
        return PolicyPattern.FIRST_ALPHANUMERIC.matcher(str).matches();
    }

    private boolean checkLastAlphanumeric(String str) {
        return PolicyPattern.LAST_ALPHANUMERIC.matcher(str).matches();
    }

    private boolean checkNonAlphanumeric(String str) {
        return PolicyPattern.NON_ALPHANUMERIC.matcher(str).matches();
    }

    private boolean checkFirstNonAlphanumeric(String str) {
        return PolicyPattern.FIRST_NON_ALPHANUMERIC.matcher(str).matches();
    }

    private boolean checkLastNonAlphanumeric(String str) {
        return PolicyPattern.LAST_NON_ALPHANUMERIC.matcher(str).matches();
    }
}
