package org.cloudfoundry.identity.uaa.scim.validate;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import org.cloudfoundry.identity.uaa.provider.IdentityProvider;
import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning;
import org.cloudfoundry.identity.uaa.provider.PasswordPolicy;
import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.LengthRule;
import org.passay.PasswordData;
import org.passay.RuleResult;

/* loaded from: input_file:org/cloudfoundry/identity/uaa/scim/validate/UaaPasswordPolicyValidator.class */
public class UaaPasswordPolicyValidator implements PasswordValidator {
    private final IdentityProviderProvisioning provisioning;
    private final PasswordPolicy globalDefaultPolicy;

    public UaaPasswordPolicyValidator(PasswordPolicy passwordPolicy, IdentityProviderProvisioning identityProviderProvisioning) {
        this.globalDefaultPolicy = passwordPolicy;
        this.provisioning = identityProviderProvisioning;
    }

    @Override // org.cloudfoundry.identity.uaa.scim.validate.PasswordValidator
    public void validate(String str) throws InvalidPasswordException {
        if (str == null) {
            str = "";
        }
        IdentityProvider retrieveByOrigin = this.provisioning.retrieveByOrigin("uaa", IdentityZoneHolder.get().getId());
        if (retrieveByOrigin == null) {
            return;
        }
        PasswordPolicy passwordPolicy = this.globalDefaultPolicy;
        UaaIdentityProviderDefinition config = retrieveByOrigin.getConfig();
        if (config != null && config.getPasswordPolicy() != null) {
            passwordPolicy = config.getPasswordPolicy();
        }
        org.passay.PasswordValidator passwordValidator = getPasswordValidator(passwordPolicy);
        RuleResult validate = passwordValidator.validate(new PasswordData(str));
        if (validate.isValid()) {
            return;
        }
        LinkedList linkedList = new LinkedList();
        Iterator it = passwordValidator.getMessages(validate).iterator();
        while (it.hasNext()) {
            linkedList.add((String) it.next());
        }
        if (!linkedList.isEmpty()) {
            throw new InvalidPasswordException(linkedList);
        }
    }

    public org.passay.PasswordValidator getPasswordValidator(PasswordPolicy passwordPolicy) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new LengthRule(Math.max(1, passwordPolicy.getMinLength()), passwordPolicy.getMaxLength() > 0 ? passwordPolicy.getMaxLength() : Integer.MAX_VALUE));
        if (passwordPolicy.getRequireUpperCaseCharacter() > 0) {
            arrayList.add(new CharacterRule(EnglishCharacterData.UpperCase, passwordPolicy.getRequireUpperCaseCharacter()));
        }
        if (passwordPolicy.getRequireLowerCaseCharacter() > 0) {
            arrayList.add(new CharacterRule(EnglishCharacterData.LowerCase, passwordPolicy.getRequireLowerCaseCharacter()));
        }
        if (passwordPolicy.getRequireDigit() > 0) {
            arrayList.add(new CharacterRule(EnglishCharacterData.Digit, passwordPolicy.getRequireDigit()));
        }
        if (passwordPolicy.getRequireSpecialCharacter() > 0) {
            arrayList.add(new CharacterRule(EnglishCharacterData.Special, passwordPolicy.getRequireSpecialCharacter()));
        }
        return new org.passay.PasswordValidator(arrayList);
    }
}
