package org.apereo.cas.pm;

import org.apereo.cas.configuration.CasConfigurationProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.binding.message.MessageBuilder;
import org.springframework.binding.message.MessageContext;
import org.springframework.binding.validation.ValidationContext;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-pm-5.1.7.jar:org/apereo/cas/pm/PasswordValidator.class */
public class PasswordValidator {

    @Autowired
    private CasConfigurationProperties casProperties;

    public void validateCasMustChangePassView(PasswordChangeBean passwordChangeBean, ValidationContext validationContext) {
        MessageContext messageContext = validationContext.getMessageContext();
        if (!StringUtils.hasText(passwordChangeBean.getPassword())) {
            messageContext.addMessage(new MessageBuilder().error().source("pm.passwordFailedCriteria").defaultText("Password policy rejected empty password.").build());
        } else if (!passwordChangeBean.getPassword().equals(passwordChangeBean.getConfirmedPassword())) {
            messageContext.addMessage(new MessageBuilder().error().source("pm.passwordsMustMatch").defaultText("Provided passwords do not match.").build());
        } else {
            if (passwordChangeBean.getPassword().matches(this.casProperties.getAuthn().getPm().getPolicyPattern())) {
                return;
            }
            messageContext.addMessage(new MessageBuilder().error().source("pm.passwordFailedCriteria").defaultText("Password policy rejected the provided insecure password.").build());
        }
    }
}
