package com.evolveum.midpoint.common.policy;

import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.xml.XsdTypeMapper;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.LimitationsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordLifeTimeType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.StringLimitType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.StringPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.Validate;

/* loaded from: input_file:com/evolveum/midpoint/common/policy/PasswordPolicyUtils.class */
public class PasswordPolicyUtils {
    private static final transient Trace LOGGER = TraceManager.getTrace(PasswordPolicyUtils.class);
    private static final String DOT_CLASS = PasswordPolicyUtils.class.getName() + ".";
    private static final String OPERATION_PASSWORD_VALIDATION = DOT_CLASS + "passwordValidation";

    public static void normalize(ValuePolicyType valuePolicyType) {
        if (null == valuePolicyType) {
            throw new IllegalArgumentException("Password policy cannot be null");
        }
        if (null == valuePolicyType.getStringPolicy()) {
            valuePolicyType.setStringPolicy(StringPolicyUtils.normalize(new StringPolicyType()));
        } else {
            valuePolicyType.setStringPolicy(StringPolicyUtils.normalize(valuePolicyType.getStringPolicy()));
        }
        if (null == valuePolicyType.getLifetime()) {
            PasswordLifeTimeType passwordLifeTimeType = new PasswordLifeTimeType();
            passwordLifeTimeType.setExpiration(-1);
            passwordLifeTimeType.setWarnBeforeExpiration(0);
            passwordLifeTimeType.setLockAfterExpiration(0);
            passwordLifeTimeType.setMinPasswordAge(0);
            passwordLifeTimeType.setPasswordHistoryLength(0);
        }
    }

    public static boolean validatePassword(String str, List<ValuePolicyType> list, OperationResult operationResult) {
        boolean z = true;
        Iterator<ValuePolicyType> it = list.iterator();
        while (it.hasNext()) {
            OperationResult validatePassword = validatePassword(str, it.next());
            operationResult.addSubresult(validatePassword);
            if (z && !validatePassword.isSuccess()) {
                z = false;
            }
        }
        return z;
    }

    public static boolean validatePassword(String str, List<PrismObject<ValuePolicyType>> list) {
        boolean z = true;
        Iterator<PrismObject<ValuePolicyType>> it = list.iterator();
        while (it.hasNext()) {
            OperationResult validatePassword = validatePassword(str, it.next().asObjectable());
            if (z && !validatePassword.isSuccess()) {
                z = false;
            }
        }
        return z;
    }

    public static boolean validatePassword(ProtectedStringType protectedStringType, List<PrismObject<ValuePolicyType>> list) {
        boolean z = true;
        Iterator<PrismObject<ValuePolicyType>> it = list.iterator();
        while (it.hasNext()) {
            OperationResult validatePassword = validatePassword((String) protectedStringType.getClearValue(), it.next().asObjectable());
            if (z && !validatePassword.isSuccess()) {
                z = false;
            }
        }
        return z;
    }

    public static boolean validatePassword(String str, ValuePolicyType valuePolicyType, OperationResult operationResult) {
        OperationResult validatePassword = validatePassword(str, valuePolicyType);
        operationResult.addSubresult(validatePassword);
        return validatePassword.isSuccess();
    }

    public static OperationResult validatePassword(String str, ValuePolicyType valuePolicyType) {
        Validate.notNull(valuePolicyType, "Password policy must not be null.");
        OperationResult operationResult = new OperationResult(OPERATION_PASSWORD_VALIDATION);
        operationResult.addParam("policyName", valuePolicyType.getName());
        normalize(valuePolicyType);
        if (str == null && valuePolicyType.getMinOccurs() != null && XsdTypeMapper.multiplicityToInteger(valuePolicyType.getMinOccurs()).intValue() == 0) {
            operationResult.recordSuccess();
            return operationResult;
        }
        if (str == null) {
            str = "";
        }
        LimitationsType limitations = valuePolicyType.getStringPolicy().getLimitations();
        StringBuilder sb = new StringBuilder();
        if (limitations.getMinLength() == null) {
            limitations.setMinLength(0);
        }
        if (limitations.getMinLength().intValue() > str.length()) {
            String str2 = "Required minimal size (" + limitations.getMinLength() + ") of password is not met (password length: " + str.length() + ")";
            operationResult.addSubresult(new OperationResult("Check global minimal length", OperationResultStatus.FATAL_ERROR, str2));
            sb.append(str2);
            sb.append("\n");
        }
        if (limitations.getMaxLength() != null && limitations.getMaxLength().intValue() < str.length()) {
            String str3 = "Required maximal size (" + limitations.getMaxLength() + ") of password was exceeded (password length: " + str.length() + ").";
            operationResult.addSubresult(new OperationResult("Check global maximal length", OperationResultStatus.FATAL_ERROR, str3));
            sb.append(str3);
            sb.append("\n");
        }
        HashSet hashSet = new HashSet(StringPolicyUtils.stringTokenizer(str));
        if (limitations.getMinUniqueChars() != null && limitations.getMinUniqueChars().intValue() > hashSet.size()) {
            String str4 = "Required minimal count of unique characters (" + limitations.getMinUniqueChars() + ") in password are not met (unique characters in password " + hashSet.size() + ")";
            operationResult.addSubresult(new OperationResult("Check minimal count of unique chars", OperationResultStatus.FATAL_ERROR, str4));
            sb.append(str4);
            sb.append("\n");
        }
        HashSet hashSet2 = new HashSet(128);
        ArrayList<String> stringTokenizer = StringPolicyUtils.stringTokenizer(str);
        if (limitations.getLimit() == null || limitations.getLimit().isEmpty()) {
            if (sb.toString() == null || sb.toString().isEmpty()) {
                operationResult.computeStatus();
            } else {
                operationResult.computeStatus(sb.toString());
            }
            return operationResult;
        }
        for (StringLimitType stringLimitType : limitations.getLimit()) {
            OperationResult operationResult2 = new OperationResult("Tested limitation: " + stringLimitType.getDescription());
            ArrayList<String> stringTokenizer2 = null != stringLimitType.getCharacterClass().getValue() ? StringPolicyUtils.stringTokenizer(stringLimitType.getCharacterClass().getValue()) : StringPolicyUtils.stringTokenizer(StringPolicyUtils.collectCharacterClass(valuePolicyType.getStringPolicy().getCharacterClass(), stringLimitType.getCharacterClass().getRef()));
            hashSet2.addAll(stringTokenizer2);
            int i = 0;
            Iterator<String> it = stringTokenizer.iterator();
            while (it.hasNext()) {
                if (stringTokenizer2.contains(it.next())) {
                    i++;
                }
            }
            if (stringLimitType.getMinOccurs() == null) {
                stringLimitType.setMinOccurs(0);
            }
            if (stringLimitType.getMinOccurs().intValue() > i) {
                String str5 = "Required minimal occurrence (" + stringLimitType.getMinOccurs() + ") of characters (" + stringLimitType.getDescription() + ") in password is not met (occurrence of characters in password " + i + ").";
                operationResult2.addSubresult(new OperationResult("Check minimal occurrence of characters", OperationResultStatus.FATAL_ERROR, str5));
                sb.append(str5);
                sb.append("\n");
            }
            if (stringLimitType.getMaxOccurs() != null && stringLimitType.getMaxOccurs().intValue() < i) {
                String str6 = "Required maximal occurrence (" + stringLimitType.getMaxOccurs() + ") of characters (" + stringLimitType.getDescription() + ") in password was exceeded (occurrence of characters in password " + i + ").";
                operationResult2.addSubresult(new OperationResult("Check maximal occurrence of characters", OperationResultStatus.FATAL_ERROR, str6));
                sb.append(str6);
                sb.append("\n");
            }
            if (stringLimitType.isMustBeFirst() == null) {
                stringLimitType.setMustBeFirst(false);
            }
            if (StringUtils.isNotEmpty(str) && stringLimitType.isMustBeFirst().booleanValue() && !stringTokenizer2.contains(str.substring(0, 1))) {
                String str7 = "First character is not from allowed set. Allowed set: " + stringTokenizer2.toString();
                operationResult2.addSubresult(new OperationResult("Check valid first char", OperationResultStatus.FATAL_ERROR, str7));
                sb.append(str7);
                sb.append("\n");
            }
            operationResult2.computeStatus();
            operationResult.addSubresult(operationResult2);
        }
        StringBuilder sb2 = new StringBuilder();
        Iterator<String> it2 = stringTokenizer.iterator();
        while (it2.hasNext()) {
            String next = it2.next();
            if (!hashSet2.contains(next)) {
                sb2.append(next);
            }
        }
        if (sb2.length() > 0) {
            String str8 = "Characters [ " + ((Object) sb2) + " ] are not allowed in password";
            operationResult.addSubresult(new OperationResult("Check if password does not contain invalid characters", OperationResultStatus.FATAL_ERROR, str8));
            sb.append(str8);
            sb.append("\n");
        }
        if (sb.toString() == null || sb.toString().isEmpty()) {
            operationResult.computeStatus();
        } else {
            operationResult.computeStatus(sb.toString());
        }
        return operationResult;
    }
}
