package com.evolveum.midpoint.model.common.stringpolicy;

import com.evolveum.midpoint.model.api.validator.StringLimitationResult;
import com.evolveum.midpoint.prism.PrimitiveType;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismObjectDefinition;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.crypto.Protector;
import com.evolveum.midpoint.prism.path.ItemName;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.repo.common.expression.ExpressionFactory;
import com.evolveum.midpoint.repo.common.expression.ExpressionUtil;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.expression.ExpressionProfile;
import com.evolveum.midpoint.schema.expression.VariablesMap;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.schema.util.LocalizationUtil;
import com.evolveum.midpoint.schema.util.MiscSchemaUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.LocalizableMessage;
import com.evolveum.midpoint.util.LocalizableMessageBuilder;
import com.evolveum.midpoint.util.LocalizableMessageList;
import com.evolveum.midpoint.util.LocalizableMessageListBuilder;
import com.evolveum.midpoint.util.SingleLocalizableMessage;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CharacterClassType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CheckExpressionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ExpressionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.LimitationsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ProhibitedValueItemType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ProhibitedValuesType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.StringLimitType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.StringPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType;
import com.evolveum.prism.xml.ns._public.types_3.ItemPathType;
import com.evolveum.prism.xml.ns._public.types_3.PolyStringTranslationType;
import com.evolveum.prism.xml.ns._public.types_3.PolyStringType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.Set;
import java.util.function.Consumer;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.Validate;
import org.apache.commons.lang3.mutable.MutableBoolean;
import org.apache.commons.lang3.text.StrBuilder;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/model-common-4.6.2-SNAPSHOT.jar:com/evolveum/midpoint/model/common/stringpolicy/ValuePolicyProcessor.class */
public class ValuePolicyProcessor {
    private static final String ALPHANUMERIC_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
    private static final int DEFAULT_MAX_ATTEMPTS = 10;

    @Autowired
    private PrismContext prismContext;

    @Autowired
    private ExpressionFactory expressionFactory;

    @Autowired
    private Protector protector;
    private static final String OP_GENERATE = ValuePolicyProcessor.class.getName() + ".generate";
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) ValuePolicyProcessor.class);
    private static final Random RAND = new Random(System.currentTimeMillis());
    private static final String DOT_CLASS = ValuePolicyProcessor.class.getName() + ".";
    private static final String OPERATION_STRING_POLICY_VALIDATION = DOT_CLASS + "stringPolicyValidation";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/model-common-4.6.2-SNAPSHOT.jar:com/evolveum/midpoint/model/common/stringpolicy/ValuePolicyProcessor$Context.class */
    public static class Context {

        @NotNull
        private final ItemPath path;

        private Context(@NotNull ItemPath itemPath) {
            this.path = itemPath;
        }
    }

    public ExpressionFactory getExpressionFactory() {
        return this.expressionFactory;
    }

    public void setExpressionFactory(ExpressionFactory expressionFactory) {
        this.expressionFactory = expressionFactory;
    }

    public String generate(ItemPath itemPath, ValuePolicyType valuePolicyType, int i, boolean z, ObjectBasedValuePolicyOriginResolver<?> objectBasedValuePolicyOriginResolver, String str, Task task, OperationResult operationResult) throws ExpressionEvaluationException, SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
        Context context = new Context(itemPath != null ? itemPath : SchemaConstants.PATH_PASSWORD_VALUE);
        OperationResult createSubresult = operationResult.createSubresult(OP_GENERATE);
        if (valuePolicyType == null) {
            valuePolicyType = new ValuePolicyType().stringPolicy(new StringPolicyType().limitations(new LimitationsType().maxLength(Integer.valueOf(i)).minLength(Integer.valueOf(i))));
        }
        StringPolicyType stringPolicy = valuePolicyType.getStringPolicy();
        int i2 = 10;
        if (stringPolicy.getLimitations() != null && stringPolicy.getLimitations().getMaxAttempts() != null) {
            i2 = stringPolicy.getLimitations().getMaxAttempts().intValue();
        }
        if (i2 < 1) {
            ExpressionEvaluationException expressionEvaluationException = new ExpressionEvaluationException("Illegal number of maximum value generation attempts: " + i2);
            createSubresult.recordFatalError(expressionEvaluationException);
            throw expressionEvaluationException;
        }
        int i3 = 1;
        while (true) {
            String generateAttempt = generateAttempt(valuePolicyType, i, z, context, createSubresult);
            if (createSubresult.isError()) {
                throw new ExpressionEvaluationException(createSubresult.getMessage());
            }
            if (checkAttempt(generateAttempt, valuePolicyType, MiscSchemaUtil.getExpressionProfile(), objectBasedValuePolicyOriginResolver, str, task, createSubresult)) {
                return generateAttempt;
            }
            LOGGER.trace("Generator attempt {}: check failed", Integer.valueOf(i3));
            if (i3 == i2) {
                ExpressionEvaluationException expressionEvaluationException2 = new ExpressionEvaluationException("Unable to generate value, maximum number of attempts (" + i2 + ") exceeded");
                createSubresult.recordFatalError(expressionEvaluationException2);
                throw expressionEvaluationException2;
            }
            i3++;
        }
    }

    public List<StringLimitationResult> validateValue(String str, ValuePolicyType valuePolicyType, ObjectBasedValuePolicyOriginResolver<?> objectBasedValuePolicyOriginResolver, String str2, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        return validateValue(str, valuePolicyType, objectBasedValuePolicyOriginResolver, new ArrayList(), str2, task, operationResult);
    }

    public List<StringLimitationResult> validateValue(String str, ValuePolicyType valuePolicyType, ObjectBasedValuePolicyOriginResolver<?> objectBasedValuePolicyOriginResolver, List<LocalizableMessage> list, String str2, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        Validate.notNull(valuePolicyType, "Value policy must not be null.", new Object[0]);
        OperationResult createSubresult = operationResult.createSubresult(OPERATION_STRING_POLICY_VALIDATION);
        createSubresult.addArbitraryObjectAsParam("policyName", (Object) valuePolicyType.getName());
        ArrayList arrayList = new ArrayList();
        try {
            try {
                normalize(valuePolicyType);
                if (str == null) {
                    str = "";
                }
                LimitationsType limitations = valuePolicyType.getStringPolicy().getLimitations();
                CollectionUtils.addIgnoreNull(arrayList, testLength(str, limitations, createSubresult, list));
                CollectionUtils.addIgnoreNull(arrayList, testMinimalUniqueCharacters(str, limitations, createSubresult, list));
                CollectionUtils.addIgnoreNull(arrayList, testProhibitedValues(str, valuePolicyType.getProhibitedValues(), objectBasedValuePolicyOriginResolver, str2, task, createSubresult, list));
                arrayList.addAll(testCheckExpression(str, limitations, MiscSchemaUtil.getExpressionProfile(), objectBasedValuePolicyOriginResolver, str2, task, createSubresult, list));
                if (!limitations.getLimit().isEmpty()) {
                    HashSet<String> hashSet = new HashSet<>();
                    List<String> stringTokenizer = StringPolicyUtils.stringTokenizer(str);
                    for (StringLimitType stringLimitType : limitations.getLimit()) {
                        OperationResult operationResult2 = new OperationResult("Tested limitation: " + stringLimitType.getDescription());
                        HashSet<String> validCharacters = getValidCharacters(stringLimitType.getCharacterClass(), valuePolicyType);
                        int countValidCharacters = countValidCharacters(validCharacters, stringTokenizer);
                        hashSet.addAll(validCharacters);
                        StringLimitationResult testMustBeFirst = testMustBeFirst(stringLimitType, operationResult2, list, str, validCharacters, testMaximalOccurrence(stringLimitType, countValidCharacters, operationResult2, list, testMinimalOccurrence(stringLimitType, countValidCharacters, operationResult2, list, null)));
                        if (testMustBeFirst != null) {
                            PolyStringType name = stringLimitType.getName();
                            if (name == null) {
                                name = new PolyStringType(stringLimitType.getDescription());
                                PolyStringTranslationType polyStringTranslationType = new PolyStringTranslationType();
                                polyStringTranslationType.setKey(stringLimitType.getDescription());
                                name.setTranslation(polyStringTranslationType);
                            }
                            testMustBeFirst.setHelp(new PolyStringType(getCharsetAsString(validCharacters)));
                            testMustBeFirst.setName(name);
                            arrayList.add(testMustBeFirst);
                        }
                        operationResult2.computeStatus();
                        createSubresult.addSubresult(operationResult2);
                    }
                    CollectionUtils.addIgnoreNull(arrayList, testInvalidCharacters(stringTokenizer, hashSet, createSubresult, list));
                }
                if (!createSubresult.isSuccess() && !list.isEmpty()) {
                    createSubresult.setUserFriendlyMessage(new LocalizableMessageListBuilder().messages(list).separator(LocalizableMessageList.SPACE).buildOptimized());
                }
                return arrayList;
            } catch (Throwable th) {
                createSubresult.recordFatalError(th);
                throw th;
            }
        } finally {
            createSubresult.computeStatusIfUnknown();
        }
    }

    private String getCharsetAsString(HashSet<String> hashSet) {
        StringBuilder sb = new StringBuilder();
        hashSet.forEach(str -> {
            sb.append(str);
        });
        return sb.toString();
    }

    private void normalize(ValuePolicyType valuePolicyType) {
        if (null == valuePolicyType) {
            throw new IllegalArgumentException("Password policy cannot be null");
        }
        if (null == valuePolicyType.getStringPolicy()) {
            valuePolicyType.setStringPolicy(StringPolicyUtils.normalize(new StringPolicyType()));
        } else {
            valuePolicyType.setStringPolicy(StringPolicyUtils.normalize(valuePolicyType.getStringPolicy()));
        }
    }

    private StringLimitationResult testMustBeFirst(StringLimitType stringLimitType, OperationResult operationResult, List<LocalizableMessage> list, String str, Set<String> set, StringLimitationResult stringLimitationResult) {
        if (stringLimitType.isMustBeFirst() == null) {
            return stringLimitationResult;
        }
        if (stringLimitationResult == null) {
            stringLimitationResult = new StringLimitationResult();
            stringLimitationResult.setMustBeFirst(stringLimitType.isMustBeFirst());
            stringLimitationResult.setSuccess(Boolean.valueOf(StringUtils.isNotEmpty(str)));
        } else {
            stringLimitationResult.setMustBeFirst(stringLimitType.isMustBeFirst());
        }
        if (StringUtils.isNotEmpty(str) && BooleanUtils.isTrue(stringLimitType.isMustBeFirst()) && !set.contains(str.substring(0, 1))) {
            SingleLocalizableMessage build = new LocalizableMessageBuilder().key("ValuePolicy.firstCharacterNotAllowed").arg(set.toString()).build();
            operationResult.addSubresult(new OperationResult("Check valid first char", OperationResultStatus.FATAL_ERROR, build));
            list.add(build);
            stringLimitationResult.setSuccess(false);
        }
        return stringLimitationResult;
    }

    private StringLimitationResult testMaximalOccurrence(StringLimitType stringLimitType, int i, OperationResult operationResult, List<LocalizableMessage> list, StringLimitationResult stringLimitationResult) {
        if (stringLimitType.getMaxOccurs() == null) {
            return stringLimitationResult;
        }
        if (stringLimitationResult == null) {
            stringLimitationResult = new StringLimitationResult();
            stringLimitationResult.setMaxOccurs(stringLimitType.getMaxOccurs());
            stringLimitationResult.setSuccess(true);
        } else {
            stringLimitationResult.setMaxOccurs(stringLimitType.getMaxOccurs());
        }
        if (i > stringLimitType.getMaxOccurs().intValue()) {
            SingleLocalizableMessage build = new LocalizableMessageBuilder().key("ValuePolicy.maximalOccurrenceExceeded").arg(stringLimitType.getMaxOccurs()).arg(stringLimitType.getDescription()).arg(Integer.valueOf(i)).build();
            operationResult.addSubresult(new OperationResult("Check maximal occurrence of characters", OperationResultStatus.FATAL_ERROR, build));
            list.add(build);
            stringLimitationResult.setSuccess(false);
        }
        return stringLimitationResult;
    }

    private StringLimitationResult testMinimalOccurrence(StringLimitType stringLimitType, int i, OperationResult operationResult, List<LocalizableMessage> list, StringLimitationResult stringLimitationResult) {
        if (stringLimitType.getMinOccurs() == null) {
            return stringLimitationResult;
        }
        if (stringLimitationResult == null) {
            stringLimitationResult = new StringLimitationResult();
            stringLimitationResult.setMinOccurs(stringLimitType.getMinOccurs());
            stringLimitationResult.setSuccess(true);
        } else {
            stringLimitationResult.setMinOccurs(stringLimitType.getMinOccurs());
        }
        if (i < stringLimitType.getMinOccurs().intValue()) {
            SingleLocalizableMessage build = new LocalizableMessageBuilder().key("ValuePolicy.minimalOccurrenceNotMet").arg(stringLimitType.getMinOccurs()).arg(stringLimitType.getDescription()).arg(Integer.valueOf(i)).build();
            operationResult.addSubresult(new OperationResult("Check minimal occurrence of characters", OperationResultStatus.FATAL_ERROR, build));
            list.add(build);
            stringLimitationResult.setSuccess(false);
        }
        return stringLimitationResult;
    }

    private int countValidCharacters(Set<String> set, List<String> list) {
        int i = 0;
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (set.contains(it.next())) {
                i++;
            }
        }
        return i;
    }

    private HashSet<String> getValidCharacters(CharacterClassType characterClassType, ValuePolicyType valuePolicyType) {
        return null != characterClassType.getValue() ? new HashSet<>(StringPolicyUtils.stringTokenizer(characterClassType.getValue())) : new HashSet<>(StringPolicyUtils.stringTokenizer(StringPolicyUtils.collectCharacterClass(valuePolicyType.getStringPolicy().getCharacterClass(), characterClassType.getRef())));
    }

    private StringLimitationResult testMinimalUniqueCharacters(String str, LimitationsType limitationsType, OperationResult operationResult, List<LocalizableMessage> list) {
        if (limitationsType.getMinUniqueChars() == null) {
            return null;
        }
        HashSet hashSet = new HashSet(StringPolicyUtils.stringTokenizer(str));
        StringLimitationResult stringLimitationResult = new StringLimitationResult();
        stringLimitationResult.setMinOccurs(limitationsType.getMinUniqueChars());
        PolyStringType polyStringType = new PolyStringType("unique characters");
        PolyStringTranslationType polyStringTranslationType = new PolyStringTranslationType();
        polyStringTranslationType.setKey("ValuePolicy.uniqueCharacters");
        polyStringType.setTranslation(polyStringTranslationType);
        stringLimitationResult.setName(polyStringType);
        stringLimitationResult.setSuccess(true);
        if (limitationsType.getMinUniqueChars().intValue() > hashSet.size()) {
            SingleLocalizableMessage build = new LocalizableMessageBuilder().key("ValuePolicy.minimalUniqueCharactersNotMet").arg(limitationsType.getMinUniqueChars()).arg(Integer.valueOf(hashSet.size())).build();
            operationResult.addSubresult(new OperationResult("Check minimal count of unique chars", OperationResultStatus.FATAL_ERROR, build));
            list.add(build);
            stringLimitationResult.setSuccess(false);
        }
        return stringLimitationResult;
    }

    private StringLimitationResult testLength(String str, LimitationsType limitationsType, OperationResult operationResult, List<LocalizableMessage> list) {
        if (limitationsType.getMinLength() == null && limitationsType.getMaxLength() == null) {
            return null;
        }
        StringLimitationResult stringLimitationResult = new StringLimitationResult();
        stringLimitationResult.setMinOccurs(limitationsType.getMinLength());
        stringLimitationResult.setMaxOccurs(limitationsType.getMaxLength());
        PolyStringType polyStringType = new PolyStringType("characters");
        PolyStringTranslationType polyStringTranslationType = new PolyStringTranslationType();
        polyStringTranslationType.setKey("ValuePolicy.characters");
        polyStringType.setTranslation(polyStringTranslationType);
        stringLimitationResult.setName(polyStringType);
        stringLimitationResult.setSuccess(true);
        if (limitationsType.getMinLength() != null && str.length() < limitationsType.getMinLength().intValue()) {
            SingleLocalizableMessage build = new LocalizableMessageBuilder().key("ValuePolicy.minimalSizeNotMet").arg(limitationsType.getMinLength()).arg(Integer.valueOf(str.length())).build();
            operationResult.addSubresult(new OperationResult("Check global minimal length", OperationResultStatus.FATAL_ERROR, build));
            list.add(build);
            stringLimitationResult.setSuccess(false);
        }
        if (limitationsType.getMaxLength() != null && str.length() > limitationsType.getMaxLength().intValue()) {
            SingleLocalizableMessage build2 = new LocalizableMessageBuilder().key("ValuePolicy.maximalSizeExceeded").arg(limitationsType.getMaxLength()).arg(Integer.valueOf(str.length())).build();
            operationResult.addSubresult(new OperationResult("Check global maximal length", OperationResultStatus.FATAL_ERROR, build2));
            list.add(build2);
            stringLimitationResult.setSuccess(false);
        }
        return stringLimitationResult;
    }

    private StringLimitationResult testInvalidCharacters(List<String> list, HashSet<String> hashSet, OperationResult operationResult, List<LocalizableMessage> list2) {
        StringBuilder sb = new StringBuilder();
        for (String str : list) {
            if (!hashSet.contains(str)) {
                sb.append(str);
            }
        }
        StringLimitationResult stringLimitationResult = new StringLimitationResult();
        PolyStringType polyStringType = new PolyStringType("invalid characters");
        PolyStringTranslationType polyStringTranslationType = new PolyStringTranslationType();
        polyStringTranslationType.setKey("ValuePolicy.invalidCharacters");
        polyStringType.setTranslation(polyStringTranslationType);
        stringLimitationResult.setName(polyStringType);
        stringLimitationResult.setHelp(new PolyStringType(getCharsetAsString(hashSet)));
        stringLimitationResult.setSuccess(true);
        if (sb.length() > 0) {
            SingleLocalizableMessage build = new LocalizableMessageBuilder().key("ValuePolicy.charactersNotAllowed").arg(sb).build();
            operationResult.addSubresult(new OperationResult("Check if value does not contain invalid characters", OperationResultStatus.FATAL_ERROR, build));
            list2.add(build);
            stringLimitationResult.setSuccess(false);
        }
        return stringLimitationResult;
    }

    private List<StringLimitationResult> testCheckExpression(String str, LimitationsType limitationsType, ExpressionProfile expressionProfile, ObjectBasedValuePolicyOriginResolver<?> objectBasedValuePolicyOriginResolver, String str2, Task task, OperationResult operationResult, List<LocalizableMessage> list) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        ArrayList arrayList = new ArrayList();
        for (CheckExpressionType checkExpressionType : limitationsType.getCheckExpression()) {
            ExpressionType expression = checkExpressionType.getExpression();
            if (expression != null) {
                StringLimitationResult stringLimitationResult = new StringLimitationResult();
                PolyStringType polyStringType = null;
                if (checkExpressionType.getDisplay() != null) {
                    polyStringType = checkExpressionType.getDisplay().getLabel();
                    stringLimitationResult.setHelp(checkExpressionType.getDisplay().getHelp());
                }
                if (polyStringType == null) {
                    polyStringType = new PolyStringType("Check expression");
                    PolyStringTranslationType polyStringTranslationType = new PolyStringTranslationType();
                    polyStringTranslationType.setKey("ValuePolicy.checkExpression");
                    polyStringType.setTranslation(polyStringTranslationType);
                }
                stringLimitationResult.setName(polyStringType);
                stringLimitationResult.setSuccess(true);
                if (!checkExpression(str, expression, expressionProfile, objectBasedValuePolicyOriginResolver, str2, task, operationResult)) {
                    LocalizableMessage localizableMessage = checkExpressionType.getLocalizableFailureMessage() != null ? LocalizationUtil.toLocalizableMessage(checkExpressionType.getLocalizableFailureMessage()) : checkExpressionType.getFailureMessage() != null ? LocalizableMessageBuilder.buildFallbackMessage(checkExpressionType.getFailureMessage()) : LocalizableMessageBuilder.buildKey("ValuePolicy.checkExpressionFailed");
                    operationResult.addSubresult(new OperationResult("Check expression", OperationResultStatus.FATAL_ERROR, localizableMessage));
                    list.add(localizableMessage);
                    stringLimitationResult.setSuccess(false);
                }
                arrayList.add(stringLimitationResult);
            }
        }
        return arrayList;
    }

    private StringLimitationResult testProhibitedValues(String str, ProhibitedValuesType prohibitedValuesType, ObjectBasedValuePolicyOriginResolver<?> objectBasedValuePolicyOriginResolver, String str2, Task task, OperationResult operationResult, List<LocalizableMessage> list) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        if (prohibitedValuesType == null || objectBasedValuePolicyOriginResolver == null) {
            return null;
        }
        StringLimitationResult stringLimitationResult = new StringLimitationResult();
        PolyStringType polyStringType = new PolyStringType("prohibited value");
        PolyStringTranslationType polyStringTranslationType = new PolyStringTranslationType();
        polyStringTranslationType.setKey("ValuePolicy.prohibitedValueName");
        polyStringType.setTranslation(polyStringTranslationType);
        stringLimitationResult.setName(polyStringType);
        PolyStringType polyStringType2 = new PolyStringType("");
        PolyStringTranslationType polyStringTranslationType2 = new PolyStringTranslationType();
        polyStringTranslationType2.setKey("ValuePolicy.prohibitedValue");
        polyStringType2.setTranslation(polyStringTranslationType2);
        stringLimitationResult.setHelp(polyStringType2);
        stringLimitationResult.setSuccess(true);
        checkProhibitedValues(str, prohibitedValuesType, objectBasedValuePolicyOriginResolver, prohibitedValueItemType -> {
            SingleLocalizableMessage build = new LocalizableMessageBuilder().key("ValuePolicy.prohibitedValue").build();
            operationResult.addSubresult(new OperationResult("Prohibited value", OperationResultStatus.FATAL_ERROR, build));
            list.add(build);
            stringLimitationResult.setSuccess(false);
        }, str2, task, operationResult);
        return stringLimitationResult;
    }

    private <O extends ObjectType, R extends ObjectType> boolean checkProhibitedValues(String str, ProhibitedValuesType prohibitedValuesType, ObjectBasedValuePolicyOriginResolver<O> objectBasedValuePolicyOriginResolver, Consumer<ProhibitedValueItemType> consumer, String str2, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        if (prohibitedValuesType == null || objectBasedValuePolicyOriginResolver == null) {
            return true;
        }
        MutableBoolean mutableBoolean = new MutableBoolean(true);
        for (ProhibitedValueItemType prohibitedValueItemType : prohibitedValuesType.getItem()) {
            ItemPathType path = prohibitedValueItemType.getPath();
            if (path == null) {
                throw new SchemaException("No item path defined in prohibited item in " + str2);
            }
            ItemPath itemPath = path.getItemPath();
            objectBasedValuePolicyOriginResolver.resolve(prohibitedValueItemType, (prismObject, operationResult2) -> {
                PrismProperty<Object> findProperty = prismObject.findProperty(itemPath);
                if (findProperty == null || !isMatching(str, findProperty)) {
                    return true;
                }
                if (consumer != null) {
                    consumer.accept(prohibitedValueItemType);
                }
                mutableBoolean.setValue(false);
                return false;
            }, str2, task, operationResult);
        }
        return mutableBoolean.booleanValue();
    }

    private boolean isMatching(String str, PrismProperty<Object> prismProperty) {
        for (Object obj : prismProperty.getRealValues()) {
            if (obj instanceof String) {
                if (str.equals(obj)) {
                    return true;
                }
            } else if (obj instanceof ProtectedStringType) {
                ProtectedStringType protectedStringType = new ProtectedStringType();
                protectedStringType.setClearValue(str);
                try {
                    if (this.protector.compareCleartext(protectedStringType, (ProtectedStringType) obj)) {
                        return true;
                    }
                } catch (EncryptionException | SchemaException e) {
                    throw new SystemException(e);
                }
            } else if (str.equals(obj.toString())) {
                return true;
            }
        }
        return false;
    }

    private String generateAttempt(ValuePolicyType valuePolicyType, int i, boolean z, Context context, OperationResult operationResult) {
        StringPolicyType stringPolicy = valuePolicyType.getStringPolicy();
        HashMap hashMap = new HashMap();
        int i2 = i;
        int i3 = i;
        int i4 = i / 2;
        if (stringPolicy != null) {
            for (StringLimitType stringLimitType : stringPolicy.getLimitations().getLimit()) {
                if (null != stringLimitType.getCharacterClass().getValue()) {
                    hashMap.put(stringLimitType, StringPolicyUtils.stringTokenizer(stringLimitType.getCharacterClass().getValue()));
                } else {
                    hashMap.put(stringLimitType, StringPolicyUtils.stringTokenizer(StringPolicyUtils.collectCharacterClass(stringPolicy.getCharacterClass(), stringLimitType.getCharacterClass().getRef())));
                }
            }
            i2 = ((Integer) ObjectUtils.defaultIfNull(stringPolicy.getLimitations().getMinLength(), 0)).intValue();
            if (i2 != 0 && i2 > i) {
                i = i2;
            }
            i3 = ((Integer) ObjectUtils.defaultIfNull(stringPolicy.getLimitations().getMaxLength(), 0)).intValue();
            i4 = ((Integer) ObjectUtils.defaultIfNull(stringPolicy.getLimitations().getMinUniqueChars(), Integer.valueOf(i2))).intValue();
        }
        if (i4 > i2) {
            i2 = i4;
            new OperationResult("Global limitation check").recordWarning("There is more required unique characters then defined minimum. Raise minimum to number of required unique chars.");
        }
        if (i2 == 0 && i3 == 0) {
            i2 = i;
            i3 = i;
            z = true;
        }
        if (i3 == 0) {
            i3 = Math.max(i2, i);
        }
        StringBuilder sb = new StringBuilder();
        HashMap hashMap2 = new HashMap();
        for (Map.Entry<StringLimitType, List<String>> entry : hashMap.entrySet()) {
            StringLimitType key = entry.getKey();
            if (key.isMustBeFirst() != null && key.isMustBeFirst().booleanValue()) {
                hashMap2.put(key, entry.getValue());
            }
        }
        if (!hashMap2.isEmpty()) {
            List<String> list = cardinalityCounter(hashMap2, null, false, false, operationResult).get(Integer.valueOf(hashMap2.keySet().size()));
            if (null == list || list.size() == 0) {
                operationResult.recordFatalError("No intersection for required first character sets in value policy:" + stringPolicy.getDescription());
                if (!LOGGER.isErrorEnabled()) {
                    return null;
                }
                LOGGER.error("Unable to generate value for " + context.path + ": No intersection for required first character sets in value policy: [" + stringPolicy.getDescription() + "] following character limitation and sets are used:");
                for (Map.Entry<StringLimitType, List<String>> entry2 : hashMap2.entrySet()) {
                    StrBuilder strBuilder = new StrBuilder();
                    strBuilder.appendSeparator(", ");
                    strBuilder.appendAll(entry2.getValue());
                    LOGGER.error("L:" + entry2.getKey().getDescription() + " -> [" + strBuilder + "]");
                }
                return null;
            }
            if (LOGGER.isDebugEnabled()) {
                StrBuilder strBuilder2 = new StrBuilder();
                strBuilder2.appendSeparator(", ");
                strBuilder2.appendAll(list);
                LOGGER.trace("Generate first character intersection items [" + strBuilder2 + "] into " + context.path + ".");
            }
            sb.append(list.get(RAND.nextInt(list.size())));
        }
        boolean z2 = false;
        if (hashMap.isEmpty()) {
            StringLimitType stringLimitType2 = new StringLimitType();
            CharacterClassType characterClassType = new CharacterClassType();
            characterClassType.setValue(ALPHANUMERIC_CHARS);
            stringLimitType2.setCharacterClass(characterClassType);
            stringLimitType2.setMustBeFirst(false);
            stringLimitType2.setMaxOccurs(Integer.valueOf(i3));
            stringLimitType2.setMinOccurs(Integer.valueOf(i2));
            hashMap.put(stringLimitType2, StringPolicyUtils.stringTokenizer(ALPHANUMERIC_CHARS));
        }
        int i5 = 0;
        while (true) {
            if (i5 >= i2) {
                break;
            }
            if (sb.length() >= i4) {
                z2 = true;
            }
            Map<Integer, List<String>> cardinalityCounter = cardinalityCounter(hashMap, StringPolicyUtils.stringTokenizer(sb.toString()), false, z2, operationResult);
            if (null == cardinalityCounter) {
                return null;
            }
            if (cardinalityCounter.isEmpty()) {
                LOGGER.trace("Minimal criterias was met. No more characters");
                break;
            }
            int i6 = 1;
            while (true) {
                if (i6 >= hashMap.keySet().size()) {
                    break;
                }
                if (cardinalityCounter.containsKey(Integer.valueOf(i6))) {
                    List<String> list2 = cardinalityCounter.get(Integer.valueOf(i6));
                    sb.append(list2.get(RAND.nextInt(list2.size())));
                    break;
                }
                i6++;
            }
            i5++;
        }
        if (sb.length() > i3) {
            operationResult.recordFatalError("Unable to meet minimal criteria and not exceed maximal size of " + context.path + ".");
            return null;
        }
        int i7 = 0;
        while (true) {
            if (i7 >= i2 || sb.length() == i3 || (sb.length() >= i2 && z)) {
                break;
            }
            if (sb.length() >= i4) {
                z2 = true;
            }
            Map<Integer, List<String>> cardinalityCounter2 = cardinalityCounter(hashMap, StringPolicyUtils.stringTokenizer(sb.toString()), true, z2, operationResult);
            if (null == cardinalityCounter2) {
                operationResult.recordFatalError("No valid characters to generate, but no all limitation are reached");
                return null;
            }
            if (!cardinalityCounter2.isEmpty()) {
                int i8 = 1;
                while (true) {
                    if (i8 > hashMap.keySet().size()) {
                        break;
                    }
                    if (cardinalityCounter2.containsKey(Integer.valueOf(i8))) {
                        List<String> list3 = cardinalityCounter2.get(Integer.valueOf(i8));
                        sb.append(list3.get(RAND.nextInt(list3.size())));
                        break;
                    }
                    i8++;
                }
                i7++;
            } else if (i7 == 0) {
                sb.append(RandomStringUtils.randomAlphanumeric(i2));
            }
        }
        if (sb.length() < i2) {
            operationResult.recordFatalError("Unable to generate value for " + context.path + " and meet minimal size of " + context.path + ". Actual length: " + sb.length() + ", required: " + i2);
            LOGGER.trace("Unable to generate value for " + context.path + " and meet minimal size of " + context.path + ". Actual length: {}, required: {}", Integer.valueOf(sb.length()), Integer.valueOf(i2));
            return null;
        }
        operationResult.recordSuccess();
        StrBuilder strBuilder3 = new StrBuilder(sb.substring(0, 1));
        List<String> stringTokenizer = StringPolicyUtils.stringTokenizer(sb.substring(1));
        Collections.shuffle(stringTokenizer);
        strBuilder3.appendAll(stringTokenizer);
        return strBuilder3.toString();
    }

    private <O extends ObjectType> boolean checkAttempt(String str, ValuePolicyType valuePolicyType, ExpressionProfile expressionProfile, ObjectBasedValuePolicyOriginResolver<O> objectBasedValuePolicyOriginResolver, String str2, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        LimitationsType limitations;
        StringPolicyType stringPolicy = valuePolicyType.getStringPolicy();
        if (stringPolicy != null && (limitations = stringPolicy.getLimitations()) != null && !checkExpressions(str, limitations.getCheckExpression(), expressionProfile, objectBasedValuePolicyOriginResolver, str2, task, operationResult)) {
            LOGGER.trace("Check expression returned false for generated value in {}", str2);
            return false;
        }
        if (checkProhibitedValues(str, valuePolicyType.getProhibitedValues(), objectBasedValuePolicyOriginResolver, null, str2, task, operationResult)) {
            return true;
        }
        LOGGER.trace("Generated value is prohibited in {}", str2);
        return false;
    }

    private <O extends ObjectType> boolean checkExpressions(String str, List<CheckExpressionType> list, ExpressionProfile expressionProfile, ObjectBasedValuePolicyOriginResolver<O> objectBasedValuePolicyOriginResolver, String str2, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        Iterator<CheckExpressionType> it = list.iterator();
        while (it.hasNext()) {
            if (!checkExpression(str, it.next().getExpression(), expressionProfile, objectBasedValuePolicyOriginResolver, str2, task, operationResult)) {
                return false;
            }
        }
        return true;
    }

    private <O extends ObjectType> boolean checkExpression(String str, ExpressionType expressionType, ExpressionProfile expressionProfile, ObjectBasedValuePolicyOriginResolver<O> objectBasedValuePolicyOriginResolver, String str2, Task task, OperationResult operationResult) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        VariablesMap variablesMap = new VariablesMap();
        variablesMap.addVariableDefinition("input", str, this.prismContext.definitionFactory().createPropertyDefinition(new ItemName("http://midpoint.evolveum.com/xml/ns/public/common/common-3", "input"), PrimitiveType.STRING.getQname()));
        PrismObject<O> prismObject = null;
        PrismObjectDefinition<O> prismObjectDefinition = null;
        if (objectBasedValuePolicyOriginResolver != null) {
            prismObject = objectBasedValuePolicyOriginResolver.getObject();
            if (prismObject != null) {
                prismObjectDefinition = prismObject.getDefinition();
            }
        }
        if (prismObjectDefinition == null) {
            prismObjectDefinition = this.prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(ObjectType.class);
        }
        variablesMap.addVariableDefinition("object", prismObject, prismObjectDefinition);
        return ExpressionUtil.evaluateConditionDefaultFalse(variablesMap, expressionType, expressionProfile, this.expressionFactory, str2, task, operationResult);
    }

    private Map<Integer, List<String>> cardinalityCounter(Map<StringLimitType, List<String>> map, List<String> list, Boolean bool, boolean z, OperationResult operationResult) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<StringLimitType, List<String>> entry : map.entrySet()) {
            StringLimitType key = entry.getKey();
            List<String> value = entry.getValue();
            int charIntersectionCounter = list != null ? charIntersectionCounter(entry.getValue(), list) : 0;
            if (key.getMaxOccurs() != null && charIntersectionCounter > key.getMaxOccurs().intValue()) {
                OperationResult operationResult2 = new OperationResult("Limitation check :" + key.getDescription());
                operationResult2.recordFatalError("Exceeded maximal value for this limitation. " + charIntersectionCounter + ">" + key.getMaxOccurs());
                operationResult.addSubresult(operationResult2);
                return null;
            }
            if (key.getMaxOccurs() == null || charIntersectionCounter != key.getMaxOccurs().intValue()) {
                if ((key.getMinOccurs() != null && charIntersectionCounter < key.getMinOccurs().intValue()) || bool.booleanValue()) {
                    for (String str : value) {
                        if (null == list || !list.contains(str) || z) {
                            hashMap.put(str, 1);
                        }
                    }
                    int i = 1 + 1;
                }
            }
        }
        if (list != null) {
            for (Map.Entry<StringLimitType, List<String>> entry2 : map.entrySet()) {
                StringLimitType key2 = entry2.getKey();
                int charIntersectionCounter2 = charIntersectionCounter(entry2.getValue(), list);
                if (key2.getMaxOccurs() != null && charIntersectionCounter2 > key2.getMaxOccurs().intValue()) {
                    OperationResult operationResult3 = new OperationResult("Limitation check :" + key2.getDescription());
                    operationResult3.recordFatalError("Exceeded maximal value for this limitation. " + charIntersectionCounter2 + ">" + key2.getMaxOccurs());
                    operationResult.addSubresult(operationResult3);
                    return null;
                }
                if (key2.getMaxOccurs() != null && charIntersectionCounter2 == key2.getMaxOccurs().intValue()) {
                    LOGGER.trace("Skip " + key2.getDescription());
                    Iterator<String> it = entry2.getValue().iterator();
                    while (it.hasNext()) {
                        hashMap.remove(it.next());
                    }
                }
            }
        }
        HashMap hashMap2 = new HashMap();
        for (Map.Entry entry3 : hashMap.entrySet()) {
            hashMap2.computeIfAbsent((Integer) entry3.getValue(), num -> {
                return new ArrayList();
            });
            ((List) hashMap2.get(entry3.getValue())).add((String) entry3.getKey());
        }
        return hashMap2;
    }

    private int charIntersectionCounter(List<String> list, List<String> list2) {
        int i = 0;
        Iterator<String> it = list2.iterator();
        while (it.hasNext()) {
            if (list.contains(it.next())) {
                i++;
            }
        }
        return i;
    }
}
