package com.evolveum.midpoint.common.policy;

import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.xml.XsdTypeMapper;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CharacterClassType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.LimitationsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordLifeTimeType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.StringLimitType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.StringPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.Validate;

/* loaded from: input_file:com/evolveum/midpoint/common/policy/PasswordPolicyUtils.class */
public class PasswordPolicyUtils {
    private static final transient Trace LOGGER = TraceManager.getTrace(PasswordPolicyUtils.class);
    private static final String DOT_CLASS = PasswordPolicyUtils.class.getName() + ".";
    private static final String OPERATION_PASSWORD_VALIDATION = DOT_CLASS + "passwordValidation";

    public static void normalize(ValuePolicyType valuePolicyType) {
        if (null == valuePolicyType) {
            throw new IllegalArgumentException("Password policy cannot be null");
        }
        if (null == valuePolicyType.getStringPolicy()) {
            valuePolicyType.setStringPolicy(StringPolicyUtils.normalize(new StringPolicyType()));
        } else {
            valuePolicyType.setStringPolicy(StringPolicyUtils.normalize(valuePolicyType.getStringPolicy()));
        }
        if (null == valuePolicyType.getLifetime()) {
            PasswordLifeTimeType passwordLifeTimeType = new PasswordLifeTimeType();
            passwordLifeTimeType.setExpiration(-1);
            passwordLifeTimeType.setWarnBeforeExpiration(0);
            passwordLifeTimeType.setLockAfterExpiration(0);
            passwordLifeTimeType.setMinPasswordAge(0);
            passwordLifeTimeType.setPasswordHistoryLength(0);
        }
    }

    public static boolean validatePassword(String str, List<String> list, List<ValuePolicyType> list2, OperationResult operationResult) {
        boolean z = true;
        Iterator<ValuePolicyType> it = list2.iterator();
        while (it.hasNext()) {
            OperationResult validatePassword = validatePassword(str, list, it.next());
            operationResult.addSubresult(validatePassword);
            if (z && !validatePassword.isSuccess()) {
                z = false;
            }
        }
        return z;
    }

    public static boolean validatePassword(String str, List<String> list, List<PrismObject<ValuePolicyType>> list2) {
        boolean z = true;
        Iterator<PrismObject<ValuePolicyType>> it = list2.iterator();
        while (it.hasNext()) {
            OperationResult validatePassword = validatePassword(str, list, it.next().asObjectable());
            if (z && !validatePassword.isSuccess()) {
                z = false;
            }
        }
        return z;
    }

    public static boolean validatePassword(ProtectedStringType protectedStringType, List<String> list, List<PrismObject<ValuePolicyType>> list2) {
        boolean z = true;
        Iterator<PrismObject<ValuePolicyType>> it = list2.iterator();
        while (it.hasNext()) {
            OperationResult validatePassword = validatePassword((String) protectedStringType.getClearValue(), list, it.next().asObjectable());
            if (z && !validatePassword.isSuccess()) {
                z = false;
            }
        }
        return z;
    }

    public static boolean validatePassword(String str, List<String> list, ValuePolicyType valuePolicyType, OperationResult operationResult) {
        OperationResult validatePassword = validatePassword(str, list, valuePolicyType);
        operationResult.addSubresult(validatePassword);
        return validatePassword.isSuccess();
    }

    public static OperationResult validatePassword(String str, List<String> list, ValuePolicyType valuePolicyType) {
        Validate.notNull(valuePolicyType, "Password policy must not be null.");
        OperationResult operationResult = new OperationResult(OPERATION_PASSWORD_VALIDATION);
        operationResult.addParam("policyName", valuePolicyType.getName());
        normalize(valuePolicyType);
        if (str == null && valuePolicyType.getMinOccurs() != null && XsdTypeMapper.multiplicityToInteger(valuePolicyType.getMinOccurs()).intValue() == 0) {
            operationResult.recordSuccess();
            return operationResult;
        }
        if (str == null) {
            str = "";
        }
        LimitationsType limitations = valuePolicyType.getStringPolicy().getLimitations();
        StringBuilder sb = new StringBuilder();
        testMinimalLength(str, limitations, operationResult, sb);
        testMaximalLength(str, limitations, operationResult, sb);
        testMinimalUniqueCharacters(str, limitations, operationResult, sb);
        testPasswordHistoryEntries(str, list, operationResult, sb);
        if (limitations.getLimit() == null || limitations.getLimit().isEmpty()) {
            if (sb.toString() == null || sb.toString().isEmpty()) {
                operationResult.computeStatus();
            } else {
                operationResult.computeStatus(sb.toString());
            }
            return operationResult;
        }
        HashSet hashSet = new HashSet();
        List<String> stringTokenizer = StringPolicyUtils.stringTokenizer(str);
        for (StringLimitType stringLimitType : limitations.getLimit()) {
            OperationResult operationResult2 = new OperationResult("Tested limitation: " + stringLimitType.getDescription());
            HashSet<String> validCharacters = getValidCharacters(stringLimitType.getCharacterClass(), valuePolicyType);
            int countValidCharacters = countValidCharacters(validCharacters, stringTokenizer);
            hashSet.addAll(validCharacters);
            testMinimalOccurence(stringLimitType, countValidCharacters, operationResult2, sb);
            testMaximalOccurence(stringLimitType, countValidCharacters, operationResult2, sb);
            testMustBeFirst(stringLimitType, countValidCharacters, operationResult2, sb, str, validCharacters);
            operationResult2.computeStatus();
            operationResult.addSubresult(operationResult2);
        }
        testInvalidCharacters(stringTokenizer, hashSet, operationResult, sb);
        if (sb.toString() == null || sb.toString().isEmpty()) {
            operationResult.computeStatus();
        } else {
            operationResult.computeStatus(sb.toString());
        }
        return operationResult;
    }

    private static void testPasswordHistoryEntries(String str, List<String> list, OperationResult operationResult, StringBuilder sb) {
        if (list == null || list.isEmpty() || !list.contains(str)) {
            return;
        }
        operationResult.addSubresult(new OperationResult("Check if password does not contain invalid characters", OperationResultStatus.FATAL_ERROR, "Password couldn't be changed to the same value. Please select another password."));
        sb.append("Password couldn't be changed to the same value. Please select another password.");
        sb.append("\n");
    }

    private static void testInvalidCharacters(List<String> list, HashSet<String> hashSet, OperationResult operationResult, StringBuilder sb) {
        StringBuilder sb2 = new StringBuilder();
        for (String str : list) {
            if (!hashSet.contains(str)) {
                sb2.append(str);
            }
        }
        if (sb2.length() > 0) {
            String str2 = "Characters [ " + ((Object) sb2) + " ] are not allowed in password";
            operationResult.addSubresult(new OperationResult("Check if password does not contain invalid characters", OperationResultStatus.FATAL_ERROR, str2));
            sb.append(str2);
            sb.append("\n");
        }
    }

    private static void testMustBeFirst(StringLimitType stringLimitType, int i, OperationResult operationResult, StringBuilder sb, String str, Set<String> set) {
        if (stringLimitType.isMustBeFirst() == null) {
            stringLimitType.setMustBeFirst(false);
        }
        if (StringUtils.isNotEmpty(str) && stringLimitType.isMustBeFirst().booleanValue() && !set.contains(str.substring(0, 1))) {
            String str2 = "First character is not from allowed set. Allowed set: " + set.toString();
            operationResult.addSubresult(new OperationResult("Check valid first char", OperationResultStatus.FATAL_ERROR, str2));
            sb.append(str2);
            sb.append("\n");
        }
    }

    private static void testMaximalOccurence(StringLimitType stringLimitType, int i, OperationResult operationResult, StringBuilder sb) {
        if (stringLimitType.getMaxOccurs() == null || stringLimitType.getMaxOccurs().intValue() >= i) {
            return;
        }
        String str = "Required maximal occurrence (" + stringLimitType.getMaxOccurs() + ") of characters (" + stringLimitType.getDescription() + ") in password was exceeded (occurrence of characters in password " + i + ").";
        operationResult.addSubresult(new OperationResult("Check maximal occurrence of characters", OperationResultStatus.FATAL_ERROR, str));
        sb.append(str);
        sb.append("\n");
    }

    private static void testMinimalOccurence(StringLimitType stringLimitType, int i, OperationResult operationResult, StringBuilder sb) {
        if (stringLimitType.getMinOccurs() == null) {
            stringLimitType.setMinOccurs(0);
        }
        if (stringLimitType.getMinOccurs().intValue() > i) {
            String str = "Required minimal occurrence (" + stringLimitType.getMinOccurs() + ") of characters (" + stringLimitType.getDescription() + ") in password is not met (occurrence of characters in password " + i + ").";
            operationResult.addSubresult(new OperationResult("Check minimal occurrence of characters", OperationResultStatus.FATAL_ERROR, str));
            sb.append(str);
            sb.append("\n");
        }
    }

    private static int countValidCharacters(Set<String> set, List<String> list) {
        int i = 0;
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (set.contains(it.next())) {
                i++;
            }
        }
        return i;
    }

    private static HashSet<String> getValidCharacters(CharacterClassType characterClassType, ValuePolicyType valuePolicyType) {
        return null != characterClassType.getValue() ? new HashSet<>(StringPolicyUtils.stringTokenizer(characterClassType.getValue())) : new HashSet<>(StringPolicyUtils.stringTokenizer(StringPolicyUtils.collectCharacterClass(valuePolicyType.getStringPolicy().getCharacterClass(), characterClassType.getRef())));
    }

    private static void testMinimalUniqueCharacters(String str, LimitationsType limitationsType, OperationResult operationResult, StringBuilder sb) {
        HashSet hashSet = new HashSet(StringPolicyUtils.stringTokenizer(str));
        if (limitationsType.getMinUniqueChars() == null || limitationsType.getMinUniqueChars().intValue() <= hashSet.size()) {
            return;
        }
        String str2 = "Required minimal count of unique characters (" + limitationsType.getMinUniqueChars() + ") in password are not met (unique characters in password " + hashSet.size() + ")";
        operationResult.addSubresult(new OperationResult("Check minimal count of unique chars", OperationResultStatus.FATAL_ERROR, str2));
        sb.append(str2);
        sb.append("\n");
    }

    private static void testMinimalLength(String str, LimitationsType limitationsType, OperationResult operationResult, StringBuilder sb) {
        if (limitationsType.getMinLength() == null) {
            limitationsType.setMinLength(0);
        }
        if (limitationsType.getMinLength().intValue() > str.length()) {
            String str2 = "Required minimal size (" + limitationsType.getMinLength() + ") of password is not met (password length: " + str.length() + ")";
            operationResult.addSubresult(new OperationResult("Check global minimal length", OperationResultStatus.FATAL_ERROR, str2));
            sb.append(str2);
            sb.append("\n");
        }
    }

    private static void testMaximalLength(String str, LimitationsType limitationsType, OperationResult operationResult, StringBuilder sb) {
        if (limitationsType.getMaxLength() == null || limitationsType.getMaxLength().intValue() >= str.length()) {
            return;
        }
        String str2 = "Required maximal size (" + limitationsType.getMaxLength() + ") of password was exceeded (password length: " + str.length() + ").";
        operationResult.addSubresult(new OperationResult("Check global maximal length", OperationResultStatus.FATAL_ERROR, str2));
        sb.append(str2);
        sb.append("\n");
    }

    private static void buildMessageAndResult(StringBuilder sb, String str, String str2, OperationResult operationResult) {
        sb.append(str);
        sb.append("\n");
        operationResult.addSubresult(new OperationResult("Check global maximal length", OperationResultStatus.FATAL_ERROR, str));
    }
}
