package org.apereo.cas.pm.impl;

import lombok.Generated;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.pm.PasswordChangeRequest;
import org.apereo.cas.pm.PasswordHistoryService;
import org.apereo.cas.pm.PasswordValidationService;
import org.apereo.cas.util.RegexUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-pm-core-7.3.0-RC2.jar:org/apereo/cas/pm/impl/DefaultPasswordValidationService.class */
public class DefaultPasswordValidationService implements PasswordValidationService {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultPasswordValidationService.class);
    private final CasConfigurationProperties casProperties;
    private final PasswordHistoryService passwordHistoryService;

    @Override // org.apereo.cas.pm.PasswordValidationService
    public boolean isValid(PasswordChangeRequest passwordChangeRequest) throws Throwable {
        if (!StringUtils.hasText(passwordChangeRequest.toPassword())) {
            LOGGER.error("Provided password is blank");
            return false;
        }
        if (passwordChangeRequest.getCurrentPassword() != null && passwordChangeRequest.toPassword().equals(passwordChangeRequest.toCurrentPassword())) {
            LOGGER.error("Provided password cannot be the same as the current password");
            return false;
        }
        if (!passwordChangeRequest.toPassword().equals(passwordChangeRequest.toConfirmedPassword())) {
            LOGGER.error("Provided password does not match the confirmed password");
            return false;
        }
        if (!isAcceptedByPasswordPolicy(passwordChangeRequest.toPassword())) {
            LOGGER.error("Provided password does not match the pattern required for password policy");
            return false;
        }
        if (!this.passwordHistoryService.exists(passwordChangeRequest)) {
            return validatePassword(passwordChangeRequest);
        }
        LOGGER.error("Recycled password from password history is not allowed for [{}]", passwordChangeRequest.getUsername());
        return false;
    }

    @Override // org.apereo.cas.pm.PasswordValidationService
    public boolean isAcceptedByPasswordPolicy(String str) {
        String passwordPolicyPattern = this.casProperties.getAuthn().getPm().getCore().getPasswordPolicyPattern();
        LOGGER.debug("Checking provided password against pattern required for password policy: [{}]", passwordPolicyPattern);
        return RegexUtils.find(passwordPolicyPattern, str);
    }

    protected boolean validatePassword(PasswordChangeRequest passwordChangeRequest) {
        return true;
    }

    @Generated
    public DefaultPasswordValidationService(CasConfigurationProperties casConfigurationProperties, PasswordHistoryService passwordHistoryService) {
        this.casProperties = casConfigurationProperties;
        this.passwordHistoryService = passwordHistoryService;
    }
}
