package org.cloudfoundry.identity.uaa.scim.validate;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import org.cloudfoundry.identity.uaa.constants.OriginKeys;
import org.cloudfoundry.identity.uaa.provider.IdentityProvider;
import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning;
import org.cloudfoundry.identity.uaa.provider.PasswordPolicy;
import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition;
import org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.passay.DigitCharacterRule;
import org.passay.LengthRule;
import org.passay.LowercaseCharacterRule;
import org.passay.PasswordData;
import org.passay.RuleResult;
import org.passay.SpecialCharacterRule;
import org.passay.UppercaseCharacterRule;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.4.3.jar:org/cloudfoundry/identity/uaa/scim/validate/UaaPasswordPolicyValidator.class */
public class UaaPasswordPolicyValidator implements PasswordValidator {
    private final IdentityProviderProvisioning provisioning;
    private final PasswordPolicy globalDefaultPolicy;

    public UaaPasswordPolicyValidator(PasswordPolicy passwordPolicy, IdentityProviderProvisioning identityProviderProvisioning) {
        this.globalDefaultPolicy = passwordPolicy;
        this.provisioning = identityProviderProvisioning;
    }

    @Override // org.cloudfoundry.identity.uaa.scim.validate.PasswordValidator
    public void validate(String str) throws InvalidPasswordException {
        if (str == null) {
            throw new IllegalArgumentException("Password cannot be null");
        }
        IdentityProvider retrieveByOrigin = this.provisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZoneHolder.get().getId());
        if (retrieveByOrigin == null) {
            return;
        }
        PasswordPolicy passwordPolicy = this.globalDefaultPolicy;
        UaaIdentityProviderDefinition uaaIdentityProviderDefinition = (UaaIdentityProviderDefinition) retrieveByOrigin.getConfig();
        if (uaaIdentityProviderDefinition != null && uaaIdentityProviderDefinition.getPasswordPolicy() != null) {
            passwordPolicy = uaaIdentityProviderDefinition.getPasswordPolicy();
        }
        org.passay.PasswordValidator passwordValidator = getPasswordValidator(passwordPolicy);
        RuleResult validate = passwordValidator.validate(new PasswordData(str));
        if (validate.isValid()) {
            return;
        }
        LinkedList linkedList = new LinkedList();
        Iterator<String> it = passwordValidator.getMessages(validate).iterator();
        while (it.hasNext()) {
            linkedList.add(it.next());
        }
        if (!linkedList.isEmpty()) {
            throw new InvalidPasswordException(linkedList);
        }
    }

    public org.passay.PasswordValidator getPasswordValidator(PasswordPolicy passwordPolicy) {
        ArrayList arrayList = new ArrayList();
        if (passwordPolicy.getMinLength() >= 0 && passwordPolicy.getMaxLength() > 0) {
            arrayList.add(new LengthRule(passwordPolicy.getMinLength(), passwordPolicy.getMaxLength()));
        }
        if (passwordPolicy.getRequireUpperCaseCharacter() > 0) {
            arrayList.add(new UppercaseCharacterRule(passwordPolicy.getRequireUpperCaseCharacter()));
        }
        if (passwordPolicy.getRequireLowerCaseCharacter() > 0) {
            arrayList.add(new LowercaseCharacterRule(passwordPolicy.getRequireLowerCaseCharacter()));
        }
        if (passwordPolicy.getRequireDigit() > 0) {
            arrayList.add(new DigitCharacterRule(passwordPolicy.getRequireDigit()));
        }
        if (passwordPolicy.getRequireSpecialCharacter() > 0) {
            arrayList.add(new SpecialCharacterRule(passwordPolicy.getRequireSpecialCharacter()));
        }
        return new org.passay.PasswordValidator(arrayList);
    }
}
