package org.apache.jackrabbit.oak.spi.security.user.action;

import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.RepositoryException;
import javax.jcr.nodetype.ConstraintViolationException;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.class */
public class PasswordValidationAction extends AbstractAuthorizableAction {
    private static final Logger log = LoggerFactory.getLogger(PasswordValidationAction.class);
    public static final String CONSTRAINT = "constraint";
    private Pattern pattern;

    @Override // org.apache.jackrabbit.oak.spi.security.user.action.AbstractAuthorizableAction, org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction
    public void init(SecurityProvider securityProvider, ConfigurationParameters configurationParameters) {
        String str = (String) configurationParameters.getConfigValue(CONSTRAINT, null, String.class);
        if (str != null) {
            setConstraint(str);
        }
    }

    @Override // org.apache.jackrabbit.oak.spi.security.user.action.AbstractAuthorizableAction, org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction
    public void onCreate(@Nonnull User user, @Nullable String str, @Nonnull Root root, @Nonnull NamePathMapper namePathMapper) throws RepositoryException {
        validatePassword(str, false);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.user.action.AbstractAuthorizableAction, org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction
    public void onPasswordChange(@Nonnull User user, @Nullable String str, @Nonnull Root root, @Nonnull NamePathMapper namePathMapper) throws RepositoryException {
        validatePassword(str, true);
    }

    private void setConstraint(@Nonnull String str) {
        try {
            this.pattern = Pattern.compile(str);
        } catch (PatternSyntaxException e) {
            log.warn("Invalid password constraint: ", e.getMessage());
        }
    }

    private void validatePassword(@Nullable String str, boolean z) throws RepositoryException {
        if (str != null) {
            if ((z || PasswordUtil.isPlainTextPassword(str)) && this.pattern != null && !this.pattern.matcher(str).matches()) {
                throw new ConstraintViolationException("Password violates password constraint (" + this.pattern.pattern() + ").");
            }
        }
    }
}
