package org.apache.jackrabbit.oak.security.user;

import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Iterator;
import javax.annotation.Nonnull;
import javax.jcr.AccessDeniedException;
import javax.jcr.nodetype.ConstraintViolationException;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtil;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.apache.jackrabbit.oak.util.TreeUtil;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:resources/install/15/oak-core-1.6.1.jar:org/apache/jackrabbit/oak/security/user/PasswordHistory.class */
public final class PasswordHistory implements UserConstants {
    private static final int HISTORY_MAX_SIZE = 1000;
    private final int maxSize;
    private final boolean isEnabled;

    public PasswordHistory(@Nonnull ConfigurationParameters configurationParameters) {
        this.maxSize = Math.min(1000, ((Integer) configurationParameters.getConfigValue(UserConstants.PARAM_PASSWORD_HISTORY_SIZE, 0)).intValue());
        this.isEnabled = this.maxSize > 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean updatePasswordHistory(@Nonnull Tree tree, @Nonnull String str) throws ConstraintViolationException, AccessDeniedException {
        boolean z = false;
        if (this.isEnabled) {
            checkPasswordInHistory(tree, str);
            shiftPasswordHistory(tree);
            z = true;
        }
        return z;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v18, types: [java.util.List] */
    private void shiftPasswordHistory(@Nonnull Tree tree) throws AccessDeniedException {
        String string = TreeUtil.getString(tree, UserConstants.REP_PASSWORD);
        if (string != null) {
            Tree passwordTree = getPasswordTree(tree, true);
            PropertyState property = passwordTree.getProperty(UserConstants.REP_PWD_HISTORY);
            ArrayList arrayList = property == null ? new ArrayList() : Lists.newArrayList((Iterable) property.getValue(Type.STRINGS));
            arrayList.add(0, string);
            if (arrayList.size() > this.maxSize) {
                arrayList = arrayList.subList(0, this.maxSize);
            }
            passwordTree.setProperty(UserConstants.REP_PWD_HISTORY, arrayList, Type.STRINGS);
        }
    }

    private void checkPasswordInHistory(@Nonnull Tree tree, @Nonnull String str) throws ConstraintViolationException, AccessDeniedException {
        PropertyState property;
        if (PasswordUtil.isSame(TreeUtil.getString(tree, UserConstants.REP_PASSWORD), str)) {
            throw new PasswordHistoryException("New password is identical to the current password.");
        }
        Tree passwordTree = getPasswordTree(tree, false);
        if (!passwordTree.exists() || (property = passwordTree.getProperty(UserConstants.REP_PWD_HISTORY)) == null) {
            return;
        }
        Iterator it = Iterables.limit((Iterable) property.getValue(Type.STRINGS), this.maxSize).iterator();
        while (it.hasNext()) {
            if (PasswordUtil.isSame((String) it.next(), str)) {
                throw new PasswordHistoryException("New password was found in password history.");
            }
        }
    }

    @Nonnull
    private static Tree getPasswordTree(@Nonnull Tree tree, boolean z) throws AccessDeniedException {
        return z ? new NodeUtil(tree).getOrAddChild(UserConstants.REP_PWD, UserConstants.NT_REP_PASSWORD).getTree() : tree.getChild(UserConstants.REP_PWD);
    }
}
