package org.apache.syncope.core.policy;

import java.util.Iterator;
import java.util.regex.Pattern;
import org.apache.commons.collections.keyvalue.DefaultMapEntry;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
import org.apache.syncope.core.propagation.PropagationManager;
import org.apache.syncope.core.rest.data.UserDataBinder;
import org.apache.syncope.core.workflow.UserWorkflowAdapter;
import org.apache.syncope.core.workflow.WorkflowResult;
import org.apache.syncope.types.AccountPolicySpec;
import org.apache.syncope.types.PolicyType;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/apache/syncope/core/policy/AccountPolicyEnforcer.class */
public class AccountPolicyEnforcer extends PolicyEnforcer<AccountPolicySpec, SyncopeUser> {

    @Autowired
    private UserWorkflowAdapter wfAdapter;

    @Autowired
    private PropagationManager propagationManager;

    @Autowired
    private UserDataBinder userDataBinder;
    private static final Pattern PATTERN = Pattern.compile("[a-zA-Z0-9-_@. ]+");
    private static final Pattern LCPATTERN = Pattern.compile("[a-z0-9-_@. ]+");
    private static final Pattern UCPATTERN = Pattern.compile("[A-Z0-9-_@. ]+");

    @Override // org.apache.syncope.core.policy.PolicyEnforcer
    public void enforce(AccountPolicySpec accountPolicySpec, PolicyType policyType, SyncopeUser syncopeUser) throws AccountPolicyException, PolicyEnforceException {
        if (syncopeUser.getUsername() == null) {
            throw new PolicyEnforceException("Invalid account");
        }
        if (accountPolicySpec == null) {
            throw new PolicyEnforceException("Invalid policy");
        }
        if (accountPolicySpec.getMinLength() > 0 && accountPolicySpec.getMinLength() > syncopeUser.getUsername().length()) {
            throw new AccountPolicyException("Username too short");
        }
        if (accountPolicySpec.getMaxLength() > 0 && accountPolicySpec.getMaxLength() < syncopeUser.getUsername().length()) {
            throw new AccountPolicyException("Username too long");
        }
        Iterator it = accountPolicySpec.getWordsNotPermitted().iterator();
        while (it.hasNext()) {
            if (syncopeUser.getUsername().contains((String) it.next())) {
                throw new AccountPolicyException("Used word(s) not permitted");
            }
        }
        if ((accountPolicySpec.isAllLowerCase() && !LCPATTERN.matcher(syncopeUser.getUsername()).matches()) || ((accountPolicySpec.isAllUpperCase() && !UCPATTERN.matcher(syncopeUser.getUsername()).matches()) || !PATTERN.matcher(syncopeUser.getUsername()).matches())) {
            throw new AccountPolicyException("Invalid username syntax");
        }
        Iterator it2 = accountPolicySpec.getPrefixesNotPermitted().iterator();
        while (it2.hasNext()) {
            if (syncopeUser.getUsername().startsWith((String) it2.next())) {
                throw new AccountPolicyException("Prefix not permitted");
            }
        }
        Iterator it3 = accountPolicySpec.getSuffixesNotPermitted().iterator();
        while (it3.hasNext()) {
            if (syncopeUser.getUsername().endsWith((String) it3.next())) {
                throw new AccountPolicyException("Suffix not permitted");
            }
        }
        if (syncopeUser.getFailedLogins() == null || accountPolicySpec.getPermittedLoginRetries() <= 0 || syncopeUser.getFailedLogins().intValue() <= accountPolicySpec.getPermittedLoginRetries() || syncopeUser.getSuspended().booleanValue()) {
            return;
        }
        try {
            LOG.debug("User {}:{} is over to max failed logins", syncopeUser.getId(), syncopeUser.getUsername());
            syncopeUser.setFailedLogins(Integer.valueOf(syncopeUser.getFailedLogins().intValue() - 1));
            WorkflowResult<Long> suspend = this.wfAdapter.suspend(syncopeUser);
            if (accountPolicySpec.isPropagateSuspension()) {
                this.propagationManager.execute(this.propagationManager.getUpdateTaskIds(new WorkflowResult<>(new DefaultMapEntry(suspend.getResult(), Boolean.FALSE), suspend.getPropByRes(), suspend.getPerformedTasks())));
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("About to return suspended user\n{}", this.userDataBinder.getUserTO(suspend.getResult()));
            }
        } catch (Exception e) {
            LOG.error("Error during user suspension", e);
        }
    }
}
