package org.apache.syncope.core.persistence.validation.entity;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;
import org.apache.syncope.core.persistence.beans.AccountPolicy;
import org.apache.syncope.core.persistence.beans.ExternalResource;
import org.apache.syncope.core.persistence.beans.PasswordPolicy;
import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
import org.apache.syncope.core.persistence.dao.PolicyDAO;
import org.apache.syncope.core.policy.AccountPolicyEnforcer;
import org.apache.syncope.core.policy.PasswordPolicyEnforcer;
import org.apache.syncope.core.policy.PolicyEvaluator;
import org.apache.syncope.types.AccountPolicySpec;
import org.apache.syncope.types.EntityViolationType;
import org.apache.syncope.types.PasswordPolicySpec;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:WEB-INF/classes/org/apache/syncope/core/persistence/validation/entity/SyncopeUserValidator.class */
public class SyncopeUserValidator extends AbstractValidator implements ConstraintValidator<SyncopeUserCheck, SyncopeUser> {

    @Autowired
    private PolicyDAO policyDAO;

    @Autowired
    private PolicyEvaluator evaluator;

    @Autowired
    private PasswordPolicyEnforcer ppEnforcer;

    @Autowired
    private AccountPolicyEnforcer apEnforcer;

    @Override // javax.validation.ConstraintValidator
    public void initialize(SyncopeUserCheck syncopeUserCheck) {
    }

    @Override // javax.validation.ConstraintValidator
    public boolean isValid(SyncopeUser syncopeUser, ConstraintValidatorContext constraintValidatorContext) {
        constraintValidatorContext.disableDefaultConstraintViolation();
        LOG.debug("Password Policy enforcement");
        try {
            if (syncopeUser.getClearPassword() != null) {
                try {
                    int i = 0;
                    for (PasswordPolicy passwordPolicy : getPasswordPolicies(syncopeUser)) {
                        PasswordPolicySpec passwordPolicySpec = (PasswordPolicySpec) this.evaluator.evaluate(passwordPolicy, syncopeUser);
                        this.ppEnforcer.enforce(passwordPolicySpec, passwordPolicy.getType(), syncopeUser.getClearPassword());
                        if (passwordPolicySpec.getHistoryLength() > i) {
                            i = passwordPolicySpec.getHistoryLength();
                        }
                    }
                    if (i > 0 && syncopeUser.getPassword() != null) {
                        syncopeUser.getPasswordHistory().add(syncopeUser.getPassword());
                    }
                    if (i < syncopeUser.getPasswordHistory().size()) {
                        for (int i2 = 0; i2 < syncopeUser.getPasswordHistory().size() - i; i2++) {
                            syncopeUser.getPasswordHistory().remove(i2);
                        }
                    }
                    syncopeUser.removeClearPassword();
                } catch (Exception e) {
                    LOG.debug("Invalid password");
                    constraintValidatorContext.buildConstraintViolationWithTemplate(e.getMessage()).addNode(EntityViolationType.InvalidPassword.toString()).addConstraintViolation();
                    syncopeUser.removeClearPassword();
                    return false;
                }
            }
            LOG.debug("Account Policy enforcement");
            try {
                for (AccountPolicy accountPolicy : getAccountPolicies(syncopeUser)) {
                    this.apEnforcer.enforce((AccountPolicySpec) this.evaluator.evaluate(accountPolicy, syncopeUser), accountPolicy.getType(), syncopeUser);
                }
                return true;
            } catch (Exception e2) {
                LOG.debug("Invalid username");
                constraintValidatorContext.buildConstraintViolationWithTemplate(e2.getMessage()).addNode(EntityViolationType.InvalidUsername.toString()).addConstraintViolation();
                return false;
            }
        } catch (Throwable th) {
            syncopeUser.removeClearPassword();
            throw th;
        }
    }

    private List<PasswordPolicy> getPasswordPolicies(SyncopeUser syncopeUser) {
        ArrayList arrayList = new ArrayList();
        PasswordPolicy globalPasswordPolicy = this.policyDAO.getGlobalPasswordPolicy();
        if (globalPasswordPolicy != null) {
            arrayList.add(globalPasswordPolicy);
        }
        Iterator<ExternalResource> it = syncopeUser.getResources().iterator();
        while (it.hasNext()) {
            PasswordPolicy passwordPolicy = it.next().getPasswordPolicy();
            if (passwordPolicy != null) {
                arrayList.add(passwordPolicy);
            }
        }
        Iterator<SyncopeRole> it2 = syncopeUser.getRoles().iterator();
        while (it2.hasNext()) {
            PasswordPolicy passwordPolicy2 = it2.next().getPasswordPolicy();
            if (passwordPolicy2 != null) {
                arrayList.add(passwordPolicy2);
            }
        }
        return arrayList;
    }

    private List<AccountPolicy> getAccountPolicies(SyncopeUser syncopeUser) {
        ArrayList arrayList = new ArrayList();
        AccountPolicy globalAccountPolicy = this.policyDAO.getGlobalAccountPolicy();
        if (globalAccountPolicy != null) {
            arrayList.add(globalAccountPolicy);
        }
        Iterator<ExternalResource> it = syncopeUser.getResources().iterator();
        while (it.hasNext()) {
            AccountPolicy accountPolicy = it.next().getAccountPolicy();
            if (accountPolicy != null) {
                arrayList.add(accountPolicy);
            }
        }
        Iterator<SyncopeRole> it2 = syncopeUser.getRoles().iterator();
        while (it2.hasNext()) {
            AccountPolicy accountPolicy2 = it2.next().getAccountPolicy();
            if (accountPolicy2 != null) {
                arrayList.add(accountPolicy2);
            }
        }
        return arrayList;
    }
}
