package org.apache.syncope.core.policy;

import java.util.Iterator;
import java.util.regex.Pattern;
import org.apache.syncope.common.types.AccountPolicySpec;
import org.apache.syncope.common.types.PolicyType;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/classes/org/apache/syncope/core/policy/AccountPolicyEnforcer.class */
public class AccountPolicyEnforcer extends PolicyEnforcer<AccountPolicySpec, SyncopeUser> {
    private static final Pattern DEFAULT_PATTERN = Pattern.compile("[a-zA-Z0-9-_@. ]+");

    @Autowired(required = false)
    private UserSuspender userSuspender;

    @Override // org.apache.syncope.core.policy.PolicyEnforcer
    public void enforce(AccountPolicySpec accountPolicySpec, PolicyType policyType, SyncopeUser syncopeUser) throws AccountPolicyException, PolicyEnforceException {
        if (syncopeUser.getUsername() == null) {
            throw new PolicyEnforceException("Invalid account");
        }
        if (accountPolicySpec == null) {
            throw new PolicyEnforceException("Invalid policy");
        }
        if (accountPolicySpec.getMinLength() > 0 && accountPolicySpec.getMinLength() > syncopeUser.getUsername().length()) {
            throw new AccountPolicyException("Username too short");
        }
        if (accountPolicySpec.getMaxLength() > 0 && accountPolicySpec.getMaxLength() < syncopeUser.getUsername().length()) {
            throw new AccountPolicyException("Username too long");
        }
        Iterator<String> it = accountPolicySpec.getWordsNotPermitted().iterator();
        while (it.hasNext()) {
            if (syncopeUser.getUsername().contains(it.next())) {
                throw new AccountPolicyException("Used word(s) not permitted");
            }
        }
        if (accountPolicySpec.isAllUpperCase() && !syncopeUser.getUsername().equals(syncopeUser.getUsername().toUpperCase())) {
            throw new AccountPolicyException("No lowercase characters permitted");
        }
        if (accountPolicySpec.isAllLowerCase() && !syncopeUser.getUsername().equals(syncopeUser.getUsername().toLowerCase())) {
            throw new AccountPolicyException("No uppercase characters permitted");
        }
        if (!(accountPolicySpec.getPattern() == null ? DEFAULT_PATTERN : Pattern.compile(accountPolicySpec.getPattern())).matcher(syncopeUser.getUsername()).matches()) {
            throw new AccountPolicyException("Username does not match pattern");
        }
        Iterator<String> it2 = accountPolicySpec.getPrefixesNotPermitted().iterator();
        while (it2.hasNext()) {
            if (syncopeUser.getUsername().startsWith(it2.next())) {
                throw new AccountPolicyException("Prefix not permitted");
            }
        }
        Iterator<String> it3 = accountPolicySpec.getSuffixesNotPermitted().iterator();
        while (it3.hasNext()) {
            if (syncopeUser.getUsername().endsWith(it3.next())) {
                throw new AccountPolicyException("Suffix not permitted");
            }
        }
        if (this.userSuspender == null || syncopeUser.getFailedLogins() == null || accountPolicySpec.getPermittedLoginRetries() <= 0 || syncopeUser.getFailedLogins().intValue() <= accountPolicySpec.getPermittedLoginRetries() || syncopeUser.isSuspended().booleanValue()) {
            return;
        }
        this.userSuspender.suspend(syncopeUser, accountPolicySpec.isPropagateSuspension());
    }
}
