package org.apache.syncope.core.persistence.validation.entity;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Resource;
import javax.validation.ConstraintValidatorContext;
import org.apache.syncope.common.types.EntityViolationType;
import org.apache.syncope.common.types.PasswordPolicySpec;
import org.apache.syncope.core.persistence.beans.AccountPolicy;
import org.apache.syncope.core.persistence.beans.ExternalResource;
import org.apache.syncope.core.persistence.beans.PasswordPolicy;
import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
import org.apache.syncope.core.persistence.dao.PolicyDAO;
import org.apache.syncope.core.policy.AccountPolicyEnforcer;
import org.apache.syncope.core.policy.AccountPolicyException;
import org.apache.syncope.core.policy.PasswordPolicyEnforcer;
import org.apache.syncope.core.policy.PolicyEvaluator;
import org.apache.syncope.core.workflow.user.activiti.ActivitiUserWorkflowAdapter;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:org/apache/syncope/core/persistence/validation/entity/SyncopeUserValidator.class */
public class SyncopeUserValidator extends AbstractValidator<SyncopeUserCheck, SyncopeUser> {

    @Resource(name = "adminUser")
    private String adminUser;

    @Resource(name = "anonymousUser")
    private String anonymousUser;

    @Autowired
    private PolicyDAO policyDAO;

    @Autowired
    private PolicyEvaluator evaluator;

    @Autowired
    private PasswordPolicyEnforcer ppEnforcer;

    @Autowired
    private AccountPolicyEnforcer apEnforcer;

    public boolean isValid(SyncopeUser syncopeUser, ConstraintValidatorContext constraintValidatorContext) {
        constraintValidatorContext.disableDefaultConstraintViolation();
        LOG.debug("Password Policy enforcement");
        try {
            try {
                int i = 0;
                for (PasswordPolicy passwordPolicy : getPasswordPolicies(syncopeUser)) {
                    PasswordPolicySpec evaluate = this.evaluator.evaluate(passwordPolicy, syncopeUser);
                    this.ppEnforcer.enforce(evaluate, passwordPolicy.getType(), syncopeUser);
                    if (evaluate.getHistoryLength() > i) {
                        i = evaluate.getHistoryLength();
                    }
                }
                if (i > 0 && syncopeUser.getPassword() != null) {
                    syncopeUser.getPasswordHistory().add(syncopeUser.getPassword());
                }
                if (i < syncopeUser.getPasswordHistory().size()) {
                    for (int i2 = 0; i2 < syncopeUser.getPasswordHistory().size() - i; i2++) {
                        syncopeUser.getPasswordHistory().remove(i2);
                    }
                }
                syncopeUser.removeClearPassword();
                LOG.debug("Account Policy enforcement");
                try {
                    if (this.adminUser.equals(syncopeUser.getUsername()) || this.anonymousUser.equals(syncopeUser.getUsername())) {
                        throw new AccountPolicyException("Not allowed: " + syncopeUser.getUsername());
                    }
                    for (AccountPolicy accountPolicy : getAccountPolicies(syncopeUser)) {
                        this.apEnforcer.enforce(this.evaluator.evaluate(accountPolicy, syncopeUser), accountPolicy.getType(), syncopeUser);
                    }
                    return true;
                } catch (Exception e) {
                    LOG.debug("Invalid username");
                    constraintValidatorContext.buildConstraintViolationWithTemplate(getTemplate(EntityViolationType.InvalidUsername, e.getMessage())).addPropertyNode("username").addConstraintViolation();
                    return false;
                }
            } catch (Exception e2) {
                LOG.debug("Invalid password");
                constraintValidatorContext.buildConstraintViolationWithTemplate(getTemplate(EntityViolationType.InvalidPassword, e2.getMessage())).addPropertyNode(ActivitiUserWorkflowAdapter.PASSWORD).addConstraintViolation();
                syncopeUser.removeClearPassword();
                return false;
            }
        } catch (Throwable th) {
            syncopeUser.removeClearPassword();
            throw th;
        }
    }

    private List<PasswordPolicy> getPasswordPolicies(SyncopeUser syncopeUser) {
        ArrayList arrayList = new ArrayList();
        PasswordPolicy globalPasswordPolicy = this.policyDAO.getGlobalPasswordPolicy();
        if (globalPasswordPolicy != null) {
            arrayList.add(globalPasswordPolicy);
        }
        Iterator<ExternalResource> it = syncopeUser.getResources().iterator();
        while (it.hasNext()) {
            PasswordPolicy passwordPolicy = it.next().getPasswordPolicy();
            if (passwordPolicy != null) {
                arrayList.add(passwordPolicy);
            }
        }
        Iterator<SyncopeRole> it2 = syncopeUser.getRoles().iterator();
        while (it2.hasNext()) {
            PasswordPolicy passwordPolicy2 = it2.next().getPasswordPolicy();
            if (passwordPolicy2 != null) {
                arrayList.add(passwordPolicy2);
            }
        }
        return arrayList;
    }

    private List<AccountPolicy> getAccountPolicies(SyncopeUser syncopeUser) {
        ArrayList arrayList = new ArrayList();
        AccountPolicy globalAccountPolicy = this.policyDAO.getGlobalAccountPolicy();
        if (globalAccountPolicy != null) {
            arrayList.add(globalAccountPolicy);
        }
        Iterator<ExternalResource> it = syncopeUser.getResources().iterator();
        while (it.hasNext()) {
            AccountPolicy accountPolicy = it.next().getAccountPolicy();
            if (accountPolicy != null) {
                arrayList.add(accountPolicy);
            }
        }
        Iterator<SyncopeRole> it2 = syncopeUser.getRoles().iterator();
        while (it2.hasNext()) {
            AccountPolicy accountPolicy2 = it2.next().getAccountPolicy();
            if (accountPolicy2 != null) {
                arrayList.add(accountPolicy2);
            }
        }
        return arrayList;
    }
}
