package org.apache.syncope.core.connid;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.common.types.PasswordPolicySpec;
import org.apache.syncope.core.persistence.beans.ExternalResource;
import org.apache.syncope.core.persistence.beans.PasswordPolicy;
import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
import org.apache.syncope.core.persistence.dao.PolicyDAO;
import org.apache.syncope.core.policy.PolicyPattern;
import org.apache.syncope.core.util.InvalidPasswordPolicySpecException;
import org.apache.syncope.core.util.SecureRandomUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/classes/org/apache/syncope/core/connid/PasswordGenerator.class */
public class PasswordGenerator {
    private static final char[] SPECIAL_CHARS = {'!', 163, '%', '&', '(', ')', '?', '#', '$'};

    @Autowired
    private PolicyDAO policyDAO;

    public String generate(List<PasswordPolicySpec> list) throws InvalidPasswordPolicySpecException {
        PasswordPolicySpec merge = merge(list);
        check(merge);
        return generate(merge);
    }

    public String generate(SyncopeUser syncopeUser) throws InvalidPasswordPolicySpecException {
        ArrayList arrayList = new ArrayList();
        PasswordPolicy globalPasswordPolicy = this.policyDAO.getGlobalPasswordPolicy();
        if (globalPasswordPolicy != null && globalPasswordPolicy.getSpecification(PasswordPolicySpec.class) != null) {
            arrayList.add(globalPasswordPolicy.getSpecification(PasswordPolicySpec.class));
        }
        for (SyncopeRole syncopeRole : syncopeUser.getRoles()) {
            if (syncopeRole.getPasswordPolicy() != null && syncopeRole.getPasswordPolicy().getSpecification(PasswordPolicySpec.class) != null) {
                arrayList.add(syncopeRole.getPasswordPolicy().getSpecification(PasswordPolicySpec.class));
            }
        }
        for (ExternalResource externalResource : syncopeUser.getResources()) {
            if (externalResource.getPasswordPolicy() != null && externalResource.getPasswordPolicy().getSpecification(PasswordPolicySpec.class) != null) {
                arrayList.add(externalResource.getPasswordPolicy().getSpecification(PasswordPolicySpec.class));
            }
        }
        PasswordPolicySpec merge = merge(arrayList);
        check(merge);
        return generate(merge);
    }

    private PasswordPolicySpec merge(List<PasswordPolicySpec> list) {
        PasswordPolicySpec passwordPolicySpec = new PasswordPolicySpec();
        passwordPolicySpec.setMinLength(0);
        passwordPolicySpec.setMaxLength(1000);
        for (PasswordPolicySpec passwordPolicySpec2 : list) {
            if (passwordPolicySpec2.getMinLength() > passwordPolicySpec.getMinLength()) {
                passwordPolicySpec.setMinLength(passwordPolicySpec2.getMinLength());
            }
            if (passwordPolicySpec2.getMaxLength() != 0 && passwordPolicySpec2.getMaxLength() < passwordPolicySpec.getMaxLength()) {
                passwordPolicySpec.setMaxLength(passwordPolicySpec2.getMaxLength());
            }
            passwordPolicySpec.getPrefixesNotPermitted().addAll(passwordPolicySpec2.getPrefixesNotPermitted());
            passwordPolicySpec.getSuffixesNotPermitted().addAll(passwordPolicySpec2.getSuffixesNotPermitted());
            if (!passwordPolicySpec.isNonAlphanumericRequired()) {
                passwordPolicySpec.setNonAlphanumericRequired(passwordPolicySpec2.isNonAlphanumericRequired());
            }
            if (!passwordPolicySpec.isAlphanumericRequired()) {
                passwordPolicySpec.setAlphanumericRequired(passwordPolicySpec2.isAlphanumericRequired());
            }
            if (!passwordPolicySpec.isDigitRequired()) {
                passwordPolicySpec.setDigitRequired(passwordPolicySpec2.isDigitRequired());
            }
            if (!passwordPolicySpec.isLowercaseRequired()) {
                passwordPolicySpec.setLowercaseRequired(passwordPolicySpec2.isLowercaseRequired());
            }
            if (!passwordPolicySpec.isUppercaseRequired()) {
                passwordPolicySpec.setUppercaseRequired(passwordPolicySpec2.isUppercaseRequired());
            }
            if (!passwordPolicySpec.isMustStartWithDigit()) {
                passwordPolicySpec.setMustStartWithDigit(passwordPolicySpec2.isMustStartWithDigit());
            }
            if (!passwordPolicySpec.isMustntStartWithDigit()) {
                passwordPolicySpec.setMustntStartWithDigit(passwordPolicySpec2.isMustntStartWithDigit());
            }
            if (!passwordPolicySpec.isMustEndWithDigit()) {
                passwordPolicySpec.setMustEndWithDigit(passwordPolicySpec2.isMustEndWithDigit());
            }
            if (passwordPolicySpec.isMustntEndWithDigit()) {
                passwordPolicySpec.setMustntEndWithDigit(passwordPolicySpec2.isMustntEndWithDigit());
            }
            if (!passwordPolicySpec.isMustStartWithAlpha()) {
                passwordPolicySpec.setMustStartWithAlpha(passwordPolicySpec2.isMustStartWithAlpha());
            }
            if (!passwordPolicySpec.isMustntStartWithAlpha()) {
                passwordPolicySpec.setMustntStartWithAlpha(passwordPolicySpec2.isMustntStartWithAlpha());
            }
            if (!passwordPolicySpec.isMustStartWithNonAlpha()) {
                passwordPolicySpec.setMustStartWithNonAlpha(passwordPolicySpec2.isMustStartWithNonAlpha());
            }
            if (!passwordPolicySpec.isMustntStartWithNonAlpha()) {
                passwordPolicySpec.setMustntStartWithNonAlpha(passwordPolicySpec2.isMustntStartWithNonAlpha());
            }
            if (!passwordPolicySpec.isMustEndWithNonAlpha()) {
                passwordPolicySpec.setMustEndWithNonAlpha(passwordPolicySpec2.isMustEndWithNonAlpha());
            }
            if (!passwordPolicySpec.isMustntEndWithNonAlpha()) {
                passwordPolicySpec.setMustntEndWithNonAlpha(passwordPolicySpec2.isMustntEndWithNonAlpha());
            }
            if (!passwordPolicySpec.isMustEndWithAlpha()) {
                passwordPolicySpec.setMustEndWithAlpha(passwordPolicySpec2.isMustEndWithAlpha());
            }
            if (!passwordPolicySpec.isMustntEndWithAlpha()) {
                passwordPolicySpec.setMustntEndWithAlpha(passwordPolicySpec2.isMustntEndWithAlpha());
            }
        }
        return passwordPolicySpec;
    }

    private void check(PasswordPolicySpec passwordPolicySpec) throws InvalidPasswordPolicySpecException {
        if (passwordPolicySpec.getMinLength() == 0) {
            throw new InvalidPasswordPolicySpecException("Minimum length is zero");
        }
        if (passwordPolicySpec.isMustEndWithAlpha() && passwordPolicySpec.isMustntEndWithAlpha()) {
            throw new InvalidPasswordPolicySpecException("mustEndWithAlpha and mustntEndWithAlpha are both true");
        }
        if (passwordPolicySpec.isMustEndWithAlpha() && passwordPolicySpec.isMustEndWithDigit()) {
            throw new InvalidPasswordPolicySpecException("mustEndWithAlpha and mustEndWithDigit are both true");
        }
        if (passwordPolicySpec.isMustEndWithDigit() && passwordPolicySpec.isMustntEndWithDigit()) {
            throw new InvalidPasswordPolicySpecException("mustEndWithDigit and mustntEndWithDigit are both true");
        }
        if (passwordPolicySpec.isMustEndWithNonAlpha() && passwordPolicySpec.isMustntEndWithNonAlpha()) {
            throw new InvalidPasswordPolicySpecException("mustEndWithNonAlpha and mustntEndWithNonAlpha are both true");
        }
        if (passwordPolicySpec.isMustStartWithAlpha() && passwordPolicySpec.isMustntStartWithAlpha()) {
            throw new InvalidPasswordPolicySpecException("mustStartWithAlpha and mustntStartWithAlpha are both true");
        }
        if (passwordPolicySpec.isMustStartWithAlpha() && passwordPolicySpec.isMustStartWithDigit()) {
            throw new InvalidPasswordPolicySpecException("mustStartWithAlpha and mustStartWithDigit are both true");
        }
        if (passwordPolicySpec.isMustStartWithDigit() && passwordPolicySpec.isMustntStartWithDigit()) {
            throw new InvalidPasswordPolicySpecException("mustStartWithDigit and mustntStartWithDigit are both true");
        }
        if (passwordPolicySpec.isMustStartWithNonAlpha() && passwordPolicySpec.isMustntStartWithNonAlpha()) {
            throw new InvalidPasswordPolicySpecException("mustStartWithNonAlpha and mustntStartWithNonAlpha are both true");
        }
        if (passwordPolicySpec.getMinLength() > passwordPolicySpec.getMaxLength()) {
            throw new InvalidPasswordPolicySpecException("Minimun length (" + passwordPolicySpec.getMinLength() + ")is greater than maximum length (" + passwordPolicySpec.getMaxLength() + ")");
        }
    }

    private String generate(PasswordPolicySpec passwordPolicySpec) {
        String[] strArr = new String[passwordPolicySpec.getMinLength()];
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = "";
        }
        checkStartChar(strArr, passwordPolicySpec);
        checkEndChar(strArr, passwordPolicySpec);
        checkRequired(strArr, passwordPolicySpec);
        for (int firstEmptyChar = firstEmptyChar(strArr); firstEmptyChar < strArr.length - 1; firstEmptyChar++) {
            strArr[firstEmptyChar] = SecureRandomUtil.generateRandomLetter();
        }
        checkPrefixAndSuffix(strArr, passwordPolicySpec);
        return StringUtils.join(strArr);
    }

    private void checkStartChar(String[] strArr, PasswordPolicySpec passwordPolicySpec) {
        if (passwordPolicySpec.isMustStartWithAlpha()) {
            strArr[0] = SecureRandomUtil.generateRandomLetter();
        }
        if (passwordPolicySpec.isMustStartWithNonAlpha() || passwordPolicySpec.isMustStartWithDigit()) {
            strArr[0] = SecureRandomUtil.generateRandomNumber();
        }
        if (passwordPolicySpec.isMustntStartWithAlpha()) {
            strArr[0] = SecureRandomUtil.generateRandomNumber();
        }
        if (passwordPolicySpec.isMustntStartWithDigit()) {
            strArr[0] = SecureRandomUtil.generateRandomLetter();
        }
        if (passwordPolicySpec.isMustntStartWithNonAlpha()) {
            strArr[0] = SecureRandomUtil.generateRandomLetter();
        }
    }

    private void checkEndChar(String[] strArr, PasswordPolicySpec passwordPolicySpec) {
        if (passwordPolicySpec.isMustEndWithAlpha()) {
            strArr[passwordPolicySpec.getMinLength() - 1] = SecureRandomUtil.generateRandomLetter();
        }
        if (passwordPolicySpec.isMustEndWithNonAlpha() || passwordPolicySpec.isMustEndWithDigit()) {
            strArr[passwordPolicySpec.getMinLength() - 1] = SecureRandomUtil.generateRandomNumber();
        }
        if (passwordPolicySpec.isMustntEndWithAlpha()) {
            strArr[passwordPolicySpec.getMinLength() - 1] = SecureRandomUtil.generateRandomNumber();
        }
        if (passwordPolicySpec.isMustntEndWithDigit()) {
            strArr[passwordPolicySpec.getMinLength() - 1] = SecureRandomUtil.generateRandomLetter();
        }
        if (passwordPolicySpec.isMustntEndWithNonAlpha()) {
            strArr[passwordPolicySpec.getMinLength() - 1] = SecureRandomUtil.generateRandomLetter();
        }
    }

    private int firstEmptyChar(String[] strArr) {
        int i = 0;
        while (!strArr[i].isEmpty()) {
            i++;
        }
        return i;
    }

    private void checkRequired(String[] strArr, PasswordPolicySpec passwordPolicySpec) {
        if (passwordPolicySpec.isDigitRequired() && !PolicyPattern.DIGIT.matcher(StringUtils.join(strArr)).matches()) {
            strArr[firstEmptyChar(strArr)] = SecureRandomUtil.generateRandomNumber();
        }
        if (passwordPolicySpec.isUppercaseRequired() && !PolicyPattern.ALPHA_UPPERCASE.matcher(StringUtils.join(strArr)).matches()) {
            strArr[firstEmptyChar(strArr)] = SecureRandomUtil.generateRandomLetter().toUpperCase();
        }
        if (passwordPolicySpec.isLowercaseRequired() && !PolicyPattern.ALPHA_LOWERCASE.matcher(StringUtils.join(strArr)).matches()) {
            strArr[firstEmptyChar(strArr)] = SecureRandomUtil.generateRandomLetter().toLowerCase();
        }
        if (!passwordPolicySpec.isNonAlphanumericRequired() || PolicyPattern.NON_ALPHANUMERIC.matcher(StringUtils.join(strArr)).matches()) {
            return;
        }
        strArr[firstEmptyChar(strArr)] = SecureRandomUtil.generateRandomSpecialCharacter(SPECIAL_CHARS);
    }

    private void checkPrefixAndSuffix(String[] strArr, PasswordPolicySpec passwordPolicySpec) {
        Iterator<String> it = passwordPolicySpec.getPrefixesNotPermitted().iterator();
        while (it.hasNext()) {
            if (StringUtils.join(strArr).startsWith(it.next())) {
                checkStartChar(strArr, passwordPolicySpec);
            }
        }
        Iterator<String> it2 = passwordPolicySpec.getSuffixesNotPermitted().iterator();
        while (it2.hasNext()) {
            if (StringUtils.join(strArr).endsWith(it2.next())) {
                checkEndChar(strArr, passwordPolicySpec);
            }
        }
    }
}
