package org.keycloak.models;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.regex.Pattern;
import javassist.compiler.TokenId;
import org.hibernate.ejb.criteria.expression.function.LengthFunction;
import org.keycloak.models.utils.Pbkdf2PasswordEncoder;

/* loaded from: input_file:WEB-INF/lib/keycloak-model-api-1.7.0.Final.jar:org/keycloak/models/PasswordPolicy.class */
public class PasswordPolicy implements Serializable {
    public static final String INVALID_PASSWORD_MIN_LENGTH_MESSAGE = "invalidPasswordMinLengthMessage";
    public static final String INVALID_PASSWORD_MIN_DIGITS_MESSAGE = "invalidPasswordMinDigitsMessage";
    public static final String INVALID_PASSWORD_MIN_LOWER_CASE_CHARS_MESSAGE = "invalidPasswordMinLowerCaseCharsMessage";
    public static final String INVALID_PASSWORD_MIN_UPPER_CASE_CHARS_MESSAGE = "invalidPasswordMinUpperCaseCharsMessage";
    public static final String INVALID_PASSWORD_MIN_SPECIAL_CHARS_MESSAGE = "invalidPasswordMinSpecialCharsMessage";
    public static final String INVALID_PASSWORD_NOT_USERNAME = "invalidPasswordNotUsernameMessage";
    public static final String INVALID_PASSWORD_REGEX_PATTERN = "invalidPasswordRegexPatternMessage";
    public static final String INVALID_PASSWORD_HISTORY = "invalidPasswordHistoryMessage";
    private List<Policy> policies;
    private String policyString;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/keycloak-model-api-1.7.0.Final.jar:org/keycloak/models/PasswordPolicy$Digits.class */
    public static class Digits implements Policy {
        private static final String NAME = "digits";
        private int min;

        public Digits(String str) {
            this.min = PasswordPolicy.intArg(NAME, 1, str);
        }

        @Override // org.keycloak.models.PasswordPolicy.Policy
        public Error validate(String str, String str2) {
            int i = 0;
            for (char c : str2.toCharArray()) {
                if (Character.isDigit(c)) {
                    i++;
                }
            }
            if (i < this.min) {
                return new Error(PasswordPolicy.INVALID_PASSWORD_MIN_DIGITS_MESSAGE, new Object[]{Integer.valueOf(this.min)});
            }
            return null;
        }

        @Override // org.keycloak.models.PasswordPolicy.Policy
        public Error validate(UserModel userModel, String str) {
            return validate(userModel.getUsername(), str);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/keycloak-model-api-1.7.0.Final.jar:org/keycloak/models/PasswordPolicy$Error.class */
    public static class Error {
        private String message;
        private Object[] parameters;

        private Error(String str, Object... objArr) {
            this.message = str;
            this.parameters = objArr;
        }

        public String getMessage() {
            return this.message;
        }

        public Object[] getParameters() {
            return this.parameters;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/keycloak-model-api-1.7.0.Final.jar:org/keycloak/models/PasswordPolicy$ForceExpiredPasswordChange.class */
    public static class ForceExpiredPasswordChange implements Policy {
        private static final String NAME = "forceExpiredPasswordChange";
        private int daysToExpirePassword;

        public ForceExpiredPasswordChange(String str) {
            this.daysToExpirePassword = PasswordPolicy.intArg(NAME, TokenId.LSHIFT_E, str);
        }

        @Override // org.keycloak.models.PasswordPolicy.Policy
        public Error validate(String str, String str2) {
            return null;
        }

        @Override // org.keycloak.models.PasswordPolicy.Policy
        public Error validate(UserModel userModel, String str) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/keycloak-model-api-1.7.0.Final.jar:org/keycloak/models/PasswordPolicy$HashIterations.class */
    public static class HashIterations implements Policy {
        private static final String NAME = "hashIterations";
        private int iterations;

        public HashIterations(String str) {
            this.iterations = PasswordPolicy.intArg(NAME, 1, str);
        }

        @Override // org.keycloak.models.PasswordPolicy.Policy
        public Error validate(String str, String str2) {
            return null;
        }

        @Override // org.keycloak.models.PasswordPolicy.Policy
        public Error validate(UserModel userModel, String str) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/keycloak-model-api-1.7.0.Final.jar:org/keycloak/models/PasswordPolicy$Length.class */
    public static class Length implements Policy {
        private static final String NAME = "length";
        private int min;

        public Length(String str) {
            this.min = PasswordPolicy.intArg("length", 8, str);
        }

        @Override // org.keycloak.models.PasswordPolicy.Policy
        public Error validate(String str, String str2) {
            if (str2.length() < this.min) {
                return new Error(PasswordPolicy.INVALID_PASSWORD_MIN_LENGTH_MESSAGE, new Object[]{Integer.valueOf(this.min)});
            }
            return null;
        }

        @Override // org.keycloak.models.PasswordPolicy.Policy
        public Error validate(UserModel userModel, String str) {
            return validate(userModel.getUsername(), str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/keycloak-model-api-1.7.0.Final.jar:org/keycloak/models/PasswordPolicy$LowerCase.class */
    public static class LowerCase implements Policy {
        private static final String NAME = "lowerCase";
        private int min;

        public LowerCase(String str) {
            this.min = PasswordPolicy.intArg(NAME, 1, str);
        }

        @Override // org.keycloak.models.PasswordPolicy.Policy
        public Error validate(String str, String str2) {
            int i = 0;
            for (char c : str2.toCharArray()) {
                if (Character.isLowerCase(c)) {
                    i++;
                }
            }
            if (i < this.min) {
                return new Error(PasswordPolicy.INVALID_PASSWORD_MIN_LOWER_CASE_CHARS_MESSAGE, new Object[]{Integer.valueOf(this.min)});
            }
            return null;
        }

        @Override // org.keycloak.models.PasswordPolicy.Policy
        public Error validate(UserModel userModel, String str) {
            return validate(userModel.getUsername(), str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/keycloak-model-api-1.7.0.Final.jar:org/keycloak/models/PasswordPolicy$NotUsername.class */
    public static class NotUsername implements Policy {
        private static final String NAME = "notUsername";

        public NotUsername(String str) {
        }

        @Override // org.keycloak.models.PasswordPolicy.Policy
        public Error validate(String str, String str2) {
            if (str.equals(str2)) {
                return new Error(PasswordPolicy.INVALID_PASSWORD_NOT_USERNAME, new Object[0]);
            }
            return null;
        }

        @Override // org.keycloak.models.PasswordPolicy.Policy
        public Error validate(UserModel userModel, String str) {
            return validate(userModel.getUsername(), str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/keycloak-model-api-1.7.0.Final.jar:org/keycloak/models/PasswordPolicy$PasswordHistory.class */
    public static class PasswordHistory implements Policy {
        private static final String NAME = "passwordHistory";
        private int passwordHistoryPolicyValue;

        public PasswordHistory(String str) {
            this.passwordHistoryPolicyValue = PasswordPolicy.intArg(NAME, 3, str);
        }

        @Override // org.keycloak.models.PasswordPolicy.Policy
        public Error validate(String str, String str2) {
            return null;
        }

        @Override // org.keycloak.models.PasswordPolicy.Policy
        public Error validate(UserModel userModel, String str) {
            if (this.passwordHistoryPolicyValue == -1) {
                return null;
            }
            UserCredentialValueModel credentialValueModel = getCredentialValueModel(userModel, "password");
            if (credentialValueModel != null && new Pbkdf2PasswordEncoder(credentialValueModel.getSalt()).verify(str, credentialValueModel.getValue(), credentialValueModel.getHashIterations())) {
                return new Error(PasswordPolicy.INVALID_PASSWORD_HISTORY, new Object[]{Integer.valueOf(this.passwordHistoryPolicyValue)});
            }
            for (UserCredentialValueModel userCredentialValueModel : getCredentialValueModels(userModel, this.passwordHistoryPolicyValue - 1, UserCredentialModel.PASSWORD_HISTORY)) {
                if (new Pbkdf2PasswordEncoder(userCredentialValueModel.getSalt()).verify(str, userCredentialValueModel.getValue(), userCredentialValueModel.getHashIterations())) {
                    return new Error(PasswordPolicy.INVALID_PASSWORD_HISTORY, new Object[]{Integer.valueOf(this.passwordHistoryPolicyValue)});
                }
            }
            return null;
        }

        private UserCredentialValueModel getCredentialValueModel(UserModel userModel, String str) {
            for (UserCredentialValueModel userCredentialValueModel : userModel.getCredentialsDirectly()) {
                if (userCredentialValueModel.getType().equals(str)) {
                    return userCredentialValueModel;
                }
            }
            return null;
        }

        private List<UserCredentialValueModel> getCredentialValueModels(UserModel userModel, int i, String str) {
            ArrayList arrayList = new ArrayList();
            for (UserCredentialValueModel userCredentialValueModel : userModel.getCredentialsDirectly()) {
                if (userCredentialValueModel.getType().equals(str)) {
                    arrayList.add(userCredentialValueModel);
                }
            }
            Collections.sort(arrayList, new Comparator<UserCredentialValueModel>() { // from class: org.keycloak.models.PasswordPolicy.PasswordHistory.1
                @Override // java.util.Comparator
                public int compare(UserCredentialValueModel userCredentialValueModel2, UserCredentialValueModel userCredentialValueModel3) {
                    if (userCredentialValueModel2.getCreatedDate().longValue() > userCredentialValueModel3.getCreatedDate().longValue()) {
                        return -1;
                    }
                    return userCredentialValueModel2.getCreatedDate().longValue() < userCredentialValueModel3.getCreatedDate().longValue() ? 1 : 0;
                }
            });
            return arrayList.size() > i ? arrayList.subList(0, i) : arrayList;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/keycloak-model-api-1.7.0.Final.jar:org/keycloak/models/PasswordPolicy$Policy.class */
    private interface Policy extends Serializable {
        Error validate(UserModel userModel, String str);

        Error validate(String str, String str2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/keycloak-model-api-1.7.0.Final.jar:org/keycloak/models/PasswordPolicy$RegexPatterns.class */
    public static class RegexPatterns implements Policy {
        private static final String NAME = "regexPattern";
        private String regexPattern;

        public RegexPatterns(String str) {
            this.regexPattern = str;
        }

        @Override // org.keycloak.models.PasswordPolicy.Policy
        public Error validate(String str, String str2) {
            if (Pattern.compile(this.regexPattern).matcher(str2).matches()) {
                return null;
            }
            return new Error(PasswordPolicy.INVALID_PASSWORD_REGEX_PATTERN, new Object[]{this.regexPattern});
        }

        @Override // org.keycloak.models.PasswordPolicy.Policy
        public Error validate(UserModel userModel, String str) {
            return validate(userModel.getUsername(), str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/keycloak-model-api-1.7.0.Final.jar:org/keycloak/models/PasswordPolicy$SpecialChars.class */
    public static class SpecialChars implements Policy {
        private static final String NAME = "specialChars";
        private int min;

        public SpecialChars(String str) {
            this.min = PasswordPolicy.intArg(NAME, 1, str);
        }

        @Override // org.keycloak.models.PasswordPolicy.Policy
        public Error validate(String str, String str2) {
            int i = 0;
            for (char c : str2.toCharArray()) {
                if (!Character.isLetterOrDigit(c)) {
                    i++;
                }
            }
            if (i < this.min) {
                return new Error(PasswordPolicy.INVALID_PASSWORD_MIN_SPECIAL_CHARS_MESSAGE, new Object[]{Integer.valueOf(this.min)});
            }
            return null;
        }

        @Override // org.keycloak.models.PasswordPolicy.Policy
        public Error validate(UserModel userModel, String str) {
            return validate(userModel.getUsername(), str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/keycloak-model-api-1.7.0.Final.jar:org/keycloak/models/PasswordPolicy$UpperCase.class */
    public static class UpperCase implements Policy {
        private static final String NAME = "upperCase";
        private int min;

        public UpperCase(String str) {
            this.min = PasswordPolicy.intArg(NAME, 1, str);
        }

        @Override // org.keycloak.models.PasswordPolicy.Policy
        public Error validate(String str, String str2) {
            int i = 0;
            for (char c : str2.toCharArray()) {
                if (Character.isUpperCase(c)) {
                    i++;
                }
            }
            if (i < this.min) {
                return new Error(PasswordPolicy.INVALID_PASSWORD_MIN_UPPER_CASE_CHARS_MESSAGE, new Object[]{Integer.valueOf(this.min)});
            }
            return null;
        }

        @Override // org.keycloak.models.PasswordPolicy.Policy
        public Error validate(UserModel userModel, String str) {
            return validate(userModel.getUsername(), str);
        }
    }

    public PasswordPolicy(String str) {
        if (str == null || str.length() == 0) {
            this.policyString = null;
            this.policies = Collections.emptyList();
        } else {
            this.policyString = str;
            this.policies = parse(str);
        }
    }

    private static List<Policy> parse(String str) {
        String trim;
        LinkedList linkedList = new LinkedList();
        for (String str2 : str.split(" and ")) {
            String trim2 = str2.trim();
            String str3 = null;
            int indexOf = trim2.indexOf(40);
            if (indexOf == -1) {
                trim = trim2.trim();
            } else {
                trim = trim2.substring(0, indexOf).trim();
                str3 = trim2.substring(indexOf + 1, trim2.length() - 1);
            }
            if (trim.equals(LengthFunction.NAME)) {
                linkedList.add(new Length(str3));
            } else if (trim.equals("digits")) {
                linkedList.add(new Digits(str3));
            } else if (trim.equals("lowerCase")) {
                linkedList.add(new LowerCase(str3));
            } else if (trim.equals("upperCase")) {
                linkedList.add(new UpperCase(str3));
            } else if (trim.equals("specialChars")) {
                linkedList.add(new SpecialChars(str3));
            } else if (trim.equals("notUsername")) {
                linkedList.add(new NotUsername(str3));
            } else if (trim.equals("hashIterations")) {
                linkedList.add(new HashIterations(str3));
            } else if (trim.equals("regexPattern")) {
                Pattern.compile(str3);
                linkedList.add(new RegexPatterns(str3));
            } else if (trim.equals("passwordHistory")) {
                linkedList.add(new PasswordHistory(str3));
            } else {
                if (!trim.equals("forceExpiredPasswordChange")) {
                    throw new IllegalArgumentException("Unsupported policy");
                }
                linkedList.add(new ForceExpiredPasswordChange(str3));
            }
        }
        return linkedList;
    }

    public int getHashIterations() {
        if (this.policies == null) {
            return -1;
        }
        for (Policy policy : this.policies) {
            if (policy instanceof HashIterations) {
                return ((HashIterations) policy).iterations;
            }
        }
        return -1;
    }

    public int getExpiredPasswords() {
        if (this.policies == null) {
            return -1;
        }
        for (Policy policy : this.policies) {
            if (policy instanceof PasswordHistory) {
                return ((PasswordHistory) policy).passwordHistoryPolicyValue;
            }
        }
        return -1;
    }

    public int getDaysToExpirePassword() {
        if (this.policies == null) {
            return -1;
        }
        for (Policy policy : this.policies) {
            if (policy instanceof ForceExpiredPasswordChange) {
                return ((ForceExpiredPasswordChange) policy).daysToExpirePassword;
            }
        }
        return -1;
    }

    public Error validate(UserModel userModel, String str) {
        Iterator<Policy> it = this.policies.iterator();
        while (it.hasNext()) {
            Error validate = it.next().validate(userModel, str);
            if (validate != null) {
                return validate;
            }
        }
        return null;
    }

    public Error validate(String str, String str2) {
        Iterator<Policy> it = this.policies.iterator();
        while (it.hasNext()) {
            Error validate = it.next().validate(str, str2);
            if (validate != null) {
                return validate;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static int intArg(String str, int i, String str2) {
        return str2 == null ? i : Integer.parseInt(str2);
    }

    public String toString() {
        return this.policyString;
    }
}
