package org.apache.directory.server.core.kerberos;

import java.util.ArrayList;
import org.apache.directory.server.core.entry.ClonedServerEntry;
import org.apache.directory.server.core.interceptor.BaseInterceptor;
import org.apache.directory.server.core.interceptor.NextInterceptor;
import org.apache.directory.server.core.interceptor.context.AddOperationContext;
import org.apache.directory.server.core.interceptor.context.ModifyOperationContext;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.entry.BinaryValue;
import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.entry.Modification;
import org.apache.directory.shared.ldap.entry.StringValue;
import org.apache.directory.shared.ldap.entry.Value;
import org.apache.directory.shared.ldap.name.DN;
import org.apache.directory.shared.ldap.util.StringTools;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/directory/server/core/kerberos/PasswordPolicyInterceptor.class */
public class PasswordPolicyInterceptor extends BaseInterceptor {
    private static final Logger log = LoggerFactory.getLogger(PasswordPolicyInterceptor.class);
    public static final String NAME = "passwordPolicyService";

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void add(NextInterceptor nextInterceptor, AddOperationContext addOperationContext) throws Exception {
        DN dn = addOperationContext.getDn();
        ClonedServerEntry entry = addOperationContext.getEntry();
        log.debug("Adding the entry '{}' for DN '{}'.", entry, dn.getName());
        if (entry.get(SchemaConstants.USER_PASSWORD_AT) != null) {
            String str = null;
            BinaryValue binaryValue = (BinaryValue) entry.get(SchemaConstants.USER_PASSWORD_AT).get();
            String string = binaryValue.getString();
            if (log.isDebugEnabled()) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append("'" + string + "' ( ");
                stringBuffer.append(binaryValue);
                stringBuffer.append(" )");
                log.debug("Adding Attribute id : 'userPassword',  Values : [ {} ]", stringBuffer.toString());
            }
            if (entry.get(SchemaConstants.CN_AT) != null) {
                str = ((StringValue) entry.get(SchemaConstants.CN_AT).get()).getString();
            }
            check(str, string);
        }
        nextInterceptor.add(addOperationContext);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:7:0x0046. Please report as an issue. */
    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void modify(NextInterceptor nextInterceptor, ModifyOperationContext modifyOperationContext) throws Exception {
        DN dn = modifyOperationContext.getDn();
        String str = null;
        for (Modification modification : modifyOperationContext.getModItems()) {
            if (log.isDebugEnabled()) {
                switch (modification.getOperation()) {
                    case ADD_ATTRIBUTE:
                        str = "Adding";
                        break;
                    case REMOVE_ATTRIBUTE:
                        str = "Removing";
                        break;
                    case REPLACE_ATTRIBUTE:
                        str = "Replacing";
                        break;
                }
            }
            EntryAttribute attribute = modification.getAttribute();
            if (attribute.instanceOf(SchemaConstants.USER_PASSWORD_AT)) {
                Value<?> value = attribute.get();
                String str2 = StringTools.EMPTY;
                if (value != null) {
                    if (value instanceof StringValue) {
                        log.debug("{} Attribute id : 'userPassword',  Values : [ '{}' ]", str, attribute);
                        str2 = ((StringValue) value).getString();
                    } else if (value instanceof BinaryValue) {
                        BinaryValue binaryValue = (BinaryValue) value;
                        String string = binaryValue.getString();
                        if (log.isDebugEnabled()) {
                            StringBuffer stringBuffer = new StringBuffer();
                            stringBuffer.append("'" + string + "' ( ");
                            stringBuffer.append(StringTools.dumpBytes(binaryValue.getBytes()).trim());
                            stringBuffer.append(" )");
                            log.debug("{} Attribute id : 'userPassword',  Values : [ {} ]", str, stringBuffer.toString());
                        }
                        str2 = string;
                    }
                    check(dn.getName(), str2);
                }
            }
            if (log.isDebugEnabled()) {
                log.debug(str + " for entry '" + dn.getName() + "' the attribute " + modification.getAttribute());
            }
        }
        nextInterceptor.modify(modifyOperationContext);
    }

    void check(String str, String str2) throws Exception {
        if (isValid(str, str2, 6, 2, 3)) {
            return;
        }
        String buildErrorMessage = buildErrorMessage(str, str2, 6, 2, 3);
        log.error(buildErrorMessage);
        throw new Exception(buildErrorMessage);
    }

    boolean isValid(String str, String str2, int i, int i2, int i3) {
        return isValidPasswordLength(str2, i) && isValidCategoryCount(str2, i2) && isValidUsernameSubstring(str, str2, i3);
    }

    boolean isValidPasswordLength(String str, int i) {
        return str.length() >= i;
    }

    boolean isValidCategoryCount(String str, int i) {
        int i2 = 0;
        int i3 = 0;
        int i4 = 0;
        int i5 = 0;
        for (char c : str.toCharArray()) {
            if (Character.isLowerCase(c)) {
                i3 = 1;
            } else if (Character.isUpperCase(c)) {
                i2 = 1;
            } else if (Character.isDigit(c)) {
                i4 = 1;
            } else if (!Character.isLetterOrDigit(c)) {
                i5 = 1;
            }
        }
        return ((i2 + i3) + i4) + i5 >= i;
    }

    boolean isValidUsernameSubstring(String str, String str2, int i) {
        String[] split = str.split("[^a-zA-Z]");
        for (int i2 = 0; i2 < split.length; i2++) {
            if (split[i2].length() >= i && str2.matches("(?i).*" + split[i2] + ".*")) {
                return false;
            }
        }
        return true;
    }

    private String buildErrorMessage(String str, String str2, int i, int i2, int i3) {
        ArrayList<String> arrayList = new ArrayList();
        if (!isValidPasswordLength(str2, i)) {
            arrayList.add("length too short");
        }
        if (!isValidCategoryCount(str2, i2)) {
            arrayList.add("insufficient character mix");
        }
        if (!isValidUsernameSubstring(str, str2, i3)) {
            arrayList.add("contains portions of username");
        }
        StringBuffer stringBuffer = new StringBuffer("Password violates policy:  ");
        boolean z = true;
        for (String str3 : arrayList) {
            if (z) {
                z = false;
            } else {
                stringBuffer.append(", ");
            }
            stringBuffer.append(str3);
        }
        return stringBuffer.toString();
    }
}
