package org.geoserver.security.validation;

import java.lang.reflect.Method;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.config.PasswordPolicyConfig;
import org.geoserver.security.password.GeoServerPasswordEncoder;
import org.geoserver.security.password.PasswordValidator;

/* loaded from: input_file:org/geoserver/security/validation/PasswordValidatorImpl.class */
public class PasswordValidatorImpl extends AbstractSecurityValidator implements PasswordValidator {
    protected PasswordPolicyConfig config;
    protected static Set<String> notAllowedPrefixes;
    protected static Object lock = new Object();

    public PasswordValidatorImpl(GeoServerSecurityManager geoServerSecurityManager) {
        super(geoServerSecurityManager);
    }

    public static Set<String> getNotAllowedPrefixes() {
        if (notAllowedPrefixes != null) {
            return notAllowedPrefixes;
        }
        synchronized (lock) {
            if (notAllowedPrefixes != null) {
                return notAllowedPrefixes;
            }
            notAllowedPrefixes = new HashSet();
            Iterator it = GeoServerExtensions.extensions(GeoServerPasswordEncoder.class).iterator();
            while (it.hasNext()) {
                notAllowedPrefixes.add(((GeoServerPasswordEncoder) it.next()).getPrefix() + GeoServerPasswordEncoder.PREFIX_DELIMTER);
            }
            return notAllowedPrefixes;
        }
    }

    public static String passwordStartsWithEncoderPrefix(char[] cArr) {
        if (cArr == null) {
            return null;
        }
        for (String str : getNotAllowedPrefixes()) {
            if (str.length() <= cArr.length) {
                for (int i = 0; i < str.length(); i++) {
                    if (str.charAt(i) != cArr[i]) {
                        break;
                    }
                }
                return str;
            }
        }
        return null;
    }

    @Override // org.geoserver.security.password.PasswordValidator
    public void setConfig(PasswordPolicyConfig passwordPolicyConfig) {
        this.config = passwordPolicyConfig;
    }

    @Override // org.geoserver.security.password.PasswordValidator
    public PasswordPolicyConfig getConfig() {
        return this.config;
    }

    @Override // org.geoserver.security.password.PasswordValidator
    public void validatePassword(char[] cArr) throws PasswordPolicyException {
        if (cArr == null) {
            cArr = new char[0];
        }
        if (cArr.length < this.config.getMinLength()) {
            throw createSecurityException(PasswordPolicyException.MIN_LENGTH_$1, Integer.valueOf(this.config.getMinLength()));
        }
        if (this.config.getMaxLength() >= 0 && cArr.length > this.config.getMaxLength()) {
            throw createSecurityException(PasswordPolicyException.MAX_LENGTH_$1, Integer.valueOf(this.config.getMaxLength()));
        }
        if (this.config.isDigitRequired() && !checkUsingMethod("isDigit", cArr)) {
            throw createSecurityException(PasswordPolicyException.NO_DIGIT, new Object[0]);
        }
        if (this.config.isUppercaseRequired() && !checkUsingMethod("isUpperCase", cArr)) {
            throw createSecurityException(PasswordPolicyException.NO_UPPERCASE, new Object[0]);
        }
        if (this.config.isLowercaseRequired() && !checkUsingMethod("isLowerCase", cArr)) {
            throw createSecurityException(PasswordPolicyException.NO_LOWERCASE, new Object[0]);
        }
        String passwordStartsWithEncoderPrefix = passwordStartsWithEncoderPrefix(cArr);
        if (passwordStartsWithEncoderPrefix != null) {
            throw createSecurityException(PasswordPolicyException.RESERVED_PREFIX_$1, passwordStartsWithEncoderPrefix);
        }
    }

    protected boolean checkUsingMethod(String str, char[] cArr) {
        try {
            Method method = getClass().getMethod(str, Character.class);
            for (char c : cArr) {
                if (((Boolean) method.invoke(this, Character.valueOf(c))).booleanValue()) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            throw new RuntimeException("never should reach this point", e);
        }
    }

    public boolean isDigit(Character ch) {
        return Character.isDigit(ch.charValue());
    }

    public boolean isUpperCase(Character ch) {
        return Character.isUpperCase(ch.charValue());
    }

    public boolean isLowerCase(Character ch) {
        return Character.isLowerCase(ch.charValue());
    }

    protected PasswordPolicyException createSecurityException(String str, Object... objArr) {
        return new PasswordPolicyException(str, objArr);
    }
}
