package com.appiancorp.ag.security;

import com.appiancorp.common.config.ApplicationContextHolder;
import com.appiancorp.services.ServiceContext;
import com.appiancorp.suite.cfg.AdminSecurityConfiguration;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import com.appiancorp.suite.cfg.FeatureToggleConfiguration;
import com.appiancorp.suiteapi.common.ServiceLocator;
import com.appiancorp.suiteapi.common.exceptions.PrivilegeException;
import com.appiancorp.suiteapi.personalization.UserService;
import java.io.IOException;
import java.io.InputStream;
import java.util.Arrays;
import java.util.regex.Pattern;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/appiancorp/ag/security/DefaultPasswordVerifier.class */
public class DefaultPasswordVerifier implements PasswordVerifier {
    protected static final String PWD_SPECIAL_CHARACTERS = "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~";
    private final AdminSecurityConfiguration config;
    private final ServiceContext serviceContext;
    private static final Logger LOG = Logger.getLogger(DefaultPasswordVerifier.class);
    private static final String KNOWN_PASSWORDS_FILE = "resources/" + DefaultPasswordVerifier.class.getName().replaceAll("\\.", "/") + "/10-million-password-list-top-100000.txt";

    /* JADX INFO: Access modifiers changed from: package-private */
    public DefaultPasswordVerifier(ServiceContext serviceContext) {
        this(serviceContext, (AdminSecurityConfiguration) ApplicationContextHolder.getBean(AdminSecurityConfiguration.class));
    }

    DefaultPasswordVerifier(ServiceContext serviceContext, AdminSecurityConfiguration adminSecurityConfiguration) {
        this.config = adminSecurityConfiguration;
        this.serviceContext = serviceContext;
    }

    @Override // com.appiancorp.ag.security.PasswordVerifier
    public boolean verify(String str, char[] cArr) throws PrivilegeException {
        if (cArr == null) {
            return false;
        }
        int i = 0;
        for (char c : cArr) {
            if (Character.isWhitespace(c)) {
                i++;
            }
        }
        if (i == cArr.length) {
            return false;
        }
        int intValue = this.config.getMinAlphabeticCharacters().intValue();
        int intValue2 = this.config.getMinNumericCharacters().intValue();
        int intValue3 = this.config.getMinPasswordLength().intValue();
        int intValue4 = this.config.getMinSpecialCharacters().intValue();
        int intValue5 = this.config.getMinUppercaseCharacters().intValue();
        int intValue6 = this.config.getMinLowercaseCharacters().intValue();
        int i2 = intValue + intValue2 + intValue4;
        if (i2 > intValue3) {
            intValue3 = i2;
        }
        if (cArr.length < intValue3) {
            return false;
        }
        for (char c2 : cArr) {
            if (intValue > 0 && ((c2 >= 'a' && c2 <= 'z') || (c2 >= 'A' && c2 <= 'Z'))) {
                intValue--;
            } else if (intValue2 > 0 && c2 >= '0' && c2 <= '9') {
                intValue2--;
            } else if (intValue4 > 0 && PWD_SPECIAL_CHARACTERS.indexOf(c2) != -1) {
                intValue4--;
            }
            if (intValue5 > 0 && c2 >= 'A' && c2 <= 'Z') {
                intValue5--;
            } else if (intValue6 > 0 && c2 >= 'a' && c2 <= 'z') {
                intValue6--;
            }
        }
        if (intValue2 + intValue + intValue4 + intValue6 + intValue5 > 0) {
            return false;
        }
        if (this.config.passwordCannotContainUsername().booleanValue() && !StringUtils.isBlank(str)) {
            if (Pattern.compile(Pattern.quote(str), 2).matcher(new String(cArr)).find()) {
                return false;
            }
        }
        if (!((FeatureToggleConfiguration) ConfigurationFactory.getConfiguration(FeatureToggleConfiguration.class)).validateKnownPasswords() || !isPasswordInKnownPasswordsList(cArr)) {
            return StringUtils.isBlank(str) || isPasswordUnique(str, cArr);
        }
        LOG.debug("Password change failed because password was in known set of commonly-used passwords");
        return false;
    }

    private boolean isPasswordUnique(String str, char[] cArr) throws PrivilegeException {
        UserService userService = ServiceLocator.getUserService(this.serviceContext);
        String[] allPossibleSalts = ((SaltCreator) ApplicationContextHolder.getBean(SaltCreator.class)).getAllPossibleSalts(str);
        for (PasswordHasher passwordHasher : ((PasswordConfig) ApplicationContextHolder.getBean(PasswordConfig.class)).getAllAvailableAlgorithms()) {
            for (String str2 : allPossibleSalts) {
                if (!userService.isPasswordUnique(str, passwordHasher.hash(cArr, str2))) {
                    return false;
                }
            }
        }
        return true;
    }

    @Override // com.appiancorp.ag.security.PasswordVerifier
    public char[] generatePassword() {
        return new RandomPasswordGenerator(this.config).generatePassword();
    }

    private boolean isPasswordInKnownPasswordsList(char[] cArr) {
        long currentTimeMillis = System.currentTimeMillis();
        try {
            try {
                InputStream resourceAsStream = DefaultPasswordVerifier.class.getClassLoader().getResourceAsStream(KNOWN_PASSWORDS_FILE);
                Throwable th = null;
                try {
                    try {
                        for (String str : IOUtils.toString(resourceAsStream).split("\n")) {
                            if (Arrays.equals(str.toCharArray(), cArr)) {
                                if (resourceAsStream != null) {
                                    if (0 != 0) {
                                        try {
                                            resourceAsStream.close();
                                        } catch (Throwable th2) {
                                            th.addSuppressed(th2);
                                        }
                                    } else {
                                        resourceAsStream.close();
                                    }
                                }
                                LOG.debug("Checking proposed password against 100K commonly-used passwords took " + (System.currentTimeMillis() - currentTimeMillis) + "ms");
                                return true;
                            }
                        }
                        if (resourceAsStream != null) {
                            if (0 != 0) {
                                try {
                                    resourceAsStream.close();
                                } catch (Throwable th3) {
                                    th.addSuppressed(th3);
                                }
                            } else {
                                resourceAsStream.close();
                            }
                        }
                        LOG.debug("Checking proposed password against 100K commonly-used passwords took " + (System.currentTimeMillis() - currentTimeMillis) + "ms");
                        return false;
                    } finally {
                    }
                } catch (Throwable th4) {
                    if (resourceAsStream != null) {
                        if (th != null) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th5) {
                                th.addSuppressed(th5);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                    throw th4;
                }
            } catch (Throwable th6) {
                LOG.debug("Checking proposed password against 100K commonly-used passwords took " + (System.currentTimeMillis() - currentTimeMillis) + "ms");
                throw th6;
            }
        } catch (IOException e) {
            LOG.error("Unable to read known passwords file", e);
            throw new RuntimeException(e);
        }
    }
}
