package com.atlassian.jira.plugins.passwordpolicy;

import com.atlassian.crowd.embedded.impl.IdentifierUtils;
import com.atlassian.jira.plugin.user.PasswordPolicy;
import com.atlassian.jira.plugin.user.WebErrorMessage;
import com.atlassian.jira.plugins.passwordpolicy.analysis.CharacterClassAnalysis;
import com.atlassian.jira.plugins.passwordpolicy.analysis.CharacterFrequencyAnalysis;
import com.atlassian.jira.plugins.passwordpolicy.config.PasswordPolicyConfiguration;
import com.atlassian.jira.plugins.passwordpolicy.config.PasswordPolicyConfigurationLoader;
import com.atlassian.jira.plugins.passwordpolicy.config.SimilarityCheck;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.sal.api.message.I18nResolver;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableList;
import java.util.Collection;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/jira-password-policy-plugin-2.0.2.jar:com/atlassian/jira/plugins/passwordpolicy/SimplePasswordPolicy.class */
public class SimplePasswordPolicy implements PasswordPolicy {
    final I18nResolver i18n;
    final PasswordPolicyConfigurationLoader passwordPolicyConfigurationLoader;

    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/jira-password-policy-plugin-2.0.2.jar:com/atlassian/jira/plugins/passwordpolicy/SimplePasswordPolicy$ValidationContext.class */
    class ValidationContext {
        final ApplicationUser user;
        final String oldPassword;
        final String newPassword;
        final PasswordPolicyConfiguration config;
        final ImmutableList.Builder<WebErrorMessage> errors = ImmutableList.builder();
        final CharacterClassAnalysis counts;

        ValidationContext(ApplicationUser applicationUser, String str, String str2, PasswordPolicyConfiguration passwordPolicyConfiguration) {
            this.user = applicationUser;
            this.oldPassword = str;
            this.newPassword = str2;
            this.config = passwordPolicyConfiguration;
            this.counts = CharacterClassAnalysis.of(str2);
        }

        ImmutableList<WebErrorMessage> validatePolicy() {
            validateLengthAndTrim();
            validateCharacterTypes();
            validateSimilarity();
            return this.errors.build();
        }

        private void validateLengthAndTrim() {
            int length = this.newPassword.length();
            int max = Math.max(1, this.config.getMinimumLength());
            if (length < max) {
                this.errors.add((ImmutableList.Builder<WebErrorMessage>) Message.MINIMUM_LENGTH.error(SimplePasswordPolicy.this.i18n, max));
                return;
            }
            int maximumLength = this.config.getMaximumLength();
            if (maximumLength > 0 && length > maximumLength) {
                this.errors.add((ImmutableList.Builder<WebErrorMessage>) Message.MAXIMUM_LENGTH.error(SimplePasswordPolicy.this.i18n, maximumLength));
            }
            if (this.newPassword.charAt(0) == ' ' || this.newPassword.charAt(length - 1) == ' ') {
                this.errors.add((ImmutableList.Builder<WebErrorMessage>) Message.LEADING_OR_TRAILING_SPACES.error(SimplePasswordPolicy.this.i18n));
            }
        }

        private void validateCharacterTypes() {
            if (this.counts.getInvalidCount() > 0 || this.counts.getControlCount() > 0) {
                this.errors.add((ImmutableList.Builder<WebErrorMessage>) Message.INVALID_CHARS.error(SimplePasswordPolicy.this.i18n));
            }
            if (this.config.getEnablePassphraseExemption() && SimplePasswordPolicy.isPassphrase(this.newPassword)) {
                return;
            }
            validateMinimum(this.config.getMinimumLowercase(), this.counts.getLowercaseLetterCount(), Message.MINIMUM_LOWER);
            validateMinimum(this.config.getMinimumUppercase(), this.counts.getUppercaseLetterCount(), Message.MINIMUM_UPPER);
            validateMinimum(this.config.getMinimumDigits(), this.counts.getDigitCount(), Message.MINIMUM_DIGITS);
            validateMinimum(this.config.getMinimumSpecial(), this.counts.getSpecialCount(), Message.MINIMUM_SPECIAL);
            validateMinimum(this.config.getMinimumDistinctCharacterClasses(), this.counts.getCharacterClassCount(), Message.MINIMUM_CLASSES);
        }

        private void validateSimilarity() {
            validateSimilarity(this.config.getSimilarityToOldPassword(), this.oldPassword, Message.SIMILAR_TO_OLD_PASSWORD);
            validateSimilarity(this.config.getSimilarityToUserInfo(), this.user, Message.SIMILAR_TO_USER_INFO);
        }

        private boolean validateSimilarity(SimilarityCheck similarityCheck, ApplicationUser applicationUser, Message message) {
            if (applicationUser == null) {
                return false;
            }
            return validateSimilarity(similarityCheck, applicationUser.getName(), message) || validateSimilarity(similarityCheck, applicationUser.getDisplayName(), message) || validateSimilarity(similarityCheck, applicationUser.getEmailAddress(), message);
        }

        private boolean validateSimilarity(SimilarityCheck similarityCheck, String str, Message message) {
            if (similarityCheck.isDisabled() || str == null || str.length() == 0) {
                return false;
            }
            String clean = SimplePasswordPolicy.clean(str);
            String clean2 = SimplePasswordPolicy.clean(this.newPassword);
            if (hasMatchingRotatedSubstring(clean, clean2)) {
                this.errors.add((ImmutableList.Builder<WebErrorMessage>) message.error(SimplePasswordPolicy.this.i18n));
                return true;
            }
            if (!similarityCheck.isFrequencyAnalysisEnabled() || !CharacterFrequencyAnalysis.of(clean).isSimilarTo(CharacterFrequencyAnalysis.of(clean2))) {
                return false;
            }
            this.errors.add((ImmutableList.Builder<WebErrorMessage>) message.error(SimplePasswordPolicy.this.i18n));
            return true;
        }

        private boolean hasMatchingRotatedSubstring(String str, String str2) {
            String reverse = SimplePasswordPolicy.reverse(str2);
            String str3 = str;
            while (!hasMatchingSubstring(str3, str2, reverse)) {
                str3 = SimplePasswordPolicy.rotate(str3);
                if (str.equals(str3)) {
                    return false;
                }
            }
            return true;
        }

        private boolean hasMatchingSubstring(String str, String str2, String str3) {
            return str.contains(str2) || str2.contains(str) || str.contains(str3) || str3.contains(str);
        }

        private void validateMinimum(int i, int i2, Message message) {
            if (i <= 0 || i2 >= i) {
                return;
            }
            this.errors.add((ImmutableList.Builder<WebErrorMessage>) message.error(SimplePasswordPolicy.this.i18n, i));
        }
    }

    public SimplePasswordPolicy(I18nResolver i18nResolver, PasswordPolicyConfigurationLoader passwordPolicyConfigurationLoader) {
        this.i18n = i18nResolver;
        this.passwordPolicyConfigurationLoader = passwordPolicyConfigurationLoader;
    }

    @Override // com.atlassian.jira.plugin.user.PasswordPolicy
    public Collection<WebErrorMessage> validatePolicy(@Nonnull ApplicationUser applicationUser, @Nullable String str, @Nonnull String str2) {
        PasswordPolicyConfiguration passwordConfiguration = getPasswordConfiguration();
        return passwordConfiguration.getPasswordPolicyMode().isDisabled() ? ImmutableList.of() : new ValidationContext(applicationUser, str, str2, passwordConfiguration).validatePolicy();
    }

    @Override // com.atlassian.jira.plugin.user.PasswordPolicy
    public List<String> getPolicyDescription(boolean z) {
        PasswordPolicyConfiguration passwordConfiguration = getPasswordConfiguration();
        if (passwordConfiguration.getPasswordPolicyMode().isDisabled()) {
            return ImmutableList.of();
        }
        ImmutableList.Builder builder = ImmutableList.builder();
        if (passwordConfiguration.getMinimumLength() > 1) {
            builder.add((ImmutableList.Builder) Message.MINIMUM_LENGTH.snippet(this.i18n, passwordConfiguration.getMinimumLength()));
        }
        builder.add((ImmutableList.Builder) Message.MAXIMUM_LENGTH.snippet(this.i18n, passwordConfiguration.getMaximumLength()));
        if (passwordConfiguration.getMinimumDistinctCharacterClasses() > 0) {
            builder.add((ImmutableList.Builder) Message.MINIMUM_CLASSES.snippet(this.i18n, passwordConfiguration.getMinimumDistinctCharacterClasses()));
        }
        if (passwordConfiguration.getMinimumUppercase() > 0) {
            builder.add((ImmutableList.Builder) Message.MINIMUM_UPPER.snippet(this.i18n, passwordConfiguration.getMinimumUppercase()));
        }
        if (passwordConfiguration.getMinimumLowercase() > 0) {
            builder.add((ImmutableList.Builder) Message.MINIMUM_LOWER.snippet(this.i18n, passwordConfiguration.getMinimumLowercase()));
        }
        if (passwordConfiguration.getMinimumDigits() > 0) {
            builder.add((ImmutableList.Builder) Message.MINIMUM_DIGITS.snippet(this.i18n, passwordConfiguration.getMinimumDigits()));
        }
        if (passwordConfiguration.getMinimumSpecial() > 0) {
            builder.add((ImmutableList.Builder) Message.MINIMUM_SPECIAL.snippet(this.i18n, passwordConfiguration.getMinimumSpecial()));
        }
        if (!passwordConfiguration.getSimilarityToOldPassword().isDisabled() && z) {
            builder.add((ImmutableList.Builder) Message.SIMILAR_TO_OLD_PASSWORD.snippet(this.i18n));
        }
        if (!passwordConfiguration.getSimilarityToUserInfo().isDisabled()) {
            builder.add((ImmutableList.Builder) Message.SIMILAR_TO_USER_INFO.snippet(this.i18n));
        }
        return builder.build();
    }

    @VisibleForTesting
    protected PasswordPolicyConfiguration getPasswordConfiguration() {
        return this.passwordPolicyConfigurationLoader.load();
    }

    static boolean isPassphrase(String str) {
        if (str.length() < 16) {
            return false;
        }
        int indexOf = str.indexOf(32);
        if (indexOf < 0) {
            return false;
        }
        do {
            indexOf++;
            if (indexOf >= str.length()) {
                return false;
            }
        } while (str.charAt(indexOf) == ' ');
        return str.indexOf(32, indexOf) >= 0;
    }

    static String clean(String str) {
        return IdentifierUtils.toLowerCase(str).replace(' ', '_');
    }

    static String reverse(String str) {
        return new StringBuilder(str).reverse().toString();
    }

    static String rotate(String str) {
        int length = str.length();
        return new StringBuilder(length).append((CharSequence) str, 1, length).append(str.charAt(0)).toString();
    }
}
