package org.apache.cassandra.db.guardrails;

import java.io.IOException;
import java.io.RandomAccessFile;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.annotation.Nonnull;
import org.apache.cassandra.db.guardrails.ValueValidator;
import org.apache.cassandra.exceptions.ConfigurationException;
import org.passay.CharacterCharacteristicsRule;
import org.passay.CharacterData;
import org.passay.CharacterRule;
import org.passay.CyrillicCharacterData;
import org.passay.CyrillicModernCharacterData;
import org.passay.CyrillicModernSequenceData;
import org.passay.CyrillicSequenceData;
import org.passay.CzechCharacterData;
import org.passay.CzechSequenceData;
import org.passay.DictionaryRule;
import org.passay.EnglishCharacterData;
import org.passay.EnglishSequenceData;
import org.passay.GermanCharacterData;
import org.passay.GermanSequenceData;
import org.passay.IllegalSequenceRule;
import org.passay.LengthRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.PolishCharacterData;
import org.passay.PolishSequenceData;
import org.passay.Rule;
import org.passay.RuleResult;
import org.passay.RuleResultDetail;
import org.passay.RuleResultMetadata;
import org.passay.SequenceData;
import org.passay.WhitespaceRule;
import org.passay.dictionary.FileWordList;
import org.passay.dictionary.WordListDictionary;

/* loaded from: input_file:org/apache/cassandra/db/guardrails/CassandraPasswordValidator.class */
public class CassandraPasswordValidator extends ValueValidator<String> implements PasswordDictionaryAware<CassandraPasswordConfiguration> {
    protected final PasswordValidator warnValidator;
    protected final PasswordValidator failValidator;
    protected final CassandraPasswordConfiguration configuration;
    private final UnsupportedCharsetRule unsupportedCharsetRule;
    private final DictionaryRule dictionaryRule;
    private final boolean provideDetailedMessages;
    private static final RuleResult VALID = new RuleResult(true);
    protected static final CharacterData specialCharacters = new CharacterData() { // from class: org.apache.cassandra.db.guardrails.CassandraPasswordValidator.1
        public String getErrorCode() {
            return "INSUFFICIENT_SPECIAL";
        }

        public String getCharacters() {
            return "!\"#$%&()*+,-./:;<=>?@[\\]^_`{|}~";
        }
    };

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apache/cassandra/db/guardrails/CassandraPasswordValidator$CustomLowerCaseCharacterData.class */
    public static class CustomLowerCaseCharacterData implements CharacterData {
        protected CustomLowerCaseCharacterData() {
        }

        public String getErrorCode() {
            return "INSUFFICIENT_LOWERCASE";
        }

        public String getCharacters() {
            return EnglishCharacterData.LowerCase.getCharacters() + CyrillicCharacterData.LowerCase.getCharacters() + CyrillicModernCharacterData.LowerCase.getCharacters() + CzechCharacterData.LowerCase.getCharacters() + GermanCharacterData.LowerCase.getCharacters() + PolishCharacterData.LowerCase.getCharacters();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apache/cassandra/db/guardrails/CassandraPasswordValidator$CustomUpperCaseCharacterData.class */
    public static class CustomUpperCaseCharacterData implements CharacterData {
        protected CustomUpperCaseCharacterData() {
        }

        public String getErrorCode() {
            return "INSUFFICIENT_UPPERCASE";
        }

        public String getCharacters() {
            return EnglishCharacterData.UpperCase.getCharacters() + CyrillicCharacterData.UpperCase.getCharacters() + CyrillicModernCharacterData.UpperCase.getCharacters() + CzechCharacterData.UpperCase.getCharacters() + GermanCharacterData.UpperCase.getCharacters() + PolishCharacterData.UpperCase.getCharacters();
        }
    }

    /* loaded from: input_file:org/apache/cassandra/db/guardrails/CassandraPasswordValidator$UnsupportedCharsetRule.class */
    public static class UnsupportedCharsetRule implements Rule {
        private static final char[] supportedAlphabeticChars = supportedChars(true);
        private static final char[] allSupportedCharsChars = supportedChars(false);
        public static final String ERROR_CODE = "UNSUPPORTED_CHARSET";

        public RuleResult validate(PasswordData passwordData) {
            String password = passwordData.getPassword();
            RuleResult ruleResult = new RuleResult();
            if (password.isEmpty()) {
                return ruleResult;
            }
            int i = 0;
            int i2 = 0;
            for (char c : password.toCharArray()) {
                if (Arrays.binarySearch(allSupportedCharsChars, c) < 0) {
                    i++;
                } else if (Arrays.binarySearch(supportedAlphabeticChars, c) < 0) {
                    i2++;
                }
            }
            if (i > 0) {
                if (i + i2 == password.length()) {
                    ruleResult.setValid(false);
                    ruleResult.addError(ERROR_CODE, Map.of());
                }
                ruleResult.setMetadata(new RuleResultMetadata(RuleResultMetadata.CountCategory.Illegal, i));
            }
            return ruleResult;
        }

        private static char[] supportedChars(boolean z) {
            char[] chars = getChars(z);
            HashSet hashSet = new HashSet();
            for (char c : chars) {
                hashSet.add(Character.valueOf(c));
            }
            char[] cArr = new char[hashSet.size()];
            Iterator it = hashSet.iterator();
            int i = 0;
            while (it.hasNext()) {
                int i2 = i;
                i++;
                cArr[i2] = ((Character) it.next()).charValue();
            }
            Arrays.sort(cArr);
            return cArr;
        }

        private static char[] getChars(boolean z) {
            return z ? (new CustomUpperCaseCharacterData().getCharacters() + new CustomLowerCaseCharacterData().getCharacters()).toCharArray() : (new CustomUpperCaseCharacterData().getCharacters() + new CustomLowerCaseCharacterData().getCharacters() + CassandraPasswordValidator.specialCharacters.getCharacters() + "0123456789").toCharArray();
        }
    }

    public CassandraPasswordValidator(CustomGuardrailConfig customGuardrailConfig) {
        super(customGuardrailConfig);
        this.unsupportedCharsetRule = new UnsupportedCharsetRule();
        this.configuration = new CassandraPasswordConfiguration(customGuardrailConfig);
        this.provideDetailedMessages = this.configuration.detailedMessages;
        this.dictionaryRule = initializeDictionaryRule(this.configuration);
        this.warnValidator = new PasswordValidator(getRules(this.configuration.lengthWarn, this.configuration.maxLength, this.configuration.characteristicsWarn, this.configuration.illegalSequenceLength, getCharacterValidationRules(this.configuration.upperCaseWarn, this.configuration.lowerCaseWarn, this.configuration.digitsWarn, this.configuration.specialsWarn)));
        this.failValidator = new PasswordValidator(getRules(this.configuration.lengthFail, this.configuration.maxLength, this.configuration.characteristicsFail, this.configuration.illegalSequenceLength, getCharacterValidationRules(this.configuration.upperCaseFail, this.configuration.lowerCaseFail, this.configuration.digitsFail, this.configuration.specialsFail)));
    }

    @Override // org.apache.cassandra.db.guardrails.ValueValidator
    @Nonnull
    public CustomGuardrailConfig getParameters() {
        return this.configuration.asCustomGuardrailConfig();
    }

    @Override // org.apache.cassandra.db.guardrails.ValueValidator
    public Optional<ValueValidator.ValidationViolation> shouldWarn(String str, boolean z) {
        return executeValidation(this.warnValidator, str, z, true);
    }

    @Override // org.apache.cassandra.db.guardrails.ValueValidator
    public Optional<ValueValidator.ValidationViolation> shouldFail(String str, boolean z) {
        return executeValidation(this.failValidator, str, z, false);
    }

    private Optional<ValueValidator.ValidationViolation> executeValidation(PasswordValidator passwordValidator, String str, boolean z, boolean z2) {
        PasswordData passwordData = new PasswordData(str);
        if (!this.unsupportedCharsetRule.validate(passwordData).isValid()) {
            return Optional.of(new ValueValidator.ValidationViolation((z || this.provideDetailedMessages) ? "Unsupported language / character set for password validator" : "Password complexity policy not met.", UnsupportedCharsetRule.ERROR_CODE));
        }
        if (!z2 && this.configuration.dictionary != null) {
            RuleResult foundInDictionary = foundInDictionary(passwordData);
            if (!foundInDictionary.isValid()) {
                return Optional.of(getValidationMessage(z, passwordValidator, false, foundInDictionary));
            }
        }
        RuleResult validate = passwordValidator.validate(passwordData);
        return validate.isValid() ? Optional.empty() : Optional.of(getValidationMessage(z, passwordValidator, z2, validate));
    }

    @Override // org.apache.cassandra.db.guardrails.ValueValidator
    public void validateParameters() throws ConfigurationException {
        this.configuration.validateParameters();
    }

    protected List<CharacterRule> getCharacterValidationRules(int i, int i2, int i3, int i4) {
        return Arrays.asList(new CharacterRule(new CustomUpperCaseCharacterData(), i), new CharacterRule(new CustomLowerCaseCharacterData(), i2), new CharacterRule(EnglishCharacterData.Digit, i3), new CharacterRule(specialCharacters, i4));
    }

    protected List<Rule> getRules(int i, int i2, int i3, int i4, List<CharacterRule> list) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new LengthRule(i, i2));
        CharacterCharacteristicsRule characterCharacteristicsRule = new CharacterCharacteristicsRule();
        characterCharacteristicsRule.setNumberOfCharacteristics(i3 + 1);
        characterCharacteristicsRule.getRules().addAll(list);
        arrayList.add(characterCharacteristicsRule);
        arrayList.add(new WhitespaceRule());
        Iterator<SequenceData> it = getSequenceData().iterator();
        while (it.hasNext()) {
            arrayList.add(new IllegalSequenceRule(it.next(), i4, false));
        }
        return arrayList;
    }

    private ValueValidator.ValidationViolation getValidationMessage(boolean z, PasswordValidator passwordValidator, boolean z2, RuleResult ruleResult) {
        HashSet hashSet = new HashSet();
        Iterator it = ruleResult.getDetails().iterator();
        while (it.hasNext()) {
            hashSet.add(((RuleResultDetail) it.next()).getErrorCode());
        }
        String obj = hashSet.toString();
        if (!z && !this.provideDetailedMessages) {
            return z2 ? new ValueValidator.ValidationViolation("Password was set, however it might not be strong enough according to the configured password strength policy.", obj) : new ValueValidator.ValidationViolation("Password was not set as it violated configured password strength policy. You may also use 'GENERATED PASSWORD' upon role creation or alteration.", obj);
        }
        String str = z2 ? "warning" : "error";
        StringBuilder sb = new StringBuilder();
        sb.append("Password was").append(z2 ? " set, however it might not be strong enough according to the configured password strength policy. " : " not set as it violated configured password strength policy. ").append("To fix this ").append(str).append(", the following has to be resolved: ");
        Iterator it2 = passwordValidator.getMessages(ruleResult).iterator();
        while (it2.hasNext()) {
            sb.append((String) it2.next()).append(' ');
        }
        sb.append("You may also use 'GENERATED PASSWORD' upon role creation or alteration.");
        return new ValueValidator.ValidationViolation(sb.toString(), obj);
    }

    @Override // org.apache.cassandra.db.guardrails.PasswordDictionaryAware
    public RuleResult foundInDictionary(String str) {
        return this.dictionaryRule == null ? VALID : this.dictionaryRule.validate(new PasswordData(str));
    }

    @Override // org.apache.cassandra.db.guardrails.PasswordDictionaryAware
    public RuleResult foundInDictionary(PasswordData passwordData) {
        return this.dictionaryRule == null ? VALID : this.dictionaryRule.validate(passwordData);
    }

    protected List<SequenceData> getSequenceData() {
        return List.of(EnglishSequenceData.Alphabetical, EnglishSequenceData.Numerical, EnglishSequenceData.USQwerty, CyrillicSequenceData.Alphabetical, CyrillicModernSequenceData.Alphabetical, CzechSequenceData.Alphabetical, GermanSequenceData.Alphabetical, PolishSequenceData.Alphabetical);
    }

    @Override // org.apache.cassandra.db.guardrails.PasswordDictionaryAware
    public DictionaryRule initializeDictionaryRule(CassandraPasswordConfiguration cassandraPasswordConfiguration) {
        if (cassandraPasswordConfiguration.dictionary == null) {
            return null;
        }
        try {
            return new DictionaryRule(new WordListDictionary(new FileWordList(new RandomAccessFile(cassandraPasswordConfiguration.dictionary, "r"), true, 100)));
        } catch (IOException e) {
            throw new ConfigurationException(e.getMessage());
        } catch (IllegalArgumentException e2) {
            if ("File is not sorted correctly for this comparator".equals(e2.getMessage())) {
                throw new ConfigurationException("Dictionary file " + cassandraPasswordConfiguration.dictionary + " is not correctly sorted for case-sensitive comparator according to String's compareTo contract.");
            }
            throw new ConfigurationException(e2.getMessage());
        }
    }
}
