package org.passay;

import java.io.IOException;
import java.io.InputStreamReader;
import java.io.LineNumberReader;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.util.Collections;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.cryptacular.codec.HexEncoder;
import org.cryptacular.util.CodecUtil;
import org.cryptacular.util.HashUtil;
import org.passay.RuleResultMetadata;

/* loaded from: input_file:dependencies/passay-1.6.4.jar:org/passay/HaveIBeenPwnedRule.class */
public class HaveIBeenPwnedRule implements Rule {
    public static final String ERROR_CODE = "EXPOSED_HAVEIBEENPWNED";
    public static final String IO_ERROR_CODE = "IO_ERROR_HAVEIBEENPWNED";
    private static final String DEFAULT_URL = "https://api.pwnedpasswords.com/range/";
    private static final int PREFIX_LENGTH = 5;
    private static final Duration DEFAULT_CONNECT_TIMEOUT = Duration.ofSeconds(5);
    private static final Duration DEFAULT_READ_TIMEOUT = Duration.ofSeconds(30);
    private final String applicationName;
    private URL apiUrl;
    private boolean allowExposed;
    private Duration connectTimeout;
    private Duration readTimeout;
    private boolean allowOnException;

    public HaveIBeenPwnedRule(String str) {
        this(str, DEFAULT_URL);
    }

    public HaveIBeenPwnedRule(String str, String str2) {
        this.connectTimeout = DEFAULT_CONNECT_TIMEOUT;
        this.readTimeout = DEFAULT_READ_TIMEOUT;
        if (str == null) {
            throw new IllegalArgumentException("appName cannot be null");
        }
        this.applicationName = str;
        if (!str2.endsWith("/")) {
            throw new IllegalArgumentException("address must end with '/'");
        }
        try {
            this.apiUrl = new URL(str2);
        } catch (MalformedURLException e) {
            throw new IllegalArgumentException(e);
        }
    }

    public void setAllowExposed(boolean z) {
        this.allowExposed = z;
    }

    public void setConnectTimeout(Duration duration) {
        this.connectTimeout = duration;
    }

    public void setReadTimeout(Duration duration) {
        this.readTimeout = duration;
    }

    public void setAllowOnException(boolean z) {
        this.allowOnException = z;
    }

    @Override // org.passay.Rule
    public RuleResult validate(PasswordData passwordData) {
        String hexDigest = getHexDigest(passwordData);
        try {
            LineNumberReader openApiConnectionForRange = openApiConnectionForRange(hexDigest.substring(0, 5));
            Throwable th = null;
            try {
                try {
                    RuleResult searchResponse = searchResponse(hexDigest, openApiConnectionForRange);
                    if (openApiConnectionForRange != null) {
                        if (0 != 0) {
                            try {
                                openApiConnectionForRange.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            openApiConnectionForRange.close();
                        }
                    }
                    return searchResponse;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            return new RuleResult(this.allowOnException, new RuleResultDetail(IO_ERROR_CODE, (Map<String, Object>) Collections.singletonMap("url", this.apiUrl)));
        }
    }

    private RuleResult searchResponse(String str, LineNumberReader lineNumberReader) throws IOException {
        Matcher matcher;
        Pattern compile = Pattern.compile("^(" + str.substring(5) + "):(\\d+)\\s*$");
        do {
            String readLine = lineNumberReader.readLine();
            if (readLine == null) {
                return new RuleResult(true);
            }
            matcher = compile.matcher(readLine);
        } while (!matcher.matches());
        int parseInt = Integer.parseInt(matcher.group(2));
        return new RuleResult(this.allowExposed, new RuleResultDetail(ERROR_CODE, (Map<String, Object>) Collections.singletonMap("count", Integer.valueOf(parseInt))), new RuleResultMetadata(RuleResultMetadata.CountCategory.Pwned, parseInt));
    }

    private static String getHexDigest(PasswordData passwordData) {
        return CodecUtil.encode(new HexEncoder(false, true), HashUtil.sha1(new Object[]{passwordData.getPassword().getBytes(Charset.defaultCharset())}));
    }

    private LineNumberReader openApiConnectionForRange(String str) throws IOException {
        URLConnection openConnection = new URL(this.apiUrl, str).openConnection();
        openConnection.setRequestProperty("User-Agent", this.applicationName);
        if (this.connectTimeout != null) {
            openConnection.setConnectTimeout((int) this.connectTimeout.toMillis());
        }
        if (this.readTimeout != null) {
            openConnection.setReadTimeout((int) this.readTimeout.toMillis());
        }
        openConnection.connect();
        return new LineNumberReader(new InputStreamReader(openConnection.getInputStream(), StandardCharsets.UTF_8));
    }
}
