package com.hypersocket.password.policy;

import com.hypersocket.auth.AuthenticationService;
import com.hypersocket.auth.AuthenticationServiceListener;
import com.hypersocket.auth.AuthenticationState;
import com.hypersocket.auth.ChangePasswordTemplate;
import com.hypersocket.dashboard.OverviewWidget;
import com.hypersocket.dashboard.OverviewWidgetService;
import com.hypersocket.dashboard.OverviewWidgetServiceImpl;
import com.hypersocket.events.EventService;
import com.hypersocket.i18n.I18NService;
import com.hypersocket.json.input.DivField;
import com.hypersocket.json.input.FormTemplate;
import com.hypersocket.local.LocalRealmProviderImpl;
import com.hypersocket.password.history.PasswordHistroyService;
import com.hypersocket.password.policy.events.PasswordPolicyResourceCreatedEvent;
import com.hypersocket.password.policy.events.PasswordPolicyResourceDeletedEvent;
import com.hypersocket.password.policy.events.PasswordPolicyResourceEvent;
import com.hypersocket.password.policy.events.PasswordPolicyResourceUpdatedEvent;
import com.hypersocket.permissions.AccessDeniedException;
import com.hypersocket.permissions.PermissionCategory;
import com.hypersocket.permissions.PermissionService;
import com.hypersocket.permissions.Role;
import com.hypersocket.properties.EntityResourcePropertyStore;
import com.hypersocket.properties.PropertyCategory;
import com.hypersocket.properties.PropertyFilter;
import com.hypersocket.realm.Principal;
import com.hypersocket.realm.PrincipalProcessor;
import com.hypersocket.realm.Realm;
import com.hypersocket.realm.RealmAdapter;
import com.hypersocket.realm.RealmService;
import com.hypersocket.realm.UserPrincipal;
import com.hypersocket.repository.DeletedCriteria;
import com.hypersocket.resource.AbstractAssignableResourceRepository;
import com.hypersocket.resource.AbstractAssignableResourceServiceImpl;
import com.hypersocket.resource.RealmCriteria;
import com.hypersocket.resource.ResourceChangeException;
import com.hypersocket.resource.ResourceException;
import com.hypersocket.resource.ResourceNotFoundException;
import com.hypersocket.resource.SimpleResource;
import com.hypersocket.resource.TransactionOperation;
import com.hypersocket.utils.HypersocketUtils;
import edu.vt.middleware.password.DigitCharacterRule;
import edu.vt.middleware.password.LowercaseCharacterRule;
import edu.vt.middleware.password.NonAlphanumericCharacterRule;
import edu.vt.middleware.password.PasswordGenerator;
import edu.vt.middleware.password.UppercaseCharacterRule;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.annotation.PostConstruct;
import org.apache.commons.lang3.time.DateUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/hypersocket/password/policy/PasswordPolicyResourceServiceImpl.class */
public class PasswordPolicyResourceServiceImpl extends AbstractAssignableResourceServiceImpl<PasswordPolicyResource> implements PasswordPolicyResourceService, PrincipalProcessor, PolicyResolver {
    public static final String RESOURCE_BUNDLE = "PasswordPolicyResourceService";
    static Logger log = LoggerFactory.getLogger(PasswordPolicyResourceServiceImpl.class);

    @Autowired
    private PasswordPolicyResourceRepository repository;

    @Autowired
    private I18NService i18nService;

    @Autowired
    private PermissionService permissionService;

    @Autowired
    private EventService eventService;

    @Autowired
    private RealmService realmService;

    @Autowired
    private PasswordAnalyserService analyserService;

    @Autowired
    private PasswordHistroyService passwordHistoryService;

    @Autowired
    private AuthenticationService authenticationService;

    @Autowired
    private OverviewWidgetService overviewService;
    private Map<String, PolicyResolver> passwordPolicyResolvers;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/hypersocket/password/policy/PasswordPolicyResourceServiceImpl$PolicyNonAlphaNumericCharacterRule.class */
    public class PolicyNonAlphaNumericCharacterRule extends NonAlphanumericCharacterRule {
        String validSymbols;

        public PolicyNonAlphaNumericCharacterRule(int i, String str) {
            super(i);
            this.validSymbols = str;
        }

        public String getValidCharacters() {
            return this.validSymbols;
        }
    }

    public PasswordPolicyResourceServiceImpl() {
        super("passwordPolicy");
        this.passwordPolicyResolvers = new HashMap();
    }

    @PostConstruct
    private void postConstruct() {
        this.i18nService.registerBundle(RESOURCE_BUNDLE);
        PermissionCategory registerPermissionCategory = this.permissionService.registerPermissionCategory(RESOURCE_BUNDLE, "category.passwordPolicy");
        for (PasswordPolicyResourcePermission passwordPolicyResourcePermission : PasswordPolicyResourcePermission.values()) {
            this.permissionService.registerPermission(passwordPolicyResourcePermission, registerPermissionCategory);
        }
        this.repository.loadPropertyTemplates("passwordPolicyResourceTemplate.xml");
        this.eventService.registerEvent(PasswordPolicyResourceEvent.class, RESOURCE_BUNDLE);
        this.eventService.registerEvent(PasswordPolicyResourceCreatedEvent.class, RESOURCE_BUNDLE);
        this.eventService.registerEvent(PasswordPolicyResourceUpdatedEvent.class, RESOURCE_BUNDLE);
        this.eventService.registerEvent(PasswordPolicyResourceDeletedEvent.class, RESOURCE_BUNDLE);
        EntityResourcePropertyStore.registerResourceService(PasswordPolicyResource.class, this.repository);
        this.authenticationService.registerListener(new AuthenticationServiceListener() { // from class: com.hypersocket.password.policy.PasswordPolicyResourceServiceImpl.1
            @Override // com.hypersocket.auth.AuthenticationServiceListener
            public void modifyTemplate(AuthenticationState authenticationState, FormTemplate formTemplate, boolean z) {
                if (formTemplate instanceof ChangePasswordTemplate) {
                    formTemplate.getInputFields().add(new DivField("logonPasswordPolicyHolder", "${uiPath}/content/injectedPasswordPolicy.html"));
                }
            }
        });
        this.realmService.registerPrincipalProcessor(this);
        this.passwordPolicyResolvers.put(LocalRealmProviderImpl.REALM_RESOURCE_CATEGORY, this);
        this.realmService.registerRealmListener(new RealmAdapter() { // from class: com.hypersocket.password.policy.PasswordPolicyResourceServiceImpl.2
            @Override // com.hypersocket.realm.RealmAdapter, com.hypersocket.realm.RealmListener
            public void onCreateRealm(Realm realm) throws ResourceException {
                try {
                    PasswordPolicyResource passwordPolicyResource = new PasswordPolicyResource();
                    passwordPolicyResource.setContainDictionaryWord(false);
                    passwordPolicyResource.setContainUsername(false);
                    passwordPolicyResource.setAdditionalAnalysis(true);
                    passwordPolicyResource.setDN("LocalUserDefaultPolicy");
                    passwordPolicyResource.setMaximumAge(0);
                    passwordPolicyResource.setMaximumLength(64);
                    passwordPolicyResource.setMinimumAge(0);
                    passwordPolicyResource.setMinimumCriteriaMatches(4);
                    passwordPolicyResource.setMinimumDigits(1);
                    passwordPolicyResource.setMinimumLower(1);
                    passwordPolicyResource.setMinimumSymbol(1);
                    passwordPolicyResource.setMinimumUpper(1);
                    passwordPolicyResource.setMinimumLength(8);
                    passwordPolicyResource.setName("Local Account Default Policy");
                    passwordPolicyResource.setPasswordHistory(0);
                    passwordPolicyResource.setPriority(Integer.MAX_VALUE);
                    passwordPolicyResource.setProvider(LocalRealmProviderImpl.REALM_RESOURCE_CATEGORY);
                    passwordPolicyResource.setRealm(realm);
                    passwordPolicyResource.setSystem(true);
                    passwordPolicyResource.setAllowEdit(true);
                    passwordPolicyResource.setDefaultPolicy(true);
                    passwordPolicyResource.setValidSymbols("?!@#$%&");
                    PasswordPolicyResourceServiceImpl.this.createResource((PasswordPolicyResourceServiceImpl) passwordPolicyResource, (Map<String, String>) new HashMap(), (TransactionOperation<PasswordPolicyResourceServiceImpl>[]) new TransactionOperation[0]);
                    PasswordPolicyResourceServiceImpl.this.permissionService.grantPermission(PasswordPolicyResourceServiceImpl.this.permissionService.getRole(PermissionService.ROLE_EVERYONE, realm), PasswordPolicyResourceServiceImpl.this.permissionService.getPermission(PasswordPolicyResourcePermission.VIEW.getResourceKey()));
                } catch (AccessDeniedException e) {
                    throw new IllegalStateException(e.getMessage(), e);
                }
            }

            @Override // com.hypersocket.realm.RealmAdapter, com.hypersocket.realm.RealmListener
            public boolean hasCreatedDefaultResources(Realm realm) {
                return PasswordPolicyResourceServiceImpl.this.repository.getPolicyByDN("LocalUserDefaultPolicy", realm) != null;
            }
        });
        this.overviewService.registerWidget(OverviewWidgetServiceImpl.USERDASH, new OverviewWidget(true, 9999, "myPassword.title", "passwordInformation", false, false) { // from class: com.hypersocket.password.policy.PasswordPolicyResourceServiceImpl.3
            @Override // com.hypersocket.dashboard.OverviewWidget
            public boolean hasContent() {
                return PasswordPolicyResourceServiceImpl.this.realmService.canChangePassword(PasswordPolicyResourceServiceImpl.this.getCurrentPrincipal());
            }
        });
    }

    @Override // com.hypersocket.password.policy.PasswordPolicyResourceService
    public void registerPolicyResolver(String str, PolicyResolver policyResolver) {
        this.passwordPolicyResolvers.put(str, policyResolver);
    }

    @Override // com.hypersocket.resource.AbstractAssignableResourceServiceImpl
    protected AbstractAssignableResourceRepository<PasswordPolicyResource> getRepository() {
        return this.repository;
    }

    @Override // com.hypersocket.resource.AbstractAssignableResourceServiceImpl
    protected String getResourceBundle() {
        return RESOURCE_BUNDLE;
    }

    @Override // com.hypersocket.resource.AbstractAssignableResourceServiceImpl
    public Class<?> getPermissionType() {
        return PasswordPolicyResourcePermission.class;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hypersocket.resource.AbstractAssignableResourceServiceImpl
    public void fireResourceCreationEvent(PasswordPolicyResource passwordPolicyResource) {
        this.eventService.publishEvent(new PasswordPolicyResourceCreatedEvent(this, getCurrentSession(), passwordPolicyResource));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hypersocket.resource.AbstractAssignableResourceServiceImpl
    public void fireResourceCreationEvent(PasswordPolicyResource passwordPolicyResource, Throwable th) {
        this.eventService.publishEvent(new PasswordPolicyResourceCreatedEvent(this, passwordPolicyResource, th, getCurrentSession()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hypersocket.resource.AbstractAssignableResourceServiceImpl
    public void fireResourceUpdateEvent(PasswordPolicyResource passwordPolicyResource) {
        this.eventService.publishEvent(new PasswordPolicyResourceUpdatedEvent(this, getCurrentSession(), passwordPolicyResource));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hypersocket.resource.AbstractAssignableResourceServiceImpl
    public void fireResourceUpdateEvent(PasswordPolicyResource passwordPolicyResource, Throwable th) {
        this.eventService.publishEvent(new PasswordPolicyResourceUpdatedEvent(this, passwordPolicyResource, th, getCurrentSession()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hypersocket.resource.AbstractAssignableResourceServiceImpl
    public void fireResourceDeletionEvent(PasswordPolicyResource passwordPolicyResource) {
        this.eventService.publishEvent(new PasswordPolicyResourceDeletedEvent(this, getCurrentSession(), passwordPolicyResource));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hypersocket.resource.AbstractAssignableResourceServiceImpl
    public void fireResourceDeletionEvent(PasswordPolicyResource passwordPolicyResource, Throwable th) {
        this.eventService.publishEvent(new PasswordPolicyResourceDeletedEvent(this, passwordPolicyResource, th, getCurrentSession()));
    }

    @Override // com.hypersocket.password.policy.PasswordPolicyResourceService
    public PasswordPolicyResource updateResource(PasswordPolicyResource passwordPolicyResource, String str, Set<Role> set, Map<String, String> map) throws AccessDeniedException, ResourceException {
        passwordPolicyResource.setName(str);
        updateResource((PasswordPolicyResourceServiceImpl) passwordPolicyResource, set, map, (TransactionOperation<PasswordPolicyResourceServiceImpl>[]) new TransactionOperation[0]);
        return passwordPolicyResource;
    }

    @Override // com.hypersocket.password.policy.PasswordPolicyResourceService
    public PasswordPolicyResource createResource(String str, Set<Role> set, Realm realm, Map<String, String> map) throws AccessDeniedException, ResourceException {
        PasswordPolicyResource passwordPolicyResource = new PasswordPolicyResource();
        passwordPolicyResource.setName(str);
        passwordPolicyResource.setRealm(realm);
        passwordPolicyResource.setRoles(set);
        createResource((PasswordPolicyResourceServiceImpl) passwordPolicyResource, map, (TransactionOperation<PasswordPolicyResourceServiceImpl>[]) new TransactionOperation[0]);
        return passwordPolicyResource;
    }

    @Override // com.hypersocket.password.policy.PasswordPolicyResourceService
    public Collection<PropertyCategory> getPropertyTemplate(PasswordPolicyResource passwordPolicyResource) throws AccessDeniedException {
        assertPermission(PasswordPolicyResourcePermission.READ);
        return this.repository.getPropertyCategories(passwordPolicyResource, new PropertyFilter[0]);
    }

    @Override // com.hypersocket.password.policy.PasswordPolicyResourceService
    public Collection<PropertyCategory> getPropertyTemplate() throws AccessDeniedException {
        assertPermission(PasswordPolicyResourcePermission.READ);
        return this.repository.getPropertyCategories((SimpleResource) null, new PropertyFilter[0]);
    }

    @Override // com.hypersocket.resource.AbstractAssignableResourceServiceImpl
    protected Class<PasswordPolicyResource> getResourceClass() {
        return PasswordPolicyResource.class;
    }

    @Override // com.hypersocket.realm.PrincipalProcessor
    public void beforeChangePassword(Principal principal, String str, String str2) throws ResourceException {
        if (!this.realmService.canChangePassword(principal)) {
            throw new ResourceChangeException(RESOURCE_BUNDLE, "error.cannotChangePassword", new Object[0]);
        }
        checkPassword(principal, str, false);
    }

    private void checkPassword(Principal principal, String str, boolean z) throws ResourceException {
        try {
            PasswordPolicyResource resolvePolicy = resolvePolicy(principal);
            if (resolvePolicy.getMinimumAge().intValue() > 0 && !z) {
                UserPrincipal userPrincipal = (UserPrincipal) principal;
                if (userPrincipal.getLastPasswordChange() != null) {
                    Date addDays = DateUtils.addDays(userPrincipal.getLastPasswordChange(), resolvePolicy.getMinimumAge().intValue());
                    if (new Date().before(addDays)) {
                        throw new ResourceChangeException(RESOURCE_BUNDLE, "error.passwordPolicy.tooSoon", HypersocketUtils.formatDate(addDays, "HH:mm dd MMM yyyy"));
                    }
                }
            }
            if (resolvePolicy.getPasswordHistory().intValue() > 0 && !this.passwordHistoryService.checkPassword(principal, str, resolvePolicy.getPasswordHistory().intValue())) {
                throw new ResourceChangeException(RESOURCE_BUNDLE, "error.passwordHistoryViolation", resolvePolicy.getPasswordHistory());
            }
            validatePassword(principal.getPrincipalName(), resolvePolicy, str);
        } catch (ResourceNotFoundException e) {
            log.info(String.format("No password policy found for %s", principal.getPrincipalName()));
        }
    }

    private void validatePassword(String str, PasswordPolicyResource passwordPolicyResource, String str2) throws ResourceException {
        try {
            this.analyserService.analyse(getCurrentLocale(), str, str2.toCharArray(), passwordPolicyResource);
        } catch (PasswordPolicyException e) {
            switch (e.getType()) {
                case containsDictionaryWords:
                    throw new ResourceChangeException(RESOURCE_BUNDLE, "error.passwordPolicy.containsDictionaryWords", new Object[0]);
                case containsUsername:
                    throw new ResourceChangeException(RESOURCE_BUNDLE, "error.passwordPolicy.containsUsername", new Object[0]);
                case doesNotMatchComplexity:
                    throw new ResourceChangeException(RESOURCE_BUNDLE, "error.passwordPolicy.doesNotMatchComplexity", new Object[0]);
                case notEnoughDigits:
                    throw new ResourceChangeException(RESOURCE_BUNDLE, "error.passwordPolicy.notEnoughDigits", new Object[0]);
                case notEnoughLowerCase:
                    throw new ResourceChangeException(RESOURCE_BUNDLE, "error.passwordPolicy.notEnoughLowerCase", new Object[0]);
                case notEnoughSymbols:
                    throw new ResourceChangeException(RESOURCE_BUNDLE, "error.passwordPolicy.notEnoughSymbols", new Object[0]);
                case notEnoughUpperCase:
                    throw new ResourceChangeException(RESOURCE_BUNDLE, "error.passwordPolicy.notEnoughUpperCase", new Object[0]);
                case tooLong:
                    throw new ResourceChangeException(RESOURCE_BUNDLE, "error.passwordPolicy.tooLong", new Object[0]);
                case tooShort:
                    throw new ResourceChangeException(RESOURCE_BUNDLE, "error.passwordPolicy.tooShort", new Object[0]);
                default:
                    throw new ResourceChangeException(RESOURCE_BUNDLE, "error.passwordPolicy", new Object[0]);
            }
        } catch (IOException e2) {
            throw new ResourceChangeException(RESOURCE_BUNDLE, "error.passwordPolicy.error", new Object[0]);
        }
    }

    @Override // com.hypersocket.realm.PrincipalProcessor
    public void beforeUpdate(Principal principal, Map<String, String> map) throws ResourceException {
    }

    @Override // com.hypersocket.realm.PrincipalProcessor
    public void afterUpdate(Principal principal, Map<String, String> map) throws ResourceException {
    }

    @Override // com.hypersocket.realm.PrincipalProcessor
    public void beforeCreate(Realm realm, String str, String str2, Map<String, String> map) throws ResourceException {
    }

    @Override // com.hypersocket.realm.PrincipalProcessor
    public void afterCreate(Principal principal, String str, Map<String, String> map) throws ResourceException {
        this.passwordHistoryService.recordPassword(principal, str);
    }

    @Override // com.hypersocket.realm.PrincipalProcessor
    public void afterChangePassword(Principal principal, String str, String str2) throws ResourceException {
        this.passwordHistoryService.recordPassword(principal, str);
    }

    @Override // com.hypersocket.realm.PrincipalProcessor
    public void beforeSetPassword(Principal principal, String str) throws ResourceException {
        checkPassword(principal, str, true);
    }

    @Override // com.hypersocket.realm.PrincipalProcessor
    public void afterSetPassword(Principal principal, String str) throws ResourceException {
    }

    @Override // com.hypersocket.password.policy.PasswordPolicyResourceService
    public PasswordPolicyResource resolvePolicy(Principal principal) throws ResourceNotFoundException {
        Collection<PasswordPolicyResource> personalResources = getPersonalResources(principal);
        if (personalResources.isEmpty()) {
            PasswordPolicyResource resolvePrincipalPasswordPolicy = this.passwordPolicyResolvers.containsKey(principal.getRealmModule()) ? this.passwordPolicyResolvers.get(principal.getRealmModule()).resolvePrincipalPasswordPolicy(principal) : null;
            if (resolvePrincipalPasswordPolicy == null) {
                throw new ResourceNotFoundException(RESOURCE_BUNDLE, "error.noPolicyAssigned", principal.getPrincipalName());
            }
            return resolvePrincipalPasswordPolicy;
        }
        PasswordPolicyResource passwordPolicyResource = null;
        for (PasswordPolicyResource passwordPolicyResource2 : personalResources) {
            if (passwordPolicyResource == null || passwordPolicyResource2.getPriority().intValue() < passwordPolicyResource.getPriority().intValue()) {
                passwordPolicyResource = passwordPolicyResource2;
            }
        }
        return passwordPolicyResource;
    }

    @Override // com.hypersocket.password.policy.PolicyResolver
    public PasswordPolicyResource resolvePrincipalPasswordPolicy(Principal principal) {
        return this.repository.getPolicyByDN("LocalUserDefaultPolicy", principal.getRealm());
    }

    @Override // com.hypersocket.password.policy.PasswordPolicyResourceService
    public PasswordPolicyResource getPolicyByDN(String str, Realm realm) {
        return this.repository.getPolicyByDN(str, realm);
    }

    @Override // com.hypersocket.password.policy.PasswordPolicyResourceService, com.hypersocket.password.policy.PolicyResolver
    public PasswordPolicyResource getDefaultPasswordPolicy(Realm realm) {
        return getDefaultPolicy(realm, realm.getResourceCategory());
    }

    @Override // com.hypersocket.password.policy.PasswordPolicyResourceService
    public PasswordPolicyResource getDefaultPolicy(Realm realm, String str) {
        return this.repository.getDefaultPolicyByModule(realm, str);
    }

    @Override // com.hypersocket.password.policy.PasswordPolicyResourceService
    public Collection<PasswordPolicyResource> getPoliciesByGroup(Principal principal) {
        return Collections.emptyList();
    }

    @Override // com.hypersocket.password.policy.PasswordPolicyResourceService
    public String generatePassword(PasswordPolicyResource passwordPolicyResource) {
        return generatePassword(passwordPolicyResource, passwordPolicyResource.getMinimumLength().intValue());
    }

    @Override // com.hypersocket.password.policy.PasswordPolicyResourceService
    public String generatePassword(PasswordPolicyResource passwordPolicyResource, int i) {
        PasswordGenerator passwordGenerator = new PasswordGenerator();
        ArrayList arrayList = new ArrayList();
        int intValue = passwordPolicyResource.getMinimumDigits().intValue();
        int intValue2 = passwordPolicyResource.getMinimumLower().intValue();
        int intValue3 = passwordPolicyResource.getMinimumUpper().intValue();
        int intValue4 = passwordPolicyResource.getMinimumSymbol().intValue();
        if (intValue < 1 && intValue2 < 1 && intValue3 < 1 && intValue4 < 1) {
            arrayList.add(new DigitCharacterRule(1));
            arrayList.add(new LowercaseCharacterRule(1));
            arrayList.add(new UppercaseCharacterRule(1));
            arrayList.add(new PolicyNonAlphaNumericCharacterRule(1, passwordPolicyResource.getValidSymbols()));
        }
        if (intValue > 0) {
            arrayList.add(new DigitCharacterRule(intValue));
        }
        if (intValue2 > 0) {
            arrayList.add(new LowercaseCharacterRule(intValue2));
        }
        if (intValue3 > 0) {
            arrayList.add(new UppercaseCharacterRule(intValue3));
        }
        if (intValue4 > 0) {
            arrayList.add(new PolicyNonAlphaNumericCharacterRule(intValue4, passwordPolicyResource.getValidSymbols()));
        }
        int i2 = intValue + intValue2 + intValue4 + intValue3;
        if (i == 0) {
            i = i2;
        }
        if (i == 0) {
            i = passwordPolicyResource.getMinimumLength().intValue();
        }
        if (i == 0) {
            i = 10;
        }
        if (passwordPolicyResource.getMaximumLength().intValue() != 0 && i > passwordPolicyResource.getMaximumLength().intValue()) {
            i = passwordPolicyResource.getMaximumLength().intValue();
        }
        if (passwordPolicyResource.getMinimumLength().intValue() > 0 && i < passwordPolicyResource.getMinimumLength().intValue()) {
            i = passwordPolicyResource.getMinimumLength().intValue();
        }
        if (i < 4) {
            i = 4;
        }
        if (i < i2) {
            i = i2;
        }
        return passwordGenerator.generatePassword(i, arrayList);
    }

    @Override // com.hypersocket.password.policy.PasswordPolicyResourceService
    public void deleteRealm(Realm realm) {
        this.repository.deleteRealm(realm);
    }

    @Override // com.hypersocket.password.policy.PasswordPolicyResourceService
    public PasswordPolicyResource getLocalPolicy(Realm realm) {
        return getDefaultPolicy(realm, LocalRealmProviderImpl.REALM_RESOURCE_CATEGORY);
    }

    @Override // com.hypersocket.password.policy.PasswordPolicyResourceService
    public Iterator<PasswordPolicyResource> iterate(Realm realm) {
        return this.repository.iterate(PasswordPolicyResource.class, null, new RealmCriteria(realm), new DeletedCriteria(false));
    }

    @Override // com.hypersocket.password.policy.PasswordPolicyResourceService
    public PasswordPolicyResource getResourceByIdForViewOnly(Long l) throws ResourceNotFoundException, AccessDeniedException {
        PasswordPolicyResource resourceById = getRepository().getResourceById(l);
        if (resourceById == null) {
            throw new ResourceNotFoundException(getResourceBundle(), "error.invalidResourceId", l);
        }
        assertPrincipalAssignment(resourceById, PasswordPolicyResourcePermission.VIEW);
        return resourceById;
    }
}
