package org.codehaus.plexus.security.ui.web.action;

import com.opensymphony.webwork.components.Password;
import com.opensymphony.xwork.Action;
import java.util.Iterator;
import org.codehaus.plexus.security.policy.PasswordEncoder;
import org.codehaus.plexus.security.policy.PasswordRuleViolationException;
import org.codehaus.plexus.security.policy.PasswordRuleViolations;
import org.codehaus.plexus.security.system.SecuritySession;
import org.codehaus.plexus.security.system.SecuritySystem;
import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
import org.codehaus.plexus.security.user.User;
import org.codehaus.plexus.security.user.UserNotFoundException;
import org.codehaus.plexus.util.StringUtils;
import org.codehaus.plexus.util.xml.pull.XmlPullParser;

/* loaded from: input_file:WEB-INF/lib/plexus-security-ui-web-integration-1.0-alpha-5.jar:org/codehaus/plexus/security/ui/web/action/PasswordAction.class */
public class PasswordAction extends AbstractAuthenticationAction {
    protected SecuritySystem securitySystem;
    private String existingPassword;
    private String newPassword;
    private String newPasswordConfirm;
    private boolean provideExisting;

    public String show() {
        SecuritySession securitySession = getSecuritySession();
        if (securitySession == null || securitySession.getUser() == null || !securitySession.isAuthenticated()) {
            addActionError("Change Password only available to authenticated users.");
            return "requires-authentication";
        }
        this.provideExisting = StringUtils.isNotEmpty(securitySession.getUser().getEncodedPassword());
        return Action.INPUT;
    }

    public String submit() {
        SecuritySession securitySession = getSecuritySession();
        if (securitySession == null || securitySession.getUser() == null || !securitySession.isAuthenticated()) {
            addActionError("Change Password only available to authenticated users.");
            return "requires-authentication";
        }
        this.provideExisting = StringUtils.isNotEmpty(securitySession.getUser().getEncodedPassword());
        if (this.provideExisting && StringUtils.isEmpty(this.existingPassword)) {
            addFieldError("existingPassword", "Existing Password cannot be empty.");
        }
        if (StringUtils.isEmpty(this.newPassword)) {
            addFieldError("newPassword", "New Password cannot be empty.");
        }
        if (StringUtils.equals(this.newPassword, this.newPasswordConfirm)) {
            addFieldError("existingPassword", "Password confirmation failed.  Passwords do not match.");
        }
        User user = securitySession.getUser();
        try {
            this.securitySystem.getPolicy().validatePassword(user);
        } catch (PasswordRuleViolationException e) {
            PasswordRuleViolations violations = e.getViolations();
            if (violations != null) {
                Iterator it = violations.getLocalizedViolations().iterator();
                while (it.hasNext()) {
                    addFieldError(Password.TEMPLATE, (String) it.next());
                }
            }
        }
        PasswordEncoder passwordEncoder = this.securitySystem.getPolicy().getPasswordEncoder();
        if (this.provideExisting) {
            if (passwordEncoder.isPasswordValid(user.getEncodedPassword(), passwordEncoder.encodePassword(this.existingPassword))) {
                addFieldError("existingPassword", "Password does not match existing.");
            }
        }
        if (hasActionErrors() || hasFieldErrors() || hasActionMessages()) {
            this.newPassword = XmlPullParser.NO_NAMESPACE;
            this.newPasswordConfirm = XmlPullParser.NO_NAMESPACE;
            this.existingPassword = XmlPullParser.NO_NAMESPACE;
            return Action.ERROR;
        }
        try {
            user.setEncodedPassword(passwordEncoder.encodePassword(this.newPassword));
            this.securitySystem.getUserManager().updateUser(user);
            getLogger().info("Password Change Request Success.");
            return "security-login-success";
        } catch (UserNotFoundException e2) {
            addActionError(new StringBuffer().append("Unable to update user '").append(user.getUsername()).append("' not found.").toString());
            addActionError("Likely occurs because an Administrator deleted your account.");
            return Action.ERROR;
        }
    }

    public String getExistingPassword() {
        return this.existingPassword;
    }

    public void setExistingPassword(String str) {
        this.existingPassword = str;
    }

    public String getNewPassword() {
        return this.newPassword;
    }

    public void setNewPassword(String str) {
        this.newPassword = str;
    }

    public String getNewPasswordConfirm() {
        return this.newPasswordConfirm;
    }

    public void setNewPasswordConfirm(String str) {
        this.newPasswordConfirm = str;
    }

    public boolean isProvideExisting() {
        return this.provideExisting;
    }

    public void setProvideExisting(boolean z) {
    }

    @Override // org.codehaus.plexus.security.ui.web.action.AbstractSecurityAction
    public SecureActionBundle initSecureActionBundle() throws SecureActionException {
        return SecureActionBundle.AUTHONLY;
    }
}
