My suggestion would be to NOT try and do this with a single regex. I'd personally write several methods, each which does a specific
test. If your password requirements change in a week or a year and you have one regex, you have to basically start over. However, if you have 12 methods that each do one thing, it is much easier.
So, I'd have a methods that:
checks to be sure it is at least 8 charschecks to be sure it is no more than 12 charschecks to be sure it has at least one lowercase letteretc..
Notice that by breaking it out this way, each piece is almost trivial to write. Then you have one encompassing method that calls each of these. When you password requirements change, it will be a piece of cake to come back and update your code.