package org.apereo.cas.pm.impl;

import java.net.URL;
import java.nio.charset.StandardCharsets;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.pm.ResetPasswordManagementProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.pm.PasswordManagementQuery;
import org.apereo.cas.pm.PasswordManagementService;
import org.apereo.cas.pm.PasswordResetUrlBuilder;
import org.apereo.cas.ticket.ExpirationPolicy;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.TransientSessionTicket;
import org.apereo.cas.ticket.TransientSessionTicketFactory;
import org.apereo.cas.ticket.expiration.HardTimeoutExpirationPolicy;
import org.apereo.cas.ticket.expiration.MultiTimeUseOrTimeoutExpirationPolicy;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.util.UriUtils;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-pm-core-6.6.11.jar:org/apereo/cas/pm/impl/DefaultPasswordResetUrlBuilder.class */
public class DefaultPasswordResetUrlBuilder implements PasswordResetUrlBuilder {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultPasswordResetUrlBuilder.class);
    protected final PasswordManagementService passwordManagementService;
    protected final TicketRegistry ticketRegistry;
    protected final TicketFactory ticketFactory;
    protected final CasConfigurationProperties casProperties;

    /* JADX WARN: Type inference failed for: r0v1, types: [org.apereo.cas.pm.PasswordManagementQuery$PasswordManagementQueryBuilder] */
    @Override // org.apereo.cas.pm.PasswordResetUrlBuilder
    public URL build(String str, WebApplicationService webApplicationService) throws Exception {
        PasswordManagementQuery build = PasswordManagementQuery.builder().username(str).build();
        LOGGER.debug("Creating password reset URL designed for [{}]", str);
        String createToken = this.passwordManagementService.createToken(build);
        if (!StringUtils.isNotBlank(createToken)) {
            LOGGER.error("Could not create password reset url since no reset token could be generated");
            return null;
        }
        TransientSessionTicket create = ((TransientSessionTicketFactory) this.ticketFactory.get(TransientSessionTicket.class)).create(webApplicationService, CollectionUtils.wrap("token", createToken, ExpirationPolicy.class.getName(), computeExpirationPolicy()));
        this.ticketRegistry.addTicket(create);
        StringBuilder append = new StringBuilder(this.casProperties.getServer().getPrefix()).append('/').append("login").append('?').append(PasswordManagementService.PARAMETER_PASSWORD_RESET_TOKEN).append('=').append(create.getId());
        if (webApplicationService != null) {
            append.append('&').append("service").append('=').append(UriUtils.encode(webApplicationService.getOriginalUrl(), StandardCharsets.UTF_8));
        }
        String sb = append.toString();
        LOGGER.debug("Final password reset URL designed for [{}] is [{}]", str, sb);
        return new URL(sb);
    }

    protected ExpirationPolicy computeExpirationPolicy() {
        ResetPasswordManagementProperties reset = this.casProperties.getAuthn().getPm().getReset();
        int numberOfUses = reset.getNumberOfUses();
        long seconds = Beans.newDuration(reset.getExpiration()).toSeconds();
        if (numberOfUses >= 1) {
            LOGGER.debug("Password reset URL shall expire after [{}] uses and [{}] second(s)", Integer.valueOf(numberOfUses), Long.valueOf(seconds));
            return new MultiTimeUseOrTimeoutExpirationPolicy(numberOfUses, seconds);
        }
        LOGGER.debug("Password reset URL shall expire in [{}] second(s)", Long.valueOf(seconds));
        return HardTimeoutExpirationPolicy.builder().timeToKillInSeconds(seconds).build();
    }

    @Generated
    public DefaultPasswordResetUrlBuilder(PasswordManagementService passwordManagementService, TicketRegistry ticketRegistry, TicketFactory ticketFactory, CasConfigurationProperties casConfigurationProperties) {
        this.passwordManagementService = passwordManagementService;
        this.ticketRegistry = ticketRegistry;
        this.ticketFactory = ticketFactory;
        this.casProperties = casConfigurationProperties;
    }
}
