package org.apereo.cas.config.pm;

import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties;
import org.apereo.cas.pm.PasswordHistoryService;
import org.apereo.cas.pm.PasswordManagementService;
import org.apereo.cas.pm.rest.RestPasswordManagementService;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.client.RestTemplate;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@Configuration(value = "restPasswordManagementConfiguration", proxyBeanMethods = false)
/* loaded from: input_file:org/apereo/cas/config/pm/RestPasswordManagementConfiguration.class */
public class RestPasswordManagementConfiguration {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(RestPasswordManagementConfiguration.class);

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("passwordManagementCipherExecutor")
    private ObjectProvider<CipherExecutor> passwordManagementCipherExecutor;

    @Autowired
    @Qualifier("passwordHistoryService")
    private ObjectProvider<PasswordHistoryService> passwordHistoryService;

    @RefreshScope
    @Autowired
    @Bean
    public PasswordManagementService passwordChangeService(RestTemplateBuilder restTemplateBuilder) {
        return new RestPasswordManagementService((CipherExecutor) this.passwordManagementCipherExecutor.getObject(), this.casProperties.getServer().getPrefix(), buildRestTemplateBuilder(restTemplateBuilder), this.casProperties.getAuthn().getPm(), (PasswordHistoryService) this.passwordHistoryService.getObject());
    }

    private RestTemplate buildRestTemplateBuilder(RestTemplateBuilder restTemplateBuilder) {
        PasswordManagementProperties.Rest rest = this.casProperties.getAuthn().getPm().getRest();
        String endpointUsername = rest.getEndpointUsername();
        String endpointPassword = rest.getEndpointPassword();
        if (StringUtils.isNotBlank(endpointUsername) && StringUtils.isNotBlank(endpointPassword)) {
            LOGGER.debug("Configuring basic authentication for password management via REST for [{}]", endpointUsername);
            return restTemplateBuilder.basicAuthentication(endpointUsername, endpointPassword).build();
        }
        LOGGER.warn("Basic authentication for password management via REST is turned off");
        return restTemplateBuilder.build();
    }
}
