package org.keycloak.testsuite.adapter.servlet;

import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.UUID;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.representations.AccessToken;

@WebServlet({"/client-linking"})
/* loaded from: input_file:org/keycloak/testsuite/adapter/servlet/ClientInitiatedAccountLinkServlet.class */
public class ClientInitiatedAccountLinkServlet extends HttpServlet {
    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletResponse.setHeader("Cache-Control", "no-cache");
        if (httpServletRequest.getRequestURI().endsWith("/link") && httpServletRequest.getParameter("response") == null) {
            String parameter = httpServletRequest.getParameter("provider");
            String parameter2 = httpServletRequest.getParameter("realm");
            AccessToken token = ((KeycloakSecurityContext) httpServletRequest.getAttribute(KeycloakSecurityContext.class.getName())).getToken();
            String issuedFor = token.getIssuedFor();
            String uuid = UUID.randomUUID().toString();
            try {
                String encode = Base64Url.encode(MessageDigest.getInstance("SHA-256").digest((uuid + token.getSessionState() + issuedFor + parameter).getBytes(StandardCharsets.UTF_8)));
                httpServletRequest.getSession().setAttribute("hash", encode);
                String uri = KeycloakUriBuilder.fromUri(ServletTestUtils.getAuthServerUrlBase()).path("/auth/realms/{realm}/broker/{provider}/link").queryParam("nonce", new Object[]{uuid}).queryParam("hash", new Object[]{encode}).queryParam("client_id", new Object[]{token.getIssuedFor()}).queryParam("redirect_uri", new Object[]{KeycloakUriBuilder.fromUri(httpServletRequest.getRequestURL().toString()).replaceQuery((String) null).queryParam("response", new Object[]{"true"}).build(new Object[0]).toString()}).build(new Object[]{parameter2, parameter}).toString();
                httpServletResponse.setStatus(302);
                httpServletResponse.setHeader("Location", uri);
                return;
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        }
        if (!httpServletRequest.getRequestURI().endsWith("/link") || httpServletRequest.getParameter("response") == null) {
            httpServletResponse.setStatus(200);
            httpServletResponse.setContentType("text/html");
            PrintWriter writer = httpServletResponse.getWriter();
            writer.printf("<html><head><title>%s</title></head><body>", "Client Linking");
            writer.println("Unknown request: " + httpServletRequest.getRequestURL().toString());
            writer.print("</body></html>");
            writer.flush();
            return;
        }
        httpServletResponse.setStatus(200);
        httpServletResponse.setContentType("text/html");
        PrintWriter writer2 = httpServletResponse.getWriter();
        writer2.printf("<html><head><title>%s</title></head><body>", "Client Linking");
        String parameter3 = httpServletRequest.getParameter("link_error");
        if (parameter3 != null) {
            writer2.println("Link error: " + parameter3);
        } else {
            writer2.println("Account Linked");
        }
        writer2.print("</body></html>");
        writer2.flush();
    }
}
