package org.keycloak.testsuite.adapter.servlet;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Hashtable;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import org.ietf.jgss.GSSCredential;
import org.keycloak.common.util.KerberosSerializationUtils;

/* loaded from: input_file:org/keycloak/testsuite/adapter/servlet/KerberosCredDelegServlet.class */
public class KerberosCredDelegServlet extends HttpServlet {
    public static final String CRED_DELEG_TEST_PATH = "/cred-deleg-test";

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String str = null;
        if (httpServletRequest.getRequestURI().endsWith(CRED_DELEG_TEST_PATH)) {
            try {
                GSSCredential deserializeCredential = KerberosSerializationUtils.deserializeCredential((String) httpServletRequest.getUserPrincipal().getKeycloakSecurityContext().getToken().getOtherClaims().get("gss_delegation_credential"));
                try {
                    invokeLdap(null);
                    throw new RuntimeException("Not expected to authenticate to LDAP without credential");
                } catch (NamingException e) {
                    System.out.println("Expected exception: " + e.getMessage());
                    str = invokeLdap(deserializeCredential);
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                httpServletResponse.sendError(500);
            } catch (KerberosSerializationUtils.KerberosSerializationException e3) {
                System.err.println("KerberosSerializationUtils.KerberosSerializationException: " + e3.getMessage());
                str = "ERROR";
            }
        }
        httpServletResponse.setContentType("text/html");
        PrintWriter writer = httpServletResponse.getWriter();
        writer.printf("<html><head><title>%s</title></head><body>", "Kerberos Test");
        writer.printf("Kerberos servlet secured content<br>", new Object[0]);
        if (str != null) {
            writer.printf("LDAP Data: " + str + "<br>", new Object[0]);
        }
        writer.print("</body></html>");
        writer.flush();
    }

    private String invokeLdap(GSSCredential gSSCredential) throws NamingException {
        Hashtable hashtable = new Hashtable(11);
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldap://localhost:10389");
        if (gSSCredential != null) {
            hashtable.put("java.naming.security.authentication", "GSSAPI");
            hashtable.put("javax.security.sasl.credentials", gSSCredential);
        }
        InitialDirContext initialDirContext = new InitialDirContext(hashtable);
        try {
            Attributes attributes = initialDirContext.getAttributes("uid=hnelson,ou=People,dc=keycloak,dc=org");
            String str = ((String) attributes.get("cn").get()) + " " + ((String) attributes.get("sn").get());
            initialDirContext.close();
            return str;
        } catch (Throwable th) {
            initialDirContext.close();
            throw th;
        }
    }
}
