package org.keycloak.example.kerberos;

import java.util.Hashtable;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.servlet.http.HttpServletRequest;
import org.ietf.jgss.GSSCredential;
import org.keycloak.common.util.KerberosSerializationUtils;
import org.keycloak.representations.AccessToken;

/* loaded from: input_file:WEB-INF/classes/org/keycloak/example/kerberos/GSSCredentialsClient.class */
public class GSSCredentialsClient {

    /* loaded from: input_file:WEB-INF/classes/org/keycloak/example/kerberos/GSSCredentialsClient$LDAPUser.class */
    public static class LDAPUser {
        private final String uid;
        private final String cn;
        private final String sn;

        public LDAPUser(String str, String str2, String str3) {
            this.uid = str;
            this.cn = str2;
            this.sn = str3;
        }

        public String getUid() {
            return this.uid;
        }

        public String getCn() {
            return this.cn;
        }

        public String getSn() {
            return this.sn;
        }
    }

    public static LDAPUser getUserFromLDAP(HttpServletRequest httpServletRequest) throws Exception {
        AccessToken token = httpServletRequest.getUserPrincipal().getKeycloakSecurityContext().getToken();
        String preferredUsername = token.getPreferredUsername();
        GSSCredential deserializeCredential = KerberosSerializationUtils.deserializeCredential((String) token.getOtherClaims().get("gss_delegation_credential"));
        try {
            invokeLdap(null, preferredUsername);
            throw new RuntimeException("Not expected to authenticate to LDAP without credential");
        } catch (NamingException e) {
            System.out.println("GSSCredentialsClient: Expected exception: " + e.getMessage());
            return invokeLdap(deserializeCredential, preferredUsername);
        }
    }

    private static LDAPUser invokeLdap(GSSCredential gSSCredential, String str) throws NamingException {
        Hashtable hashtable = new Hashtable(11);
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldap://localhost:10389");
        if (gSSCredential != null) {
            hashtable.put("java.naming.security.authentication", "GSSAPI");
            hashtable.put("javax.security.sasl.credentials", gSSCredential);
        }
        InitialDirContext initialDirContext = new InitialDirContext(hashtable);
        try {
            Attributes attributes = initialDirContext.getAttributes("uid=" + str + ",ou=People,dc=keycloak,dc=org");
            LDAPUser lDAPUser = new LDAPUser(str, (String) attributes.get("cn").get(), (String) attributes.get("sn").get());
            initialDirContext.close();
            return lDAPUser;
        } catch (Throwable th) {
            initialDirContext.close();
            throw th;
        }
    }
}
