package io.quarkiverse.kerberos.test.utils;

import io.netty.handler.codec.http.HttpHeaderNames;
import io.restassured.RestAssured;
import io.restassured.response.ValidatableResponse;
import java.nio.charset.StandardCharsets;
import java.security.PrivilegedExceptionAction;
import java.util.Base64;
import javax.security.auth.Subject;
import org.apache.commons.lang.ArrayUtils;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;
import org.junit.jupiter.api.Assertions;

/* loaded from: input_file:io/quarkiverse/kerberos/test/utils/KerberosTestClient.class */
public class KerberosTestClient {
    public static final String NEGOTIATE = "Negotiate";

    public ValidatableResponse get(String str, String str2) {
        return get("/", str, str2);
    }

    public ValidatableResponse get(final String str, String str2, String str3) {
        try {
            return (ValidatableResponse) Subject.doAs(KerberosKDCTestResource.login(str2, str3.toCharArray()), new PrivilegedExceptionAction<ValidatableResponse>() { // from class: io.quarkiverse.kerberos.test.utils.KerberosTestClient.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public ValidatableResponse run() throws Exception {
                    GSSManager gSSManager = GSSManager.getInstance();
                    GSSContext createContext = gSSManager.createContext(gSSManager.createName("HTTP/localhost", (Oid) null), KerberosTestClient.this.createSpnegoOid(), (GSSCredential) null, 0);
                    byte[] bArr = new byte[0];
                    while (!createContext.isEstablished()) {
                        bArr = createContext.initSecContext(bArr, 0, bArr.length);
                        if (bArr != null && bArr.length > 0) {
                            ValidatableResponse then = RestAssured.given().header(HttpHeaderNames.AUTHORIZATION.toString(), "Negotiate " + Base64.getEncoder().encodeToString(bArr), new Object[0]).get(str, new Object[0]).then();
                            if (then.extract().statusCode() == 200) {
                                return then;
                            }
                            if (then.extract().statusCode() == 401) {
                                String header = then.extract().header(HttpHeaderNames.WWW_AUTHENTICATE.toString());
                                if (header == null) {
                                    return then;
                                }
                                if (header.length() > KerberosTestClient.NEGOTIATE.toString().length() + 1) {
                                    byte[] bytes = header.getBytes(StandardCharsets.US_ASCII);
                                    bArr = Base64.getMimeDecoder().decode(ArrayUtils.subarray(bytes, KerberosTestClient.NEGOTIATE.toString().length() + 1, bytes.length));
                                } else {
                                    Assertions.fail("Negotiation data has not been returned with WWW-Authenticate");
                                }
                            } else {
                                Assertions.fail(String.format("Unexpected status code %d", Integer.valueOf(then.extract().statusCode())));
                            }
                        }
                    }
                    Assertions.fail("Negotiation failure");
                    return null;
                }
            });
        } catch (Exception e) {
            Assertions.fail(String.format("Unexpected exception: ", e.getMessage()), e);
            return null;
        }
    }

    private Oid createSpnegoOid() {
        try {
            return new Oid("1.3.6.1.5.5.2");
        } catch (GSSException e) {
            throw new RuntimeException((Throwable) e);
        }
    }
}
