package org.keycloak.common.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.net.InetAddress;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import org.ietf.jgss.GSSCredential;

/* loaded from: input_file:BOOT-INF/lib/keycloak-common-9.0.5.redhat-00002.jar:org/keycloak/common/util/KerberosSerializationUtils.class */
public class KerberosSerializationUtils {
    public static final String JAVA_INFO = "Java version: " + System.getProperty("java.version") + ", runtime version: " + System.getProperty("java.runtime.version") + ", vendor: " + System.getProperty("java.vendor") + ", os: " + System.getProperty("os.version");

    /* loaded from: input_file:BOOT-INF/lib/keycloak-common-9.0.5.redhat-00002.jar:org/keycloak/common/util/KerberosSerializationUtils$KerberosSerializationException.class */
    public static class KerberosSerializationException extends RuntimeException {
        public KerberosSerializationException(String str, Throwable th) {
            super(str + ", " + KerberosSerializationUtils.JAVA_INFO, th);
        }

        public KerberosSerializationException(String str) {
            super(str + ", " + KerberosSerializationUtils.JAVA_INFO);
        }
    }

    private KerberosSerializationUtils() {
    }

    public static String serializeCredential(KerberosTicket kerberosTicket, GSSCredential gSSCredential) throws KerberosSerializationException {
        try {
            if (gSSCredential == null) {
                throw new KerberosSerializationException("Null credential given as input");
            }
            return serialize(KerberosJdkProvider.getProvider().gssCredentialToKerberosTicket(kerberosTicket, gSSCredential));
        } catch (IOException e) {
            throw new KerberosSerializationException("Unexpected exception when serialize GSSCredential", e);
        }
    }

    public static GSSCredential deserializeCredential(String str) throws KerberosSerializationException {
        if (str == null) {
            throw new KerberosSerializationException("Null credential given as input. Did you enable kerberos credential delegation for your web browser and mapping of gss credential to access token?");
        }
        try {
            Object deserialize = deserialize(str);
            if (!(deserialize instanceof KerberosTicket)) {
                throw new KerberosSerializationException("Deserialized object is not KerberosTicket! Type is: " + deserialize);
            }
            return KerberosJdkProvider.getProvider().kerberosTicketToGSSCredential((KerberosTicket) deserialize);
        } catch (KerberosSerializationException e) {
            throw e;
        } catch (Exception e2) {
            throw new KerberosSerializationException("Unexpected exception when deserialize GSSCredential", e2);
        }
    }

    private static String serialize(Serializable serializable) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ObjectOutputStream objectOutputStream = null;
        try {
            objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
            objectOutputStream.writeObject(serializable);
            String encodeBytes = Base64.encodeBytes(byteArrayOutputStream.toByteArray());
            if (objectOutputStream != null) {
                try {
                    objectOutputStream.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
            return encodeBytes;
        } catch (Throwable th) {
            if (objectOutputStream != null) {
                try {
                    objectOutputStream.close();
                } catch (IOException e2) {
                    e2.printStackTrace();
                    throw th;
                }
            }
            throw th;
        }
    }

    private static Object deserialize(String str) throws ClassNotFoundException, IOException {
        ObjectInputStream objectInputStream = null;
        try {
            objectInputStream = new ObjectInputStream(new ByteArrayInputStream(Base64.decode(str)));
            DelegatingSerializationFilter.builder().addAllowedClass(KerberosTicket.class).addAllowedClass(KerberosPrincipal.class).addAllowedClass(InetAddress.class).addAllowedPattern("javax.security.auth.kerberos.KeyImpl").setFilter(objectInputStream);
            Object readObject = objectInputStream.readObject();
            if (objectInputStream != null) {
                try {
                    objectInputStream.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
            return readObject;
        } catch (Throwable th) {
            if (objectInputStream != null) {
                try {
                    objectInputStream.close();
                } catch (IOException e2) {
                    e2.printStackTrace();
                    throw th;
                }
            }
            throw th;
        }
    }
}
