package org.keycloak.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import javax.security.auth.kerberos.KerberosTicket;
import net.iharder.Base64;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;
import org.keycloak.constants.KerberosConstants;
import org.keycloak.util.reflections.Reflections;
import sun.security.jgss.GSSCredentialImpl;
import sun.security.jgss.krb5.Krb5InitCredential;
import sun.security.jgss.krb5.Krb5NameElement;
import sun.security.krb5.Credentials;

/* loaded from: input_file:org/keycloak/util/KerberosSerializationUtils.class */
public class KerberosSerializationUtils {
    public static final Oid KRB5_OID;
    public static final Oid KRB5_NAME_OID;
    public static final String JAVA_INFO;

    /* loaded from: input_file:org/keycloak/util/KerberosSerializationUtils$KerberosSerializationException.class */
    public static class KerberosSerializationException extends RuntimeException {
        public KerberosSerializationException(String str, Throwable th) {
            super(str + ", " + KerberosSerializationUtils.JAVA_INFO, th);
        }

        public KerberosSerializationException(String str) {
            super(str + ", " + KerberosSerializationUtils.JAVA_INFO);
        }
    }

    private KerberosSerializationUtils() {
    }

    public static String serializeCredential(GSSCredential gSSCredential) throws KerberosSerializationException {
        try {
            if (gSSCredential == null) {
                throw new KerberosSerializationException("Null credential given as input");
            }
            if (!(gSSCredential instanceof GSSCredentialImpl)) {
                throw new KerberosSerializationException("Unknown credential type: " + gSSCredential.getClass());
            }
            GSSCredentialImpl gSSCredentialImpl = (GSSCredentialImpl) gSSCredential;
            Oid[] mechs = gSSCredentialImpl.getMechs();
            for (Oid oid : mechs) {
                if (oid.equals(KRB5_OID)) {
                    int usage = gSSCredentialImpl.getUsage(oid);
                    Krb5InitCredential element = gSSCredentialImpl.getElement(oid, usage == 1 || usage == 0);
                    if (!(element instanceof Krb5InitCredential)) {
                        throw new KerberosSerializationException("Unsupported type of credentialSpi: " + element.getClass());
                    }
                    Krb5InitCredential krb5InitCredential = element;
                    return serialize(new KerberosTicket(krb5InitCredential.getEncoded(), krb5InitCredential.getClient(), krb5InitCredential.getServer(), krb5InitCredential.getSessionKey().getEncoded(), krb5InitCredential.getSessionKeyType(), krb5InitCredential.getFlags(), krb5InitCredential.getAuthTime(), krb5InitCredential.getStartTime(), krb5InitCredential.getEndTime(), krb5InitCredential.getRenewTill(), krb5InitCredential.getClientAddresses()));
                }
            }
            throw new KerberosSerializationException("Kerberos credential not found. Available mechanisms: " + mechs);
        } catch (GSSException e) {
            throw new KerberosSerializationException("Exception occured", e);
        } catch (IOException e2) {
            throw new KerberosSerializationException("Exception occured", e2);
        }
    }

    public static GSSCredential deserializeCredential(String str) throws KerberosSerializationException {
        if (str == null) {
            throw new KerberosSerializationException("Null credential given as input. Did you enable kerberos credential delegation for your web browser and mapping of gss credential to access token?");
        }
        try {
            Object deserialize = deserialize(str);
            if (!(deserialize instanceof KerberosTicket)) {
                throw new KerberosSerializationException("Deserialized object is not KerberosTicket! Type is: " + deserialize);
            }
            KerberosTicket kerberosTicket = (KerberosTicket) deserialize;
            return new GSSCredentialImpl(GSSManager.getInstance(), (Krb5InitCredential) Reflections.invokeMethod(true, Reflections.findDeclaredMethod(Krb5InitCredential.class, "getInstance", Krb5NameElement.class, Credentials.class), Krb5InitCredential.class, null, (Krb5NameElement) Reflections.invokeMethod(true, Reflections.findDeclaredMethod(Krb5NameElement.class, "getInstance", String.class, Oid.class), Krb5NameElement.class, null, kerberosTicket.getClient().getName(), KRB5_NAME_OID), new Credentials(kerberosTicket.getEncoded(), kerberosTicket.getClient().getName(), kerberosTicket.getServer().getName(), kerberosTicket.getSessionKey().getEncoded(), kerberosTicket.getSessionKeyType(), kerberosTicket.getFlags(), kerberosTicket.getAuthTime(), kerberosTicket.getStartTime(), kerberosTicket.getEndTime(), kerberosTicket.getRenewTill(), kerberosTicket.getClientAddresses())));
        } catch (Exception e) {
            throw new KerberosSerializationException("Exception occured", e);
        }
    }

    private static String serialize(Serializable serializable) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ObjectOutputStream objectOutputStream = null;
        try {
            objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
            objectOutputStream.writeObject(serializable);
            String encodeBytes = Base64.encodeBytes(byteArrayOutputStream.toByteArray());
            if (objectOutputStream != null) {
                try {
                    objectOutputStream.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
            return encodeBytes;
        } catch (Throwable th) {
            if (objectOutputStream != null) {
                try {
                    objectOutputStream.close();
                } catch (IOException e2) {
                    e2.printStackTrace();
                    throw th;
                }
            }
            throw th;
        }
    }

    private static Object deserialize(String str) throws ClassNotFoundException, IOException {
        ObjectInputStream objectInputStream = null;
        try {
            objectInputStream = new ObjectInputStream(new ByteArrayInputStream(Base64.decode(str)));
            Object readObject = objectInputStream.readObject();
            if (objectInputStream != null) {
                try {
                    objectInputStream.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
            return readObject;
        } catch (Throwable th) {
            if (objectInputStream != null) {
                try {
                    objectInputStream.close();
                } catch (IOException e2) {
                    e2.printStackTrace();
                    throw th;
                }
            }
            throw th;
        }
    }

    static {
        try {
            KRB5_OID = new Oid(KerberosConstants.KRB5_OID);
            KRB5_NAME_OID = new Oid(KerberosConstants.KRB5_NAME_OID);
            JAVA_INFO = "Java version: " + System.getProperty("java.version") + ", runtime version: " + System.getProperty("java.runtime.version") + ", vendor: " + System.getProperty("java.vendor") + ", os: " + System.getProperty("os.version");
        } catch (GSSException e) {
            throw new RuntimeException((Throwable) e);
        }
    }
}
