package com.juicefs.security.kerberos;

import com.juicefs.utils.ReflectionUtil;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosTicket;
import org.apache.hadoop.security.UserGroupInformation;
import sun.security.jgss.krb5.Krb5Util;
import sun.security.krb5.Credentials;
import sun.security.krb5.internal.HostAddresses;
import sun.security.krb5.internal.KerberosTime;
import sun.security.krb5.internal.Ticket;
import sun.security.krb5.internal.TicketFlags;
import sun.security.krb5.internal.ccache.CCacheOutputStream;

/* loaded from: input_file:com/juicefs/security/kerberos/KerberosUtil.class */
public class KerberosUtil {
    public static byte[] getCredential(UserGroupInformation userGroupInformation) throws IOException {
        try {
            for (KerberosTicket kerberosTicket : ((Subject) ReflectionUtil.getField(UserGroupInformation.class.getName(), "subject", userGroupInformation)).getPrivateCredentials(KerberosTicket.class)) {
                if (kerberosTicket.getServer().getName().startsWith("krbtgt") && kerberosTicket.getClient().getName().equals(userGroupInformation.getUserName())) {
                    Credentials ticketToCreds = Krb5Util.ticketToCreds(kerberosTicket);
                    sun.security.krb5.internal.ccache.Credentials credentials = new sun.security.krb5.internal.ccache.Credentials(ticketToCreds.getClient(), ticketToCreds.getServer(), ticketToCreds.getSessionKey(), new KerberosTime(ticketToCreds.getAuthTime()), new KerberosTime(ticketToCreds.getStartTime()), new KerberosTime(ticketToCreds.getEndTime()), ticketToCreds.getRenewTill() == null ? null : new KerberosTime(ticketToCreds.getRenewTill()), false, new TicketFlags(ticketToCreds.getFlags()), ticketToCreds.getClientAddresses() == null ? null : new HostAddresses(ticketToCreds.getClientAddresses()), ticketToCreds.getAuthzData(), ticketToCreds.getTicket(), (Ticket) null);
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    CCacheOutputStream cCacheOutputStream = new CCacheOutputStream(byteArrayOutputStream);
                    Throwable th = null;
                    try {
                        try {
                            cCacheOutputStream.writeHeader(ticketToCreds.getClient(), 1283);
                            cCacheOutputStream.addCreds(credentials);
                            if (cCacheOutputStream != null) {
                                if (0 != 0) {
                                    try {
                                        cCacheOutputStream.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    cCacheOutputStream.close();
                                }
                            }
                            return byteArrayOutputStream.toByteArray();
                        } finally {
                        }
                    } finally {
                    }
                }
            }
            return null;
        } catch (Exception e) {
            throw new IOException("Serialize tgt failed", e);
        }
    }
}
