package org.apache.activemq.artemis.utils;

import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import java.lang.reflect.Proxy;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.List;

/* loaded from: input_file:WEB-INF/lib/artemis-core-client-2.16.0.jar:org/apache/activemq/artemis/utils/ObjectInputStreamWithClassLoader.class */
public class ObjectInputStreamWithClassLoader extends ObjectInputStream {
    public static final String CATCH_ALL_WILDCARD = "*";
    public static final String WHITELIST_PROPERTY = "org.apache.activemq.artemis.jms.deserialization.whitelist";
    public static final String BLACKLIST_PROPERTY = "org.apache.activemq.artemis.jms.deserialization.blacklist";
    private List<String> whiteList;
    private List<String> blackList;

    public ObjectInputStreamWithClassLoader(InputStream inputStream) throws IOException {
        super(inputStream);
        this.whiteList = new ArrayList();
        this.blackList = new ArrayList();
        setWhiteList(System.getProperty(WHITELIST_PROPERTY, null));
        setBlackList(System.getProperty(BLACKLIST_PROPERTY, null));
    }

    public String getWhiteList() {
        return StringUtil.joinStringList(this.whiteList, ",");
    }

    public String getBlackList() {
        return StringUtil.joinStringList(this.blackList, ",");
    }

    public void setWhiteList(String str) {
        this.whiteList = StringUtil.splitStringList(str, ",");
    }

    public void setBlackList(String str) {
        this.blackList = StringUtil.splitStringList(str, ",");
    }

    @Override // java.io.ObjectInputStream
    protected Class resolveClass(final ObjectStreamClass objectStreamClass) throws IOException, ClassNotFoundException {
        if (System.getSecurityManager() == null) {
            return resolveClass0(objectStreamClass);
        }
        try {
            return (Class) AccessController.doPrivileged(new PrivilegedExceptionAction<Class>() { // from class: org.apache.activemq.artemis.utils.ObjectInputStreamWithClassLoader.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Class run() throws Exception {
                    return ObjectInputStreamWithClassLoader.this.resolveClass0(objectStreamClass);
                }
            });
        } catch (PrivilegedActionException e) {
            throw unwrapException(e);
        }
    }

    @Override // java.io.ObjectInputStream
    protected Class resolveProxyClass(final String[] strArr) throws IOException, ClassNotFoundException {
        if (System.getSecurityManager() == null) {
            return resolveProxyClass0(strArr);
        }
        try {
            return (Class) AccessController.doPrivileged(new PrivilegedExceptionAction<Class>() { // from class: org.apache.activemq.artemis.utils.ObjectInputStreamWithClassLoader.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Class run() throws Exception {
                    return ObjectInputStreamWithClassLoader.this.resolveProxyClass0(strArr);
                }
            });
        } catch (PrivilegedActionException e) {
            throw unwrapException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Class resolveClass0(ObjectStreamClass objectStreamClass) throws IOException, ClassNotFoundException {
        try {
            Class<?> cls = Class.forName(objectStreamClass.getName(), false, Thread.currentThread().getContextClassLoader());
            if (cls == null) {
                cls = super.resolveClass(objectStreamClass);
            }
            return checkSecurity(cls);
        } catch (ClassNotFoundException e) {
            return checkSecurity(super.resolveClass(objectStreamClass));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Class resolveProxyClass0(String[] strArr) throws IOException, ClassNotFoundException {
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        ClassLoader classLoader = null;
        boolean z = false;
        Class[] clsArr = new Class[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            Class<?> cls = Class.forName(strArr[i], false, contextClassLoader);
            if ((cls.getModifiers() & 1) == 0) {
                if (!z) {
                    classLoader = cls.getClassLoader();
                    z = true;
                } else if (classLoader != cls.getClassLoader()) {
                    throw new IllegalAccessError("conflicting non-public interface class loaders");
                }
            }
            clsArr[i] = cls;
        }
        try {
            return checkSecurity(Proxy.getProxyClass(z ? classLoader : contextClassLoader, clsArr));
        } catch (IllegalArgumentException e) {
            throw new ClassNotFoundException(null, e);
        }
    }

    private RuntimeException unwrapException(PrivilegedActionException privilegedActionException) throws IOException, ClassNotFoundException {
        Throwable cause = privilegedActionException.getCause();
        if (cause instanceof IOException) {
            throw ((IOException) cause);
        }
        if (cause instanceof ClassNotFoundException) {
            throw ((ClassNotFoundException) cause);
        }
        if (cause instanceof RuntimeException) {
            throw ((RuntimeException) cause);
        }
        if (cause instanceof Error) {
            throw ((Error) cause);
        }
        throw new RuntimeException(cause);
    }

    private Class<?> checkSecurity(Class<?> cls) throws ClassNotFoundException {
        Class<?> cls2;
        Class<?> cls3 = cls;
        while (true) {
            cls2 = cls3;
            if (!cls2.isArray()) {
                break;
            }
            cls3 = cls2.getComponentType();
        }
        while (true) {
            if (!cls2.isAnonymousClass() && !cls2.isLocalClass()) {
                break;
            }
            cls2 = cls2.getEnclosingClass();
        }
        if (cls2.isPrimitive() || isTrustedType(cls2)) {
            return cls;
        }
        throw new ClassNotFoundException("Forbidden " + cls + "! This class is not trusted to be deserialized under the current configuration. Please refer to the documentation for more information on how to configure trusted classes.");
    }

    private boolean isTrustedType(Class<?> cls) {
        if (cls == null) {
            return true;
        }
        String canonicalName = cls.getCanonicalName();
        if (canonicalName == null) {
            canonicalName = cls.getName();
        }
        for (String str : this.blackList) {
            if ("*".equals(str) || isClassOrPackageMatch(canonicalName, str)) {
                return false;
            }
        }
        for (String str2 : this.whiteList) {
            if ("*".equals(str2) || isClassOrPackageMatch(canonicalName, str2)) {
                return true;
            }
        }
        return this.whiteList.size() == 0;
    }

    private boolean isClassOrPackageMatch(String str, String str2) {
        if (str == null) {
            return false;
        }
        if (str.equals(str2)) {
            return true;
        }
        int length = str2.length();
        return str.length() > length && str.startsWith(str2) && '.' == str.charAt(length);
    }
}
