package com.alibaba.dubbo.common.utils;

import com.alibaba.dubbo.common.Constants;
import com.alibaba.dubbo.common.logger.Logger;
import com.alibaba.dubbo.common.logger.LoggerFactory;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.InvalidClassException;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import java.util.Arrays;
import java.util.Iterator;
import java.util.regex.Pattern;
import redis.clients.jedis.Protocol;

/* loaded from: input_file:WEB-INF/lib/dubbo-2.6.12.jar:com/alibaba/dubbo/common/utils/SerialDetector.class */
public class SerialDetector extends ObjectInputStream {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) SerialDetector.class);
    private static final BlacklistConfiguration configuration = new BlacklistConfiguration();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/dubbo-2.6.12.jar:com/alibaba/dubbo/common/utils/SerialDetector$BlacklistConfiguration.class */
    public static final class BlacklistConfiguration {
        private static final String DUBBO_SECURITY_SERIALIZATION_CHECK = "dubbo.security.serialization.check";
        private static final String DUBBO_SECURITY_SERIALIZATION_BLACKLIST = "dubbo.security.serialization.blacklist";
        private static final String DUBBO_SECURITY_SERIALIZATION_BLACKLIST_FILE = "dubbo.registry.serialization.blacklist.file";
        private boolean check;
        private PatternList blacklistPattern;

        BlacklistConfiguration() {
            try {
                this.check = Boolean.parseBoolean(getSecurityProperty(DUBBO_SECURITY_SERIALIZATION_CHECK, "false"));
                String securityProperty = getSecurityProperty(DUBBO_SECURITY_SERIALIZATION_BLACKLIST, "");
                if (StringUtils.isEmpty(securityProperty)) {
                    String securityProperty2 = getSecurityProperty(DUBBO_SECURITY_SERIALIZATION_BLACKLIST_FILE, "");
                    if (StringUtils.isNotEmpty(securityProperty2)) {
                        securityProperty = loadBlacklistFile(securityProperty2);
                    }
                }
                if (StringUtils.isNotEmpty(securityProperty)) {
                    this.blacklistPattern = new PatternList(Constants.COMMA_SPLIT_PATTERN.split(securityProperty));
                }
            } catch (Throwable th) {
                SerialDetector.logger.warn("Failed to initialize the Serialization Security Checker component!", th);
            }
        }

        Iterable<Pattern> blacklist() {
            return this.blacklistPattern;
        }

        boolean shouldCheck() {
            return this.check;
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v25, types: [java.io.InputStream] */
        private String loadBlacklistFile(String str) {
            StringBuilder sb = new StringBuilder();
            FileInputStream fileInputStream = null;
            if (new File(str).exists()) {
                try {
                    fileInputStream = new FileInputStream(str);
                } catch (Throwable th) {
                    SerialDetector.logger.warn("Failed to load " + str + " file " + th.getMessage(), th);
                }
            } else {
                fileInputStream = getClass().getClassLoader().getResourceAsStream(str);
            }
            try {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(fileInputStream));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    if (!readLine.startsWith("#") && StringUtils.isNotEmpty(readLine)) {
                        sb.append(readLine);
                        sb.append(",");
                    }
                }
            } catch (Throwable th2) {
                SerialDetector.logger.warn("Failed to read from file " + str + th2.getMessage(), th2);
            }
            return sb.toString();
        }

        private String getSecurityProperty(String str, String str2) {
            String systemProperty = ConfigUtils.getSystemProperty(str);
            if (StringUtils.isEmpty(systemProperty)) {
                systemProperty = ConfigUtils.getProperty(str);
            }
            return StringUtils.isEmpty(systemProperty) ? str2 : systemProperty;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/dubbo-2.6.12.jar:com/alibaba/dubbo/common/utils/SerialDetector$PatternList.class */
    public static final class PatternList implements Iterable<Pattern> {
        private final Pattern[] patterns;

        PatternList(String... strArr) {
            for (String str : strArr) {
                if (str == null) {
                    throw new IllegalStateException("Deserialization blacklist reg expression cannot be null!");
                }
            }
            this.patterns = new Pattern[strArr.length];
            for (int i = 0; i < strArr.length; i++) {
                this.patterns[i] = Pattern.compile(strArr[i]);
            }
        }

        @Override // java.lang.Iterable
        public Iterator<Pattern> iterator() {
            return new Iterator<Pattern>() { // from class: com.alibaba.dubbo.common.utils.SerialDetector.PatternList.1
                int index = 0;

                @Override // java.util.Iterator
                public boolean hasNext() {
                    return this.index < PatternList.this.patterns.length;
                }

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.Iterator
                public Pattern next() {
                    Pattern[] patternArr = PatternList.this.patterns;
                    int i = this.index;
                    this.index = i + 1;
                    return patternArr[i];
                }

                @Override // java.util.Iterator
                public void remove() {
                    throw new UnsupportedOperationException(Protocol.SENTINEL_REMOVE);
                }
            };
        }

        public String toString() {
            return Arrays.toString(this.patterns);
        }
    }

    public SerialDetector(InputStream inputStream) throws IOException {
        super(inputStream);
    }

    @Override // java.io.ObjectInputStream
    protected Class<?> resolveClass(ObjectStreamClass objectStreamClass) throws IOException, ClassNotFoundException {
        if (isClassInBlacklist(objectStreamClass)) {
            if (configuration.shouldCheck()) {
                logger.error(String.format("Blocked by blacklist'. Match found for '%s'", objectStreamClass.getName()));
                throw new InvalidClassException(objectStreamClass.getName(), "Class blocked from deserialization (blacklist)");
            }
            logger.info(String.format("Blacklist match: '%s'", objectStreamClass.getName()));
        }
        return super.resolveClass(objectStreamClass);
    }

    public static boolean isClassInBlacklist(ObjectStreamClass objectStreamClass) {
        Iterable<Pattern> blacklist = configuration.blacklist();
        if (blacklist == null) {
            return false;
        }
        boolean z = false;
        Iterator<Pattern> it = blacklist.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (it.next().matcher(objectStreamClass.getName()).find()) {
                z = true;
                break;
            }
        }
        return z;
    }

    public static boolean shouldCheck() {
        return configuration.shouldCheck();
    }
}
