package org.talend.sdk.component.runtime.serialization;

import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import java.lang.reflect.Proxy;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/talend/sdk/component/runtime/serialization/EnhancedObjectInputStream.class */
public class EnhancedObjectInputStream extends ObjectInputStream {
    private final ClassLoader loader;
    private final Predicate<String> classesWhitelist;

    /* loaded from: input_file:org/talend/sdk/component/runtime/serialization/EnhancedObjectInputStream$Defaults.class */
    static class Defaults {
        private static final Logger log = LoggerFactory.getLogger(Defaults.class);
        static final Predicate<String> SECURITY_FILTER_WHITELIST = (Predicate) Optional.ofNullable(System.getProperty("talend.component.runtime.serialization.java.inputstream.whitelist")).map(str -> {
            return (List) Stream.of((Object[]) str.split(",")).map((v0) -> {
                return v0.trim();
            }).filter(str -> {
                return !str.isEmpty();
            }).collect(Collectors.toList());
        }).map(list -> {
            return str2 -> {
                Stream stream = list.stream();
                Objects.requireNonNull(str2);
                return stream.anyMatch(str2::startsWith);
            };
        }).orElseGet(() -> {
            Collection collection = (Collection) Stream.of((Object[]) new String[]{"org.codehaus.groovy.runtime.", "org.apache.commons.collections.functors.", "org.apache.commons.collections4.functors.", "org.apache.xalan", "java.lang.Process", "java.util.logging.", "java.rmi.server.", "com.sun.org.apache.xalan.internal.xsltc.trax.", "com.sun.rowset.", "org.springframework.beans.factory.config.", "org.apache.tomcat.dbcp.dbcp2.", "com.sun.org.apache.bcel.internal.util.", "org.hibernate.jmx.", "org.apache.ibatis.", "jodd.db.connection.", "oracle.jdbc.", "org.slf4j.ext.", "flex.messaging.util.concurrent.", "com.sun.deploy.security.ruleset.", "org.apache.axis2.jaxws.spi.handler.", "org.apache.axis2.transport.jms.", "org.jboss.util.propertyeditor.", "org.apache.openjpa.ee."}).collect(Collectors.toSet());
            log.warn("talend.component.runtime.serialization.java.inputstream.whitelist system property not set, will use default blacklist but this is not considered as a secure setup. Blacklisted packages: {}", collection);
            return str2 -> {
                Stream stream = collection.stream();
                Objects.requireNonNull(str2);
                return stream.noneMatch(str2::startsWith);
            };
        });

        private Defaults() {
        }
    }

    protected EnhancedObjectInputStream(InputStream inputStream, ClassLoader classLoader, Predicate<String> predicate) throws IOException {
        super(inputStream);
        this.loader = classLoader;
        this.classesWhitelist = predicate;
    }

    public EnhancedObjectInputStream(InputStream inputStream, ClassLoader classLoader) throws IOException {
        this(inputStream, classLoader, Defaults.SECURITY_FILTER_WHITELIST);
    }

    @Override // java.io.ObjectInputStream
    protected Class<?> resolveClass(ObjectStreamClass objectStreamClass) throws ClassNotFoundException {
        String name = objectStreamClass.getName();
        if (name.equals("boolean")) {
            return Boolean.TYPE;
        }
        if (name.equals("byte")) {
            return Byte.TYPE;
        }
        if (name.equals("char")) {
            return Character.TYPE;
        }
        if (name.equals("short")) {
            return Short.TYPE;
        }
        if (name.equals("int")) {
            return Integer.TYPE;
        }
        if (name.equals("long")) {
            return Long.TYPE;
        }
        if (name.equals("float")) {
            return Float.TYPE;
        }
        if (name.equals("double")) {
            return Double.TYPE;
        }
        doSecurityCheck(name);
        try {
            return Class.forName(name, false, this.loader);
        } catch (ClassNotFoundException e) {
            return Class.forName(name, false, getClass().getClassLoader());
        }
    }

    @Override // java.io.ObjectInputStream
    protected Class<?> resolveProxyClass(String[] strArr) throws ClassNotFoundException {
        Class[] clsArr = new Class[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            doSecurityCheck(strArr[i]);
            clsArr[i] = Class.forName(strArr[i], false, this.loader);
        }
        try {
            return Proxy.getProxyClass(this.loader, clsArr);
        } catch (IllegalArgumentException e) {
            throw new ClassNotFoundException(null, e);
        }
    }

    private void doSecurityCheck(String str) {
        if (!this.classesWhitelist.test(processForWhiteListing(str))) {
            throw new SecurityException("'" + str + "' not supported, add it in -Dtalend.component.runtme.serialization.java.inputstream.whitelist if needed");
        }
    }

    private String processForWhiteListing(String str) {
        return (str.startsWith("[L") && str.endsWith(";")) ? str.substring(2, str.length() - 1) : str;
    }
}
