package org.pac4j.core.util.serializer;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.ObjectStreamClass;
import java.io.Serializable;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.pac4j.core.util.CommonHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/pac4j-core-5.4.6.jar:org/pac4j/core/util/serializer/JavaSerializer.class */
public class JavaSerializer extends AbstractSerializer {
    private static final Logger logger = LoggerFactory.getLogger(JavaSerializer.class);
    private Set<String> trustedPackages = new HashSet();
    private Set<Class<?>> trustedClasses;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/pac4j-core-5.4.6.jar:org/pac4j/core/util/serializer/JavaSerializer$RestrictedObjectInputStream.class */
    public static class RestrictedObjectInputStream extends ObjectInputStream {
        private final Set<String> trustedPackages;
        private final Map<String, Class<?>> trustedClasses;

        private RestrictedObjectInputStream(InputStream inputStream, Set<String> set, Set<Class<?>> set2) throws IOException {
            super(inputStream);
            this.trustedPackages = set;
            this.trustedClasses = (Map) set2.stream().collect(Collectors.toMap((v0) -> {
                return v0.getName();
            }, Function.identity()));
        }

        @Override // java.io.ObjectInputStream
        protected Class<?> resolveClass(ObjectStreamClass objectStreamClass) throws IOException, ClassNotFoundException {
            String name = objectStreamClass.getName();
            Class<?> cls = this.trustedClasses.get(name);
            if (Objects.nonNull(cls)) {
                return cls;
            }
            Stream<String> stream = this.trustedPackages.stream();
            Objects.requireNonNull(name);
            if (stream.anyMatch(name::startsWith)) {
                return super.resolveClass(objectStreamClass);
            }
            throw new ClassNotFoundException("Wont resolve untrusted class: " + name);
        }

        @Override // java.io.ObjectInputStream
        protected Class<?> resolveProxyClass(String[] strArr) throws ClassNotFoundException {
            throw new ClassNotFoundException("Wont resolve proxy classes at all.");
        }
    }

    public JavaSerializer() {
        this.trustedPackages.addAll(Arrays.asList("java.", "javax.", "[Ljava.lang.String", "org.pac4j.", "[Lorg.pac4j.", "com.github.scribejava.", "org.opensaml.", "com.nimbusds.", "[Lcom.nimbusds.", "org.joda.", "net.minidev.json.", "org.bson.types.", "[Ljava.lang.StackTraceElement", "[B"));
        this.trustedClasses = new HashSet();
    }

    @Override // org.pac4j.core.util.serializer.AbstractSerializer
    protected byte[] internalSerializeToBytes(Object obj) {
        byte[] bArr = null;
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
                try {
                    objectOutputStream.writeObject(obj);
                    objectOutputStream.flush();
                    bArr = byteArrayOutputStream.toByteArray();
                    objectOutputStream.close();
                    byteArrayOutputStream.close();
                } catch (Throwable th) {
                    try {
                        objectOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            logger.warn("cannot Java serialize object", e);
        }
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.pac4j.core.util.serializer.AbstractSerializer
    public Serializable internalDeserializeFromBytes(byte[] bArr) {
        Serializable serializable = null;
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                RestrictedObjectInputStream restrictedObjectInputStream = new RestrictedObjectInputStream(byteArrayInputStream, this.trustedPackages, this.trustedClasses);
                try {
                    serializable = (Serializable) restrictedObjectInputStream.readObject();
                    restrictedObjectInputStream.close();
                    byteArrayInputStream.close();
                } catch (Throwable th) {
                    try {
                        restrictedObjectInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException | ClassNotFoundException e) {
            logger.warn("cannot Java deserialize object", e);
        }
        return serializable;
    }

    public Set<String> getTrustedPackages() {
        return Collections.unmodifiableSet(this.trustedPackages);
    }

    public Set<Class<?>> getTrustedClasses() {
        return Collections.unmodifiableSet(this.trustedClasses);
    }

    public void addTrustedPackages(Collection<String> collection) {
        this.trustedPackages.addAll(collection);
    }

    public void addTrustedPackage(String str) {
        this.trustedPackages.add(str);
    }

    public void clearTrustedPackages() {
        this.trustedPackages.clear();
    }

    public void addTrustedClasses(Collection<Class<?>> collection) {
        this.trustedClasses.addAll(collection);
    }

    public void addTrustedClass(Class<?> cls) {
        this.trustedClasses.add(cls);
    }

    public void clearTrustedClasses() {
        this.trustedClasses.clear();
    }

    public String toString() {
        return CommonHelper.toNiceString(getClass(), "trustedPackages", this.trustedPackages, "trustedClasses", this.trustedClasses);
    }
}
