package com.opensymphony.xwork.util;

import com.opensymphony.xwork.config.Configuration;
import com.opensymphony.xwork.config.ConfigurationManager;
import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Field;
import java.lang.reflect.Member;
import java.lang.reflect.Modifier;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import ognl.MemberAccess;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/opensymphony/xwork/util/SecurityMemberAccess.class */
public class SecurityMemberAccess implements MemberAccess {
    private static final Log LOG = LogFactory.getLog(SecurityMemberAccess.class);
    private Set<String> excludedClasses;
    private Set<String> excludedPackageNames;
    private Set<String> excludedPackageExemptClasses;
    private boolean allowStaticMethodAccess;
    private boolean allowStaticFieldAccess;
    private Set<String> staticMemberAllowedClasses;
    private boolean enforceAllowlistEnabled;
    private Set<String> allowlistClasses;
    private Set<String> allowlistPackageNames;
    private boolean disallowProxyMemberAccess;
    private boolean disallowDefaultPackageAccess;

    public SecurityMemberAccess() {
        loadConfig(ConfigurationManager.getConfiguration());
    }

    public void loadConfig(Configuration configuration) {
        this.excludedClasses = initExcludedClasses(configuration.getExcludedClasses());
        this.excludedPackageNames = configuration.getExcludedPackageNames();
        this.excludedPackageExemptClasses = configuration.getExcludedPackageExemptClasses();
        this.allowStaticMethodAccess = configuration.isAllowStaticMethodAccess();
        this.allowStaticFieldAccess = configuration.isAllowStaticFieldAccess();
        this.disallowProxyMemberAccess = configuration.isDisallowProxyMemberAccess();
        this.disallowDefaultPackageAccess = configuration.isDisallowDefaultPackageAccess();
        this.staticMemberAllowedClasses = configuration.getStaticMemberAllowedClasses();
        this.enforceAllowlistEnabled = configuration.isEnforceAllowlistEnabled();
        this.allowlistClasses = configuration.getAllowlistClasses();
        this.allowlistPackageNames = configuration.getAllowlistPackageNames();
    }

    /* JADX WARN: Multi-variable type inference failed */
    public Object setup(Map map, Object obj, Member member, String str) {
        Boolean bool = null;
        if (isAccessible(map, obj, member, str)) {
            AccessibleObject accessibleObject = (AccessibleObject) member;
            if (!accessibleObject.isAccessible()) {
                bool = Boolean.FALSE;
                accessibleObject.setAccessible(true);
            }
        }
        return bool;
    }

    public void restore(Map map, Object obj, Member member, String str, Object obj2) {
        if (obj2 == null) {
            return;
        }
        if (((Boolean) obj2).booleanValue()) {
            throw new IllegalArgumentException(MessageFormat.format("Improper restore state [true] for target [{0}], member [{1}], propertyName [{2}]", obj, member, str));
        }
        ((AccessibleObject) member).setAccessible(false);
    }

    public boolean isAccessible(Map map, Object obj, Member member, String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug(MessageFormat.format("Checking access for [target: {0}, member: {1}, property: {2}]", obj, member, str));
        }
        int modifiers = member.getModifiers();
        Class<?> declaringClass = member.getDeclaringClass();
        Class<?> cls = Modifier.isStatic(modifiers) ? declaringClass : obj.getClass();
        if (!declaringClass.isAssignableFrom(cls)) {
            throw new IllegalArgumentException("Target does not match member!");
        }
        if (this.disallowProxyMemberAccess && ProxyUtil.isProxyMember(member, obj)) {
            LOG.warn(MessageFormat.format("Access to proxy is blocked! Target class [{0}] of target [{1}], member [{2}]", cls, obj, member));
            return false;
        }
        if (!checkPublicMemberAccess(modifiers)) {
            LOG.warn(MessageFormat.format("Access to non-public [{0}] is blocked!", member));
            return false;
        }
        if (!checkStaticFieldAccess(member)) {
            LOG.warn(MessageFormat.format("Access to static field [{0}] is blocked!", member));
            return false;
        }
        if (!checkStaticMethodAccess(member)) {
            LOG.warn(MessageFormat.format("Access to static method [{0}] is blocked!", member));
            return false;
        }
        if (isClassExcluded(declaringClass)) {
            LOG.warn(MessageFormat.format("Declaring class of member type [{0}] is excluded!", member));
            return false;
        }
        if (cls != declaringClass && isClassExcluded(cls)) {
            LOG.warn(MessageFormat.format("Target class [{0}] of target [{1}] is excluded!", cls, obj));
            return false;
        }
        if (this.disallowDefaultPackageAccess) {
            if (cls.getPackage() == null || cls.getPackage().getName().isEmpty()) {
                LOG.warn(MessageFormat.format("Class [{0}] from the default package is excluded!", cls));
                return false;
            }
            if (declaringClass.getPackage() == null || declaringClass.getPackage().getName().isEmpty()) {
                LOG.warn(MessageFormat.format("Class [{0}] from the default package is excluded!", declaringClass));
                return false;
            }
        }
        if (isPackageExcluded(cls)) {
            LOG.warn(MessageFormat.format("Package [{0}] of target class [{1}] of target [{2}] is excluded!", cls.getPackage(), cls, obj));
            return false;
        }
        if (cls != declaringClass && isPackageExcluded(declaringClass)) {
            LOG.warn(MessageFormat.format("Package [{0}] of member [{1}] are excluded!", declaringClass.getPackage(), member));
            return false;
        }
        if (!this.enforceAllowlistEnabled) {
            return true;
        }
        if (!isClassAllowlisted(cls)) {
            LOG.warn(MessageFormat.format("Target class [{0}] of target [{1}] is not allowlisted!", cls, obj));
            return false;
        }
        if (cls == declaringClass || isClassAllowlisted(declaringClass)) {
            return true;
        }
        LOG.warn(MessageFormat.format("Declaring class [{0}] of member [{1}] is not allowlisted!", declaringClass, member));
        return false;
    }

    private boolean isClassAllowlisted(Class<?> cls) {
        return this.allowlistClasses.contains(cls.getName()) || isClassBelongsToPackages(cls, this.allowlistPackageNames);
    }

    protected boolean checkStaticMethodAccess(Member member) {
        if ((member instanceof Field) || !Modifier.isStatic(member.getModifiers())) {
            return true;
        }
        if (this.allowStaticMethodAccess) {
            return this.staticMemberAllowedClasses.contains(member.getDeclaringClass().getName());
        }
        return false;
    }

    protected boolean checkStaticFieldAccess(Member member) {
        if (!(member instanceof Field) || !Modifier.isStatic(member.getModifiers())) {
            return true;
        }
        if (this.allowStaticFieldAccess) {
            return this.staticMemberAllowedClasses.contains(member.getDeclaringClass().getName());
        }
        return false;
    }

    protected boolean checkPublicMemberAccess(int i) {
        return Modifier.isPublic(i);
    }

    protected boolean isPackageExcluded(Class<?> cls) {
        return !this.excludedPackageExemptClasses.contains(cls.getName()) && isExcludedPackageNames(cls);
    }

    public static String toPackageName(Class<?> cls) {
        return cls.getPackage() == null ? "" : cls.getPackage().getName();
    }

    protected boolean isExcludedPackageNames(Class<?> cls) {
        return isClassBelongsToPackages(cls, this.excludedPackageNames);
    }

    public static boolean isClassBelongsToPackages(Class<?> cls, Set<String> set) {
        List asList = Arrays.asList(toPackageName(cls).split("\\."));
        for (int i = 0; i < asList.size(); i++) {
            if (set.contains(String.join(".", asList.subList(0, i + 1)))) {
                return true;
            }
        }
        return false;
    }

    protected boolean isClassExcluded(Class<?> cls) {
        return this.excludedClasses.contains(cls.getName());
    }

    private static Set<String> initExcludedClasses(Set<String> set) {
        HashSet hashSet = new HashSet(set);
        hashSet.add(Object.class.getName());
        hashSet.add(Class.class.getName());
        return Collections.unmodifiableSet(hashSet);
    }
}
