package org.apache.http.impl.client.cache;

import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.ObjectStreamClass;
import java.io.OutputStream;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.http.annotation.Contract;
import org.apache.http.annotation.ThreadingBehavior;
import org.apache.http.client.cache.HttpCacheEntry;
import org.apache.http.client.cache.HttpCacheEntrySerializationException;
import org.apache.http.client.cache.HttpCacheEntrySerializer;

@Contract(threading = ThreadingBehavior.IMMUTABLE)
/* loaded from: input_file:WEB-INF/lib/httpclient-cache-4.5.13.jar:org/apache/http/impl/client/cache/DefaultHttpCacheEntrySerializer.class */
public class DefaultHttpCacheEntrySerializer implements HttpCacheEntrySerializer {

    /* loaded from: input_file:WEB-INF/lib/httpclient-cache-4.5.13.jar:org/apache/http/impl/client/cache/DefaultHttpCacheEntrySerializer$RestrictedObjectInputStream.class */
    static class RestrictedObjectInputStream extends ObjectInputStream {
        private static final List<Pattern> ALLOWED_CLASS_PATTERNS = Collections.unmodifiableList(Arrays.asList(Pattern.compile("^(?:\\[+L)?org\\.apache\\.http\\..*$"), Pattern.compile("^(?:\\[+L)?java\\.util\\..*$"), Pattern.compile("^(?:\\[+L)?java\\.lang\\..*$"), Pattern.compile("^\\[+Z$"), Pattern.compile("^\\[+B$"), Pattern.compile("^\\[+C$"), Pattern.compile("^\\[+D$"), Pattern.compile("^\\[+F$"), Pattern.compile("^\\[+I$"), Pattern.compile("^\\[+J$"), Pattern.compile("^\\[+S$")));

        private RestrictedObjectInputStream(InputStream inputStream) throws IOException {
            super(inputStream);
        }

        @Override // java.io.ObjectInputStream
        protected Class<?> resolveClass(ObjectStreamClass objectStreamClass) throws IOException, ClassNotFoundException {
            String name = objectStreamClass.getName();
            if (isAllowedClassName(name)) {
                return super.resolveClass(objectStreamClass);
            }
            throw new HttpCacheEntrySerializationException(String.format("Class %s is not allowed for deserialization", name));
        }

        static boolean isAllowedClassName(String str) {
            Iterator<Pattern> it = ALLOWED_CLASS_PATTERNS.iterator();
            while (it.hasNext()) {
                if (it.next().matcher(str).matches()) {
                    return true;
                }
            }
            return false;
        }
    }

    @Override // org.apache.http.client.cache.HttpCacheEntrySerializer
    public void writeTo(HttpCacheEntry httpCacheEntry, OutputStream outputStream) throws IOException {
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(outputStream);
        try {
            objectOutputStream.writeObject(httpCacheEntry);
            objectOutputStream.close();
        } catch (Throwable th) {
            objectOutputStream.close();
            throw th;
        }
    }

    @Override // org.apache.http.client.cache.HttpCacheEntrySerializer
    public HttpCacheEntry readFrom(InputStream inputStream) throws IOException {
        RestrictedObjectInputStream restrictedObjectInputStream = new RestrictedObjectInputStream(inputStream);
        try {
            try {
                HttpCacheEntry httpCacheEntry = (HttpCacheEntry) restrictedObjectInputStream.readObject();
                restrictedObjectInputStream.close();
                return httpCacheEntry;
            } catch (ClassNotFoundException e) {
                throw new HttpCacheEntrySerializationException("Class not found: " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            restrictedObjectInputStream.close();
            throw th;
        }
    }
}
