package com.bes.enterprise.security.serializer;

import com.bes.enterprise.common.cache.Cache;
import com.bes.enterprise.web.util.descriptor.web.SecurityConstraint;
import com.bes.enterprise.webtier.filters.CorsFilter;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;

/* loaded from: input_file:com/bes/enterprise/security/serializer/JavaSerializerChecker.class */
public class JavaSerializerChecker {
    private static final String BLACK_LIST_FILE = "com.bes.enterprise.security.serializer.JavaSerializerChecker.blacklistFile";
    private static final String WHITE_LIST_FILE = "com.bes.enterprise.security.serializer.JavaSerializerChecker.whitelistFile";
    private static final String DEFAULT_BLACK_LIST_FILE = "javaSerializerSecurity/javaBlackList";
    private static final String DEFAULT_WHITE_LIST_FILE = "javaSerializerSecurity/javaWhitelist";
    private static final String CACHE_CLASS = "com.bes.enterprise.security.serializer.JavaSerializerChecker.cacheClass";
    private static final String DEFAULT_CACHE_CLASS = "com.bes.enterprise.common.cache.ConcurrentLRUCache";
    private static final String MAX_CACHE_SIZE = "com.bes.enterprise.security.serializer.JavaSerializerChecker.maxCacheSize";
    private static final int DEFAULT_MAX_CACHE_SIZE = 10240;
    private static Cache<String, Boolean> checkResult;
    protected static final Logger _logger = Logger.getLogger(JavaSerializerChecker.class.getName());
    private static final String SERIALIZER_CHECKER_ENABLED = "com.bes.enterprise.security.serializer.JavaSerializerChecker.enabled";
    private static final boolean enabled = Boolean.parseBoolean(System.getProperty(SERIALIZER_CHECKER_ENABLED, CorsFilter.DEFAULT_DECORATE_REQUEST));
    private static final List<String> blackList = new ArrayList();
    private static final List<String> whiteList = new ArrayList();
    private static volatile boolean initialized = false;

    private static void init() throws IOException {
        if (initialized) {
            return;
        }
        synchronized (JavaSerializerChecker.class) {
            if (initialized) {
                return;
            }
            if (enabled) {
                String property = System.getProperty(BLACK_LIST_FILE);
                if (property == null) {
                    property = DEFAULT_BLACK_LIST_FILE;
                }
                loadConfig(property, blackList);
                String property2 = System.getProperty(WHITE_LIST_FILE);
                if (property2 == null) {
                    property2 = DEFAULT_WHITE_LIST_FILE;
                }
                loadConfig(property2, whiteList);
                initCache();
            }
            initialized = true;
        }
    }

    public static boolean isEnabled() {
        return enabled;
    }

    private static void initCache() throws IOException {
        String property = System.getProperty(MAX_CACHE_SIZE);
        int i = 10240;
        if (property != null) {
            try {
                int parseInt = Integer.parseInt(property);
                if (parseInt > 0) {
                    i = parseInt;
                }
            } catch (NumberFormatException e) {
            }
        }
        String property2 = System.getProperty(CACHE_CLASS);
        if (property2 == null) {
            property2 = DEFAULT_CACHE_CLASS;
        }
        try {
            checkResult = (Cache) JavaSerializerChecker.class.getClassLoader().loadClass(property2).getDeclaredConstructor(Integer.TYPE).newInstance(Integer.valueOf(i));
        } catch (Exception e2) {
            throw new IOException("Failure to initialize cache!", e2);
        }
    }

    public static void allow(String str) throws IOException {
        if (!initialized) {
            init();
        }
        if (enabled) {
            Boolean bool = checkResult.get(str);
            if (bool == null) {
                bool = Boolean.valueOf(allowSerialize(str));
                checkResult.add(str, bool);
            }
            if (!bool.booleanValue()) {
                throw new IOException("Class " + str + " is in blacklist!");
            }
        }
    }

    private static boolean allowSerialize(String str) {
        if (whiteList != null) {
            Iterator<String> it = whiteList.iterator();
            while (it.hasNext()) {
                if (matches(str, it.next())) {
                    return Boolean.TRUE.booleanValue();
                }
            }
        }
        Iterator<String> it2 = blackList.iterator();
        while (it2.hasNext()) {
            if (matches(str, it2.next())) {
                return Boolean.FALSE.booleanValue();
            }
        }
        return Boolean.TRUE.booleanValue();
    }

    private static boolean matches(String str, String str2) {
        return str2.endsWith(".*") ? str.startsWith(str2.substring(0, str2.length() - 2)) : str2.endsWith(SecurityConstraint.ROLE_ALL_ROLES) ? str.startsWith(str2.substring(0, str2.length() - 1)) : str.equals(str2);
    }

    private static void loadConfig(String str, List<String> list) {
        InputStream inputStream = null;
        BufferedReader bufferedReader = null;
        try {
            try {
                inputStream = getInputStream(str);
                if (inputStream != null) {
                    bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
                    while (true) {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        String trim = readLine.trim();
                        if (!trim.startsWith("#") && !trim.startsWith("//")) {
                            list.add(trim);
                        }
                    }
                }
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (Exception e) {
                    }
                }
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Exception e2) {
                    }
                }
            } catch (Throwable th) {
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (Exception e3) {
                    }
                }
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Exception e4) {
                    }
                }
                throw th;
            }
        } catch (IOException e5) {
            _logger.warning(e5.getClass().getName() + ":" + e5.getMessage());
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (Exception e6) {
                }
            }
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Exception e7) {
                }
            }
        }
    }

    private static InputStream getInputStream(String str) throws IOException {
        InputStream resourceAsStream;
        ClassLoader classLoader = JavaSerializerChecker.class.getClassLoader();
        InputStream resourceAsStream2 = classLoader.getResourceAsStream(str);
        if (resourceAsStream2 != null) {
            return resourceAsStream2;
        }
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        if (contextClassLoader == classLoader || (resourceAsStream = contextClassLoader.getResourceAsStream(str)) == null) {
            throw new IOException("Could not read config file: " + str + "!");
        }
        return resourceAsStream;
    }
}
