package org.globus.cog.karajan.util.serialization;

import com.thoughtworks.xstream.alias.ClassMapper;
import com.thoughtworks.xstream.mapper.Mapper;
import com.thoughtworks.xstream.mapper.MapperWrapper;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/globus/cog/karajan/util/serialization/RestrictedClassMapper.class */
public class RestrictedClassMapper extends MapperWrapper {
    private static final Logger logger;
    public static final String PROPERTIES = "karajan-restricted-classes.properties";
    private final ClassMapper wrapped;
    private static Set allowedClasses;
    private static Set disallowedClasses;
    private static Set allowedPackages;
    static Class class$org$globus$cog$karajan$util$serialization$RestrictedClassMapper;

    public RestrictedClassMapper(ClassMapper classMapper) {
        super(classMapper);
        Class cls;
        this.wrapped = classMapper;
        if (class$org$globus$cog$karajan$util$serialization$RestrictedClassMapper == null) {
            cls = class$("org.globus.cog.karajan.util.serialization.RestrictedClassMapper");
            class$org$globus$cog$karajan$util$serialization$RestrictedClassMapper = cls;
        } else {
            cls = class$org$globus$cog$karajan$util$serialization$RestrictedClassMapper;
        }
        Class cls2 = cls;
        synchronized (cls) {
            if (allowedPackages == null) {
                allowedPackages = new HashSet();
                allowedClasses = new HashSet();
                disallowedClasses = new HashSet();
                loadProperties();
            }
        }
    }

    private void loadProperties() {
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream(PROPERTIES);
        if (resourceAsStream == null) {
            throw new SecurityException("Could find class deserialization restrictions");
        }
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(resourceAsStream));
        try {
            for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
                if (!readLine.startsWith("#") && readLine.length() != 0) {
                    int indexOf = readLine.indexOf(61);
                    if (indexOf == -1) {
                        logger.warn(new StringBuffer().append("Invalid line in karajan-restricted-classes.properties: ").append(readLine).toString());
                    } else {
                        String lowerCase = readLine.substring(0, indexOf).trim().toLowerCase();
                        String lowerCase2 = readLine.substring(indexOf + 1).trim().toLowerCase();
                        if (lowerCase.equals("package.allow")) {
                            allowedPackages.add(lowerCase2);
                        } else if (lowerCase.equals("class.disallow")) {
                            disallowedClasses.add(lowerCase2);
                        } else {
                            logger.warn(new StringBuffer().append("Unrecognized property name (").append(lowerCase).append(") in ").append(PROPERTIES).append(", line ").append(readLine).toString());
                        }
                    }
                }
            }
            bufferedReader.close();
        } catch (Exception e) {
            throw new SecurityException("Could not load class deserialization restrictions");
        }
    }

    protected Class checkClass(Class cls) {
        if (cls == null) {
            return null;
        }
        String name = cls.getName();
        synchronized (allowedClasses) {
            if (allowedClasses.contains(name)) {
                return cls;
            }
            if (disallowedClasses.contains(name)) {
                throw new SecurityException(new StringBuffer().append("Deserialization of class ").append(name).append(" is not allowed").toString());
            }
            Iterator it = allowedPackages.iterator();
            while (it.hasNext()) {
                if (name.startsWith((String) it.next())) {
                    synchronized (allowedClasses) {
                        allowedClasses.add(name);
                    }
                    return cls;
                }
            }
            return cls;
        }
    }

    @Override // com.thoughtworks.xstream.mapper.MapperWrapper, com.thoughtworks.xstream.alias.ClassMapper
    public Class lookupType(String str) {
        return checkClass(super.lookupType(str));
    }

    @Override // com.thoughtworks.xstream.mapper.MapperWrapper, com.thoughtworks.xstream.alias.ClassMapper
    public Class lookupDefaultType(Class cls) {
        return checkClass(super.lookupDefaultType(cls));
    }

    @Override // com.thoughtworks.xstream.mapper.MapperWrapper, com.thoughtworks.xstream.alias.ClassMapper
    public Class getOverrideRootType() {
        return checkClass(super.getOverrideRootType());
    }

    @Override // com.thoughtworks.xstream.mapper.MapperWrapper
    public Class realClass(String str) {
        return checkClass(super.realClass(str));
    }

    @Override // com.thoughtworks.xstream.mapper.MapperWrapper
    public Class defaultImplementationOf(Class cls) {
        return checkClass(super.defaultImplementationOf(cls));
    }

    @Override // com.thoughtworks.xstream.mapper.MapperWrapper
    public Mapper.ImplicitCollectionMapping getImplicitCollectionDefForFieldName(Class cls, String str) {
        Mapper.ImplicitCollectionMapping implicitCollectionDefForFieldName = super.getImplicitCollectionDefForFieldName(cls, str);
        checkClass(implicitCollectionDefForFieldName.getItemType());
        return implicitCollectionDefForFieldName;
    }

    @Override // com.thoughtworks.xstream.mapper.MapperWrapper
    public Class getItemTypeForItemFieldName(Class cls, String str) {
        return checkClass(super.getItemTypeForItemFieldName(cls, str));
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$globus$cog$karajan$util$serialization$RestrictedClassMapper == null) {
            cls = class$("org.globus.cog.karajan.util.serialization.RestrictedClassMapper");
            class$org$globus$cog$karajan$util$serialization$RestrictedClassMapper = cls;
        } else {
            cls = class$org$globus$cog$karajan$util$serialization$RestrictedClassMapper;
        }
        logger = Logger.getLogger(cls);
    }
}
