package org.apache.dubbo.common.utils;

import java.io.IOException;
import java.lang.reflect.Field;
import java.lang.reflect.GenericArrayType;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.lang.reflect.ParameterizedType;
import java.lang.reflect.Type;
import java.lang.reflect.TypeVariable;
import java.lang.reflect.WildcardType;
import java.net.URL;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.dubbo.common.constants.CommonConstants;
import org.apache.dubbo.common.constants.LoggerCodeConstants;
import org.apache.dubbo.common.logger.ErrorTypeAwareLogger;
import org.apache.dubbo.common.logger.LoggerFactory;
import org.apache.dubbo.config.ApplicationConfig;
import org.apache.dubbo.rpc.model.ModuleModel;
import org.apache.dubbo.rpc.model.ScopeClassLoaderListener;

/* loaded from: input_file:org/apache/dubbo/common/utils/SerializeSecurityConfigurator.class */
public class SerializeSecurityConfigurator implements ScopeClassLoaderListener<ModuleModel> {
    private final SerializeSecurityManager serializeSecurityManager;
    private static final ErrorTypeAwareLogger logger = LoggerFactory.getErrorTypeAwareLogger((Class<?>) SerializeSecurityConfigurator.class);
    private final ModuleModel moduleModel;
    private volatile boolean autoTrustSerializeClass = true;
    private volatile int trustSerializeClassLevel = Integer.MAX_VALUE;

    public SerializeSecurityConfigurator(ModuleModel moduleModel) {
        this.moduleModel = moduleModel;
        moduleModel.addClassLoaderListener(this);
        this.serializeSecurityManager = (SerializeSecurityManager) moduleModel.getApplicationModel().getFrameworkModel().getBeanFactory().getBean(SerializeSecurityManager.class);
        refreshStatus();
        refreshCheck();
        refreshConfig();
        onAddClassLoader(moduleModel, Thread.currentThread().getContextClassLoader());
    }

    public void refreshCheck() {
        Optional<ApplicationConfig> application = this.moduleModel.getApplicationModel().getApplicationConfigManager().getApplication();
        this.autoTrustSerializeClass = ((Boolean) application.map((v0) -> {
            return v0.getAutoTrustSerializeClass();
        }).orElse(true)).booleanValue();
        this.trustSerializeClassLevel = ((Integer) application.map((v0) -> {
            return v0.getTrustSerializeClassLevel();
        }).orElse(Integer.MAX_VALUE)).intValue();
        this.serializeSecurityManager.setCheckSerializable(((Boolean) application.map((v0) -> {
            return v0.getCheckSerializable();
        }).orElse(true)).booleanValue());
    }

    @Override // org.apache.dubbo.rpc.model.ScopeClassLoaderListener
    public void onAddClassLoader(ModuleModel moduleModel, ClassLoader classLoader) {
        refreshClassLoader(classLoader);
    }

    @Override // org.apache.dubbo.rpc.model.ScopeClassLoaderListener
    public void onRemoveClassLoader(ModuleModel moduleModel, ClassLoader classLoader) {
    }

    private void refreshClassLoader(ClassLoader classLoader) {
        loadAllow(classLoader);
        loadBlocked(classLoader);
    }

    private void refreshConfig() {
        String trim = System.getProperty(CommonConstants.CLASS_DESERIALIZE_ALLOWED_LIST, "").trim();
        String trim2 = System.getProperty(CommonConstants.CLASS_DESERIALIZE_BLOCKED_LIST, "").trim();
        if (StringUtils.isNotEmpty(trim)) {
            for (String str : trim.trim().split(",")) {
                String trim3 = str.trim();
                if (StringUtils.isNotEmpty(trim3)) {
                    this.serializeSecurityManager.addToAlwaysAllowed(trim3);
                }
            }
        }
        if (StringUtils.isNotEmpty(trim2)) {
            for (String str2 : trim2.trim().split(",")) {
                String trim4 = str2.trim();
                if (StringUtils.isNotEmpty(trim4)) {
                    this.serializeSecurityManager.addToDisAllowed(trim4);
                }
            }
        }
    }

    private void loadAllow(ClassLoader classLoader) {
        for (URL url : ClassLoaderResourceLoader.loadResources(CommonConstants.SERIALIZE_ALLOW_LIST_FILE_PATH, classLoader)) {
            try {
                logger.info("Read serialize allow list from " + url);
                for (String str : IOUtils.readLines(url.openStream())) {
                    String trim = str.trim();
                    if (!StringUtils.isEmpty(trim) && !trim.startsWith("#")) {
                        this.serializeSecurityManager.addToAlwaysAllowed(trim);
                    }
                }
            } catch (IOException e) {
                logger.error(LoggerCodeConstants.COMMON_IO_EXCEPTION, "", "", "Failed to load allow class list! Will ignore allow lis from " + url, e);
            }
        }
    }

    private void loadBlocked(ClassLoader classLoader) {
        for (URL url : ClassLoaderResourceLoader.loadResources(CommonConstants.SERIALIZE_BLOCKED_LIST_FILE_PATH, classLoader)) {
            try {
                logger.info("Read serialize blocked list from " + url);
                for (String str : IOUtils.readLines(url.openStream())) {
                    String trim = str.trim();
                    if (!StringUtils.isEmpty(trim) && !trim.startsWith("#")) {
                        this.serializeSecurityManager.addToDisAllowed(trim);
                    }
                }
            } catch (IOException e) {
                logger.error(LoggerCodeConstants.COMMON_IO_EXCEPTION, "", "", "Failed to load blocked class list! Will ignore blocked lis from " + url, e);
            }
        }
    }

    public void refreshStatus() {
        String str = (String) this.moduleModel.getApplicationModel().getApplicationConfigManager().getApplication().map((v0) -> {
            return v0.getSerializeCheckStatus();
        }).orElse(null);
        SerializeCheckStatus serializeCheckStatus = null;
        if (StringUtils.isEmpty(str)) {
            if (!Boolean.parseBoolean(System.getProperty(CommonConstants.CLASS_DESERIALIZE_OPEN_CHECK, CommonConstants.GENERIC_SERIALIZATION_DEFAULT))) {
                serializeCheckStatus = SerializeCheckStatus.DISABLE;
            }
            if (Boolean.parseBoolean(System.getProperty(CommonConstants.CLASS_DESERIALIZE_BLOCK_ALL, "false"))) {
                serializeCheckStatus = SerializeCheckStatus.STRICT;
            }
        } else {
            serializeCheckStatus = SerializeCheckStatus.valueOf(str);
        }
        if (serializeCheckStatus != null) {
            this.serializeSecurityManager.setCheckStatus(serializeCheckStatus);
        }
    }

    public synchronized void registerInterface(Class<?> cls) {
        if (this.autoTrustSerializeClass) {
            HashSet hashSet = new HashSet();
            checkClass(hashSet, cls);
            addToAllow(cls.getName());
            for (Method method : cls.getMethods()) {
                for (Class<?> cls2 : method.getParameterTypes()) {
                    checkClass(hashSet, cls2);
                }
                for (Type type : method.getGenericParameterTypes()) {
                    checkType(hashSet, type);
                }
                checkClass(hashSet, method.getReturnType());
                checkType(hashSet, method.getGenericReturnType());
                for (Class<?> cls3 : method.getExceptionTypes()) {
                    checkClass(hashSet, cls3);
                }
                for (Type type2 : method.getGenericExceptionTypes()) {
                    checkType(hashSet, type2);
                }
            }
        }
    }

    private void checkType(Set<Type> set, Type type) {
        if (type == null) {
            return;
        }
        if (type instanceof Class) {
            checkClass(set, (Class) type);
            return;
        }
        if (set.add(type)) {
            if (type instanceof ParameterizedType) {
                ParameterizedType parameterizedType = (ParameterizedType) type;
                checkClass(set, (Class) parameterizedType.getRawType());
                for (Type type2 : parameterizedType.getActualTypeArguments()) {
                    checkType(set, type2);
                }
                return;
            }
            if (type instanceof GenericArrayType) {
                checkType(set, ((GenericArrayType) type).getGenericComponentType());
                return;
            }
            if (type instanceof TypeVariable) {
                for (Type type3 : ((TypeVariable) type).getBounds()) {
                    checkType(set, type3);
                }
                return;
            }
            if (type instanceof WildcardType) {
                WildcardType wildcardType = (WildcardType) type;
                for (Type type4 : wildcardType.getUpperBounds()) {
                    checkType(set, type4);
                }
                for (Type type5 : wildcardType.getLowerBounds()) {
                    checkType(set, type5);
                }
            }
        }
    }

    private void checkClass(Set<Type> set, Class<?> cls) {
        if (cls != null && set.add(cls)) {
            addToAllow(cls.getName());
            if (ClassUtils.isSimpleType(cls) || cls.isPrimitive() || cls.isArray()) {
                return;
            }
            String name = cls.getName();
            if (name.startsWith("java.") || name.startsWith("javax.") || name.startsWith("com.sun.") || name.startsWith("sun.") || name.startsWith("jdk.")) {
                return;
            }
            for (Class<?> cls2 : cls.getInterfaces()) {
                checkClass(set, cls2);
            }
            for (Type type : cls.getGenericInterfaces()) {
                checkType(set, type);
            }
            Class<? super Object> superclass = cls.getSuperclass();
            if (superclass != null) {
                checkClass(set, superclass);
            }
            Type genericSuperclass = cls.getGenericSuperclass();
            if (genericSuperclass != null) {
                checkType(set, genericSuperclass);
            }
            for (Field field : cls.getDeclaredFields()) {
                if (!Modifier.isTransient(field.getModifiers())) {
                    checkClass(set, field.getType());
                    checkType(set, field.getGenericType());
                }
            }
        }
    }

    private void addToAllow(String str) {
        if (str.startsWith("java.") || str.startsWith("javax.") || str.startsWith("com.sun.") || str.startsWith("sun.") || str.startsWith("jdk.")) {
            this.serializeSecurityManager.addToAllowed(str);
            return;
        }
        String[] split = str.split(CommonConstants.DOT_REGEX);
        if (split.length > this.trustSerializeClassLevel) {
            this.serializeSecurityManager.addToAllowed(((String) Arrays.stream(split).limit(this.trustSerializeClassLevel).collect(Collectors.joining("."))) + ".");
        } else {
            this.serializeSecurityManager.addToAllowed(str);
        }
    }
}
