package org.openjdk.jmc.common.io;

import java.io.FilterInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import java.util.Collection;
import java.util.HashSet;

/* loaded from: input_file:profiling/org/openjdk/jmc/common/io/ValidatingObjectInputStream.classdata */
public class ValidatingObjectInputStream extends ObjectInputStream {
    private LimitedInputStream in;
    private Collection<Class<?>> safeClasses;
    private int maxObjects;
    private int readObjects;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:profiling/org/openjdk/jmc/common/io/ValidatingObjectInputStream$LimitedInputStream.classdata */
    public static class LimitedInputStream extends FilterInputStream {
        private long maxBytes;
        private long readBytes;

        public LimitedInputStream(InputStream inputStream, long j) {
            super(inputStream);
            this.readBytes = 0L;
            this.maxBytes = j;
        }

        @Override // java.io.FilterInputStream, java.io.InputStream
        public int read() throws IOException {
            checkLength(1);
            int read = super.read();
            if (read != -1) {
                this.readBytes++;
            }
            return read;
        }

        @Override // java.io.FilterInputStream, java.io.InputStream
        public int read(byte[] bArr, int i, int i2) throws IOException {
            checkLength(i2);
            int read = super.read(bArr, i, i2);
            if (read > 0) {
                this.readBytes += read;
            }
            return read;
        }

        private void checkLength(int i) {
            if (this.readBytes + i > this.maxBytes) {
                throw new SecurityException("Attempting to read too many bytes from stream, read=" + (this.readBytes + i) + " limit=" + this.maxBytes);
            }
        }

        public void updateValidation(long j) {
            this.maxBytes = j;
            this.readBytes = 0L;
        }
    }

    private ValidatingObjectInputStream(LimitedInputStream limitedInputStream) throws IOException {
        super(limitedInputStream);
        this.safeClasses = null;
        this.maxObjects = 0;
        this.readObjects = 0;
        this.in = limitedInputStream;
        enableResolveObject(true);
    }

    public static ValidatingObjectInputStream build(InputStream inputStream) throws IOException {
        return new ValidatingObjectInputStream(new LimitedInputStream(inputStream, 4L));
    }

    public <T> T safeReadObject(Class<T> cls, Collection<Class<?>> collection, int i, long j) throws ClassNotFoundException, IOException, ClassCastException {
        HashSet hashSet = new HashSet();
        hashSet.add(cls);
        if (collection != null) {
            hashSet.addAll(collection);
        }
        updateValidation(hashSet, i, j);
        T t = (T) readObject();
        zeroValidation();
        return t;
    }

    public long safeReadLong() throws IOException {
        updateValidation(null, 0, 10L);
        return super.readLong();
    }

    private void updateValidation(Collection<Class<?>> collection, int i, long j) {
        this.safeClasses = collection;
        this.maxObjects = i;
        this.readObjects = 0;
        this.in.updateValidation(j);
    }

    private void zeroValidation() {
        this.safeClasses = null;
        this.maxObjects = 0;
        this.in.updateValidation(0L);
    }

    @Override // java.io.ObjectInputStream
    protected Object resolveObject(Object obj) throws IOException {
        int i = this.readObjects;
        this.readObjects = i + 1;
        if (i > this.maxObjects) {
            throw new SecurityException("Attempting to deserialize too many objects from stream, limit=" + this.maxObjects);
        }
        return super.resolveObject(obj);
    }

    @Override // java.io.ObjectInputStream
    protected Class<?> resolveClass(ObjectStreamClass objectStreamClass) throws IOException, ClassNotFoundException {
        Class<?> resolveClass = super.resolveClass(objectStreamClass);
        if (this.safeClasses == null || !(this.safeClasses.contains(resolveClass) || resolveClass.isArray())) {
            throw new SecurityException("Attempting to deserialize non-whitelisted class: " + resolveClass.getName());
        }
        return resolveClass;
    }
}
