package org.apache.dubbo.common.utils;

import java.io.IOException;
import java.lang.reflect.Field;
import java.lang.reflect.GenericArrayType;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.lang.reflect.ParameterizedType;
import java.lang.reflect.Type;
import java.lang.reflect.TypeVariable;
import java.lang.reflect.WildcardType;
import java.net.URL;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.dubbo.common.constants.CommonConstants;
import org.apache.dubbo.common.constants.LoggerCodeConstants;
import org.apache.dubbo.common.logger.ErrorTypeAwareLogger;
import org.apache.dubbo.common.logger.LoggerFactory;
import org.apache.dubbo.rpc.model.FrameworkModel;

/* loaded from: input_file:org/apache/dubbo/common/utils/SerializeSecurityManager.class */
public class SerializeSecurityManager {
    private static final ErrorTypeAwareLogger logger = LoggerFactory.getErrorTypeAwareLogger((Class<?>) SerializeSecurityManager.class);
    private volatile SerializeCheckStatus checkStatus;
    private final Set<String> allowedPrefix = new LinkedHashSet();
    private final SerializeClassChecker checker = SerializeClassChecker.getInstance();
    private final Set<AllowClassNotifyListener> listeners = new ConcurrentHashSet();

    public SerializeSecurityManager(FrameworkModel frameworkModel) {
        this.checkStatus = AllowClassNotifyListener.DEFAULT_STATUS;
        try {
            for (URL url : (List) ClassLoaderResourceLoader.loadResources(CommonConstants.SERIALIZE_ALLOW_LIST_FILE_PATH, frameworkModel.getClassLoaders()).values().stream().flatMap((v0) -> {
                return v0.stream();
            }).collect(Collectors.toList())) {
                try {
                    logger.info("Read serialize allow list from " + url);
                    for (String str : IOUtils.readLines(url.openStream())) {
                        String trim = str.trim();
                        if (!StringUtils.isEmpty(trim) && !trim.startsWith("#")) {
                            this.allowedPrefix.add(trim);
                        }
                    }
                } catch (IOException e) {
                    logger.error(LoggerCodeConstants.COMMON_IO_EXCEPTION, "", "", "Failed to load allow class list! Will ignore allow lis from " + url, e);
                }
            }
            this.checkStatus = SerializeCheckStatus.valueOf(System.getProperty(CommonConstants.SERIALIZE_CHECK_STATUS_KEY, AllowClassNotifyListener.DEFAULT_STATUS.name()));
            logger.info("Serialize check level: " + this.checkStatus.name());
        } catch (InterruptedException e2) {
            logger.error(LoggerCodeConstants.INTERNAL_INTERRUPTED, "", "", "Failed to load allow class list! Will ignore allow list from configuration.", e2);
            Thread.currentThread().interrupt();
        }
    }

    public void registerInterface(Class<?> cls) {
        HashSet hashSet = new HashSet();
        hashSet.add(cls);
        addToAllow(cls.getName());
        for (Method method : cls.getMethods()) {
            for (Class<?> cls2 : method.getParameterTypes()) {
                checkClass(hashSet, cls2);
            }
            for (Type type : method.getGenericParameterTypes()) {
                checkType(hashSet, type);
            }
            checkClass(hashSet, method.getReturnType());
            checkType(hashSet, method.getGenericReturnType());
            for (Class<?> cls3 : method.getExceptionTypes()) {
                checkClass(hashSet, cls3);
            }
            for (Type type2 : method.getGenericExceptionTypes()) {
                checkType(hashSet, type2);
            }
        }
    }

    private void checkType(Set<Class<?>> set, Type type) {
        if (type instanceof Class) {
            checkClass(set, (Class) type);
            return;
        }
        if (type instanceof ParameterizedType) {
            ParameterizedType parameterizedType = (ParameterizedType) type;
            checkClass(set, (Class) parameterizedType.getRawType());
            for (Type type2 : parameterizedType.getActualTypeArguments()) {
                checkType(set, type2);
            }
            return;
        }
        if (type instanceof GenericArrayType) {
            checkType(set, ((GenericArrayType) type).getGenericComponentType());
            return;
        }
        if (type instanceof TypeVariable) {
            for (Type type3 : ((TypeVariable) type).getBounds()) {
                checkType(set, type3);
            }
            return;
        }
        if (type instanceof WildcardType) {
            WildcardType wildcardType = (WildcardType) type;
            for (Type type4 : wildcardType.getUpperBounds()) {
                checkType(set, type4);
            }
            for (Type type5 : wildcardType.getLowerBounds()) {
                checkType(set, type5);
            }
        }
    }

    private void checkClass(Set<Class<?>> set, Class<?> cls) {
        if (set.contains(cls)) {
            return;
        }
        set.add(cls);
        addToAllow(cls.getName());
        for (Class<?> cls2 : cls.getInterfaces()) {
            checkClass(set, cls2);
        }
        Class<? super Object> superclass = cls.getSuperclass();
        if (superclass != null) {
            checkClass(set, superclass);
        }
        for (Field field : cls.getDeclaredFields()) {
            if (!Modifier.isTransient(field.getModifiers())) {
                checkClass(set, field.getType());
                checkType(set, field.getGenericType());
            }
        }
    }

    protected void addToAllow(String str) {
        if (this.checker.validateClass(str, false)) {
            if (str.startsWith("java.") || str.startsWith("javax.") || str.startsWith("com.sun.") || str.startsWith("sun.") || str.startsWith("jdk.")) {
                if (this.allowedPrefix.add(str)) {
                    notifyListeners();
                }
            } else {
                String[] split = str.split(CommonConstants.DOT_REGEX);
                if (split.length > 3 ? this.allowedPrefix.add(split[0] + "." + split[1] + "." + split[2]) : this.allowedPrefix.add(str)) {
                    notifyListeners();
                }
            }
        }
    }

    public void registerListener(AllowClassNotifyListener allowClassNotifyListener) {
        this.listeners.add(allowClassNotifyListener);
        allowClassNotifyListener.notify(this.checkStatus, this.allowedPrefix);
    }

    private void notifyListeners() {
        Iterator<AllowClassNotifyListener> it = this.listeners.iterator();
        while (it.hasNext()) {
            it.next().notify(this.checkStatus, this.allowedPrefix);
        }
    }

    protected Set<String> getAllowedPrefix() {
        return this.allowedPrefix;
    }
}
