package org.apache.dubbo.common.utils;

import java.io.Serializable;
import java.util.Arrays;
import java.util.Set;
import org.apache.dubbo.common.constants.LoggerCodeConstants;
import org.apache.dubbo.common.logger.ErrorTypeAwareLogger;
import org.apache.dubbo.common.logger.LoggerFactory;
import org.apache.dubbo.rpc.model.FrameworkModel;

/* loaded from: input_file:org/apache/dubbo/common/utils/DefaultSerializeClassChecker.class */
public class DefaultSerializeClassChecker implements AllowClassNotifyListener {
    private static final long MAGIC_HASH_CODE = -3750763034362895579L;
    private static final long MAGIC_PRIME = 1099511628211L;
    private static final ErrorTypeAwareLogger logger = LoggerFactory.getErrorTypeAwareLogger((Class<?>) DefaultSerializeClassChecker.class);
    private final SerializeSecurityManager serializeSecurityManager;
    private volatile SerializeCheckStatus checkStatus = AllowClassNotifyListener.DEFAULT_STATUS;
    private volatile boolean checkSerializable = true;
    private volatile long[] allowPrefixes = new long[0];
    private volatile long[] disAllowPrefixes = new long[0];

    public DefaultSerializeClassChecker(FrameworkModel frameworkModel) {
        this.serializeSecurityManager = (SerializeSecurityManager) frameworkModel.getBeanFactory().getOrRegisterBean(SerializeSecurityManager.class);
        this.serializeSecurityManager.registerListener(this);
    }

    @Override // org.apache.dubbo.common.utils.AllowClassNotifyListener
    public synchronized void notifyPrefix(Set<String> set, Set<String> set2) {
        this.allowPrefixes = loadPrefix(set);
        this.disAllowPrefixes = loadPrefix(set2);
    }

    @Override // org.apache.dubbo.common.utils.AllowClassNotifyListener
    public synchronized void notifyCheckStatus(SerializeCheckStatus serializeCheckStatus) {
        this.checkStatus = serializeCheckStatus;
    }

    @Override // org.apache.dubbo.common.utils.AllowClassNotifyListener
    public synchronized void notifyCheckSerializable(boolean z) {
        this.checkSerializable = z;
    }

    private static long[] loadPrefix(Set<String> set) {
        long[] jArr = new long[set.size()];
        int i = 0;
        for (String str : set) {
            if (str != null && !str.isEmpty()) {
                long j = -3750763034362895579L;
                for (int i2 = 0; i2 < str.length(); i2++) {
                    char charAt = str.charAt(i2);
                    if (charAt == '$') {
                        charAt = '.';
                    }
                    j = (j ^ charAt) * MAGIC_PRIME;
                }
                int i3 = i;
                i++;
                jArr[i3] = j;
            }
        }
        if (i != jArr.length) {
            jArr = Arrays.copyOf(jArr, i);
        }
        Arrays.sort(jArr);
        return jArr;
    }

    public Class<?> loadClass(ClassLoader classLoader, String str) throws ClassNotFoundException {
        Class<?> loadClass0 = loadClass0(classLoader, str);
        if (!this.checkSerializable || loadClass0.isPrimitive() || Serializable.class.isAssignableFrom(loadClass0)) {
            return loadClass0;
        }
        String str2 = "[Serialization Security] Serialized class " + str + " has not implement Serializable interface. Current mode is strict check, will disallow to deserialize it by default. ";
        if (this.serializeSecurityManager.getWarnedClasses().add(str)) {
            logger.error(LoggerCodeConstants.PROTOCOL_UNTRUSTED_SERIALIZE_CLASS, "", "", str2);
        }
        throw new IllegalArgumentException(str2);
    }

    private Class<?> loadClass0(ClassLoader classLoader, String str) throws ClassNotFoundException {
        if (this.checkStatus == SerializeCheckStatus.DISABLE) {
            return ClassUtils.forName(str, classLoader);
        }
        long j = -3750763034362895579L;
        int length = str.length();
        for (int i = 0; i < length; i++) {
            char charAt = str.charAt(i);
            if (charAt == '$') {
                charAt = '.';
            }
            j = (j ^ charAt) * MAGIC_PRIME;
            if (Arrays.binarySearch(this.allowPrefixes, j) >= 0) {
                return ClassUtils.forName(str, classLoader);
            }
        }
        if (this.checkStatus == SerializeCheckStatus.STRICT) {
            String str2 = "[Serialization Security] Serialized class " + str + " is not in allow list. Current mode is `STRICT`, will disallow to deserialize it by default. Please add it into security/serialize.allowlist or follow FAQ to configure it.";
            if (this.serializeSecurityManager.getWarnedClasses().add(str)) {
                logger.error(LoggerCodeConstants.PROTOCOL_UNTRUSTED_SERIALIZE_CLASS, "", "", str2);
            }
            throw new IllegalArgumentException(str2);
        }
        long j2 = -3750763034362895579L;
        int length2 = str.length();
        for (int i2 = 0; i2 < length2; i2++) {
            char charAt2 = str.charAt(i2);
            if (charAt2 == '$') {
                charAt2 = '.';
            }
            j2 = (j2 ^ charAt2) * MAGIC_PRIME;
            if (Arrays.binarySearch(this.disAllowPrefixes, j2) >= 0) {
                String str3 = "[Serialization Security] Serialized class " + str + " is in disallow list. Current mode is `WARN`, will disallow to deserialize it by default. Please add it into security/serialize.allowlist or follow FAQ to configure it.";
                if (this.serializeSecurityManager.getWarnedClasses().add(str)) {
                    logger.warn(LoggerCodeConstants.PROTOCOL_UNTRUSTED_SERIALIZE_CLASS, "", "", str3);
                }
                throw new IllegalArgumentException(str3);
            }
        }
        long j3 = -3750763034362895579L;
        int length3 = str.length();
        for (int i3 = 0; i3 < length3; i3++) {
            char lowerCase = Character.toLowerCase(str.charAt(i3));
            if (lowerCase == '$') {
                lowerCase = '.';
            }
            j3 = (j3 ^ lowerCase) * MAGIC_PRIME;
            if (Arrays.binarySearch(this.disAllowPrefixes, j3) >= 0) {
                String str4 = "[Serialization Security] Serialized class " + str + " is in disallow list. Current mode is `WARN`, will disallow to deserialize it by default. Please add it into security/serialize.allowlist or follow FAQ to configure it.";
                if (this.serializeSecurityManager.getWarnedClasses().add(str)) {
                    logger.warn(LoggerCodeConstants.PROTOCOL_UNTRUSTED_SERIALIZE_CLASS, "", "", str4);
                }
                throw new IllegalArgumentException(str4);
            }
        }
        Class<?> forName = ClassUtils.forName(str, classLoader);
        if (this.serializeSecurityManager.getWarnedClasses().add(str)) {
            logger.warn(LoggerCodeConstants.PROTOCOL_UNTRUSTED_SERIALIZE_CLASS, "", "", "[Serialization Security] Serialized class " + str + " is not in allow list. Current mode is `WARN`, will allow to deserialize it by default. Dubbo will set to `STRICT` mode by default in the future. Please add it into security/serialize.allowlist or follow FAQ to configure it.");
        }
        return forName;
    }

    public static DefaultSerializeClassChecker getInstance() {
        return (DefaultSerializeClassChecker) FrameworkModel.defaultModel().getBeanFactory().getBean(DefaultSerializeClassChecker.class);
    }

    public boolean isCheckSerializable() {
        return this.checkSerializable;
    }
}
