package org.apache.activemq.artemis.tests.unit.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.net.URL;
import java.net.URLClassLoader;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.StringTokenizer;
import org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.EnclosingClass;
import org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.TestClass1;
import org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.TestClass2;
import org.apache.activemq.artemis.tests.util.ActiveMQTestBase;
import org.apache.activemq.artemis.utils.ObjectInputStreamWithClassLoader;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/activemq/artemis/tests/unit/util/ObjectInputStreamWithClassLoaderTest.class */
public class ObjectInputStreamWithClassLoaderTest extends ActiveMQTestBase {

    /* loaded from: input_file:org/apache/activemq/artemis/tests/unit/util/ObjectInputStreamWithClassLoaderTest$AnObject.class */
    private interface AnObject extends Serializable {
        int getMyInt();

        void setMyInt(int i);

        long getMyLong();

        void setMyLong(long j);
    }

    /* loaded from: input_file:org/apache/activemq/artemis/tests/unit/util/ObjectInputStreamWithClassLoaderTest$AnObjectImpl.class */
    private static class AnObjectImpl implements AnObject {
        private static final long serialVersionUID = -5172742084489525256L;
        int myInt;
        long myLong;

        private AnObjectImpl() {
            this.myInt = 0;
            this.myLong = 0L;
        }

        @Override // org.apache.activemq.artemis.tests.unit.util.ObjectInputStreamWithClassLoaderTest.AnObject
        public int getMyInt() {
            return this.myInt;
        }

        @Override // org.apache.activemq.artemis.tests.unit.util.ObjectInputStreamWithClassLoaderTest.AnObject
        public void setMyInt(int i) {
            this.myInt = i;
        }

        @Override // org.apache.activemq.artemis.tests.unit.util.ObjectInputStreamWithClassLoaderTest.AnObject
        public long getMyLong() {
            return this.myLong;
        }

        @Override // org.apache.activemq.artemis.tests.unit.util.ObjectInputStreamWithClassLoaderTest.AnObject
        public void setMyLong(long j) {
            this.myLong = j;
        }
    }

    /* loaded from: input_file:org/apache/activemq/artemis/tests/unit/util/ObjectInputStreamWithClassLoaderTest$AnObjectInvocationHandler.class */
    private static class AnObjectInvocationHandler implements InvocationHandler, Serializable {
        private static final long serialVersionUID = -3875973764178767452L;
        private final AnObject anObject;

        private AnObjectInvocationHandler() {
            this.anObject = new AnObjectImpl();
        }

        @Override // java.lang.reflect.InvocationHandler
        public Object invoke(Object obj, Method method, Object[] objArr) throws Throwable {
            Object invoke = method.invoke(this.anObject, objArr);
            return invoke instanceof Integer ? Integer.valueOf(((Integer) invoke).intValue() * 2) : invoke;
        }
    }

    /* loaded from: input_file:org/apache/activemq/artemis/tests/unit/util/ObjectInputStreamWithClassLoaderTest$ProxyReader.class */
    public static class ProxyReader implements Runnable {
        public ObjectInputStream ois;
        public Object originalProxy;
        public ClassLoader testClassLoader;

        void myAssertNotSame(Object obj, Object obj2) {
            if (obj == obj2) {
                throw new RuntimeException("Expected to be different objects");
            }
        }

        void myAssertSame(Object obj, Object obj2) {
            if (obj != obj2) {
                throw new RuntimeException("Expected to be the same objects");
            }
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                Object readObject = this.ois.readObject();
                System.out.println("Deserialized Object " + readObject);
                myAssertNotSame(this.originalProxy, readObject);
                myAssertNotSame(this.originalProxy.getClass(), readObject.getClass());
                myAssertNotSame(this.originalProxy.getClass().getClassLoader(), readObject.getClass().getClassLoader());
                myAssertSame(this.testClassLoader, readObject.getClass().getClassLoader());
                if (((AnObject) readObject).getMyInt() != 200) {
                    throw new RuntimeException("invalid result");
                }
            } catch (IOException e) {
                throw new RuntimeException(e.getMessage(), e);
            } catch (ClassNotFoundException e2) {
                throw new RuntimeException(e2.getMessage(), e2);
            }
        }
    }

    public static ClassLoader newClassLoader(Class... clsArr) throws Exception {
        HashSet hashSet = new HashSet();
        for (Class cls : clsArr) {
            hashSet.add(cls.getProtectionDomain().getCodeSource().getLocation());
        }
        StringTokenizer stringTokenizer = new StringTokenizer(System.getProperty("java.class.path"), File.pathSeparator);
        String property = System.getProperty("java.home");
        if (property == null) {
            property = ((URL) hashSet.iterator().next()).toString();
        }
        ArrayList arrayList = new ArrayList();
        while (stringTokenizer.hasMoreElements()) {
            URL url = new File(stringTokenizer.nextToken()).toURI().toURL();
            if (!hashSet.contains(url) && url.toString().indexOf(property) >= 0) {
                arrayList.add(url);
            }
        }
        return URLClassLoader.newInstance((URL[]) hashSet.toArray(new URL[0]), URLClassLoader.newInstance((URL[]) arrayList.toArray(new URL[arrayList.size()]), null));
    }

    @Test
    public void testClassLoaderIsolation() throws Exception {
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        try {
            AnObjectImpl anObjectImpl = new AnObjectImpl();
            byte[] bytes = toBytes(anObjectImpl);
            ClassLoader newClassLoader = newClassLoader(anObjectImpl.getClass(), ActiveMQTestBase.class, Assert.class);
            Thread.currentThread().setContextClassLoader(newClassLoader);
            Object readObject = new ObjectInputStreamWithClassLoader(new ByteArrayInputStream(bytes)).readObject();
            Assert.assertNotSame(anObjectImpl, readObject);
            Assert.assertNotSame(anObjectImpl.getClass(), readObject.getClass());
            Assert.assertNotSame(anObjectImpl.getClass().getClassLoader(), readObject.getClass().getClassLoader());
            Assert.assertSame(newClassLoader, readObject.getClass().getClassLoader());
            Thread.currentThread().setContextClassLoader(contextClassLoader);
        } catch (Throwable th) {
            Thread.currentThread().setContextClassLoader(contextClassLoader);
            throw th;
        }
    }

    @Test
    public void testClassLoaderIsolationWithProxy() throws Exception {
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        try {
            AnObject anObject = (AnObject) Proxy.newProxyInstance(AnObject.class.getClassLoader(), new Class[]{AnObject.class}, new AnObjectInvocationHandler());
            anObject.setMyInt(100);
            byte[] bytes = toBytes(anObject);
            ClassLoader newClassLoader = newClassLoader(getClass(), ActiveMQTestBase.class, Assert.class);
            Thread.currentThread().setContextClassLoader(newClassLoader);
            ObjectInputStreamWithClassLoader objectInputStreamWithClassLoader = new ObjectInputStreamWithClassLoader(new ByteArrayInputStream(bytes));
            Runnable runnable = (Runnable) newClassLoader.loadClass(ProxyReader.class.getName()).newInstance();
            runnable.getClass().getField("ois").set(runnable, objectInputStreamWithClassLoader);
            runnable.getClass().getField("testClassLoader").set(runnable, newClassLoader);
            runnable.getClass().getField("originalProxy").set(runnable, anObject);
            runnable.run();
            Thread.currentThread().setContextClassLoader(contextClassLoader);
        } catch (Throwable th) {
            Thread.currentThread().setContextClassLoader(contextClassLoader);
            throw th;
        }
    }

    @Test
    public void testWhiteBlackList() throws Exception {
        File file = new File(this.temporaryFolder.getRoot(), "testclass.bin");
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(new FileOutputStream(file));
        try {
            objectOutputStream.writeObject(new TestClass1());
            objectOutputStream.flush();
            assertNull(readSerializedObject(null, null, file));
            assertNull(readSerializedObject("org.apache.activemq.artemis.tests.unit.util.deserialization", null, file));
            assertNull(readSerializedObject("org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1", null, file));
            assertTrue(readSerializedObject("some.other.package", null, file) instanceof ClassNotFoundException);
            assertTrue(readSerializedObject(null, "org.apache.activemq.artemis.tests.unit.util", file) instanceof ClassNotFoundException);
            assertTrue(readSerializedObject(null, "org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1", file) instanceof ClassNotFoundException);
            assertNull(readSerializedObject(null, "org.apache.activemq.artemis.tests.unit.util.deserialization.pkg2", file));
            assertTrue(readSerializedObject("some.other.package1", "some.other.package", file) instanceof ClassNotFoundException);
            assertTrue(readSerializedObject("org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1", "org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1, some.other.package", file) instanceof ClassNotFoundException);
            assertTrue(readSerializedObject("org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1", "org.apache.activemq.artemis.tests.unit, some.other.package", file) instanceof ClassNotFoundException);
            assertNull(readSerializedObject("org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1", "org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.pkg2, some.other.package", file));
            assertNull(readSerializedObject("org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1", "some.other.package, org.apache.activemq.artemis.tests.unit.util.deserialization.pkg2", file));
            assertTrue(readSerializedObject("org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1", "*", file) instanceof ClassNotFoundException);
            assertTrue(readSerializedObject("*", "*", file) instanceof ClassNotFoundException);
            assertNull(readSerializedObject("*", null, file));
        } finally {
            objectOutputStream.close();
        }
    }

    @Test
    public void testWhiteBlackListAgainstArrayObject() throws Exception {
        File file = new File(this.temporaryFolder.getRoot(), "testclass.bin");
        TestClass1[] testClass1Arr = {new TestClass1()};
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(new FileOutputStream(file));
        try {
            objectOutputStream.writeObject(testClass1Arr);
            objectOutputStream.flush();
            objectOutputStream.close();
            assertNull(readSerializedObject(null, null, file));
            assertTrue(readSerializedObject(null, "org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.TestClass1", file) instanceof ClassNotFoundException);
            assertNull(readSerializedObject("org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.TestClass1", null, file));
        } catch (Throwable th) {
            objectOutputStream.close();
            throw th;
        }
    }

    @Test
    public void testWhiteBlackListAgainstListObject() throws Exception {
        File file = new File(this.temporaryFolder.getRoot(), "testclass.bin");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new TestClass1());
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(new FileOutputStream(file));
        try {
            objectOutputStream.writeObject(arrayList);
            objectOutputStream.flush();
            objectOutputStream.close();
            assertNull(readSerializedObject(null, null, file));
            assertTrue(readSerializedObject(null, "org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.TestClass1", file) instanceof ClassNotFoundException);
            assertTrue(readSerializedObject("org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.TestClass1", null, file) instanceof ClassNotFoundException);
            assertNull(readSerializedObject("org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.TestClass1,java.util.ArrayList", null, file));
        } catch (Throwable th) {
            objectOutputStream.close();
            throw th;
        }
    }

    @Test
    public void testWhiteBlackListAgainstListMapObject() throws Exception {
        File file = new File(this.temporaryFolder.getRoot(), "testclass.bin");
        HashMap hashMap = new HashMap();
        hashMap.put(new TestClass1(), new TestClass2());
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(new FileOutputStream(file));
        try {
            objectOutputStream.writeObject(hashMap);
            objectOutputStream.flush();
            objectOutputStream.close();
            assertNull(readSerializedObject(null, null, file));
            assertTrue(readSerializedObject(null, "org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.TestClass1", file) instanceof ClassNotFoundException);
            assertTrue(readSerializedObject(null, "org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.TestClass2", file) instanceof ClassNotFoundException);
            assertTrue(readSerializedObject("org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.TestClass1", null, file) instanceof ClassNotFoundException);
            assertTrue(readSerializedObject("org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.TestClass2", null, file) instanceof ClassNotFoundException);
            assertTrue(readSerializedObject("org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.TestClass1,org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.TestClass2", null, file) instanceof ClassNotFoundException);
            assertNull(readSerializedObject("org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.TestClass1,org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.TestClass2,java.util.HashMap", null, file));
        } catch (Throwable th) {
            objectOutputStream.close();
            throw th;
        }
    }

    @Test
    public void testWhiteBlackListAnonymousObject() throws Exception {
        File file = new File(this.temporaryFolder.getRoot(), "testclass.bin");
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(new FileOutputStream(file));
        try {
            Serializable serializable = EnclosingClass.anonymousObject;
            assertTrue(serializable.getClass().isAnonymousClass());
            objectOutputStream.writeObject(serializable);
            objectOutputStream.flush();
            objectOutputStream.close();
            assertNull(readSerializedObject(null, null, file));
            assertTrue(readSerializedObject(null, "org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.EnclosingClass", file) instanceof ClassNotFoundException);
            assertNull(readSerializedObject("org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.EnclosingClass", null, file));
        } catch (Throwable th) {
            objectOutputStream.close();
            throw th;
        }
    }

    @Test
    public void testWhiteBlackListLocalObject() throws Exception {
        File file = new File(this.temporaryFolder.getRoot(), "testclass.bin");
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(new FileOutputStream(file));
        try {
            Object localObject = EnclosingClass.getLocalObject();
            assertTrue(localObject.getClass().isLocalClass());
            objectOutputStream.writeObject(localObject);
            objectOutputStream.flush();
            objectOutputStream.close();
            assertNull(readSerializedObject(null, null, file));
            assertTrue(readSerializedObject(null, "org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.EnclosingClass", file) instanceof ClassNotFoundException);
            assertNull(readSerializedObject("org.apache.activemq.artemis.tests.unit.util.deserialization.pkg1.EnclosingClass", null, file));
        } catch (Throwable th) {
            objectOutputStream.close();
            throw th;
        }
    }

    @Test
    public void testWhiteBlackListSystemProperty() throws Exception {
        File file = new File(this.temporaryFolder.getRoot(), "testclass.bin");
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(new FileOutputStream(file));
        try {
            objectOutputStream.writeObject(new TestClass1());
            objectOutputStream.flush();
            System.setProperty("org.apache.activemq.artemis.jms.deserialization.blacklist", "system.defined.black.list");
            System.setProperty("org.apache.activemq.artemis.jms.deserialization.whitelist", "system.defined.white.list");
            try {
                ObjectInputStreamWithClassLoader objectInputStreamWithClassLoader = new ObjectInputStreamWithClassLoader(new FileInputStream(file));
                String blackList = objectInputStreamWithClassLoader.getBlackList();
                String whiteList = objectInputStreamWithClassLoader.getWhiteList();
                assertEquals("wrong black list: " + blackList, "system.defined.black.list", blackList);
                assertEquals("wrong white list: " + whiteList, "system.defined.white.list", whiteList);
                objectInputStreamWithClassLoader.close();
                System.clearProperty("org.apache.activemq.artemis.jms.deserialization.blacklist");
                System.clearProperty("org.apache.activemq.artemis.jms.deserialization.whitelist");
            } catch (Throwable th) {
                System.clearProperty("org.apache.activemq.artemis.jms.deserialization.blacklist");
                System.clearProperty("org.apache.activemq.artemis.jms.deserialization.whitelist");
                throw th;
            }
        } finally {
            objectOutputStream.close();
        }
    }

    private Exception readSerializedObject(String str, String str2, File file) {
        Exception exc = null;
        ObjectInputStreamWithClassLoader objectInputStreamWithClassLoader = null;
        try {
            objectInputStreamWithClassLoader = new ObjectInputStreamWithClassLoader(new FileInputStream(file));
            objectInputStreamWithClassLoader.setWhiteList(str);
            objectInputStreamWithClassLoader.setBlackList(str2);
            objectInputStreamWithClassLoader.readObject();
            try {
                objectInputStreamWithClassLoader.close();
            } catch (IOException e) {
                exc = e;
            }
        } catch (Exception e2) {
            exc = e2;
            try {
                objectInputStreamWithClassLoader.close();
            } catch (IOException e3) {
                exc = e3;
            }
        } catch (Throwable th) {
            try {
                objectInputStreamWithClassLoader.close();
            } catch (IOException e4) {
            }
            throw th;
        }
        return exc;
    }

    private static byte[] toBytes(Object obj) throws IOException {
        Assert.assertTrue(obj instanceof Serializable);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
        objectOutputStream.writeObject(obj);
        objectOutputStream.flush();
        return byteArrayOutputStream.toByteArray();
    }
}
