package org.richfaces.util;

import java.io.IOException;
import java.io.InputStream;
import java.io.InvalidClassException;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.richfaces.component.AbstractDataScroller;

/* loaded from: input_file:WEB-INF/lib/richfaces-core-impl-4.3.3.Final.jar:org/richfaces/util/LookAheadObjectInputStream.class */
public class LookAheadObjectInputStream extends ObjectInputStream {
    private static final Map<String, Class<?>> PRIMITIVE_TYPES = new HashMap(9, 1.0f);
    private static Set<Class> whitelistBaseClasses = new HashSet();
    private static Set<String> whitelistClassNameCache = Collections.newSetFromMap(new ConcurrentHashMap());

    public LookAheadObjectInputStream(InputStream inputStream) throws IOException {
        super(inputStream);
    }

    @Override // java.io.ObjectInputStream
    protected Class<?> resolveClass(ObjectStreamClass objectStreamClass) throws IOException, ClassNotFoundException {
        Class<?> cls = PRIMITIVE_TYPES.get(objectStreamClass.getName());
        if (cls != null) {
            return cls;
        }
        if (isClassValid(objectStreamClass.getName())) {
            return super.resolveClass(objectStreamClass);
        }
        throw new InvalidClassException("Unauthorized deserialization attempt", objectStreamClass.getName());
    }

    boolean isClassValid(String str) {
        if (whitelistClassNameCache.contains(str)) {
            return true;
        }
        try {
            Class<?> cls = Class.forName(str);
            Iterator<Class> it = whitelistBaseClasses.iterator();
            while (it.hasNext()) {
                if (it.next().isAssignableFrom(cls)) {
                    whitelistClassNameCache.add(str);
                    return true;
                }
            }
            return false;
        } catch (ClassNotFoundException e) {
            return false;
        }
    }

    static void loadWhitelist() {
        Properties properties = new Properties();
        InputStream inputStream = null;
        try {
            try {
                inputStream = LookAheadObjectInputStream.class.getResourceAsStream("/org/richfaces/resource/resource-serialization.properties");
                properties.load(inputStream);
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e) {
                        throw new RuntimeException("Error closing the ResourceBuilder.properties file", e);
                    }
                }
                for (String str : properties.getProperty("whitelist").split(",")) {
                    try {
                        whitelistBaseClasses.add(Class.forName(str));
                    } catch (ClassNotFoundException e2) {
                        throw new RuntimeException("Unable to load whiteList class " + str, e2);
                    }
                }
            } catch (IOException e3) {
                throw new RuntimeException("Error loading the resource-serialization.properties file", e3);
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e4) {
                    throw new RuntimeException("Error closing the ResourceBuilder.properties file", e4);
                }
            }
            throw th;
        }
    }

    static {
        PRIMITIVE_TYPES.put("bool", Boolean.TYPE);
        PRIMITIVE_TYPES.put("byte", Byte.TYPE);
        PRIMITIVE_TYPES.put("char", Character.TYPE);
        PRIMITIVE_TYPES.put(AbstractDataScroller.PAGEMODE_SHORT, Short.TYPE);
        PRIMITIVE_TYPES.put("int", Integer.TYPE);
        PRIMITIVE_TYPES.put("long", Long.TYPE);
        PRIMITIVE_TYPES.put("float", Float.TYPE);
        PRIMITIVE_TYPES.put("double", Double.TYPE);
        PRIMITIVE_TYPES.put("void", Void.TYPE);
        whitelistClassNameCache.add(new Object[0].getClass().getName());
        whitelistClassNameCache.add(new String[0].getClass().getName());
        whitelistClassNameCache.add(new Boolean[0].getClass().getName());
        whitelistClassNameCache.add(new Byte[0].getClass().getName());
        whitelistClassNameCache.add(new Character[0].getClass().getName());
        whitelistClassNameCache.add(new Short[0].getClass().getName());
        whitelistClassNameCache.add(new Integer[0].getClass().getName());
        whitelistClassNameCache.add(new Long[0].getClass().getName());
        whitelistClassNameCache.add(new Float[0].getClass().getName());
        whitelistClassNameCache.add(new Double[0].getClass().getName());
        whitelistClassNameCache.add(new Void[0].getClass().getName());
        whitelistBaseClasses.add(String.class);
        whitelistBaseClasses.add(Boolean.class);
        whitelistBaseClasses.add(Byte.class);
        whitelistBaseClasses.add(Character.class);
        whitelistBaseClasses.add(Number.class);
        loadWhitelist();
    }
}
