package freemarker.core;

import freemarker.template.Template;
import freemarker.template.TemplateException;
import freemarker.template.utility.ClassUtil;
import freemarker.template.utility.StringUtil;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-310-07.zip:modules/system/layers/soa/org/freemarker/main/freemarker-2.3.19.jar:freemarker/core/OptInTemplateClassResolver.class */
public class OptInTemplateClassResolver implements TemplateClassResolver {
    private final Set allowedClasses;
    private final List trustedTemplatePrefixes;
    private final Set trustedTemplateNames;

    public OptInTemplateClassResolver(Set set, List list) {
        this.allowedClasses = set != null ? set : Collections.EMPTY_SET;
        if (list == null) {
            this.trustedTemplateNames = Collections.EMPTY_SET;
            this.trustedTemplatePrefixes = Collections.EMPTY_LIST;
            return;
        }
        this.trustedTemplateNames = new HashSet();
        this.trustedTemplatePrefixes = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            str = str.startsWith("/") ? str.substring(1) : str;
            if (str.endsWith("*")) {
                this.trustedTemplatePrefixes.add(str.substring(0, str.length() - 1));
            } else {
                this.trustedTemplateNames.add(str);
            }
        }
    }

    @Override // freemarker.core.TemplateClassResolver
    public Class resolve(String str, Environment environment, Template template) throws TemplateException {
        String safeGetTemplateName = safeGetTemplateName(template);
        if (safeGetTemplateName != null && (this.trustedTemplateNames.contains(safeGetTemplateName) || hasMatchingPrefix(safeGetTemplateName))) {
            return TemplateClassResolver.SAFER_RESOLVER.resolve(str, environment, template);
        }
        if (!this.allowedClasses.contains(str)) {
            throw new TemplateException(new StringBuffer().append("Instantiating ").append(str).append(" is not allowed in the ").append("template for security reasons. (If you meet this problem ").append("when using ?new in a template, you may want to look ").append("at the \"").append(Configurable.NEW_BUILTIN_CLASS_RESOLVER_KEY).append("\" setting in the FreeMarker configuration.)").toString(), environment);
        }
        try {
            return ClassUtil.forName(str);
        } catch (ClassNotFoundException e) {
            throw new TemplateException(e, environment);
        }
    }

    protected String safeGetTemplateName(Template template) {
        String name;
        if (template == null || (name = template.getName()) == null) {
            return null;
        }
        String str = name;
        if (str.indexOf(37) != -1) {
            str = StringUtil.replace(StringUtil.replace(StringUtil.replace(StringUtil.replace(StringUtil.replace(StringUtil.replace(str, "%2e", ".", false, false), "%2E", ".", false, false), "%2f", "/", false, false), "%2F", "/", false, false), "%5c", "\\", false, false), "%5C", "\\", false, false);
        }
        int indexOf = str.indexOf("..");
        if (indexOf != -1) {
            char charAt = indexOf - 1 >= 0 ? str.charAt(indexOf - 1) : (char) 65535;
            char charAt2 = indexOf + 2 < str.length() ? str.charAt(indexOf + 2) : (char) 65535;
            if ((charAt == 65535 || charAt == '/' || charAt == '\\') && (charAt2 == 65535 || charAt2 == '/' || charAt2 == '\\')) {
                return null;
            }
        }
        return name.startsWith("/") ? name.substring(1) : name;
    }

    private boolean hasMatchingPrefix(String str) {
        for (int i = 0; i < this.trustedTemplatePrefixes.size(); i++) {
            if (str.startsWith((String) this.trustedTemplatePrefixes.get(i))) {
                return true;
            }
        }
        return false;
    }
}
