package org.restlet.representation;

import java.beans.XMLDecoder;
import java.beans.XMLEncoder;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.ObjectStreamClass;
import java.io.OutputStream;
import java.io.Serializable;
import org.restlet.data.MediaType;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-344.zip:modules/system/layers/fuse/org/restlet/main/org.restlet-2.3.6.jar:org/restlet/representation/ObjectRepresentation.class */
public class ObjectRepresentation<T extends Serializable> extends OutputRepresentation {
    public static boolean VARIANT_OBJECT_XML_SUPPORTED = Boolean.getBoolean("org.restlet.representation.ObjectRepresentation.VARIANT_OBJECT_XML_SUPPORTED");
    public static boolean VARIANT_OBJECT_BINARY_SUPPORTED = Boolean.getBoolean("org.restlet.representation.ObjectRepresentation.VARIANT_OBJECT_BINARY_SUPPORTED");
    private volatile T object;

    public ObjectRepresentation(Representation representation) throws IOException, ClassNotFoundException, IllegalArgumentException {
        this(representation, (ClassLoader) null);
    }

    public ObjectRepresentation(Representation representation, ClassLoader classLoader) throws IOException, ClassNotFoundException, IllegalArgumentException {
        this(representation, classLoader, VARIANT_OBJECT_BINARY_SUPPORTED, VARIANT_OBJECT_XML_SUPPORTED);
    }

    public ObjectRepresentation(Representation representation, final ClassLoader classLoader, boolean z, boolean z2) throws IOException, ClassNotFoundException, IllegalArgumentException {
        super(MediaType.APPLICATION_JAVA_OBJECT);
        if (MediaType.APPLICATION_JAVA_OBJECT.equals(representation.getMediaType())) {
            if (!z) {
                throw new IllegalArgumentException("SECURITY WARNING: The usage of ObjectInputStream when deserializing binary representations from unstrusted sources can lead to malicious attacks. As pointed here (https://github.com/restlet/restlet-framework-java/issues/778), the ObjectInputStream class is able to force the JVM to execute unwanted Java code. Thus, the support of such format has been disactivated by default. You can activate this support by turning on the following system property: org.restlet.representation.ObjectRepresentation.VARIANT_OBJECT_BINARY_SUPPORTED.");
            }
            setMediaType(MediaType.APPLICATION_JAVA_OBJECT);
            InputStream stream = representation.getStream();
            ObjectInputStream objectInputStream = classLoader != null ? new ObjectInputStream(stream) { // from class: org.restlet.representation.ObjectRepresentation.1
                @Override // java.io.ObjectInputStream
                protected Class<?> resolveClass(ObjectStreamClass objectStreamClass) throws IOException, ClassNotFoundException {
                    return Class.forName(objectStreamClass.getName(), false, classLoader);
                }
            } : new ObjectInputStream(stream);
            this.object = (T) objectInputStream.readObject();
            if (stream.read() != -1) {
                throw new IOException("The input stream has not been fully read.");
            }
            objectInputStream.close();
            return;
        }
        if (!MediaType.APPLICATION_JAVA_OBJECT_XML.equals(representation.getMediaType())) {
            throw new IllegalArgumentException("The serialized representation must have this media type: " + MediaType.APPLICATION_JAVA_OBJECT.toString() + " or this one: " + MediaType.APPLICATION_JAVA_OBJECT_XML.toString());
        }
        if (!z2) {
            throw new IllegalArgumentException("SECURITY WARNING: The usage of XMLDecoder when deserializing XML representations from unstrusted sources can lead to malicious attacks. As pointed here (http://blog.diniscruz.com/2013/08/using-xmldecoder-to-execute-server-side.html), the XMLDecoder class is able to force the JVM to execute unwanted Java code described inside the XML file. Thus, the support of such format has been disactivated by default. You can activate this support by turning on the following system property: org.restlet.representation.ObjectRepresentation.VARIANT_OBJECT_XML_SUPPORTED.");
        }
        setMediaType(MediaType.APPLICATION_JAVA_OBJECT_XML);
        InputStream stream2 = representation.getStream();
        XMLDecoder xMLDecoder = new XMLDecoder(stream2);
        this.object = (T) xMLDecoder.readObject();
        if (stream2.read() != -1) {
            xMLDecoder.close();
            throw new IOException("The input stream has not been fully read.");
        }
        xMLDecoder.close();
    }

    public ObjectRepresentation(T t) {
        super(MediaType.APPLICATION_JAVA_OBJECT);
        this.object = t;
    }

    public ObjectRepresentation(T t, MediaType mediaType) {
        super(mediaType == null ? MediaType.APPLICATION_JAVA_OBJECT : mediaType);
        this.object = t;
    }

    public T getObject() throws IOException {
        return this.object;
    }

    @Override // org.restlet.representation.Representation
    public void release() {
        setObject(null);
        super.release();
    }

    public void setObject(T t) {
        this.object = t;
    }

    @Override // org.restlet.representation.Representation
    public void write(OutputStream outputStream) throws IOException {
        if (MediaType.APPLICATION_JAVA_OBJECT.isCompatible(getMediaType())) {
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(outputStream);
            objectOutputStream.writeObject(getObject());
            objectOutputStream.flush();
        } else if (MediaType.APPLICATION_JAVA_OBJECT_XML.isCompatible(getMediaType())) {
            XMLEncoder xMLEncoder = new XMLEncoder(outputStream);
            xMLEncoder.writeObject(getObject());
            xMLEncoder.close();
        }
    }
}
