package com.baidu.scan.safesdk;

import com.dd.plist.ASCIIPropertyListParser;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputFilter;
import java.io.ObjectInputStream;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;

/* loaded from: classes8.dex */
public class SafeObjectInputStream extends ObjectInputStream {
    private static String DEFAULT_RULE = null;
    private static final String DISABLE_RULE = "!org.apache.commons.collections.functors.**;!org.apache.commons.collections4.functors.**;!org.codehaus.groovy.runtime.ConvertedClosure;!org.codehaus.groovy.runtime.MethodClosure;!org.codehaus.groovy.runtime.ConversionHandler;!org.springframework.transaction.support.AbstractPlatformTransactionManager;!org.springframework.beans.factory.ObjectFactory;!com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;!org.apache.commons.fileupload.**;!org.apache.commons.beanutils.**;!java.rmi.activation.**;!java.rmi.server.UnicastRemoteObject;!java.rmi.server.RemoteObjectInvocationHandler;!java.rmi.server.RemoteObject;!sun.rmi.server.**;!javassist.**";
    private static String GLOBAL_RULE;
    private Set<Class<?>> whitelist;

    /* loaded from: classes8.dex */
    public class ConfigFilter implements ObjectInputFilter {
        public ObjectInputFilter filter = ObjectInputFilter.Config.createFilter(SafeObjectInputStream.DEFAULT_RULE);

        public ConfigFilter() {
        }

        public ObjectInputFilter.Status checkInput(ObjectInputFilter.FilterInfo filterInfo) {
            return filterInfo.serialClass() == null ? ObjectInputFilter.Status.UNDECIDED : (SafeObjectInputStream.this.whitelist == null || !SafeObjectInputStream.this.whitelist.contains(filterInfo.serialClass())) ? this.filter.checkInput(filterInfo) : ObjectInputFilter.Status.ALLOWED;
        }
    }

    static {
        String str;
        String serialFilter = ConfigManager.getSerialFilter();
        GLOBAL_RULE = serialFilter;
        if (serialFilter == null || serialFilter.isEmpty()) {
            str = "!org.apache.commons.collections.functors.**;!org.apache.commons.collections4.functors.**;!org.codehaus.groovy.runtime.ConvertedClosure;!org.codehaus.groovy.runtime.MethodClosure;!org.codehaus.groovy.runtime.ConversionHandler;!org.springframework.transaction.support.AbstractPlatformTransactionManager;!org.springframework.beans.factory.ObjectFactory;!com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;!org.apache.commons.fileupload.**;!org.apache.commons.beanutils.**;!java.rmi.activation.**;!java.rmi.server.UnicastRemoteObject;!java.rmi.server.RemoteObjectInvocationHandler;!java.rmi.server.RemoteObject;!sun.rmi.server.**;!javassist.**;!*";
        } else {
            str = "!org.apache.commons.collections.functors.**;!org.apache.commons.collections4.functors.**;!org.codehaus.groovy.runtime.ConvertedClosure;!org.codehaus.groovy.runtime.MethodClosure;!org.codehaus.groovy.runtime.ConversionHandler;!org.springframework.transaction.support.AbstractPlatformTransactionManager;!org.springframework.beans.factory.ObjectFactory;!com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;!org.apache.commons.fileupload.**;!org.apache.commons.beanutils.**;!java.rmi.activation.**;!java.rmi.server.UnicastRemoteObject;!java.rmi.server.RemoteObjectInvocationHandler;!java.rmi.server.RemoteObject;!sun.rmi.server.**;!javassist.**;" + GLOBAL_RULE + ";!*";
        }
        DEFAULT_RULE = str;
    }

    public SafeObjectInputStream(InputStream inputStream) throws IOException {
        super(inputStream);
    }

    private String formatRule(String str) {
        if (str == null || str.isEmpty()) {
            return DEFAULT_RULE;
        }
        StringBuilder sb = new StringBuilder();
        String[] split = str.split(";");
        int i = 0;
        while (true) {
            if (i >= split.length) {
                break;
            }
            if (split[i].contains("*")) {
                String substring = str.substring(sb.length());
                sb.append(DISABLE_RULE);
                sb.append(ASCIIPropertyListParser.DICTIONARY_ITEM_DELIMITER_TOKEN);
                sb.append(substring);
                break;
            }
            sb.append(split[i]);
            sb.append(ASCIIPropertyListParser.DICTIONARY_ITEM_DELIMITER_TOKEN);
            i++;
        }
        if (i == split.length) {
            sb.append(DISABLE_RULE);
        }
        String str2 = GLOBAL_RULE;
        if (str2 != null && !str2.isEmpty()) {
            sb.append(";");
            sb.append(GLOBAL_RULE);
        }
        sb.append(";!*");
        return sb.toString();
    }

    public Object readObject(String str) throws IOException, ClassNotFoundException {
        setObjectInputFilter(ObjectInputFilter.Config.createFilter(formatRule(str)));
        return super.readObject();
    }

    public Object readObject(Class<?>... clsArr) throws ClassNotFoundException, IOException {
        if (clsArr != null) {
            this.whitelist = new HashSet(Arrays.asList(clsArr));
        }
        setObjectInputFilter(new ConfigFilter());
        return super.readObject();
    }

    public Object readObject(String[] strArr) throws ClassNotFoundException, IOException {
        this.whitelist = new HashSet();
        if (strArr != null) {
            for (String str : strArr) {
                this.whitelist.add(Class.forName(str));
            }
        }
        setObjectInputFilter(new ConfigFilter());
        return super.readObject();
    }
}
