package org.apache.dubbo.common.serialize.fastjson2;

import com.alibaba.fastjson2.filter.ContextAutoTypeBeforeHandler;
import com.alibaba.fastjson2.util.TypeUtils;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Stream;
import org.apache.dubbo.common.constants.LoggerCodeConstants;
import org.apache.dubbo.common.logger.ErrorTypeAwareLogger;
import org.apache.dubbo.common.logger.LoggerFactory;
import org.apache.dubbo.common.utils.AllowClassNotifyListener;
import org.apache.dubbo.common.utils.ConcurrentHashSet;
import org.apache.dubbo.common.utils.SerializeCheckStatus;
import org.apache.dubbo.common.utils.SerializeSecurityManager;
import org.apache.dubbo.rpc.model.FrameworkModel;

/* loaded from: input_file:org/apache/dubbo/common/serialize/fastjson2/Fastjson2SecurityManager.class */
public class Fastjson2SecurityManager implements AllowClassNotifyListener {
    private volatile Handler securityFilter;
    private static final ErrorTypeAwareLogger logger = LoggerFactory.getErrorTypeAwareLogger((Class<?>) Fastjson2SecurityManager.class);
    private final SerializeSecurityManager securityManager;
    private volatile SerializeCheckStatus status = AllowClassNotifyListener.DEFAULT_STATUS;
    private volatile boolean checkSerializable = true;
    private volatile Set<String> allowedList = new ConcurrentHashSet(1);
    private volatile Set<String> disAllowedList = new ConcurrentHashSet(1);

    /* loaded from: input_file:org/apache/dubbo/common/serialize/fastjson2/Fastjson2SecurityManager$DenyClass.class */
    private static class DenyClass {
        private DenyClass() {
        }
    }

    /* loaded from: input_file:org/apache/dubbo/common/serialize/fastjson2/Fastjson2SecurityManager$Handler.class */
    public static class Handler extends ContextAutoTypeBeforeHandler {
        final SerializeCheckStatus status;
        final SerializeSecurityManager serializeSecurityManager;
        final Map<String, Class<?>> classCache;
        final Set<String> disAllowedList;
        final boolean checkSerializable;

        public Handler(SerializeCheckStatus serializeCheckStatus, SerializeSecurityManager serializeSecurityManager, boolean z, String[] strArr, Set<String> set) {
            super(true, strArr);
            this.classCache = new ConcurrentHashMap(16, 0.75f, 1);
            this.status = serializeCheckStatus;
            this.serializeSecurityManager = serializeSecurityManager;
            this.checkSerializable = z;
            this.disAllowedList = set;
        }

        public Class<?> apply(String str, Class<?> cls, long j) {
            Class<?> apply = super.apply(str, cls, j);
            if (apply != null) {
                return apply;
            }
            if (this.status == SerializeCheckStatus.STRICT) {
                String str2 = "[Serialization Security] Serialized class " + str + " is not in allow list. Current mode is `STRICT`, will disallow to deserialize it by default. Please add it into security/serialize.allowlist or follow FAQ to configure it.";
                if (this.serializeSecurityManager.getWarnedClasses().add(str)) {
                    Fastjson2SecurityManager.logger.error(LoggerCodeConstants.PROTOCOL_UNTRUSTED_SERIALIZE_CLASS, "", "", str2);
                }
                throw new IllegalArgumentException(str2);
            }
            Class<?> loadClassDirectly = loadClassDirectly(str);
            if (loadClassDirectly == null) {
                return null;
            }
            if (this.status == SerializeCheckStatus.WARN && this.serializeSecurityManager.getWarnedClasses().add(str)) {
                Fastjson2SecurityManager.logger.warn(LoggerCodeConstants.PROTOCOL_UNTRUSTED_SERIALIZE_CLASS, "", "", "[Serialization Security] Serialized class " + loadClassDirectly.getName() + " is not in allow list. Current mode is `WARN`, will allow to deserialize it by default. Dubbo will set to `STRICT` mode by default in the future. Please add it into security/serialize.allowlist or follow FAQ to configure it.");
            }
            return loadClassDirectly;
        }

        public boolean checkIfDisAllow(String str) {
            Stream<String> stream = this.disAllowedList.stream();
            Objects.requireNonNull(str);
            return stream.anyMatch(str::startsWith);
        }

        public boolean isCheckSerializable() {
            return this.checkSerializable;
        }

        public Class<?> loadClassDirectly(String str) {
            Class<?> putIfAbsent;
            Class<?> cls = this.classCache.get(str);
            if (cls == null && checkIfDisAllow(str)) {
                cls = DenyClass.class;
                String str2 = "[Serialization Security] Serialized class " + str + " is in disAllow list. Current mode is `WARN`, will disallow to deserialize it by default. Please add it into security/serialize.allowlist or follow FAQ to configure it.";
                if (this.serializeSecurityManager.getWarnedClasses().add(str)) {
                    Fastjson2SecurityManager.logger.warn(LoggerCodeConstants.PROTOCOL_UNTRUSTED_SERIALIZE_CLASS, "", "", str2);
                }
            }
            if (cls == null) {
                cls = TypeUtils.getMapping(str);
            }
            if (cls == null) {
                cls = TypeUtils.loadClass(str);
            }
            if (cls != null && (putIfAbsent = this.classCache.putIfAbsent(str, cls)) != null) {
                cls = putIfAbsent;
            }
            if (cls == DenyClass.class) {
                return null;
            }
            return cls;
        }
    }

    public Fastjson2SecurityManager(FrameworkModel frameworkModel) {
        this.securityManager = (SerializeSecurityManager) frameworkModel.getBeanFactory().getOrRegisterBean(SerializeSecurityManager.class);
        this.securityManager.registerListener(this);
        this.securityFilter = new Handler(AllowClassNotifyListener.DEFAULT_STATUS, this.securityManager, true, new String[0], new ConcurrentHashSet());
    }

    @Override // org.apache.dubbo.common.utils.AllowClassNotifyListener
    public synchronized void notifyPrefix(Set<String> set, Set<String> set2) {
        this.allowedList = set;
        this.disAllowedList = set2;
        this.securityFilter = new Handler(this.status, this.securityManager, this.checkSerializable, (String[]) this.allowedList.toArray(new String[0]), this.disAllowedList);
    }

    @Override // org.apache.dubbo.common.utils.AllowClassNotifyListener
    public synchronized void notifyCheckStatus(SerializeCheckStatus serializeCheckStatus) {
        this.status = serializeCheckStatus;
        this.securityFilter = new Handler(this.status, this.securityManager, this.checkSerializable, (String[]) this.allowedList.toArray(new String[0]), this.disAllowedList);
    }

    @Override // org.apache.dubbo.common.utils.AllowClassNotifyListener
    public synchronized void notifyCheckSerializable(boolean z) {
        this.checkSerializable = z;
        this.securityFilter = new Handler(this.status, this.securityManager, this.checkSerializable, (String[]) this.allowedList.toArray(new String[0]), this.disAllowedList);
    }

    public Handler getSecurityFilter() {
        return this.securityFilter;
    }
}
