package com.jxdinfo.hussar.platform.core.utils.io;

import com.jxdinfo.hussar.platform.core.utils.CollectionUtil;
import java.io.IOException;
import java.io.InputStream;
import java.io.InvalidClassException;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;

/* loaded from: input_file:BOOT-INF/lib/hussar-platform-core-8.3.4-cus-gyzq-release.2.jar:com/jxdinfo/hussar/platform/core/utils/io/ValidateObjectInputStream.class */
public class ValidateObjectInputStream extends ObjectInputStream {
    private Set<String> whiteClassSet;
    private Set<String> blackClassSet;

    public ValidateObjectInputStream(InputStream inputStream, Class<?>... clsArr) throws IOException {
        super(inputStream);
        accept(clsArr);
    }

    public void refuse(Class<?>... clsArr) {
        if (null == this.blackClassSet) {
            this.blackClassSet = new HashSet();
        }
        for (Class<?> cls : clsArr) {
            this.blackClassSet.add(cls.getName());
        }
    }

    public void accept(Class<?>... clsArr) {
        if (null == this.whiteClassSet) {
            this.whiteClassSet = new HashSet();
        }
        for (Class<?> cls : clsArr) {
            this.whiteClassSet.add(cls.getName());
        }
    }

    @Override // java.io.ObjectInputStream
    protected Class<?> resolveClass(ObjectStreamClass objectStreamClass) throws IOException, ClassNotFoundException {
        validateClassName(objectStreamClass.getName());
        return super.resolveClass(objectStreamClass);
    }

    private void validateClassName(String str) throws InvalidClassException {
        if (CollectionUtil.isNotEmpty((Collection<?>) this.blackClassSet) && this.blackClassSet.contains(str)) {
            throw new InvalidClassException("Unauthorized deserialization attempt by black list", str);
        }
        if (!CollectionUtil.isEmpty((Collection<?>) this.whiteClassSet) && !str.startsWith("java.") && !this.whiteClassSet.contains(str)) {
            throw new InvalidClassException("Unauthorized deserialization attempt", str);
        }
    }
}
