package com.atlassian.bamboo.persister.xstream;

import com.atlassian.bamboo.utils.SystemProperty;
import com.atlassian.bamboo.utils.xstream.converters.ConverterFactory;
import com.thoughtworks.xstream.XStream;
import com.thoughtworks.xstream.converters.Converter;
import com.thoughtworks.xstream.converters.MarshallingContext;
import com.thoughtworks.xstream.converters.UnmarshallingContext;
import com.thoughtworks.xstream.io.HierarchicalStreamReader;
import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
import com.thoughtworks.xstream.security.NoTypePermission;
import com.thoughtworks.xstream.security.TypePermission;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/atlassian/bamboo/persister/xstream/SecureXStreamFactory.class */
public class SecureXStreamFactory implements XStreamFactory {
    private static final Logger log = LogManager.getLogger(SecureXStreamFactory.class);
    private final XStreamFactory xStreamFactory;
    private final TypePermission securityProvider;
    private final List<ConverterFactory> customConverters;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/bamboo/persister/xstream/SecureXStreamFactory$PermissionBasedConverter.class */
    public static class PermissionBasedConverter implements Converter {
        private final TypePermission typePermission;

        private PermissionBasedConverter(TypePermission typePermission) {
            this.typePermission = typePermission;
        }

        public void marshal(Object obj, HierarchicalStreamWriter hierarchicalStreamWriter, MarshallingContext marshallingContext) {
            SecureXStreamFactory.log.warn("[" + (obj == null ? "null" : obj.getClass().toString()) + "] at " + XStreamUtils.getPath(hierarchicalStreamWriter) + " won't be marshalled");
        }

        @Nullable
        public Object unmarshal(HierarchicalStreamReader hierarchicalStreamReader, UnmarshallingContext unmarshallingContext) {
            SecureXStreamFactory.log.warn(String.format("Class is not allowed to be unmarshalled, returning null for node '%s' with value '%s' of class %s within object of class %s", hierarchicalStreamReader.getNodeName(), hierarchicalStreamReader.getValue(), unmarshallingContext.getRequiredType(), getCurrentObjectClassName(unmarshallingContext)));
            return null;
        }

        private String getCurrentObjectClassName(UnmarshallingContext unmarshallingContext) {
            return (unmarshallingContext == null || unmarshallingContext.currentObject() == null) ? "null" : unmarshallingContext.currentObject().getClass().getName();
        }

        public boolean canConvert(Class cls) {
            return !this.typePermission.allows(cls);
        }
    }

    public SecureXStreamFactory(XStreamFactory xStreamFactory, TypePermission typePermission) {
        this(xStreamFactory, typePermission, new ArrayList());
    }

    public SecureXStreamFactory(XStreamFactory xStreamFactory, TypePermission typePermission, List<ConverterFactory> list) {
        this.xStreamFactory = xStreamFactory;
        this.securityProvider = typePermission;
        this.customConverters = list;
    }

    @Override // com.atlassian.bamboo.persister.xstream.XStreamFactory
    @NotNull
    public XStream createXStream() {
        XStream createXStream = this.xStreamFactory.createXStream();
        secureXStream(createXStream);
        return createXStream;
    }

    @Override // com.atlassian.bamboo.persister.xstream.XStreamFactory
    @NotNull
    public XStream createXStream(@Nullable ClassLoader classLoader) {
        XStream createXStream = this.xStreamFactory.createXStream(classLoader);
        secureXStream(createXStream);
        return createXStream;
    }

    @Override // com.atlassian.bamboo.persister.xstream.XStreamFactory
    @NotNull
    public XStream createCompactXStream() {
        XStream createCompactXStream = this.xStreamFactory.createCompactXStream();
        secureXStream(createCompactXStream);
        return createCompactXStream;
    }

    private void secureXStream(XStream xStream) {
        if (SystemProperty.DISABLE_SERIALIZATION_SECURITY.getTypedValue()) {
            if (log.isTraceEnabled()) {
                log.trace(String.format("System property %s prevents securing XStream instance", SystemProperty.DISABLE_SERIALIZATION_SECURITY.getKey()));
            }
        } else {
            xStream.addPermission(NoTypePermission.NONE);
            xStream.addPermission(this.securityProvider);
            applyConverters(xStream);
        }
    }

    private void applyConverters(XStream xStream) {
        xStream.registerConverter(new PermissionBasedConverter(this.securityProvider), 10000);
        Iterator<ConverterFactory> it = this.customConverters.iterator();
        while (it.hasNext()) {
            xStream.registerConverter(it.next().createConverter(xStream));
        }
    }
}
