package org.apache.velocity.util.introspection;

import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.lang3.ClassUtils;
import org.apache.velocity.runtime.RuntimeServices;
import org.apache.velocity.runtime.log.Log;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/framework-bundles/org.apache.servicemix.bundles.velocity-1.7_6.jar:org/apache/velocity/util/introspection/SecureIntrospectorImpl.class
 */
/* loaded from: input_file:WEB-INF/lib/velocity-1.6.4-atlassian-24.jar:org/apache/velocity/util/introspection/SecureIntrospectorImpl.class */
public class SecureIntrospectorImpl extends Introspector implements SecureIntrospectorControl {
    private final Set<Class> badClasses;
    private final Set<String> badPackages;
    private final Set<String> allowlistClasses;
    private final Map<String, Boolean> checkedClasses;

    public SecureIntrospectorImpl(String[] strArr, String[] strArr2, String[] strArr3, Log log, RuntimeServices runtimeServices) {
        super(log, runtimeServices);
        this.checkedClasses = new ConcurrentHashMap();
        this.badClasses = Collections.unmodifiableSet(prepareClassSet(Arrays.asList(strArr)));
        this.allowlistClasses = Collections.unmodifiableSet(new HashSet(Arrays.asList(strArr3)));
        this.badPackages = Collections.unmodifiableSet(new HashSet(Arrays.asList(strArr2)));
    }

    @Override // org.apache.velocity.util.introspection.Introspector, org.apache.velocity.util.introspection.IntrospectorBase
    public Method getMethod(Class cls, String str, Object[] objArr) throws IllegalArgumentException {
        if (checkObjectExecutePermission(cls, str)) {
            return super.getMethod(cls, str, objArr);
        }
        this.log.warn("Cannot retrieve method " + str + " from object of class " + cls.getName() + " due to security restrictions.");
        return null;
    }

    public boolean checkObjectExecutePermission(Class cls, String str) {
        if (str != null && (str.equals("wait") || str.equals("notify"))) {
            return false;
        }
        if (Number.class.isAssignableFrom(cls) || Boolean.class.isAssignableFrom(cls) || String.class.isAssignableFrom(cls)) {
            return true;
        }
        if (Class.class.isAssignableFrom(cls) && str != null && str.equals("getName")) {
            return true;
        }
        return this.checkedClasses.computeIfAbsent(cls.getName(), str2 -> {
            try {
                return Boolean.valueOf(isAllowedClass(cls));
            } catch (ClassNotFoundException e) {
                this.log.error("Class not found", e);
                return true;
            }
        }).booleanValue();
    }

    private boolean isAllowedClass(Class cls) throws ClassNotFoundException {
        if (this.badClasses.stream().filter(cls2 -> {
            return cls2.isAssignableFrom(cls);
        }).findFirst().isPresent()) {
            return false;
        }
        boolean z = true;
        String name = cls.getName();
        if (name.startsWith("[L") && name.endsWith(";")) {
            z = isAllowedClass(Class.forName(name.substring(2, name.length() - 1)));
        } else {
            Iterator<Class<?>> allInterfacesAndClassIterator = getAllInterfacesAndClassIterator(cls);
            while (allInterfacesAndClassIterator.hasNext() && z) {
                String name2 = allInterfacesAndClassIterator.next().getName();
                if (!this.allowlistClasses.contains(name2) && populateParentPackages(name2, new ArrayList()).stream().filter(str -> {
                    return this.badPackages.contains(str);
                }).findFirst().isPresent()) {
                    z = false;
                }
            }
        }
        return z;
    }

    private Set<Class> prepareClassSet(List<String> list) {
        HashSet hashSet = new HashSet();
        for (String str : list) {
            try {
                hashSet.add(Class.forName(str));
            } catch (ClassNotFoundException e) {
                this.log.warn(String.format("Cannot find class %s for security introspection in velocity classloader.", str));
            }
        }
        return hashSet;
    }

    private static List<String> populateParentPackages(String str, List<String> list) {
        int lastIndexOf = str.lastIndexOf(46);
        if (lastIndexOf != -1) {
            String substring = str.substring(0, lastIndexOf);
            list.add(substring);
            populateParentPackages(substring, list);
        }
        return list;
    }

    private Iterator<Class<?>> getAllInterfacesAndClassIterator(Class cls) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(cls);
        arrayList.addAll(ClassUtils.getAllInterfaces(cls));
        arrayList.addAll(ClassUtils.getAllSuperclasses(cls));
        return arrayList.iterator();
    }
}
