package com.ibm.ws.kernel.instrument.serialfilter.config;

import com.ibm.ws.kernel.instrument.serialfilter.digest.Checksums;
import com.ibm.ws.kernel.instrument.serialfilter.util.CallStackWalker;
import com.ibm.ws.kernel.instrument.serialfilter.util.MessageUtil;
import com.ibm.ws.kernel.instrument.serialfilter.util.trie.ConcurrentTrie;
import com.ibm.ws.kernel.instrument.serialfilter.util.trie.Trie;
import java.io.Externalizable;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.Serializable;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:com/ibm/ws/kernel/instrument/serialfilter/config/ConfigImpl.class */
final class ConfigImpl implements Config {
    private final ConcurrentTrie<ValidationMode> validationModes = new ConcurrentTrie<>();
    private final ConcurrentTrie<PermissionMode> permissions = new ConcurrentTrie<>();
    private final List<Initializer> initializers;
    private ValidationMode defaultValidationMode;
    private static final Checksums CHECKSUMS = Checksums.getInstance();
    private static final Class<Externalizable> EXTERN = Externalizable.class;
    private static final Class<Serializable> SERIAL = Serializable.class;
    private static final Map<? super String, ? extends ConfigSetting<String, Boolean>> MODES_BY_NAME = createModesMap();
    private static final String DEFAULT_KEY = SpecifierFormat.internalize("*");
    static final Initializer SET_DEFAULT_CONFIG = new Initializer() { // from class: com.ibm.ws.kernel.instrument.serialfilter.config.ConfigImpl.1
        @Override // com.ibm.ws.kernel.instrument.serialfilter.config.ConfigImpl.Initializer
        void init(ConfigImpl configImpl) {
            Logger logger = Logger.getLogger(ConfigImpl.class.getName());
            Properties properties = new Properties();
            properties.setProperty("*", "REJECT");
            if (logger.isLoggable(Level.FINE)) {
                logger.fine("Setting default configuration *=REJECT");
            }
            configImpl.load(properties);
        }
    };
    static final Initializer READ_INTERNAL_CONFIG = new Initializer() { // from class: com.ibm.ws.kernel.instrument.serialfilter.config.ConfigImpl.2
        @Override // com.ibm.ws.kernel.instrument.serialfilter.config.ConfigImpl.Initializer
        void init(ConfigImpl configImpl) {
            Logger logger = Logger.getLogger(ConfigImpl.class.getName());
            InputStream inputStream = (InputStream) AccessController.doPrivileged(new PrivilegedAction<InputStream>() { // from class: com.ibm.ws.kernel.instrument.serialfilter.config.ConfigImpl.2.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public InputStream run() {
                    return ConfigImpl.class.getResourceAsStream("default.properties");
                }
            });
            if (inputStream == null) {
                throw new Error("Could not read internal configuration file");
            }
            Properties properties = new Properties();
            try {
                try {
                    properties.load(inputStream);
                    if (logger.isLoggable(Level.FINE)) {
                        logger.fine("Reading default config from " + inputStream);
                    }
                    configImpl.load(properties);
                    if (logger.isLoggable(Level.FINE)) {
                        logger.fine("Finished reading default config.");
                    }
                } catch (IOException e) {
                    logger.severe(MessageUtil.format("SF_ERROR_DEFAULT_CONFIGURATION", inputStream, e.getMessage()));
                    try {
                        inputStream.close();
                    } catch (IOException e2) {
                    }
                }
            } finally {
                try {
                    inputStream.close();
                } catch (IOException e3) {
                }
            }
        }
    };
    static final Initializer READ_SYSTEM_CONFIG = new Initializer() { // from class: com.ibm.ws.kernel.instrument.serialfilter.config.ConfigImpl.3
        @Override // com.ibm.ws.kernel.instrument.serialfilter.config.ConfigImpl.Initializer
        void init(ConfigImpl configImpl) {
            Logger logger = Logger.getLogger(ConfigImpl.class.getName());
            String str = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: com.ibm.ws.kernel.instrument.serialfilter.config.ConfigImpl.3.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public String run() {
                    return System.getProperty(Config.FILE_PROPERTY);
                }
            });
            if (str == null) {
                if (logger.isLoggable(Level.FINE)) {
                    logger.fine("No configuration file specified for serialization validation.");
                    return;
                }
                return;
            }
            final File file = new File(str);
            if (!file.isFile()) {
                logger.severe(MessageUtil.format("SF_ERROR_SYSTEM_CONFIGURATION_NOT_FIND", str));
                return;
            }
            try {
                Properties properties = new Properties();
                properties.load((FileReader) AccessController.doPrivileged(new PrivilegedExceptionAction<FileReader>() { // from class: com.ibm.ws.kernel.instrument.serialfilter.config.ConfigImpl.3.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public FileReader run() throws IOException {
                        return new FileReader(file);
                    }
                }));
                if (logger.isLoggable(Level.FINE)) {
                    logger.fine("Reading system config from " + str);
                }
                configImpl.load(properties);
                if (logger.isLoggable(Level.FINE)) {
                    logger.fine("Finished reading system config.");
                }
            } catch (IOException e) {
                logger.severe(MessageUtil.format("SF_ERROR_SYSTEM_CONFIGURATION", str, e));
            } catch (PrivilegedActionException e2) {
                logger.severe(MessageUtil.format("SF_ERROR_SYSTEM_CONFIGURATION", str, e2));
            }
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/ibm/ws/kernel/instrument/serialfilter/config/ConfigImpl$Initializer.class */
    public static abstract class Initializer {
        Initializer() {
        }

        abstract void init(ConfigImpl configImpl);
    }

    private static Map<String, ConfigSetting<String, Boolean>> createModesMap() {
        HashMap hashMap = new HashMap();
        for (ValidationMode validationMode : ValidationMode.values()) {
            hashMap.put(validationMode.name(), validationMode);
        }
        for (PermissionMode permissionMode : PermissionMode.values()) {
            hashMap.put(permissionMode.name(), permissionMode);
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConfigImpl(Initializer... initializerArr) {
        this.initializers = Collections.unmodifiableList(new ArrayList(Arrays.asList(initializerArr)));
        init();
    }

    private void init() {
        Iterator<Initializer> it = this.initializers.iterator();
        while (it.hasNext()) {
            it.next().init(this);
        }
        this.defaultValidationMode = this.validationModes.get(DEFAULT_KEY);
        if (this.defaultValidationMode != null) {
            this.validationModes.remove(DEFAULT_KEY);
        } else {
            String format = MessageUtil.format("SF_ERROR_NO_DEFAULT_MODE", new Object[0]);
            Logger.getLogger(ConfigImpl.class.getName()).severe(format);
            throw new Error(format);
        }
    }

    @Override // com.ibm.ws.kernel.instrument.serialfilter.config.SimpleConfig
    public void reset() {
        this.permissions.clear();
        this.validationModes.clear();
        init();
    }

    @Override // com.ibm.ws.kernel.instrument.serialfilter.config.SimpleConfig
    public ValidationMode getDefaultMode() {
        return this.defaultValidationMode;
    }

    @Override // com.ibm.ws.kernel.instrument.serialfilter.config.Config
    public boolean allows(Class<?> cls, Class<?>[] clsArr) {
        return allows(cls, clsArr, false);
    }

    @Override // com.ibm.ws.kernel.instrument.serialfilter.config.Config
    public boolean allows(Class<?> cls, Class<?>[] clsArr, boolean z) {
        Logger logger = Logger.getLogger(ConfigImpl.class.getName());
        if (cls != clsArr[0]) {
            if (!isForbidden(cls)) {
                Class<? extends Serializable> externalizableOrSerializable = externalizableOrSerializable(cls);
                Class<? super Object> superclass = cls.getSuperclass();
                while (true) {
                    Class<? super Object> cls2 = superclass;
                    if (cls2 == null || !externalizableOrSerializable.isAssignableFrom(cls2)) {
                        break;
                    }
                    if (isForbidden(cls2)) {
                        if (logger.isLoggable(Level.FINEST)) {
                            logger.finest("Denied : " + cls + " because of super class : " + cls2);
                        }
                        if (!z) {
                            logger.severe(MessageUtil.format("SF_ERROR_NOT_PERMIT_SUPERCLASS", cls.getName(), cls2.getName()));
                            return false;
                        }
                        if (!logger.isLoggable(Level.INFO)) {
                            return false;
                        }
                        logger.info(MessageUtil.format("SF_INFO_NOT_ON_WHITELIST", cls2.getName()));
                        return false;
                    }
                    superclass = cls2.getSuperclass();
                }
            } else {
                if (logger.isLoggable(Level.FINEST)) {
                    logger.finest("Denied : " + cls);
                }
                if (!z) {
                    logger.severe(MessageUtil.format("SF_ERROR_NOT_PERMIT", cls.getName()));
                    return false;
                }
                if (!logger.isLoggable(Level.INFO)) {
                    return false;
                }
                logger.info(MessageUtil.format("SF_INFO_NOT_ON_WHITELIST", cls.getName()));
                return false;
            }
        }
        clsArr[0] = cls.getSuperclass();
        return true;
    }

    private Class<? extends Serializable> externalizableOrSerializable(Class<?> cls) {
        return EXTERN.isAssignableFrom(cls) ? EXTERN : SERIAL;
    }

    private boolean isForbidden(Class<?> cls) {
        Logger logger = Logger.getLogger(ConfigImpl.class.getName());
        Trie.Entry<PermissionMode> longestPrefixEntry = this.permissions.getLongestPrefixEntry(SpecifierFormat.internalize(cls.getName()));
        if (logger.isLoggable(Level.FINEST)) {
            logger.finest("Searching on class " + cls + " returns " + SpecifierFormat.externalize(longestPrefixEntry.getKey()) + "=" + longestPrefixEntry.getValue());
        }
        return longestPrefixEntry.getValue().isProhibitive;
    }

    @Override // com.ibm.ws.kernel.instrument.serialfilter.config.Config
    public ValidationMode getModeForStack(Class<?> cls) {
        Logger logger = Logger.getLogger(ConfigImpl.class.getName());
        if (this.validationModes.isEmpty()) {
            return this.defaultValidationMode;
        }
        CallStackWalker skipTo = CallStackWalker.forCurrentThread().skipTo(ObjectInputStream.class);
        LinkedHashSet<Class> linkedHashSet = new LinkedHashSet();
        Class<?> cls2 = cls;
        while (true) {
            Class<?> cls3 = cls2;
            if (cls3 == InputStream.class) {
                break;
            }
            linkedHashSet.add(cls3);
            cls2 = cls3.getSuperclass();
        }
        while (skipTo.size() > 0 && linkedHashSet.contains(skipTo.topClass()) && "<init>".equals(skipTo.topMethod())) {
            skipTo.pop();
        }
        while (skipTo.size() > 0) {
            if (logger.isLoggable(Level.FINER)) {
                logger.finer("Searching for validation mode setting for " + skipTo.topClass().getName() + '#' + skipTo.topMethod());
            }
            ValidationMode modeForMethod = getModeForMethod(skipTo);
            if (modeForMethod != null) {
                if (logger.isLoggable(Level.FINE)) {
                    logger.fine("Found validation mode " + modeForMethod + " for caller method " + skipTo.topClass().getName() + '#' + skipTo.topMethod());
                }
                return modeForMethod;
            }
            skipTo.pop();
        }
        for (Class cls4 : linkedHashSet) {
            if (logger.isLoggable(Level.FINER)) {
                logger.finer("Searching for validation mode setting for " + cls4.getName());
            }
            ValidationMode validationMode = getValidationMode(cls4.getName());
            if (validationMode != null) {
                if (logger.isLoggable(Level.FINE)) {
                    logger.fine("Found validation mode " + validationMode + " for stream class " + skipTo.topClass());
                }
                return validationMode;
            }
        }
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("No mode configured, returning default validation    mode: " + this.defaultValidationMode);
        }
        return this.defaultValidationMode;
    }

    private ValidationMode getModeForMethod(CallStackWalker callStackWalker) {
        return getValidationMode(callStackWalker.topClass().getName() + "#" + callStackWalker.topMethod());
    }

    @Override // com.ibm.ws.kernel.instrument.serialfilter.config.SimpleConfig
    public ValidationMode getValidationMode(String str) {
        Logger logger = Logger.getLogger(ConfigImpl.class.getName());
        switch (SpecifierFormat.fromString(str)) {
            case CLASS:
            case METHOD:
                return this.validationModes.getLongestPrefixValue(SpecifierFormat.internalize(str));
            case METHOD_PREFIX:
            case PREFIX:
                logger.severe(MessageUtil.format("SF_ERROR_GET_MODE_VALUE_PREFIX", str));
                return null;
            case DIGEST:
                logger.severe(MessageUtil.format("SF_ERROR_GET_MODE_VALUE_DIGEST", str));
                return null;
            case UNKNOWN:
            default:
                logger.severe(MessageUtil.format("SF_ERROR_GET_MODE_VALUE_UNKNOWN", str));
                return null;
        }
    }

    @Override // com.ibm.ws.kernel.instrument.serialfilter.config.SimpleConfig
    public boolean setValidationMode(ValidationMode validationMode, String str) {
        Logger logger = Logger.getLogger(ConfigImpl.class.getName());
        if (logger.isLoggable(Level.FINEST)) {
            logger.finest("Setting validation mode " + validationMode + " for '" + str + "'");
        }
        switch (SpecifierFormat.fromString(str)) {
            case CLASS:
            case METHOD:
            case METHOD_PREFIX:
            case PREFIX:
                return validationMode != this.validationModes.put2(SpecifierFormat.internalize(str), (String) validationMode);
            case DIGEST:
                logger.severe(MessageUtil.format("SF_ERROR_SET_MODE_VALUE_DIGEST", str));
                return false;
            case UNKNOWN:
            default:
                logger.severe(MessageUtil.format("SF_ERROR_SET_MODE_VALUE_UNKNOWN", str));
                return false;
        }
    }

    @Override // com.ibm.ws.kernel.instrument.serialfilter.config.SimpleConfig
    public boolean setPermission(PermissionMode permissionMode, String str) {
        Logger logger = Logger.getLogger(ConfigImpl.class.getName());
        if (logger.isLoggable(Level.FINEST)) {
            logger.finest("Setting permission " + permissionMode + " for '" + str + "'");
        }
        switch (SpecifierFormat.fromString(str)) {
            case CLASS:
            case PREFIX:
            case DIGEST:
                return permissionMode == this.permissions.put2(SpecifierFormat.internalize(str), (String) permissionMode);
            case METHOD:
            case METHOD_PREFIX:
                logger.severe(MessageUtil.format("SF_ERROR_SET_PERMISSION_VALUE_METHOD", str));
                return false;
            case UNKNOWN:
            default:
                logger.severe(MessageUtil.format("SF_ERROR_SET_PERMISSION_VALUE_UNKNOWN", str));
                return false;
        }
    }

    @Override // com.ibm.ws.kernel.instrument.serialfilter.config.SimpleConfig
    public void load(Properties properties) {
        Logger logger = Logger.getLogger(ConfigImpl.class.getName());
        for (Map.Entry entry : properties.entrySet()) {
            if (entry.getKey() instanceof String) {
                if (!(entry.getValue() instanceof String)) {
                    logger.severe(MessageUtil.format("SF_ERROR_LOAD_PROPERTY_VALUE", entry.getValue()));
                }
                String str = (String) entry.getKey();
                for (String str2 : ((String) entry.getValue()).trim().split(" *[ ,] *")) {
                    ConfigSetting<String, Boolean> configSetting = MODES_BY_NAME.get(str2);
                    if (configSetting == null) {
                        logger.severe(MessageUtil.format("SF_ERROR_LOAD_PROPERTY_NOT_MATCH", str2, entry));
                    } else {
                        configSetting.apply(this, str);
                    }
                }
            } else {
                logger.severe(MessageUtil.format("SF_ERROR_LOAD_PROPERTY_KEY", entry.getKey()));
            }
        }
    }
}
