package com.immomo.rhizobia.rhizobia_J.deserialization;

import com.immomo.rhizobia.rhizobia_J.csrf.CSRFTokenUtils;
import java.io.IOException;
import java.io.InputStream;
import java.io.InvalidClassException;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/immomo/rhizobia/rhizobia_J/deserialization/SecureObjectInputStream.class */
public class SecureObjectInputStream extends ObjectInputStream {
    private List<String> arrayClassWhiteList;
    private static Logger logger = Logger.getLogger(CSRFTokenUtils.class);

    public SecureObjectInputStream() throws IOException {
        this.arrayClassWhiteList = new ArrayList();
    }

    public SecureObjectInputStream(InputStream inputStream) throws IOException {
        super(inputStream);
        this.arrayClassWhiteList = new ArrayList();
    }

    public SecureObjectInputStream(String[] strArr) throws IOException {
        this.arrayClassWhiteList = new ArrayList();
        for (String str : strArr) {
            if (null == str) {
                logger.warn("白名单列表有空值");
            } else {
                this.arrayClassWhiteList.add(str);
            }
        }
    }

    public SecureObjectInputStream(InputStream inputStream, String[] strArr) throws IOException {
        super(inputStream);
        this.arrayClassWhiteList = new ArrayList();
        for (String str : strArr) {
            if (null == str) {
                logger.warn("白名单列表有空值");
            } else {
                this.arrayClassWhiteList.add(str);
            }
        }
    }

    public SecureObjectInputStream(List<String> list) throws IOException {
        this.arrayClassWhiteList = new ArrayList();
        for (String str : list) {
            if (null == str) {
                logger.warn("白名单列表有空值");
            } else {
                this.arrayClassWhiteList.add(str);
            }
        }
    }

    public SecureObjectInputStream(InputStream inputStream, List<String> list) throws IOException {
        super(inputStream);
        this.arrayClassWhiteList = new ArrayList();
        for (String str : list) {
            if (null == str) {
                logger.warn("白名单列表有空值");
            } else {
                this.arrayClassWhiteList.add(str);
            }
        }
    }

    @Override // java.io.ObjectInputStream
    protected Class<?> resolveClass(ObjectStreamClass objectStreamClass) throws IOException, ClassNotFoundException {
        if (0 != this.arrayClassWhiteList.size()) {
            boolean z = false;
            String name = objectStreamClass.getName();
            Iterator<String> it = this.arrayClassWhiteList.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (it.next().equals(name)) {
                    z = true;
                    break;
                }
            }
            if (false == z) {
                logger.error("Unauthorized deserialization class");
                throw new InvalidClassException("Unauthorized deserialization class", objectStreamClass.getName());
            }
        }
        return super.resolveClass(objectStreamClass);
    }
}
