package com.atlassian.confluence.setup.xstream;

import com.atlassian.core.util.PairType;
import com.google.common.collect.ImmutableSet;
import com.thoughtworks.xstream.converters.ConversionException;
import com.thoughtworks.xstream.converters.Converter;
import com.thoughtworks.xstream.converters.MarshallingContext;
import com.thoughtworks.xstream.converters.UnmarshallingContext;
import com.thoughtworks.xstream.io.HierarchicalStreamReader;
import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
import java.net.URI;
import java.sql.Timestamp;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/confluence/setup/xstream/XStreamSecurityClassFilter.class */
public class XStreamSecurityClassFilter implements Converter {
    private static final Logger log = LoggerFactory.getLogger(XStreamSecurityClassFilter.class);
    private static final Set<Class<?>> ALLOWED_TYPE_HIERARCHIES = ImmutableSet.of(Collection.class, Map.class, Number.class);
    private static final Set<Class<?>> ALLOWED_TYPES = ImmutableSet.of(String.class, Boolean.class, Date.class, GregorianCalendar.class, URI.class, Timestamp.class, new Class[]{PairType.class});
    private static final Set<String> ALLOWED_PACKAGES = ImmutableSet.of("com.atlassian.confluence.", "java.util.concurrent.atomic.", "javax.mail.internet.InternetAddress", "com.gliffy.plugin.confluence.", "com.balsamiq.mockups.", "com.adaptavist.confluence.", new String[]{"org.swift.confluence."});
    private final Set<String> EXTRA_ALLOW_PACKAGES;

    public XStreamSecurityClassFilter() {
        String property = System.getProperty("xstream.whitelist.extra");
        if (StringUtils.isNotBlank(property)) {
            this.EXTRA_ALLOW_PACKAGES = Collections.unmodifiableSet((Set) Pattern.compile("\\s*,\\s*").splitAsStream(property).map(str -> {
                return str.trim();
            }).filter(str2 -> {
                return StringUtils.isNotBlank(str2);
            }).distinct().collect(Collectors.toSet()));
        } else {
            this.EXTRA_ALLOW_PACKAGES = Collections.emptySet();
        }
    }

    public boolean canConvert(Class cls) {
        if (isAllowed(cls)) {
            return false;
        }
        String str = "XStream error: Class " + cls.getCanonicalName() + " has not been whitelisted";
        log.error(str);
        throw new ConversionException(str);
    }

    private boolean isAllowed(Class cls) {
        return cls.isPrimitive() || cls.isEnum() || Enum.class.isAssignableFrom(cls) || ALLOWED_PACKAGES.stream().anyMatch(str -> {
            return cls.getCanonicalName().startsWith(str);
        }) || this.EXTRA_ALLOW_PACKAGES.stream().anyMatch(str2 -> {
            return cls.getCanonicalName().startsWith(str2);
        }) || ALLOWED_TYPE_HIERARCHIES.stream().anyMatch(cls2 -> {
            return cls2.isAssignableFrom(cls);
        }) || ALLOWED_TYPES.stream().anyMatch(cls3 -> {
            return cls3 == cls;
        });
    }

    public void marshal(Object obj, HierarchicalStreamWriter hierarchicalStreamWriter, MarshallingContext marshallingContext) {
        throw new UnsupportedOperationException("Non-whitelisted class should not be marshalled");
    }

    public Object unmarshal(HierarchicalStreamReader hierarchicalStreamReader, UnmarshallingContext unmarshallingContext) {
        throw new UnsupportedOperationException("Non-whitelisted class should not be unmarshalled");
    }
}
