package com.sankuai.security.sdk.core.deserialization;

import java.io.ByteArrayInputStream;
import java.io.IOException;

/* loaded from: input_file:com/sankuai/security/sdk/core/deserialization/ObjectInputStreamChecker.class */
public class ObjectInputStreamChecker {
    private static final String[] DEFAULT_BLACK_CLASS_PATTERN = {"bsh.XThis", "bsh.Interpreter", "com.mchange.v2.c3p0.PoolBackedDataSource", "com.mchange.v2.c3p0.impl.PoolBackedDataSourceBase", "clojure.lang.PersistentArrayMap", "clojure.inspector.proxy$javax.swing.table.AbstractTableModel$ff19274a", "org.apache.commons.beanutils.BeanComparator", "org.apache.commons.collections.Transformer", "org.apache.commons.collections.functors.ChainedTransformer", "org.apache.commons.collections.functors.ConstantTransformer", "org.apache.commons.collections.functors.InstantiateTransformer", "org.apache.commons.collections.map.LazyMap", "org.apache.commons.collections.functors.InvokerTransformer", "org.apache.commons.collections.keyvalue.TiedMapEntry", "org.apache.commons.collections4.comparators.TransformingComparator", "org.apache.commons.collections4.functors.InvokerTransformer", "org.apache.commons.collections4.functors.ChainedTransformer", "org.apache.commons.collections4.functors.ConstantTransformer", "org.apache.commons.collections4.functors.InstantiateTransformer", "org.apache.commons.fileupload.disk.DiskFileItem", "org.apache.commons.io.output.DeferredFileOutputStream", "org.apache.commons.io.output.ThresholdingOutputStream", "org.apache.wicket.util.upload.DiskFileItem", "org.apache.wicket.util.io.DeferredFileOutputStream", "org.apache.wicket.util.io.ThresholdingOutputStream", "org.codehaus.groovy.runtime.ConvertedClosure", "org.codehaus.groovy.runtime.MethodClosure", "org.hibernate.engine.spi.TypedValue", "org.hibernate.tuple.component.AbstractComponentTuplizer", "org.hibernate.tuple.component.PojoComponentTuplizer", "org.hibernate.type.AbstractType", "org.hibernate.type.ComponentType", "org.hibernate.type.Type", "org.hibernate.EntityMode", "com.sun.rowset.JdbcRowSetImpl", "org.jboss.interceptor.builder.InterceptionModelBuilder", "org.jboss.interceptor.builder.MethodReference", "org.jboss.interceptor.proxy.DefaultInvocationContextFactory", "org.jboss.interceptor.proxy.InterceptorMethodHandler", "org.jboss.interceptor.reader.ClassMetadataInterceptorReference", "org.jboss.interceptor.reader.DefaultMethodMetadata", "org.jboss.interceptor.reader.ReflectiveClassMetadata", "org.jboss.interceptor.reader.SimpleInterceptorMetadata", "org.jboss.interceptor.spi.instance.InterceptorInstantiator", "org.jboss.interceptor.spi.metadata.InterceptorReference", "org.jboss.interceptor.spi.metadata.MethodMetadata", "org.jboss.interceptor.spi.model.InterceptionType", "org.jboss.interceptor.spi.model.InterceptionModel", "sun.rmi.server.UnicastRef", "sun.rmi.transport.LiveRef", "sun.rmi.transport.tcp.TCPEndpoint", "java.rmi.server.RemoteObject", "java.rmi.server.RemoteRef", "java.rmi.server.UnicastRemoteObject", "sun.rmi.server.ActivationGroupImpl", "sun.rmi.server.UnicastServerRef", "org.springframework.aop.framework.AdvisedSupport", "net.sf.json.JSONObject", "org.jboss.weld.interceptor.builder.InterceptionModelBuilder", "org.jboss.weld.interceptor.builder.MethodReference", "org.jboss.weld.interceptor.proxy.DefaultInvocationContextFactory", "org.jboss.weld.interceptor.proxy.InterceptorMethodHandler", "org.jboss.weld.interceptor.reader.ClassMetadataInterceptorReference", "org.jboss.weld.interceptor.reader.DefaultMethodMetadata", "org.jboss.weld.interceptor.reader.ReflectiveClassMetadata", "org.jboss.weld.interceptor.reader.SimpleInterceptorMetadata", "org.jboss.weld.interceptor.spi.instance.InterceptorInstantiator", "org.jboss.weld.interceptor.spi.metadata.InterceptorReference", "org.jboss.weld.interceptor.spi.metadata.MethodMetadata", "org.jboss.weld.interceptor.spi.model.InterceptionModel", "org.jboss.weld.interceptor.spi.model.InterceptionType", "org.python.core.PyObject", "org.python.core.PyBytecode", "org.python.core.PyFunction", "org.mozilla.javascript.**", "org.apache.myfaces.context.servlet.FacesContextImpl", "org.apache.myfaces.context.servlet.FacesContextImplBase", "org.apache.myfaces.el.CompositeELResolver", "org.apache.myfaces.el.unified.FacesELContext", "org.apache.myfaces.view.facelets.el.ValueExpressionMethodExpression", "com.sun.syndication.feed.impl.ObjectBean", "org.springframework.beans.factory.ObjectFactory", "org.springframework.aop.framework.AdvisedSupport", "org.springframework.aop.target.SingletonTargetSource", "com.vaadin.data.util.NestedMethodProperty", "com.vaadin.data.util.PropertysetItem"};

    public static Object checkObjectInputStream(ByteArrayInputStream byteArrayInputStream, String[] strArr) throws IOException, ClassNotFoundException {
        ValidatingObjectInputStream validatingObjectInputStream = new ValidatingObjectInputStream(byteArrayInputStream);
        validatingObjectInputStream.accept(strArr);
        validatingObjectInputStream.reject(DEFAULT_BLACK_CLASS_PATTERN);
        return validatingObjectInputStream.readObject();
    }

    public static Object checkObjectInputStream(ByteArrayInputStream byteArrayInputStream) throws IOException, ClassNotFoundException {
        ValidatingObjectInputStream validatingObjectInputStream = new ValidatingObjectInputStream(byteArrayInputStream);
        validatingObjectInputStream.reject(DEFAULT_BLACK_CLASS_PATTERN);
        validatingObjectInputStream.accept("*");
        return validatingObjectInputStream.readObject();
    }
}
