package org.springframework.amqp.utils;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.ObjectStreamClass;
import java.util.Iterator;
import java.util.Set;
import org.springframework.core.ConfigurableObjectInputStream;
import org.springframework.util.ObjectUtils;
import org.springframework.util.PatternMatchUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-amqp-2.4.9.jar:org/springframework/amqp/utils/SerializationUtils.class */
public final class SerializationUtils {
    private SerializationUtils() {
    }

    public static byte[] serialize(Object obj) {
        if (obj == null) {
            return null;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            new ObjectOutputStream(byteArrayOutputStream).writeObject(obj);
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new IllegalArgumentException("Could not serialize object of type: " + obj.getClass(), e);
        }
    }

    public static Object deserialize(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        try {
            return deserialize(new ObjectInputStream(new ByteArrayInputStream(bArr)));
        } catch (IOException e) {
            throw new IllegalArgumentException("Could not deserialize object", e);
        }
    }

    public static Object deserialize(ObjectInputStream objectInputStream) {
        if (objectInputStream == null) {
            return null;
        }
        try {
            return objectInputStream.readObject();
        } catch (IOException e) {
            throw new IllegalArgumentException("Could not deserialize object", e);
        } catch (ClassNotFoundException e2) {
            throw new IllegalStateException("Could not deserialize object type", e2);
        }
    }

    public static Object deserialize(InputStream inputStream, final Set<String> set, ClassLoader classLoader) throws IOException {
        try {
            ConfigurableObjectInputStream configurableObjectInputStream = new ConfigurableObjectInputStream(inputStream, classLoader) { // from class: org.springframework.amqp.utils.SerializationUtils.1
                /* JADX INFO: Access modifiers changed from: protected */
                @Override // org.springframework.core.ConfigurableObjectInputStream, java.io.ObjectInputStream
                public Class<?> resolveClass(ObjectStreamClass objectStreamClass) throws IOException, ClassNotFoundException {
                    Class<?> resolveClass = super.resolveClass(objectStreamClass);
                    SerializationUtils.checkAllowedList(resolveClass, set);
                    return resolveClass;
                }
            };
            try {
                Object readObject = configurableObjectInputStream.readObject();
                configurableObjectInputStream.close();
                return readObject;
            } finally {
            }
        } catch (ClassNotFoundException e) {
            throw new IOException("Failed to deserialize object type", e);
        }
    }

    public static void checkAllowedList(Class<?> cls, Set<String> set) {
        if (ObjectUtils.isEmpty(set) || cls.isArray() || cls.isPrimitive() || cls.equals(String.class) || Number.class.isAssignableFrom(cls)) {
            return;
        }
        String name = cls.getName();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            if (PatternMatchUtils.simpleMatch(it.next(), name)) {
                return;
            }
        }
        throw new SecurityException("Attempt to deserialize unauthorized " + cls);
    }
}
