package com.cisco.argento.methodhandlers;

import com.cisco.argento.core.ArgentoSecurityException;
import com.cisco.argento.core.SecurityEvent;
import com.cisco.argento.events.InfrequentEvents;
import com.cisco.argento.management.AgentPolicy;
import com.cisco.mtagent.tenant.MTAgentTenantAPI;
import com.cisco.mtagent.utils.GeneralUtils;
import java.io.ObjectInputStream;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import lombok.Generated;

/* loaded from: input_file:oss-agent-mtagent-extension-deployment.jar:argentoDynamicService/argento-security-extension/tenants/argento/lib/argento-tenant.jar:com/cisco/argento/methodhandlers/SerializableMethodHandler.class */
public class SerializableMethodHandler extends MTAgentTenantAPI.TenantMethodHandler {
    private final MTAgentTenantAPI mtAgentTenantAPI;
    private final InfrequentEvents infrequentEvents;
    private final String[] wellKnownBlockedClasses = {"org.apache.commons.collections.functors.InvokerTransformer", "org.apache.commons.collections4.functors.InvokerTransformer", "org.apache.commons.collections.functors.InstantiateTransformer", "org.apache.commons.collections4.functors.InstantiateTransformer", "org.codehaus.groovy.runtime.ConvertedClosure", "org.codehaus.groovy.runtime.MethodClosure", "org.springframework.beans.factory.ObjectFactory", "com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl"};
    private final Map<String, SerializedClassInfo> serializedClassHash = new ConcurrentHashMap();

    /* loaded from: input_file:oss-agent-mtagent-extension-deployment.jar:argentoDynamicService/argento-security-extension/tenants/argento/lib/argento-tenant.jar:com/cisco/argento/methodhandlers/SerializableMethodHandler$SerializedClassInfo.class */
    public static class SerializedClassInfo {
        final String name;
        long count;
        long lastTime;
        final boolean hasReadObject;

        SerializedClassInfo(String str, boolean z) {
            this.name = str;
            this.hasReadObject = z;
        }

        void update() {
            this.count++;
            this.lastTime = System.currentTimeMillis();
        }

        @Generated
        public long getCount() {
            return this.count;
        }
    }

    public SerializableMethodHandler(MTAgentTenantAPI mTAgentTenantAPI, InfrequentEvents infrequentEvents) {
        this.mtAgentTenantAPI = mTAgentTenantAPI;
        this.infrequentEvents = infrequentEvents;
    }

    @Override // com.cisco.mtagent.boot.registry.MethodHandlerRegistry.LoadHandler, com.cisco.mtagent.boot.registry.MethodHandlerRegistry.MethodHandler
    public void handlerEntry(Object obj, Object[] objArr, String str, String str2, String str3, String str4) {
        if (AgentPolicy.getPolicy().isActiveSerialization() && str2.equals("readObject")) {
            this.mtAgentTenantAPI.log(">>> readObject override in class " + str + " " + str2 + " " + str3 + " " + (objArr.length == 0) + "  " + ((String) this.mtAgentTenantAPI.getThreadContext(SecurityEvent.SERIAL_CLASS_CONTEXT, true)));
        }
    }

    private String getKey(String str, String str2) {
        return str + GeneralUtils.ID_DELIMITER + str2;
    }

    @Override // com.cisco.mtagent.boot.registry.MethodHandlerRegistry.LoadHandler, com.cisco.mtagent.boot.registry.MethodHandlerRegistry.MethodHandler
    public void handlerExit(Object obj, Object obj2, Object[] objArr, String str, String str2, String str3, String str4) {
        if (str2.equals("resolveClass") && obj != null && AgentPolicy.getPolicy().isActiveSerialization()) {
            String name = ((Class) obj).getName();
            if (this.mtAgentTenantAPI.doesMatchObjectWrappers(true, AgentPolicy.getPolicy().getIgnoreSerializedClasses(), name)) {
                return;
            }
            boolean hasReadObject = hasReadObject((Class) obj);
            if (!AgentPolicy.getPolicy().isOverrideOnlySerialization() || hasReadObject) {
                SerializedClassInfo serializedClassInfo = this.serializedClassHash.get(name);
                if (serializedClassInfo == null) {
                    serializedClassInfo = new SerializedClassInfo(name, hasReadObject);
                    this.serializedClassHash.put(name, serializedClassInfo);
                    this.mtAgentTenantAPI.log("Just resolved class " + name);
                }
                this.infrequentEvents.addUnsafeSerializableEvent(name);
                serializedClassInfo.update();
                if (AgentPolicy.getPolicy().isBlockSerialization()) {
                    AgentPolicy.getPolicy();
                    if (AgentPolicy.isArgentoAllowBlockingRuntime()) {
                        throw new ArgentoSecurityException("Blocking serialized class " + name);
                    }
                }
            }
        }
    }

    private boolean hasReadObject(Class cls) {
        try {
            return cls.getDeclaredMethod("readObject", ObjectInputStream.class) != null;
        } catch (Throwable th) {
            return false;
        }
    }
}
