package org.apache.logging.log4j.core.util;

import java.io.IOException;
import java.io.InputStream;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;

/* loaded from: input_file:WEB-INF/lib/log4j-core-2.8.2.jar:org/apache/logging/log4j/core/util/FilteredObjectInputStream.class */
public class FilteredObjectInputStream extends ObjectInputStream {
    private static final List<String> REQUIRED_JAVA_CLASSES = Arrays.asList("java.lang.Enum", "java.lang.StackTraceElement", "java.rmi.MarshalledObject", "[B");
    private final Collection<String> allowedClasses;

    public FilteredObjectInputStream(InputStream inputStream, Collection<String> collection) throws IOException {
        super(inputStream);
        this.allowedClasses = collection;
    }

    @Override // java.io.ObjectInputStream
    protected Class<?> resolveClass(ObjectStreamClass objectStreamClass) throws IOException, ClassNotFoundException {
        String name = objectStreamClass.getName();
        if (isAllowedByDefault(name) || this.allowedClasses.contains(name)) {
            return super.resolveClass(objectStreamClass);
        }
        throw new InvalidObjectException("Class is not allowed for deserialization: " + name);
    }

    private static boolean isAllowedByDefault(String str) {
        return str.startsWith("org.apache.logging.log4j.") || str.startsWith("[Lorg.apache.logging.log4j.") || REQUIRED_JAVA_CLASSES.contains(str);
    }
}
