package java.io;

import com.newrelic.api.agent.security.NewRelicSecurity;
import com.newrelic.api.agent.security.instrumentation.helpers.GenericHelper;
import com.newrelic.api.agent.security.schema.DeserializationInfo;
import com.newrelic.api.agent.security.schema.DeserializationInvocation;
import com.newrelic.api.agent.security.schema.VulnerabilityCaseType;
import com.newrelic.api.agent.security.schema.operation.DeserializationOperation;
import com.newrelic.api.agent.weaver.MatchType;
import com.newrelic.api.agent.weaver.Weave;
import com.newrelic.api.agent.weaver.Weaver;

@Weave(type = MatchType.BaseClass, originalName = "java.io.ObjectInputStream")
/* loaded from: input_file:newrelic/newrelic-agent.jar:newrelic-security-agent.jar:instrumentation-security/csec-deserialisation-1.0.jar:java/io/ObjectInputStream_Instrumentation.class */
public abstract class ObjectInputStream_Instrumentation {
    private void readSerialData(Object obj, ObjectStreamClass objectStreamClass) throws IOException {
        if (NewRelicSecurity.isHookProcessingActive()) {
            preProcessSecurityHook(obj);
        }
        Weaver.callOriginal();
    }

    private void filterCheck(Class<?> cls, int i) throws InvalidClassException {
        boolean acquireLockIfPossible = acquireLockIfPossible("filterCheck");
        boolean z = false;
        try {
            Weaver.callOriginal();
            z = true;
            if (acquireLockIfPossible) {
                processFilterCheck(cls, true);
                GenericHelper.releaseLock(String.format(ObjectInputStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME, "filterCheck"));
            }
        } catch (Throwable th) {
            if (acquireLockIfPossible) {
                processFilterCheck(cls, z);
                GenericHelper.releaseLock(String.format(ObjectInputStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME, "filterCheck"));
            }
            throw th;
        }
    }

    protected Class<?> resolveClass(ObjectStreamClass objectStreamClass) throws IOException, ClassNotFoundException {
        boolean acquireLockIfPossible = acquireLockIfPossible("resolve");
        Class<?> cls = null;
        try {
            cls = (Class) Weaver.callOriginal();
            if (acquireLockIfPossible) {
                processResolveClass(objectStreamClass, cls);
                GenericHelper.releaseLock(String.format(ObjectInputStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME, "resolve"));
            }
            return cls;
        } catch (Throwable th) {
            if (acquireLockIfPossible) {
                processResolveClass(objectStreamClass, cls);
                GenericHelper.releaseLock(String.format(ObjectInputStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME, "resolve"));
            }
            throw th;
        }
    }

    private DeserializationInfo preProcessSecurityHook(Object obj) {
        DeserializationInfo deserializationInfo = new DeserializationInfo(obj.getClass().getName(), obj);
        NewRelicSecurity.getAgent().getSecurityMetaData().addToDeserializationRoot(deserializationInfo);
        return deserializationInfo;
    }

    private final Object readObject(Class<?> cls) throws IOException, ClassNotFoundException {
        boolean acquireLockIfPossible = acquireLockIfPossible("readObject");
        DeserializationOperation deserializationOperation = null;
        if (acquireLockIfPossible) {
            deserializationOperation = new DeserializationOperation(getClass().getName(), "readObject");
            DeserializationInvocation deserializationInvocation = new DeserializationInvocation(true, deserializationOperation.getExecutionId());
            NewRelicSecurity.getAgent().getSecurityMetaData().setDeserializationInvocation(deserializationInvocation);
            deserializationOperation.setDeserializationInvocation(deserializationInvocation);
        }
        try {
            Object callOriginal = Weaver.callOriginal();
            if (acquireLockIfPossible) {
                if (NewRelicSecurity.getAgent().getSecurityMetaData().peekDeserializationRoot() != null) {
                    deserializationOperation.setRootDeserializationInfo(NewRelicSecurity.getAgent().getSecurityMetaData().peekDeserializationRoot());
                    deserializationOperation.setEntityName(deserializationOperation.getRootDeserializationInfo().getType());
                }
                NewRelicSecurity.getAgent().registerOperation(deserializationOperation);
                NewRelicSecurity.getAgent().getSecurityMetaData().setDeserializationInvocation(null);
                NewRelicSecurity.getAgent().getSecurityMetaData().resetDeserializationRoot();
                GenericHelper.releaseLock(String.format(ObjectInputStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME, "readObject"));
            }
            return callOriginal;
        } catch (Throwable th) {
            if (acquireLockIfPossible) {
                if (NewRelicSecurity.getAgent().getSecurityMetaData().peekDeserializationRoot() != null) {
                    deserializationOperation.setRootDeserializationInfo(NewRelicSecurity.getAgent().getSecurityMetaData().peekDeserializationRoot());
                    deserializationOperation.setEntityName(deserializationOperation.getRootDeserializationInfo().getType());
                }
                NewRelicSecurity.getAgent().registerOperation(deserializationOperation);
                NewRelicSecurity.getAgent().getSecurityMetaData().setDeserializationInvocation(null);
                NewRelicSecurity.getAgent().getSecurityMetaData().resetDeserializationRoot();
                GenericHelper.releaseLock(String.format(ObjectInputStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME, "readObject"));
            }
            throw th;
        }
    }

    private void processFilterCheck(Class<?> cls, boolean z) {
        DeserializationInvocation deserializationInvocation = NewRelicSecurity.getAgent().getSecurityMetaData().getDeserializationInvocation();
        if (deserializationInvocation == null || cls == null) {
            return;
        }
        com.newrelic.api.agent.security.schema.Serializable encounteredSerializableByName = deserializationInvocation.getEncounteredSerializableByName(cls.getName());
        if (encounteredSerializableByName == null) {
            encounteredSerializableByName = new com.newrelic.api.agent.security.schema.Serializable(cls.getName(), true);
            encounteredSerializableByName.setKlass(cls);
            deserializationInvocation.addEncounteredSerializable(encounteredSerializableByName);
        }
        if (z) {
            return;
        }
        encounteredSerializableByName.setDeserializable(false);
    }

    private void processResolveClass(ObjectStreamClass objectStreamClass, Class<?> cls) {
        DeserializationInvocation deserializationInvocation = NewRelicSecurity.getAgent().getSecurityMetaData().getDeserializationInvocation();
        if (deserializationInvocation != null) {
            com.newrelic.api.agent.security.schema.Serializable encounteredSerializableByName = deserializationInvocation.getEncounteredSerializableByName(objectStreamClass.getName());
            if (encounteredSerializableByName == null) {
                encounteredSerializableByName = new com.newrelic.api.agent.security.schema.Serializable(objectStreamClass.getName(), true);
                encounteredSerializableByName.setKlass(cls);
                deserializationInvocation.addEncounteredSerializable(encounteredSerializableByName);
            }
            if (cls == null) {
                encounteredSerializableByName.setDeserializable(false);
            }
        }
    }

    private boolean acquireLockIfPossible(String str) {
        return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.UNSAFE_DESERIALIZATION, String.format(ObjectInputStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME, str));
    }
}
