package org.apache.struts2.rest.handler;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.ModelDriven;
import com.thoughtworks.xstream.XStream;
import com.thoughtworks.xstream.io.xml.StaxDriver;
import com.thoughtworks.xstream.security.ArrayTypePermission;
import com.thoughtworks.xstream.security.ExplicitTypePermission;
import com.thoughtworks.xstream.security.NullPermission;
import com.thoughtworks.xstream.security.PrimitiveTypePermission;
import com.thoughtworks.xstream.security.TypePermission;
import java.io.IOException;
import java.io.Reader;
import java.io.Writer;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import org.apache.commons.text.lookup.StringLookupFactory;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.struts2.rest.handler.xstream.XStreamAllowedClassNames;
import org.apache.struts2.rest.handler.xstream.XStreamAllowedClasses;
import org.apache.struts2.rest.handler.xstream.XStreamPermissionProvider;
import org.apache.struts2.rest.handler.xstream.XStreamProvider;

/* loaded from: input_file:WEB-INF/lib/struts2-rest-plugin-6.3.0.jar:org/apache/struts2/rest/handler/XStreamHandler.class */
public class XStreamHandler extends AbstractContentTypeHandler {
    private static final Logger LOG = LogManager.getLogger((Class<?>) XStreamHandler.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/struts2-rest-plugin-6.3.0.jar:org/apache/struts2/rest/handler/XStreamHandler$CollectionTypePermission.class */
    public static class CollectionTypePermission implements TypePermission {
        private static final TypePermission COLLECTIONS = new CollectionTypePermission();

        private CollectionTypePermission() {
        }

        @Override // com.thoughtworks.xstream.security.TypePermission
        public boolean allows(Class cls) {
            return cls != null && (Collection.class.isAssignableFrom(cls) || Map.class.isAssignableFrom(cls));
        }
    }

    @Override // org.apache.struts2.rest.handler.ContentTypeHandler
    public String fromObject(ActionInvocation actionInvocation, Object obj, String str, Writer writer) throws IOException {
        if (obj == null) {
            return null;
        }
        createXStream(actionInvocation).toXML(obj, writer);
        return null;
    }

    @Override // org.apache.struts2.rest.handler.ContentTypeHandler
    public void toObject(ActionInvocation actionInvocation, Reader reader, Object obj) {
        createXStream(actionInvocation).fromXML(reader, obj);
    }

    protected XStream createXStream(ActionInvocation actionInvocation) {
        XStream xStream;
        if (actionInvocation.getAction() instanceof XStreamProvider) {
            LOG.debug("Using provider {} to create instance of XStream", actionInvocation.getAction().getClass().getSimpleName());
            xStream = ((XStreamProvider) actionInvocation.getAction()).createXStream();
        } else {
            LOG.debug("Creating default XStream instance using Stax driver: {}", StaxDriver.class.getSimpleName());
            xStream = new XStream(new StaxDriver());
        }
        LOG.debug("Adds per action permissions");
        addPerActionPermission(actionInvocation, xStream);
        LOG.debug("Adds default permissions");
        addDefaultPermissions(actionInvocation, xStream);
        return xStream;
    }

    private void addPerActionPermission(ActionInvocation actionInvocation, XStream xStream) {
        Object action = actionInvocation.getAction();
        if (action instanceof XStreamAllowedClasses) {
            xStream.addPermission(new ExplicitTypePermission((Class[]) ((XStreamAllowedClasses) action).allowedClasses().toArray(new Class[0])));
        }
        if (action instanceof XStreamAllowedClassNames) {
            xStream.addPermission(new ExplicitTypePermission((String[]) ((XStreamAllowedClassNames) action).allowedClassNames().toArray(new String[0])));
        }
        if (action instanceof XStreamPermissionProvider) {
            Iterator<TypePermission> it = ((XStreamPermissionProvider) action).getTypePermissions().iterator();
            while (it.hasNext()) {
                xStream.addPermission(it.next());
            }
        }
    }

    protected void addDefaultPermissions(ActionInvocation actionInvocation, XStream xStream) {
        xStream.addPermission(new ExplicitTypePermission(new Class[]{actionInvocation.getAction().getClass()}));
        if (actionInvocation.getAction() instanceof ModelDriven) {
            xStream.addPermission(new ExplicitTypePermission(new Class[]{((ModelDriven) actionInvocation.getAction()).getModel().getClass()}));
        }
        xStream.addPermission(NullPermission.NULL);
        xStream.addPermission(new ExplicitTypePermission(new Class[]{String.class}));
        xStream.addPermission(PrimitiveTypePermission.PRIMITIVES);
        xStream.addPermission(ArrayTypePermission.ARRAYS);
        xStream.addPermission(CollectionTypePermission.COLLECTIONS);
    }

    @Override // org.apache.struts2.rest.handler.ContentTypeHandler
    public String getContentType() {
        return "application/xml";
    }

    @Override // org.apache.struts2.rest.handler.ContentTypeHandler
    public String getExtension() {
        return StringLookupFactory.KEY_XML;
    }
}
