package org.springframework.security.oauth2.provider.token.store.redis;

import java.io.IOException;
import java.io.InputStream;
import java.io.NotSerializableException;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:org/springframework/security/oauth2/provider/token/store/redis/SaferObjectInputStream.class */
class SaferObjectInputStream extends ObjectInputStream {
    private final List<String> allowedClasses;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SaferObjectInputStream(InputStream inputStream, List<String> list) throws IOException {
        super(inputStream);
        this.allowedClasses = Collections.unmodifiableList(list);
    }

    @Override // java.io.ObjectInputStream
    protected Class<?> resolveClass(ObjectStreamClass objectStreamClass) throws IOException, ClassNotFoundException {
        if (isProhibited(objectStreamClass.getName())) {
            throw new NotSerializableException("Not allowed to deserialize " + objectStreamClass.getName());
        }
        return super.resolveClass(objectStreamClass);
    }

    private boolean isProhibited(String str) {
        Iterator<String> it = this.allowedClasses.iterator();
        while (it.hasNext()) {
            if (str.startsWith(it.next())) {
                return false;
            }
        }
        return true;
    }
}
