package com.hazelcast.client;

import com.hazelcast.client.config.ClientConfig;
import com.hazelcast.client.test.TestAwareClientFactory;
import com.hazelcast.core.HazelcastInstance;
import com.hazelcast.nio.serialization.HazelcastSerializationException;
import com.hazelcast.spi.properties.GroupProperty;
import com.hazelcast.test.HazelcastParallelClassRunner;
import com.hazelcast.test.annotation.ParallelTest;
import com.hazelcast.test.annotation.QuickTest;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import org.junit.After;
import org.junit.Assert;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;

@RunWith(HazelcastParallelClassRunner.class)
@Category({QuickTest.class, ParallelTest.class})
/* loaded from: input_file:com/hazelcast/client/ClientDeserializationProtectionTest.class */
public class ClientDeserializationProtectionTest {
    private final TestAwareClientFactory factory = new TestAwareClientFactory();

    /* loaded from: input_file:com/hazelcast/client/ClientDeserializationProtectionTest$TestDeserialized.class */
    public static class TestDeserialized implements Serializable {
        private static final long serialVersionUID = 1;
        public static volatile boolean IS_DESERIALIZED = false;

        private void writeObject(ObjectOutputStream objectOutputStream) throws IOException {
        }

        private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
            IS_DESERIALIZED = true;
        }
    }

    @After
    public void killAllHazelcastInstances() throws IOException {
        this.factory.terminateAll();
    }

    @Test
    public void test() throws Exception {
        HazelcastInstance newHazelcastInstance = this.factory.newHazelcastInstance(null);
        ClientConfig clientConfig = new ClientConfig();
        clientConfig.setProperty(GroupProperty.SERIALIZATION_FILTER_ENABLED.getName(), "true");
        clientConfig.setProperty(GroupProperty.SERIALIZATION_FILTER_BLACKLIST_CLASSES.getName(), TestDeserialized.class.getName());
        HazelcastInstance newHazelcastClient = this.factory.newHazelcastClient(clientConfig);
        newHazelcastInstance.getMap("test").put("test", new TestDeserialized());
        try {
            newHazelcastClient.getMap("test").get("test");
            Assert.fail("Deserialization should fail");
        } catch (HazelcastSerializationException e) {
            Assert.assertEquals("SecurityException was expected as a cause of failed deserialization", SecurityException.class, e.getCause().getClass());
            Assert.assertFalse("Untrusted deserialization was possible", TestDeserialized.IS_DESERIALIZED);
        }
    }
}
