package org.forgerock.openam.scripting.sandbox;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import org.forgerock.util.Reject;
import org.mozilla.javascript.ClassShutter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/forgerock/openam/scripting/sandbox/RhinoSandboxClassShutter.class */
public final class RhinoSandboxClassShutter implements ClassShutter {
    private static final Logger LOGGER = LoggerFactory.getLogger(RhinoSandboxClassShutter.class);
    private final SecurityManager securityManager;
    private final List<Pattern> whiteList;
    private final List<Pattern> blackList;

    public RhinoSandboxClassShutter(SecurityManager securityManager, List<Pattern> list, List<Pattern> list2) {
        Reject.ifNull(new List[]{list, list2});
        this.securityManager = securityManager;
        this.whiteList = new ArrayList(list);
        this.blackList = new ArrayList(list2);
    }

    public boolean visibleToScripts(String str) {
        LOGGER.debug("Checking access to class '{}'", str);
        if (this.securityManager != null) {
            try {
                this.securityManager.checkPackageAccess(str);
            } catch (SecurityException e) {
                LOGGER.error("Access denied by SecurityManager for class '{}'", str);
                return false;
            }
        }
        boolean z = false;
        Iterator<Pattern> it = this.whiteList.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (it.next().matcher(str).matches()) {
                z = true;
                break;
            }
        }
        if (!z) {
            LOGGER.warn("Classname failed to match whitelist: '{}'", str);
            return false;
        }
        for (Pattern pattern : this.blackList) {
            if (pattern.matcher(str).matches()) {
                LOGGER.error("Access to class '{}' denied by blacklist pattern: {}", str, pattern.pattern());
                return false;
            }
        }
        LOGGER.debug("Access allowed for class '{}'", str);
        return true;
    }
}
