package org.apache.ignite.internal.processors.rest;

import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.nio.ByteBuffer;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.ignite.configuration.ConnectorConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.internal.client.marshaller.jdk.GridClientJdkMarshaller;
import org.apache.ignite.internal.processors.rest.client.message.GridClientHandshakeRequest;
import org.apache.ignite.internal.processors.rest.client.message.GridClientMessage;
import org.apache.ignite.internal.util.IgniteUtils;
import org.apache.ignite.internal.util.lang.GridAbsPredicate;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.testframework.GridTestUtils;
import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;

/* loaded from: input_file:org/apache/ignite/internal/processors/rest/TcpRestUnmarshalVulnerabilityTest.class */
public class TcpRestUnmarshalVulnerabilityTest extends GridCommonAbstractTest {
    private static final GridClientJdkMarshaller MARSH = new GridClientJdkMarshaller();
    private static final AtomicBoolean SHARED = new AtomicBoolean();
    private static int port;
    private static String host;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/ignite/internal/processors/rest/TcpRestUnmarshalVulnerabilityTest$Exploit.class */
    public static class Exploit implements GridClientMessage {
        private Exploit() {
        }

        private void readObject(ObjectInputStream objectInputStream) throws ClassNotFoundException, IOException {
            TcpRestUnmarshalVulnerabilityTest.SHARED.set(true);
        }

        public long requestId() {
            return 0L;
        }

        public void requestId(long j) {
        }

        public UUID clientId() {
            return null;
        }

        public void clientId(UUID uuid) {
        }

        public UUID destinationId() {
            return null;
        }

        public void destinationId(UUID uuid) {
        }

        public byte[] sessionToken() {
            return new byte[0];
        }

        public void sessionToken(byte[] bArr) {
        }
    }

    protected IgniteConfiguration getConfiguration(String str) throws Exception {
        IgniteConfiguration configuration = super.getConfiguration(str);
        ConnectorConfiguration connectorConfiguration = new ConnectorConfiguration();
        port = connectorConfiguration.getPort();
        host = connectorConfiguration.getHost();
        configuration.setConnectorConfiguration(connectorConfiguration);
        return configuration;
    }

    protected void beforeTest() throws Exception {
        super.beforeTest();
        SHARED.set(false);
        System.clearProperty("IGNITE_MARSHALLER_WHITELIST");
        System.clearProperty("IGNITE_MARSHALLER_BLACKLIST");
        IgniteUtils.clearClassCache();
    }

    public void testNoLists() throws Exception {
        testExploit(true);
    }

    public void testWhiteListIncluded() throws Exception {
        System.setProperty("IGNITE_MARSHALLER_WHITELIST", U.resolveIgnitePath("modules/core/src/test/config/class_list_exploit_included.txt").getPath());
        testExploit(true);
    }

    public void testWhiteListExcluded() throws Exception {
        System.setProperty("IGNITE_MARSHALLER_WHITELIST", U.resolveIgnitePath("modules/core/src/test/config/class_list_exploit_excluded.txt").getPath());
        testExploit(false);
    }

    public void testBlackListIncluded() throws Exception {
        System.setProperty("IGNITE_MARSHALLER_BLACKLIST", U.resolveIgnitePath("modules/core/src/test/config/class_list_exploit_included.txt").getPath());
        testExploit(false);
    }

    public void testBlackListExcluded() throws Exception {
        System.setProperty("IGNITE_MARSHALLER_BLACKLIST", U.resolveIgnitePath("modules/core/src/test/config/class_list_exploit_excluded.txt").getPath());
        testExploit(true);
    }

    public void testBothListIncluded() throws Exception {
        String path = U.resolveIgnitePath("modules/core/src/test/config/class_list_exploit_included.txt").getPath();
        System.setProperty("IGNITE_MARSHALLER_WHITELIST", path);
        System.setProperty("IGNITE_MARSHALLER_BLACKLIST", path);
        testExploit(false);
    }

    private void testExploit(boolean z) throws Exception {
        try {
            startGrid();
            attack(marshal(new Exploit()).array());
            boolean waitForCondition = GridTestUtils.waitForCondition(new GridAbsPredicate() { // from class: org.apache.ignite.internal.processors.rest.TcpRestUnmarshalVulnerabilityTest.1
                public boolean apply() {
                    return TcpRestUnmarshalVulnerabilityTest.SHARED.get();
                }
            }, 3000L);
            if (z) {
                assertTrue(waitForCondition);
            } else {
                assertFalse(waitForCondition);
            }
        } finally {
            stopAllGrids();
        }
    }

    private static ByteBuffer marshal(Object obj) throws IOException {
        return MARSH.marshal(obj, 0);
    }

    private void attack(byte[] bArr) throws IOException {
        Socket socket = new Socket(InetAddress.getByName(host), port);
        Throwable th = null;
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(socket.getOutputStream());
            Throwable th2 = null;
            try {
                try {
                    bufferedOutputStream.write(-111);
                    GridClientHandshakeRequest gridClientHandshakeRequest = new GridClientHandshakeRequest();
                    gridClientHandshakeRequest.marshallerId((byte) 2);
                    bufferedOutputStream.write(gridClientHandshakeRequest.rawBytes());
                    bufferedOutputStream.flush();
                    new BufferedInputStream(socket.getInputStream()).read(new byte[146]);
                    int length = bArr.length + 40;
                    bufferedOutputStream.write(-112);
                    bufferedOutputStream.write((byte) (length >> 24));
                    bufferedOutputStream.write((byte) (length >> 16));
                    bufferedOutputStream.write((byte) (length >> 8));
                    bufferedOutputStream.write((byte) length);
                    bufferedOutputStream.write(new byte[40]);
                    bufferedOutputStream.write(bArr);
                    bufferedOutputStream.flush();
                    if (bufferedOutputStream != null) {
                        if (0 != 0) {
                            try {
                                bufferedOutputStream.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            bufferedOutputStream.close();
                        }
                    }
                    if (socket != null) {
                        if (0 == 0) {
                            socket.close();
                            return;
                        }
                        try {
                            socket.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    th2 = th5;
                    throw th5;
                }
            } catch (Throwable th6) {
                if (bufferedOutputStream != null) {
                    if (th2 != null) {
                        try {
                            bufferedOutputStream.close();
                        } catch (Throwable th7) {
                            th2.addSuppressed(th7);
                        }
                    } else {
                        bufferedOutputStream.close();
                    }
                }
                throw th6;
            }
        } catch (Throwable th8) {
            if (socket != null) {
                if (0 != 0) {
                    try {
                        socket.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    socket.close();
                }
            }
            throw th8;
        }
    }
}
