feat: supersecret room

zyberzebra · Mar 24, 2024 · fb18162 · fb18162
1 parent 99617a7
commit fb18162
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 14 deletions.
diff --git a/src/main/java/com/example/demo1/CookieVaultServlet.java b/src/main/java/com/example/demo1/CookieVaultServlet.java
@@ -10,21 +10,23 @@
 
 @WebServlet(name = "cookieVaultServlet", value = "/the-cookie-vault")
 public class CookieVaultServlet extends HttpServlet {
-    //todo remove salt and make the secret "easier" to crack and add riddle for additional clam
-    public static final LocalDate CHEAP_SALT = LocalDate.now();
-    public static final Algorithm ALGORITHM = Algorithm.HMAC256("tomcat"+ CHEAP_SALT);
+
+    public static final Algorithm ALGORITHM = Algorithm.HMAC256("tomcat");
+    public static final String RIDDLE = "Avast, what be cracklin' when ye heat it in the galley, a favored snack while watchin' moving pictures";
     private String message;
 
     public void init() {
-        message = "Hello World!";
+        message = "Hello Mate!";
     }
 
     public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
         response.setContentType("text/html");
 
         // Hello
-        String jwt = JWT.create().withClaim("Secret", "Hello Hacker. This is your price.").sign(ALGORITHM);
-
+        String jwt = JWT.create()
+                .withClaim("Secret", "Hello Hacker. This is your price.")
+                .withClaim(RIDDLE, "")
+                .sign(ALGORITHM);
         PrintWriter out = response.getWriter(); //todo html
         out.println("<html><body>");
         out.println("<h1>" + message + "</h1>");
@@ -33,10 +35,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro
                 +" I Stored it in your cookies."
                 +"<div>");
         out.println("</body></html>");
-        Cookie cookie = new Cookie("JWT", jwt); //TODO Timeout needed
+        Cookie cookie = new Cookie("JWT", jwt);
         response.addCookie(cookie);
     }
-
-    public void destroy() {
-    }
 }
diff --git a/src/main/java/com/example/demo1/SecretServlet.java b/src/main/java/com/example/demo1/SecretServlet.java
@@ -38,8 +38,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro
                     .map(map -> map.get("Secret"))
                     .map(Claim::asString);
         } catch (JWTVerificationException verificationException) {
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED, 
-                    "I told you do get your cookie first! Here is the exception msg anyways:" + verificationException.getMessage());
+            response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "I told you do get your cookie first! Here is the exception msg anyways:" + verificationException.getMessage());
             return;
         }
 
@@ -48,8 +47,12 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro
             out.println("<html><body>");
             out.println("<h1>" + "Here is the secret I hid in your cookie" + "</h1>");
             out.println("<div>" + secret + "</div>");
+            out.println("<div>" + "but, if you want to see the real secret you have to provide the 'answer' to my Riddle+" + "</div>");
+            out.println("<div>" + "Arrr, what be a famous open-source project fer web applications, often used fer Java servers, and named after a critter?" + "</div>");
+            out.println("<div>" + "Some would say it's a secret" + "</div>");
+            String s = request.getContextPath() + "/secret/supersecret";
+            out.println(String.format("<a href=\"%s\">Here is the secret!</a>",s));
             out.println("</body></html>");
         }, () -> out.println("<html><body>I told you to get your cookie first mate...</html></body>"));
-
-    }
+        }
 }
diff --git a/src/main/java/com/example/demo1/SuperSecretServlet.java b/src/main/java/com/example/demo1/SuperSecretServlet.java
@@ -0,0 +1,56 @@
+package com.example.demo1;
+
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.JWTVerifier;
+import com.auth0.jwt.exceptions.JWTVerificationException;
+import com.auth0.jwt.interfaces.Claim;
+import com.auth0.jwt.interfaces.DecodedJWT;
+import jakarta.servlet.annotation.WebServlet;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.Optional;
+
+@WebServlet(name = "supersecret", value = "/secret/supersecret")
+public class SuperSecretServlet extends HttpServlet {
+    @Override
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
+        JWTVerifier jwtVerifier = JWT.require(CookieVaultServlet.ALGORITHM).build();
+        Optional<Boolean> secretValue;
+        try { // todo error handling
+            secretValue = Arrays.stream(request.getCookies())
+                    .filter(cookie -> cookie.getName().equals("JWT"))
+                    .findAny()
+                    .map(Cookie::getValue)
+                    .map(jwtVerifier::verify)
+                    .map(DecodedJWT::getClaims)
+                    .map(map -> map.get(CookieVaultServlet.RIDDLE))
+                    .map(Claim::asString)
+                    .map(answer -> answer.equals("popcorn"));
+        } catch (JWTVerificationException verificationException) {
+            response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
+                    "Wrong Answer... or Secret?" + verificationException.getMessage());
+            return;
+        }
+        if (secretValue.isPresent() || !secretValue.get()) {
+            response.sendError(HttpServletResponse.SC_PRECONDITION_FAILED, "Wrong Answer!! Maybe watch some movies...");
+            return;
+        }
+        String pirateShip =
+                "                   |    |    |                   \n" +
+                        "                   )_)  )_)  )_)                   \n" +
+                        "                  )___))___))___)\\                \n" +
+                        "                 )____)____)_____)\\              \n" +
+                        "               _____|____|____|____\\\\__\\__          \n" +
+                        "  ~~~~~~~~\\`\\`\\`\\`\\`\\`\\`\\`\\`\\`\\`\\`|~~~~~/ /~~~~~~~ \n" +
+                        "           \\`\\`\\`\\`\\`\\`\\`\\`\\`\\`\\`\\`\\`/ /          \n" +
+                        "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~";
+        response.setContentType("text/plain");
+        response.getWriter().println("Arrr, ye found ye way to the super secret treasure!");
+        response.getWriter().println(pirateShip);
+    }
+}
diff --git a/src/main/webapp/index.jsp b/src/main/webapp/index.jsp
@@ -9,6 +9,9 @@
 </h1>
 <br/>
 <a href="the-cookie-vault">The Cool Cookie Vault</a>
+<br/>
 <a href="secret">Get your cookie first!</a>
+<br/>
+<br/>
 </body>
 </html>
-Original file line number
+Diff line change
@@ Expand Up / @@ -9,6 +9,9 @@ @@
     </h1>
     <br/>
     <a href="the-cookie-vault">The Cool Cookie Vault</a>
+    <br/>
     <a href="secret">Get your cookie first!</a>
+    <br/>
+    <br/>
     </body>
     </html>