diff --git a/src/main/java/com/example/demo1/CookieVaultServlet.java b/src/main/java/com/example/demo1/CookieVaultServlet.java index 841d93e..2c51093 100644 --- a/src/main/java/com/example/demo1/CookieVaultServlet.java +++ b/src/main/java/com/example/demo1/CookieVaultServlet.java @@ -10,21 +10,23 @@ @WebServlet(name = "cookieVaultServlet", value = "/the-cookie-vault") public class CookieVaultServlet extends HttpServlet { - //todo remove salt and make the secret "easier" to crack and add riddle for additional clam - public static final LocalDate CHEAP_SALT = LocalDate.now(); - public static final Algorithm ALGORITHM = Algorithm.HMAC256("tomcat"+ CHEAP_SALT); + + public static final Algorithm ALGORITHM = Algorithm.HMAC256("tomcat"); + public static final String RIDDLE = "Avast, what be cracklin' when ye heat it in the galley, a favored snack while watchin' moving pictures"; private String message; public void init() { - message = "Hello World!"; + message = "Hello Mate!"; } public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { response.setContentType("text/html"); // Hello - String jwt = JWT.create().withClaim("Secret", "Hello Hacker. This is your price.").sign(ALGORITHM); - + String jwt = JWT.create() + .withClaim("Secret", "Hello Hacker. This is your price.") + .withClaim(RIDDLE, "") + .sign(ALGORITHM); PrintWriter out = response.getWriter(); //todo html out.println(""); out.println("

" + message + "

"); @@ -33,10 +35,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro +" I Stored it in your cookies." +"
"); out.println(""); - Cookie cookie = new Cookie("JWT", jwt); //TODO Timeout needed + Cookie cookie = new Cookie("JWT", jwt); response.addCookie(cookie); } - - public void destroy() { - } } \ No newline at end of file diff --git a/src/main/java/com/example/demo1/SecretServlet.java b/src/main/java/com/example/demo1/SecretServlet.java index ec82f48..8c0ebe0 100644 --- a/src/main/java/com/example/demo1/SecretServlet.java +++ b/src/main/java/com/example/demo1/SecretServlet.java @@ -38,8 +38,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro .map(map -> map.get("Secret")) .map(Claim::asString); } catch (JWTVerificationException verificationException) { - response.sendError(HttpServletResponse.SC_UNAUTHORIZED, - "I told you do get your cookie first! Here is the exception msg anyways:" + verificationException.getMessage()); + response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "I told you do get your cookie first! Here is the exception msg anyways:" + verificationException.getMessage()); return; } @@ -48,8 +47,12 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro out.println(""); out.println("

" + "Here is the secret I hid in your cookie" + "

"); out.println("
" + secret + "
"); + out.println("
" + "but, if you want to see the real secret you have to provide the 'answer' to my Riddle+" + "
"); + out.println("
" + "Arrr, what be a famous open-source project fer web applications, often used fer Java servers, and named after a critter?" + "
"); + out.println("
" + "Some would say it's a secret" + "
"); + String s = request.getContextPath() + "/secret/supersecret"; + out.println(String.format("Here is the secret!",s)); out.println(""); }, () -> out.println("I told you to get your cookie first mate...")); - - } + } } diff --git a/src/main/java/com/example/demo1/SuperSecretServlet.java b/src/main/java/com/example/demo1/SuperSecretServlet.java new file mode 100644 index 0000000..5015a92 --- /dev/null +++ b/src/main/java/com/example/demo1/SuperSecretServlet.java @@ -0,0 +1,56 @@ +package com.example.demo1; + +import com.auth0.jwt.JWT; +import com.auth0.jwt.JWTVerifier; +import com.auth0.jwt.exceptions.JWTVerificationException; +import com.auth0.jwt.interfaces.Claim; +import com.auth0.jwt.interfaces.DecodedJWT; +import jakarta.servlet.annotation.WebServlet; +import jakarta.servlet.http.Cookie; +import jakarta.servlet.http.HttpServlet; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; + +import java.io.IOException; +import java.util.Arrays; +import java.util.Optional; + +@WebServlet(name = "supersecret", value = "/secret/supersecret") +public class SuperSecretServlet extends HttpServlet { + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { + JWTVerifier jwtVerifier = JWT.require(CookieVaultServlet.ALGORITHM).build(); + Optional secretValue; + try { // todo error handling + secretValue = Arrays.stream(request.getCookies()) + .filter(cookie -> cookie.getName().equals("JWT")) + .findAny() + .map(Cookie::getValue) + .map(jwtVerifier::verify) + .map(DecodedJWT::getClaims) + .map(map -> map.get(CookieVaultServlet.RIDDLE)) + .map(Claim::asString) + .map(answer -> answer.equals("popcorn")); + } catch (JWTVerificationException verificationException) { + response.sendError(HttpServletResponse.SC_UNAUTHORIZED, + "Wrong Answer... or Secret?" + verificationException.getMessage()); + return; + } + if (secretValue.isPresent() || !secretValue.get()) { + response.sendError(HttpServletResponse.SC_PRECONDITION_FAILED, "Wrong Answer!! Maybe watch some movies..."); + return; + } + String pirateShip = + " | | | \n" + + " )_) )_) )_) \n" + + " )___))___))___)\\ \n" + + " )____)____)_____)\\ \n" + + " _____|____|____|____\\\\__\\__ \n" + + " ~~~~~~~~\\`\\`\\`\\`\\`\\`\\`\\`\\`\\`\\`\\`|~~~~~/ /~~~~~~~ \n" + + " \\`\\`\\`\\`\\`\\`\\`\\`\\`\\`\\`\\`\\`/ / \n" + + "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"; + response.setContentType("text/plain"); + response.getWriter().println("Arrr, ye found ye way to the super secret treasure!"); + response.getWriter().println(pirateShip); + } +} diff --git a/src/main/webapp/index.jsp b/src/main/webapp/index.jsp index 31780da..f284710 100644 --- a/src/main/webapp/index.jsp +++ b/src/main/webapp/index.jsp @@ -9,6 +9,9 @@
The Cool Cookie Vault +
Get your cookie first! +
+
\ No newline at end of file