1 files changed, 41 insertions, 0 deletions

diff --git a/2.2/charon.rb b/2.2/charon.rb
new file mode 100755
index 0000000..2210b6e
--- /dev/null
+++ b/2.2/charon.rb
@@ -0,0 +1,41 @@
+#!/usr/bin/env ruby
+
+require 'openssl'
+require 'securerandom'
+require 'sinatra'
+
+Users = {
+  "Athena" => "Passw0rd!"
+}
+
+Services = {
+  "Mail" => "{FvM<kgG}VpHxKJO;6Zo"
+}
+
+def ticket(username, service, password, ws_address)
+  cipher = OpenSSL::Cipher::AES.new(256, :CBC).encrypt
+  cipher.key = Digest::SHA2.digest(password)
+
+  p = [username, ws_address, service].join(?\0)
+  s = cipher.update(p) + cipher.final
+
+  s.unpack('H*')[0].upcase + ?\n
+end
+
+def noleak(msg, ul, sl, ws)
+  puts "Error: #{msg}, returning nonsense to avoid leakage."
+  ticket(SecureRandom.alphanumeric(ul), SecureRandom.alphanumeric(sl), SecureRandom.alphanumeric(16), ws)
+end
+
+post '/ticket' do
+  request.body.rewind
+  data = JSON.parse(request.body.read)
+  next "Invalid request\n" unless data.keys.sort == %w(password service username)
+  ul = data["username"].length
+  sl = data["service"].length
+  ws = request.ip
+  next noleak("Invalid service", ul, sl, ws) unless Services.keys.include?(data["service"])
+  next noleak("Invalid username", ul, sl, ws) unless Users.keys.include?(data["username"])
+  next noleak("Invalid password", ul, sl, ws) unless Users[data["username"]] == data["password"]
+  next ticket(data["username"], data["service"], Services[data["service"]], ws)
+end