diff options
Diffstat (limited to '5.1/charon.rb')
| -rwxr-xr-x | 5.1/charon.rb | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/5.1/charon.rb b/5.1/charon.rb index 7a69e39..0e4b03c 100755 --- a/5.1/charon.rb +++ b/5.1/charon.rb @@ -13,6 +13,17 @@ Services = { "Mail" => "{FvM<kgG}VpHxKJO;6Zo" } +ReplayCache = [] + +def update_replaycache!(new_auth) + ReplayCache.push(new_auth) + now = Time.now.to_i + ReplayCache.delete_if { |auth| + _, _, als, ats = auth.split(?,) + now > als.to_i + ats.to_i + } +end + def encrypt(obj, key) cipher = OpenSSL::Cipher::AES.new(256, :CBC).encrypt cipher.key = Digest::SHA2.digest(key) @@ -65,7 +76,10 @@ post '/ticket' do next "Invalid ticket\n" unless Time.now.to_i >= ts next "Ticket expired\n" unless Time.now.to_i < (ts + ls) begin - aun, aws, als, ats = decrypt(data["authenticator"], sk).split(?,) + auth = decrypt(data["authenticator"], sk) + next "Replayed authenticator\n" if ReplayCache.include?(auth) + update_replaycache!(auth) + aun, aws, als, ats = auth.split(?,) als = als.to_i ats = ats.to_i rescue OpenSSL::Cipher::CipherError |