#!/usr/bin/env ruby

require 'net/http'
require 'uri'
require 'json'

def encrypt(obj, key)
  cipher = OpenSSL::Cipher::AES.new(256, :CBC).encrypt
  cipher.key = Digest::SHA2.digest(key)
  s = cipher.update(obj) + cipher.final
  s.unpack('H*')[0].upcase
end

def decrypt(obj, key)
  ticket = [obj].pack("H*").unpack("C*").pack("c*")
  cipher = OpenSSL::Cipher::AES.new(256, :CBC).decrypt
  cipher.key = Digest::SHA2.digest(key)
  cipher.update(ticket) + cipher.final
end

def gen_auth(un, ws, sk)
  ts = Time.now.to_i
  encrypt("#{un},#{ws},300,#{ts}", sk)
end

def get_ticket(un, wsa, tgt, sv, sk)
  uri = URI.parse("http://localhost:4567/ticket")
  header = {'Content-Type': 'text/json'}

  login = {
    "username": un,
    "ticket": tgt,
    "authenticator": gen_auth(un, wsa, sk),
    "service": sv
  }

  http = Net::HTTP.new(uri.host, uri.port)
  request = Net::HTTP::Post.new(uri.request_uri, header)
  request.body = login.to_json

  response = http.request(request)
  response.body
end

def ticket_valid?(ticket)
  now = Time.now.to_i
  timeStart = ticket["timestamp"]
  timeEnd = ticket["timestamp"] + ticket["lifespan"]
  now >= timeStart && now < timeEnd
end

def update_keytab!
  File.open(".keytab", "w") do |f|
    f.puts Tickets.map { |s, p| [
      s,
      p["sessionkey"],
      p["ws_address"],
      p["lifespan"],
      p["timestamp"],
      p["ticket"]
    ].join(?,) }
  end
end

print "Username: "; un = gets.strip
print "Mailserver: "; ms = gets.strip

unless File.exist?(".keytab")
  puts "No keytab, please kinit"
  exit 1
end

Tickets = File.readlines(".keytab").map { |l|
  a = l.strip.split(?,)
  [a[0], {
    "sessionkey" => a[1],
    "ws_address" => a[2],
    "lifespan" => a[3].to_i,
    "timestamp" => a[4].to_i,
    "ticket" => a[5]
  }]
}.to_h

unless Tickets.keys.include?(ms) && ticket_valid?(Tickets[ms])
  if Tickets.keys.include?("_TGS") && ticket_valid?(Tickets["_TGS"])
    eanc, svt = get_ticket(un, Tickets["_TGS"]["ws_address"],
                           Tickets["_TGS"]["ticket"],
                           ms, Tickets["_TGS"]["sessionkey"]).split(?,)
    anc = decrypt(eanc, Tickets["_TGS"]["sessionkey"]).split(?,)
    Tickets[ms] = {
      "sessionkey" => anc[0],
      "ws_address" => anc[1],
      "lifespan" => anc[2].to_i,
      "timestamp" => anc[3].to_i,
      "ticket" => svt
    }
    update_keytab!
  else
    puts "No Ticket Granting Ticket, please kinit"
    exit 1
  end
end

uri = URI.parse("http://localhost:4568/login")
header = {'Content-Type': 'text/json'}

login = {
  "username": un,
  "ticket": Tickets[ms]["ticket"],
  "authenticator": gen_auth(un, Tickets[ms]["ws_address"], Tickets[ms]["sessionkey"])
}

http = Net::HTTP.new(uri.host, uri.port)
request = Net::HTTP::Post.new(uri.request_uri, header)
request.body = login.to_json

response = http.request(request)
puts response.body