diff options
author | Jannis M. Hoffmann <jannis@fehcom.de> | 2023-09-21 13:18:39 +0200 |
---|---|---|
committer | Jannis M. Hoffmann <jannis@fehcom.de> | 2023-09-21 13:18:39 +0200 |
commit | a0d4300ee0945ef23bea48dfb53985a19eb6e951 (patch) | |
tree | 257a20c11a28c6d74721e6f0a25f6dff9400f37c /script/cookiecheck.pl | |
parent | 91450b24cefcb79f755e3766710585ac9e05eb4e (diff) |
renamed qmauth to extract
Diffstat (limited to 'script/cookiecheck.pl')
-rwxr-xr-x | script/cookiecheck.pl | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/script/cookiecheck.pl b/script/cookiecheck.pl new file mode 100755 index 0000000..a078b8c --- /dev/null +++ b/script/cookiecheck.pl @@ -0,0 +1,85 @@ +#!/usr/bin/env perl + +use v5.34; +use warnings; +use utf8; +use autodie; + +use Digest::SHA 'hmac_sha256_hex'; +use JSON::PP 'decode_json'; +use MIME::Base64 'decode_base64'; +use Pod::Usage 'pod2usage'; + + +sub main { + pod2usage if !@ARGV || $ARGV[0] eq '-h' || $ARGV[0] eq '--help'; + + die 'invalid number of args' unless @ARGV == 1 || @ARGV == 3; + my @check_args = $ARGV[0]; + if (@ARGV == 3) { + push @check_args, $ARGV[1], $ARGV[2]; + } + + my ($match, $res) = check_cookie(@check_args); + + if (defined $match && !$match) { + say STDERR 'mismatched mac'; + exit 1; + } + + my $json = decode_json $res; + print JSON::PP->new()->pretty(1)->canonical(1)->encode($json); +} + +sub check_cookie { + my $cookie = shift; + + # split + my $splitAt = rindex $cookie, '--'; + die 'invalid format' if $splitAt == -1; + my $val = substr $cookie, 0, $splitAt; + my $sig = substr $cookie, $splitAt+2; + + my $match; + if (@_) { + my ($cookie_name, $secret) = @_; + # hmac + my $check = hmac_sha256_hex "$cookie_name=$val", $secret; + $match = $sig eq $check; + } + + # change base64 padding + $val =~ s/-*$/'=' x length $&/e; + + # base64 + my $res = decode_base64 $val; + + # cookie content padding + $res =~ s/Z*$//; + + return $match, $res; +} + +main unless caller; + +1 + +__END__ + +=encoding utf-8 + +=head1 NAME + +mojocookiecheck - Prints out a Signed Cookie of Mojolicious + +=head1 SYNOPSIS + +mojocookiecheck.pl [OPTIONS] COOKIE_BODY [COOKIE_NAME SECRET] + + Options: + -h --help print this help + +=head1 DESCRIPTION + +This is a cookie checker for Mojolicious that converts them from an opaque +character string to something nicely readable. It also can check the HMAC. |