first try to implement flags

af04e3b0 · Grzegorz Pietrusza · 7f0c0cff · af04e3b0 · af04e3b0 · af04e3b0
Commit af04e3b0 authored Feb 20, 2016 by Grzegorz Pietrusza
15 changed files
--- a/service/src/main/java/CTFApplication.java
+++ b/service/src/main/java/CTFApplication.java
+import Repository.SolutionsRepository;
 import Repository.TasksRepository;
 import Repository.TeamsRepository;
 import Repository.UsersRepository;
@@ -11,6 +12,7 @@ import core.TaskType;
 import database.MongoDBConnector;
 import io.dropwizard.Application;
 import io.dropwizard.setup.Environment;
+import objects.Flag;
 import objects.Task;
 import objects.Team;
 import objects.User;
@@ -30,6 +32,9 @@ public class CTFApplication extends Application<ApplicationConfiguration> {
        MongoDBConnector dbConnector = new MongoDBConnector();
        dbConnector.connect();

+        //CREATE SOLUTION REPOSITORY
+        SolutionsRepository solutionsRepository = new SolutionsRepository(dbConnector);
+
 //        UsersRepository usersRepository = new UsersRepository(dbConnector);//todo: use injections

        //GENERATE TEAMS
@@ -61,19 +66,19 @@ public class CTFApplication extends Application<ApplicationConfiguration> {

        for(int i = 0; i < 20; i++) {
            Task task = new Task(String.valueOf(UUID.randomUUID()), i,
-                    i % 2 == 0 ? TaskType.CRYPTO : TaskType.WEB
+                    i % 2 == 0 ? TaskType.CRYPTO : TaskType.WEB,
+                    Flag.newRandomFlag()
            );
            tasksRepository.add(task);
        }

        //GENERATE TASKS END

-
        //REGISTER RESOURCES

 //        environment.jersey().register(new UsersResource(usersRepository));
        environment.jersey().register(new TeamsResource(teamsRepository));
-        environment.jersey().register(new TasksResource(tasksRepository));
+        environment.jersey().register(new TasksResource(tasksRepository, teamsRepository, solutionsRepository));
        environment.jersey().register(new ProxyResource());
    }


--- a/service/src/main/java/Repository/Repository.java
+++ b/service/src/main/java/Repository/Repository.java
 package Repository;

-import java.util.List;
-import java.util.UUID;
-
 /**
 * Created by gpietrus on 20.02.2016.
 */
 public interface Repository {
-    void get(UUID uuid);
-    List<Object> getAll();
+//    void get(UUID uuid);
+//    List<Task> getAll();

 //    void add(User user); //todo: not user //todo: use generics?
 }
--- a/service/src/main/java/Repository/SolutionsRepository.java
+++ b/service/src/main/java/Repository/SolutionsRepository.java
+package Repository;
+
+import database.MongoDBConnector;
+import objects.Solution;
+import org.bson.Document;
+
+/**
+ * Created by gpietrus on 20.02.2016.
+ */
+public class SolutionsRepository implements Repository {
+
+    private MongoDBConnector mongoDBConnector;
+
+    public SolutionsRepository(MongoDBConnector mongoDBConnector) {
+        this.mongoDBConnector = mongoDBConnector;
+    }
+
+//    public void get(UUID uuid) {
+//
+//    }
+
+//    public List<Solution> getAll() {
+//        return mongoDBConnector.getCollection("solutions")
+//                .stream()
+//                .map(Solution::new)
+//                .collect(Collectors.toList());
+//    }
+
+    public void add(Solution solution) {
+        mongoDBConnector.addDocument("solutions", new Document(solution.toMap()));
+    }
+
+    public void clean() {
+        mongoDBConnector.removeCollection("solutions");
+    }
+}
+
+//todo: generify!
\ No newline at end of file
--- a/service/src/main/java/Repository/TasksRepository.java
+++ b/service/src/main/java/Repository/TasksRepository.java
@@ -6,7 +6,6 @@ import org.bson.Document;

 import java.util.List;
 import java.util.UUID;
-import java.util.function.Function;
 import java.util.stream.Collectors;

 /**
@@ -20,16 +19,14 @@ public class TasksRepository implements Repository {
        this.mongoDBConnector = mongoDBConnector;
    }

-    @Override
    public void get(UUID uuid) {

    }

-    @Override
-    public List<Object> getAll() {
+    public List<Task> getAll() {
        return mongoDBConnector.getCollection("tasks")
                .stream()
-                .map((Function<Document, Object>) Task::new)
+                .map(Task::new)
                .collect(Collectors.toList());
    }


--- a/service/src/main/java/Repository/TeamsRepository.java
+++ b/service/src/main/java/Repository/TeamsRepository.java
@@ -2,6 +2,7 @@ package Repository;

 import database.MongoDBConnector;
 import objects.Team;
+import objects.User;
 import org.bson.Document;

 import java.util.List;
@@ -20,16 +21,29 @@ public class TeamsRepository implements Repository {
        this.mongoDBConnector = mongoDBConnector;
    }

-    @Override
+    public Team getTeamByUser(String username) {
+        return getAll().stream()
+                .filter(team -> team.getMembers().stream()
+                        .map(new Function<User, String>() {
+                            @Override
+                            public String apply(User user) {
+                                return user.getName();
+                            }
+                        })
+                        .collect(Collectors.toList())
+                        .contains(username))
+                .findFirst()
+                .get();
+    }
+
    public void get(UUID uuid) {

    }

-    @Override
-    public List<Object> getAll() {
+    public List<Team> getAll() {
        return mongoDBConnector.getCollection("teams")
                .stream()
-                .map((Function<Document, Object>) Team::new)
+                .map(Team::new)
                .collect(Collectors.toList());
    }

@@ -40,4 +54,5 @@ public class TeamsRepository implements Repository {
    public void clean() {
        mongoDBConnector.removeCollection("teams");
    }
+
 }
--- a/service/src/main/java/Repository/UsersRepository.java
+++ b/service/src/main/java/Repository/UsersRepository.java
@@ -20,17 +20,15 @@ public class UsersRepository implements Repository {
        this.mongoDBConnector = mongoDBConnector;
    }

-    @Override
    public void get(UUID uuid) {
 //        new HashMap<>()
 //        return mongoDBConnector.getDocument("");
    }

-    @Override
-    public List<Object> getAll() {
+    public List<User> getAll() {
        return mongoDBConnector.getCollection("users")
                .stream()
-                .map((Function<Document, Object>) User::new)
+                .map((Function<Document, User>) User::new)
                .collect(Collectors.toList());
    }


--- a/service/src/main/java/api/TasksResource.java
+++ b/service/src/main/java/api/TasksResource.java
 package api;

+import Repository.SolutionsRepository;
 import Repository.TasksRepository;
+import Repository.TeamsRepository;
+import core.FlagChecker;
+import objects.Task;

 import javax.ws.rs.GET;
+import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
@@ -16,15 +21,24 @@ import java.util.List;
 public class TasksResource
 {
    private TasksRepository tasksRepository;
+    private TeamsRepository teamsRepository;
+    private SolutionsRepository solutionsRepository;
    //todo: use injections

-    public TasksResource(TasksRepository tasksRepository) {
+    public TasksResource(TasksRepository tasksRepository, TeamsRepository teamsRepository, SolutionsRepository solutionsRepository) {
        this.tasksRepository = tasksRepository;
+        this.teamsRepository = teamsRepository;
+        this.solutionsRepository = solutionsRepository;
    }

    @GET
-    public List<Object> getTasks() {
+    public List<Task> getTasks() {
        return tasksRepository.getAll();
    }

+    @POST
+    public boolean submitSolution(String flag) throws Exception {
+        return new FlagChecker(tasksRepository, teamsRepository, solutionsRepository).checkFlag(flag);
+    }
+
 }
--- a/service/src/main/java/api/TeamsResource.java
+++ b/service/src/main/java/api/TeamsResource.java
 package api;

 import Repository.TeamsRepository;
+import objects.Team;

 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
@@ -23,7 +24,7 @@ public class TeamsResource
    }

    @GET
-    public List<Object> getTeams() {
+    public List<Team> getTeams() {
        return teamsRepository.getAll();
    }


--- a/service/src/main/java/api/UsersResource.java
+++ b/service/src/main/java/api/UsersResource.java
 package api;

 import Repository.UsersRepository;
+import objects.User;

-import javax.inject.Inject;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
@@ -24,7 +24,7 @@ public class UsersResource
    }

    @GET
-    public List<Object> getUsers() {
+    public List<User> getUsers() {
        return usersRepository.getAll();
    }


--- a/service/src/main/java/core/FlagChecker.java
+++ b/service/src/main/java/core/FlagChecker.java
+package core;
+
+import Repository.SolutionsRepository;
+import Repository.TasksRepository;
+import Repository.TeamsRepository;
+import objects.Solution;
+import objects.Task;
+import org.apache.commons.codec.binary.Hex;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Map;
+import java.util.Optional;
+import java.util.stream.Collectors;
+
+/**
+ * Created by gpietrus on 20.02.2016.
+ */
+public class FlagChecker {
+
+    private String salt = "SECURE_SALT"; //todo
+    private TasksRepository tasksRepository;
+    private TeamsRepository teamsRepository;
+    private SolutionsRepository solutionsRepository;
+
+    public FlagChecker(TasksRepository tasksRepository, TeamsRepository teamsRepository, SolutionsRepository solutionsRepository) {
+        this.tasksRepository = tasksRepository;
+        this.teamsRepository = teamsRepository;
+        this.solutionsRepository = solutionsRepository;
+    }
+
+    private String calculateHashValue(String username, String flagValue) {
+        String combinedStrings = salt + username + flagValue; //todo
+        MessageDigest md5 = null;//todo: discuss
+        try {
+            md5 = MessageDigest.getInstance("MD5");
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+        }
+        return Hex.encodeHexString(md5.digest(combinedStrings.getBytes()));
+    }
+
+    private void acceptSolution(String username, Task task) {
+        //todo: getname, of get id?
+        solutionsRepository.add(new Solution(teamsRepository.getTeamByUser(username).getName(), task.getName()));
+    }
+
+    private boolean compareHash(String hash, String username) throws Exception {
+        Optional<Map.Entry<Task, String>> matchingHash = tasksRepository.getAll().stream()
+                .collect(Collectors.toMap(
+                        task -> task,
+                        task -> calculateHashValue(username, task.getFlag().getValue())
+                ))
+                .entrySet()
+                .stream()
+                .filter(taskHashEntry -> taskHashEntry.getValue().equals(hash))
+                .findFirst();
+
+        if(matchingHash.isPresent()) {
+            acceptSolution(username, matchingHash.get().getKey());
+            return true;
+        }
+        return false;
+    }
+
+    public boolean checkFlag(String flagValue) throws Exception {
+        String username = "gpietrus";   //todo
+        String hash = calculateHashValue(username, flagValue);
+        return compareHash(hash, username);
+    }
+
+
+}
--- a/service/src/main/java/objects/Flag.java
+++ b/service/src/main/java/objects/Flag.java
 package objects;

+import java.util.Random;
+
 /**
 * Created by gpietrus on 20.02.2016.
 */
 public class Flag {
+    private String value;
+    private static int flagLength = 32;
+
+    public Flag(String value) {
+        this.value = value;
+    }
+
+    public static Flag newRandomFlag() {
+        StringBuilder stringBuilder = new StringBuilder();
+        stringBuilder.append("AGH_CTF_");
+        for(int i = 0; i < flagLength; i++) {
+            char c = (char) (new Random().nextInt(128 - 32) + 32);
+            stringBuilder.append(c);
+        }
+        return new Flag(stringBuilder.toString());
+    }
+
+    public String getValue() {
+        return value;
+    }
+
+    public void setValue(String value) {
+        this.value = value;
+    }
 }
--- a/service/src/main/java/objects/Solution.java
+++ b/service/src/main/java/objects/Solution.java
+package objects;
+
+import com.google.common.collect.ImmutableMap;
+
+import java.util.Map;
+
+/**
+ * Created by gpietrus on 20.02.2016.
+ */
+public class Solution {
+    private String taskId;
+    private String teamId;
+
+    public Solution(String teamId, String taskId) {
+        this.teamId = teamId;
+        this.taskId = taskId;
+    }
+
+    //todo: refactor mapping
+    public Map<String, Object> toMap() {
+        return ImmutableMap.<String, Object>builder()
+                .put("teamId",teamId)
+                .put("taskId", taskId)
+                .build();
+    }
+}
--- a/service/src/main/java/objects/Task.java
+++ b/service/src/main/java/objects/Task.java
@@ -13,22 +13,24 @@ public class Task {
    private String name;
    private int level;
    private TaskType type;
+    private Flag flag;

    public Task(Document document) {
-
        this.name = document.get("name").toString();
        this.level = (int) document.get("level");
        this.type = TaskType.valueOf(document.get("type").toString());
+        this.flag = new Flag(document.get("flag").toString());
    }

    public TaskType getType() {
        return type;
    }

-    public Task(String name, int level, TaskType type) {
+    public Task(String name, int level, TaskType type, Flag flag) {
        this.name = name;
        this.level = level;
        this.type = type;
+        this.flag = flag;
    }

    public void setType(TaskType type) {
@@ -51,12 +53,21 @@ public class Task {
        this.level = level;
    }

+    public Flag getFlag() {
+        return flag;
+    }
+
+    public void setFlag(Flag flag) {
+        this.flag = flag;
+    }
+
    //todo: refactor mapping
    public Map<String, Object> toMap() {
        return ImmutableMap.<String, Object>builder()
                .put("name", name)
                .put("level", level)
                .put("type", type.getType())
+                .put("flag", flag.getValue())
                .build();
    }
 }
--- a/service/src/main/java/objects/Team.java
+++ b/service/src/main/java/objects/Team.java
@@ -3,6 +3,7 @@ package objects;
 import com.google.common.collect.ImmutableMap;
 import org.bson.Document;

+import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
@@ -19,10 +20,13 @@ public class Team {
        //todo: refactor mapping
        this.name = document.get("name").toString();
        this.description = document.get("description").toString();
-        this.members = (List<User>) document.get("members");//todo
+        this.members = ((ArrayList<Document>) document.get("members")) //todo
+                .stream()
+                .map(document1 -> new User(document1))
+                .collect(Collectors.toList());
    }

-    public List getMembers() {
+    public List<User> getMembers() {
        return members;
    }


--- a/service/src/main/java/objects/User.java
+++ b/service/src/main/java/objects/User.java
@@ -25,6 +25,7 @@ public class User {
        this.email = email;
    }

+
    public String getName() {
        return name;
    }