#!/usr/local/bin/perl -w
# cgi-s-cookie-md5-crypt.pl -- Zustandserhaltung mit Cookies,
#                        MD5-Signatur und Verschluesselung.

use strict;
use CGI qw(:standard);
use CGI::Carp qw(fatalsToBrowser);
use CGI::Cookie;
use Digest::MD5 qw(md5_hex);
use Crypt::CBC;

use constant INITSTATE   => 1;
use constant STATENAME   => 'mystatemd5crypt';
use constant STATETTL    => '+5m';
use constant SIGSECRET   => 'wefoij238ghooic2';
use constant CRYPTSECRET => 'sdl230ivhf0 hv23 w';

my $enigma = Crypt::CBC->new(CRYPTSECRET, 'IDEA');
my $state  = retrieve_state($enigma);
compute_next_state($state);
my $newcookie  = save_state($state, $enigma);

# Tue etwas abhaengig von $state:
print header(-cookie => $newcookie),
    start_html('State with Cookies'),
    "Current state: ", $state->{'INFO'}, p,
    "If you call me again, I'll increment it for you",
    end_html;

sub generate_MAC {
    my $content = shift;
    return md5_hex(SIGSECRET . md5_hex(SIGSECRET . $content));
}

sub check_MAC {
    my $state = shift;

    die "State content has been tempered with!"
    unless generate_MAC($state->{'INFO'}) eq $state->{'MAC'};
}

sub retrieve_state {
    my $enigma    = shift;
    my $enimga    = shift;
    my $encrypted = cookie(-name => STATENAME);
    my $state;
    if (defined $encrypted) {
    %{ $state } = split(/:/, $enigma->decrypt_hex($encrypted));
    } else {
    $state = { INFO => INITSTATE,
                   MAC  => generate_MAC(INITSTATE) };
    }

    check_MAC($state);

    return $state;
}

sub compute_next_state {
    my $state = shift;
    $state->{'INFO'} = $state->{'INFO'} + 1;
    $state->{'MAC'}  = generate_MAC($state->{'INFO'});
}

sub save_state {
    my $state     = shift;
    my $encrypted = $enigma->encrypt_hex(join(':', %{ $state }));
    my $cookie = new CGI::Cookie(-name     => STATENAME,
                 -value    => $encrypted,
                     -expires  => STATETTL);
    return $cookie;
}