Commit 01df3306 authored by marcus-tun's avatar marcus-tun
Browse files

added decryuption to learn how to handle perl stuff in python

parent 808400e6
......@@ -6,6 +6,9 @@ import httplib2
import hashlib
from base64 import b64encode, b64decode
from Crypto.Cipher import Blowfish
from Crypto import Random
from struct import pack
def handler(req):
......@@ -50,6 +53,7 @@ def handler(req):
if location == 'js.py':
req.content_type = 'text/html'
req.write('''<!DOCTYPE html>
<meta charset="ASCII" />
<html>
<head>
<script src="js/twofish/2-fish.js"> </script>
......@@ -71,7 +75,9 @@ def handler(req):
req.write(assertion)
return apache.OK
# upload
############
# upload #
############
if location in ( 'upload.py', 'jsupload.py'):
req.content_type = 'text/plain'
# we expect the data via post in encrypted assertion.
......@@ -81,34 +87,67 @@ def handler(req):
req.write("Error, i was expecting a post request")
return apache.OK
log_path=req.document_root() + '/assertions/' + 'js-log'
logfile=open(log_path, 'w')
logfile.write(req.read())
logfile.close()
form = util.FieldStorage(req)
if form.has_key("encrypted_assertion"):
buf = form.get("encrypted_assertion", "ooops")
if buf == "ooops":
req.write ("Error: did not obtain the encrypted_assertion")
return apache.OK
# decode assertion
encrypted_assertion = b64decode(buf)
# create hash
assertion_hash = str(hashlib.md5(encrypted_assertion).hexdigest())
assertion_path=req.document_root() + '/assertions/' + assertion_hash
assertion_url ='https://' + req.hostname + '/assertions/' + assertion_hash
# write to file
try:
file=open(assertion_path, 'w')
if not form.has_key("encrypted_assertion"):
req.write ("Error: did not obtain the encrypted_assertion")
return apache.OK
buf = form.get("encrypted_assertion", "ooops")
client = form.get ("client", "oops")
client_version = form.get ("client_verions", "oops")
# decode assertion
encrypted_assertion = b64decode(buf)
# create hash
assertion_hash = str(hashlib.md5(encrypted_assertion).hexdigest())
assertion_path=req.document_root() + '/assertions/' + assertion_hash
assertion_url ='https://' + req.hostname + '/assertions/' + assertion_hash
# write to file
try:
file=open(assertion_path, 'w')
if client == "perl":
file.write(encrypted_assertion[16:]) # skip the 16 byte perl header
else:
file.write(encrypted_assertion)
file.close()
except:
req.write("could not save assertion")
file.close()
except:
req.write("could not save assertion")
if location == 'jsupload.py':
req.write('You can use this url as a temporary password in all federation-enabled services:\n\n%s' % assertion_url);
if location == 'jsupload.py':
req.write('You can use this url as a temporary password in all federation-enabled services:\n\n%s' % assertion_url);
else:
req.write("url=%s" % assertion_url)
else:
req.write("url=%s" % assertion_url)
#########
# debug #
#########
# decrypt assertion in case password is provided
if form.has_key("key"):
from binascii import hexlify, unhexlify
key = unhexlify(form.get("key", "ooops"))
perl_iv = form.get("perl_iv", "ooops")
iv = form.get("iv", "ooops")
encryption_algorithm = form.get("encryption_algorithm", "ooops")
log_path=req.document_root() + '/assertions/' + 'log'
logfile=open(log_path, 'w')
cipher = Blowfish.new(key, Blowfish.MODE_CBC, perl_iv)
num_padding = ord(cipher.decrypt(encrypted_assertion[16:])[-1])
cipher = Blowfish.new(key, Blowfish.MODE_CBC, perl_iv)
plaintext = cipher.decrypt(encrypted_assertion[16:])[:(-1*num_padding)]
logfile.write(plaintext)
logfile.close()
return apache.OK
......@@ -116,3 +155,18 @@ def handler(req):
req.write("Error: Your request was not understood")
return apache.OK
#return apache.HTTP_BAD_REQUEST
# Some leftovers:
#bs = Blowfish.block_size
#iv = '12333123'
#cipher = Blowfish.new(key, Blowfish.MODE_ECB, iv)
#cipher = new Crypt::CBC (symmetric_key, 'Twofish');
#my plaintext = cipher->decrypt(encrypted_assertion);
#print ("\n".plaintext."\n");
##plaintext = b'docendo discimus '
##plen = bs - divmod(len(plaintext),bs)[1]
##padding = [plen]*plen
##padding = pack('b'*plen, *padding)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment