added decryuption to learn how to handle perl stuff in python

01df3306 · marcus-tun · 808400e6 · 01df3306
Commit 01df3306 authored Sep 26, 2014 by marcus-tun
--- a/server/sso.py
+++ b/server/sso.py
@@ -6,6 +6,9 @@ import httplib2
 import hashlib
 from base64 import b64encode, b64decode

+from Crypto.Cipher import Blowfish
+from Crypto import Random
+from struct import pack


 def handler(req):
@@ -50,6 +53,7 @@ def handler(req):
    if location == 'js.py':
        req.content_type = 'text/html'
        req.write('''<!DOCTYPE html>
+              <meta charset="ASCII" />
            <html>
            <head>
            <script src="js/twofish/2-fish.js"> </script>
@@ -71,7 +75,9 @@ def handler(req):
        req.write(assertion)
        return apache.OK

-    # upload
+    ############
+    #  upload  #
+    ############
    if location in ( 'upload.py', 'jsupload.py'):
        req.content_type = 'text/plain'
        # we expect the data via post in encrypted assertion.
@@ -81,34 +87,67 @@ def handler(req):
            req.write("Error, i was expecting a post request")
            return apache.OK

+        log_path=req.document_root() + '/assertions/' + 'js-log'
+        logfile=open(log_path, 'w')
+        logfile.write(req.read())
+        logfile.close()
+
        form = util.FieldStorage(req)
-        if form.has_key("encrypted_assertion"):
-            buf = form.get("encrypted_assertion", "ooops")
-            if buf == "ooops":
-                req.write ("Error: did not obtain the encrypted_assertion")
-                return apache.OK
-
-            # decode assertion
-            encrypted_assertion = b64decode(buf)
-
-            # create hash
-            assertion_hash = str(hashlib.md5(encrypted_assertion).hexdigest())
-            assertion_path=req.document_root() + '/assertions/' + assertion_hash
-            assertion_url ='https://' + req.hostname + '/assertions/' + assertion_hash
-
-            # write to file
-            try:
-                file=open(assertion_path, 'w')
+        if not form.has_key("encrypted_assertion"):
+            req.write ("Error: did not obtain the encrypted_assertion")
+            return apache.OK
+        buf = form.get("encrypted_assertion", "ooops")
+        client = form.get ("client", "oops")
+        client_version = form.get ("client_verions", "oops")
+
+        # decode assertion
+        encrypted_assertion = b64decode(buf)
+
+        # create hash
+        assertion_hash = str(hashlib.md5(encrypted_assertion).hexdigest())
+        assertion_path=req.document_root() + '/assertions/' + assertion_hash
+        assertion_url ='https://' + req.hostname + '/assertions/' + assertion_hash
+
+        # write to file
+        try:
+            file=open(assertion_path, 'w')
+            if client == "perl":
+                file.write(encrypted_assertion[16:]) # skip the 16 byte perl header
+            else:
                file.write(encrypted_assertion)
-                file.close()
-            except:
-                req.write("could not save assertion")
+            file.close()
+        except:
+            req.write("could not save assertion")

-            if location == 'jsupload.py':
-                req.write('You can use this url as a temporary password in all federation-enabled services:\n\n%s' % assertion_url);
+        if location == 'jsupload.py':
+            req.write('You can use this url as a temporary password in all federation-enabled services:\n\n%s' % assertion_url);

-            else:
-                req.write("url=%s" % assertion_url)
+        else:
+            req.write("url=%s" % assertion_url)
+
+        #########
+        # debug #
+        #########
+        # decrypt assertion in case password is provided
+        if form.has_key("key"):
+            from binascii import hexlify, unhexlify
+
+            key = unhexlify(form.get("key", "ooops"))
+            perl_iv = form.get("perl_iv",   "ooops")
+            iv =      form.get("iv",        "ooops")
+            encryption_algorithm = form.get("encryption_algorithm", "ooops")
+
+            log_path=req.document_root() + '/assertions/' + 'log'
+            logfile=open(log_path, 'w')
+
+            cipher = Blowfish.new(key, Blowfish.MODE_CBC, perl_iv)
+            num_padding = ord(cipher.decrypt(encrypted_assertion[16:])[-1])
+
+            cipher = Blowfish.new(key, Blowfish.MODE_CBC, perl_iv)
+            plaintext = cipher.decrypt(encrypted_assertion[16:])[:(-1*num_padding)]
+
+            logfile.write(plaintext)
+            logfile.close()

        return apache.OK

@@ -116,3 +155,18 @@ def handler(req):
    req.write("Error: Your request was not understood")
    return apache.OK
    #return apache.HTTP_BAD_REQUEST
+
+
+# Some leftovers:
+
+#bs = Blowfish.block_size
+#iv = '12333123'
+#cipher = Blowfish.new(key, Blowfish.MODE_ECB, iv)
+#cipher = new Crypt::CBC (symmetric_key, 'Twofish');
+#my plaintext = cipher->decrypt(encrypted_assertion);
+#print ("\n".plaintext."\n");
+
+##plaintext = b'docendo discimus '
+##plen = bs - divmod(len(plaintext),bs)[1]
+##padding = [plen]*plen
+##padding = pack('b'*plen, *padding)