replacing js.js with daniels code

server/js-new.js

+/* notes:
+    - full blown jQuery solution to keep my sanity; GET/POST assertion poc
+    - use local server for testing, same origin policy forbids requests otherwise
+    - ./runserver.py (and check source)
+    - TODO: chain post(encrypt(get()))
+ */
+
+var from = "https://saml-delegation.data.kit.edu/sd/ecp.py";
+var to = "https://saml-delegation.data.kit.edu/sd/upload.py";
+//var to = "https://saml-delegation.data.kit.edu/sd/test_assertion.py";
+/*
+var from = "https://saml-delegation.data.kit.edu/sd/ecp.py";
+var to = "https://saml-delegation.data.kit.edu/sd/upload.py";
+*/
+
+var bs = 16;  // aes block size is 16 bytes
+
+$.get( from, function( assertion, stat ) {
+    if (stat == 'success') {
+        $( "#assertion" ).text( assertion );
+        console.log ('got assertion');
+        // note: no need for a key derivation function, we're _generating_ a key from scratch _every time_
+        var key = CryptoJS.lib.WordArray.random(bs);
+        var iv = CryptoJS.lib.WordArray.random(bs);
+        var opts = {iv: iv, keySize: bs, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7};
+        var enc = CryptoJS.AES.encrypt(assertion, key, opts);
+
+        //console.log('ciphertext: ' + enc.ciphertext.toString(CryptoJS.enc.Base64));
+        console.log('key: ' + enc.key.toString(CryptoJS.enc.Base64));
+        console.log('iv: ' + enc.iv.toString(CryptoJS.enc.Base64));
+
+        buf_iv = enc.iv.toString(CryptoJS.enc.Base64);
+        buf_key = enc.key.toString(CryptoJS.enc.Base64);
+
+        var buf = enc.iv + enc.ciphertext;
+        var buf2 = buf.toString(CryptoJS.enc.Base64);
+        var enc_assertion = buf.toString(CryptoJS.enc.Base64); 
+        $( "#stat_enc" ).text("success");
+
+        //console.log ('len enc_assertion: ' + enc_assertion.length);
+        //console.log ('len iv:            ' + enc.iv.toString.length);
+        //console.log ('len iv:            ' + buf_iv.length);
+        //console.log ('len key:           ' + enc.key.toString.length);
+        //console.log ('len key:           ' + buf_key.length);
+        //console.log ('len buf:           ' + buf.length);
+        //console.log ('len buf2:          ' + buf2.length);
+        //console.log ('len ciphertext:    ' + enc.ciphertext.toString.length);
+        
+        //var enc_assertion = (enc.iv + enc.ciphertext).toString(CryptoJS.enc.Base64);
+        console.log('encryption done');
+        
+
+        // Construct what is sent in the post
+        out = "encrypted_assertion="+enc.ciphertext.toString(CryptoJS.enc.Hex)
+        +"&iv="+ enc.iv.toString(CryptoJS.enc.Hex)
+        +"&key="+enc.key.toString(CryptoJS.enc.Hex)
+        +"&client=javascript"
+        "&version=0.1"; 
+        //out = "encrypted_assertion="+enc_assertion
+        //+"&key="+key
+        //+"&client=javascript"
+        //"&version=0.1"; 
+
+        console.log ('out:   ' + out);
+        console.log ('enc_ass: ' + enc_assertion);
+
+        $.post(to, out, function(data, stat){
+            console.log('sending');
+            // replace content in the template 
+            buf = data.split("url=");
+            url = buf[1];
+            $("#url").text(url+"&k="+key);
+            $("#stat_post").text(stat)
+        })
+
+        console.log ('sent encrypted assertion out');
+
+        $( "#stat_get" ).text("success");
+
+    }
+    else {
+        $( "#stat_get" ).text( stat );
+    }
+});
+
+
+/*
+ *$(document).ready(function() {
+ *    $.get(from, function(data, stat)){
+ *        var plaintext = data;
+ *    }
+ *    document.write (plaintext);
+ *}
+ */