Skip to content

GitLab

Commit 574b2f8b authored by marcus's avatar marcus
Browse files

Merge branch 'master' of git.scc.kit.edu:lo0018/pluto

parents 2bf377af 3d2258fa
Hide whitespace changes
Inline Side-by-side
interop/js/templates/interop.html
View file @ 574b2f8b
......@@ -91,7 +91,7 @@
$("#get-rv").text(".."); // clear old state
$.get(from, function(data, stat){
$("#get-rv").text(stat);
$("#get-rv").text(data);
});
});
......@@ -100,7 +100,7 @@
$("#post-rv").text(".."); // clear old state
$.post(to, assertion, function(data, stat){
$("#post-rv").text(stat);
$("#post-rv").text(data);
});
});
......
server/index.html
View file @ 574b2f8b
......@@ -5,12 +5,9 @@
</head>
<body>
<h1>Available Endpoints</h1><br/>
<a href="https://saml-delegation.data.kit.edu/sd-daniel/ecp.py">ECP-daniel</a><br/>
<a href="https://saml-delegation.data.kit.edu/sd-daniel/js.py">Web-SSO and Javascript-daniel</a><br/>
<hr/>
<a href="https://saml-delegation.data.kit.edu/sd/ecp.py">ECP</a><br/>
<!--<a href="https://saml-delegation.data.kit.edu/sd/sso.py">Web-SSO</a><br/>-->
<a href="https://saml-delegation.data.kit.edu/sd/js.py">Web-SSO and Javascript</a><br/>
<a href="https://saml-delegation.data.kit.edu/sd/p.php">PHP Sysinfo</a><br/>
<a href="https://saml-delegation.data.kit.edu/sd/js.py">Web-SSO</a><br/>
<!--<a href="https://saml-delegation.data.kit.edu/sd/p.php">PHP Sysinfo</a><br/>-->
</body></html>
server/sso.py
View file @ 574b2f8b
......@@ -13,6 +13,9 @@ from struct import pack
import urllib
from string import replace
from binascii import hexlify, unhexlify
from interop import decrypt
def write_var (req, var, filename):
log_path=req.document_root() + '/assertions/' + filename
......@@ -47,9 +50,7 @@ def handler(req):
<head>
<meta http-equiv="refresh" content="1
URL=https://saml-delegation.data.kit.edu/sd/ecp.py">
<!-- URI: %s -->
</head>
<body>
<br/>
......@@ -59,22 +60,24 @@ def handler(req):
</html>'''% req.uri)
return apache.OK
# js: sso via javascript
############################
# js: sso via javascript #
############################
if location == 'js.py':
req.content_type = 'text/html'
req.write('''<!DOCTYPE html>
<meta charset="ASCII" />
req.write('''<!DOCTYPE html> <meta charset="ASCII" />
<html>
<head>
<script src="js/twofish/2-fish.js"> </script>
<script src="js/blowfish/blowfish.js"> </script>
<!--<script src="js/aamcrypt/aamcrypt.js"> </script>-->
<script src="js/seedrandom/seedrandom.min.js"> </script>
</head>
<body>
<script type="text/javascript">''')
req.sendfile(req.document_root() + "/sd/js.js")
req.write(''' </script> </body> </html> ''')
<!-- TODO(daniel): host locally; jquery v1 for included IE support.. --!>
<script src="js/crypto-js/aes.js"></script>
<script src="js/jquery-1.11.1.min.js"></script>
<p id="data"> data </p>
<p id="stat"> stat </p>
<p id="stat_post"> post </p>
<p id="url"> url </p>
<script src="js-new.js"></script>
<head> </head>
<body> </body>
</html> ''')
return apache.OK
# ecp
......@@ -87,31 +90,31 @@ def handler(req):
req.write(assertion)
return apache.OK
############
# upload #
############
if location in ( 'test.py', 'testone.py', 'testtwo.py') :
########
# test #
########
if location in ( 'test_transport.py') :
buf = req.read()
write_var (req, buf, 'buf')
req.write('Transport test done')
return apache.OK
if location in ( 'test_assertion.py') :
req.content_type = 'text/plain'
form = util.FieldStorage(req)
b64_encrypted_assertion = form.get("encrypted_assertion", "ooops").replace(' ', '+')
log_path=req.document_root() + '/assertions/' + location + '.txt'
logfile=open(log_path, 'w')
logfile.write(b64_encrypted_assertion)
logfile.close()
b64_encrypted_assertion = form.get("encrypted_assertion", "Error: No assertion field sent").replace(' ', '+')
write_var (req, b64_encrypted_assertion, "b64_encrypted_assertion")
return apache.OK
############
# upload #
############
if location in ( 'upload.py', 'jsupload.py'):
req.content_type = 'text/plain'
# we expect the data via post in encrypted assertion.
# we will return the url of where to collect the assertion
# request.
# This debug statement will destroy the whole processing
#log_path=req.document_root() + '/assertions/' + 'js-log'
#logfile=open(log_path, 'w')
#logfile.write(req.read())
#logfile.close()
if req.method != 'POST':
req.write("Error, i was expecting a post request")
return apache.OK
......@@ -121,89 +124,57 @@ def handler(req):
if not form.has_key("encrypted_assertion"):
req.write ("Error: did not obtain the encrypted_assertion")
return apache.OK
#if client == 'javascript':
buf = form.get("encrypted_assertion", "ooops").replace(' ', '+')
b64 = form.get("encrypted_assertion", "Error: no assertion present").replace(' ', '+')
write_var (req, b64, 'b64')
client_version = form.get ("client_verions", "oops").replace(' ', '+')
#else:
#buf = form.get("encrypted_assertion", "ooops")
#client_version = form.get ("client_verions", "oops")
# decode assertion
if client == 'perl':
encrypted_assertion = b64decode(buf)
if client == 'javascript':
encrypted_assertion = b64decode(buf+'=')
encrypted_assertion = b64decode(b64)
elif client == 'javascript':
encrypted_assertion = unhexlify(b64)
else:
req.write ('client not supported')
return apache.OK
write_var (req, encrypted_assertion, 'encrypted_assertion')
# create hash
assertion_hash = str(hashlib.md5(encrypted_assertion).hexdigest())
assertion_path=req.document_root() + '/assertions/' + assertion_hash
assertion_url ='https://' + req.hostname + '/assertions/' + assertion_hash
# write to file
try:
file=open(assertion_path, 'w')
file.write(encrypted_assertion)
file.close()
except:
req.write("could not save assertion")
if location == 'jsupload.py':
req.write(assertion_url);
else:
req.write("url=%s" % assertion_url)
# return the url as key=value FIXME
req.write("url=%s" % assertion_url)
#########
# debug #
#########
# decrypt assertion in case password is provided
if form.has_key("key"):
from binascii import hexlify, unhexlify
log_path=req.document_root() + '/assertions/' + 'log'
logfile=open(log_path, 'w')
if client == 'perl':
key = unhexlify(form.get("key", "ooops"))
#key = form.get("key", "ooops")
iv = form.get("iv", "ooops")
if client == 'javascript':
key = form.get("key", "ooops")
iv = form.get("iv", "ooops")
encryption_algorithm = form.get("encryption_algorithm", "ooops")
logfile.write('iv: ' + iv + '\n')
logfile.write('key: ' + key + '\n')
if form.has_key("key"):
enc_key = form.get("key", "")
client = form.get("client","")
if client == "perl":
key = b64decode(enc_key)
if client == "javascript":
iv = unhexlify(form.get("iv",""))
key = unhexlify(enc_key)
enc_ass = encrypted_assertion
encrypted_assertion = iv + enc_ass
write_var(req,enc_key, "key")
write_var(req, encrypted_assertion, 'encrypted_assertion')
if client == 'perl':
# we need to initialise cipher twice: once to get the
# amount of padding, and then to actually decrypt
if encryption_algorithm == 'Blowfish':
cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv)
num_padding = ord(cipher.decrypt(encrypted_assertion)[-1])
cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv)
plaintext = cipher.decrypt(encrypted_assertion)[:(-1*num_padding)]
if encryption_algorithm == 'AES':
cipher = AES.new(key, AES.MODE_CBC, iv)
num_padding = ord(cipher.decrypt(encrypted_assertion)[-1])
cipher = AES.new(key, AES.MODE_CBC, iv)
plaintext = cipher.decrypt(encrypted_assertion)[:(-1*num_padding)]
if client == 'javascript':
iv='asdasdff'
num_padding = 8
#key = 'this';
key = base64.decode
cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv)
plaintext = cipher.decrypt(encrypted_assertion[0:5680])[:(-1*num_padding)]
logfile.write("length: %d\n" % len(encrypted_assertion))
# some logging
log_path=req.document_root() + '/assertions/' + 'log'
logfile=open(log_path, 'w')
logfile.write("keylen: %d\n" % len(key))
logfile.write("cipherlen: %d\n" % len(encrypted_assertion))
#logfile.write("iv: %d\n" % len(iv))
logfile.close
plaintext = decrypt(key, encrypted_assertion)
write_var(req, plaintext, 'plaintext')
logfile.close()
return apache.OK
req.content_type = 'text/plain'
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Imprint