Commit 574b2f8b authored by marcus's avatar marcus
Browse files

Merge branch 'master' of git.scc.kit.edu:lo0018/pluto

parents 2bf377af 3d2258fa
...@@ -91,7 +91,7 @@ ...@@ -91,7 +91,7 @@
$("#get-rv").text(".."); // clear old state $("#get-rv").text(".."); // clear old state
$.get(from, function(data, stat){ $.get(from, function(data, stat){
$("#get-rv").text(stat); $("#get-rv").text(data);
}); });
}); });
...@@ -100,7 +100,7 @@ ...@@ -100,7 +100,7 @@
$("#post-rv").text(".."); // clear old state $("#post-rv").text(".."); // clear old state
$.post(to, assertion, function(data, stat){ $.post(to, assertion, function(data, stat){
$("#post-rv").text(stat); $("#post-rv").text(data);
}); });
}); });
......
...@@ -5,12 +5,9 @@ ...@@ -5,12 +5,9 @@
</head> </head>
<body> <body>
<h1>Available Endpoints</h1><br/> <h1>Available Endpoints</h1><br/>
<a href="https://saml-delegation.data.kit.edu/sd-daniel/ecp.py">ECP-daniel</a><br/>
<a href="https://saml-delegation.data.kit.edu/sd-daniel/js.py">Web-SSO and Javascript-daniel</a><br/>
<hr/>
<a href="https://saml-delegation.data.kit.edu/sd/ecp.py">ECP</a><br/> <a href="https://saml-delegation.data.kit.edu/sd/ecp.py">ECP</a><br/>
<!--<a href="https://saml-delegation.data.kit.edu/sd/sso.py">Web-SSO</a><br/>--> <!--<a href="https://saml-delegation.data.kit.edu/sd/sso.py">Web-SSO</a><br/>-->
<a href="https://saml-delegation.data.kit.edu/sd/js.py">Web-SSO and Javascript</a><br/> <a href="https://saml-delegation.data.kit.edu/sd/js.py">Web-SSO</a><br/>
<a href="https://saml-delegation.data.kit.edu/sd/p.php">PHP Sysinfo</a><br/> <!--<a href="https://saml-delegation.data.kit.edu/sd/p.php">PHP Sysinfo</a><br/>-->
</body></html> </body></html>
...@@ -13,6 +13,9 @@ from struct import pack ...@@ -13,6 +13,9 @@ from struct import pack
import urllib import urllib
from string import replace from string import replace
from binascii import hexlify, unhexlify
from interop import decrypt
def write_var (req, var, filename): def write_var (req, var, filename):
log_path=req.document_root() + '/assertions/' + filename log_path=req.document_root() + '/assertions/' + filename
...@@ -47,9 +50,7 @@ def handler(req): ...@@ -47,9 +50,7 @@ def handler(req):
<head> <head>
<meta http-equiv="refresh" content="1 <meta http-equiv="refresh" content="1
URL=https://saml-delegation.data.kit.edu/sd/ecp.py"> URL=https://saml-delegation.data.kit.edu/sd/ecp.py">
<!-- URI: %s --> <!-- URI: %s -->
</head> </head>
<body> <body>
<br/> <br/>
...@@ -59,22 +60,24 @@ def handler(req): ...@@ -59,22 +60,24 @@ def handler(req):
</html>'''% req.uri) </html>'''% req.uri)
return apache.OK return apache.OK
# js: sso via javascript ############################
# js: sso via javascript #
############################
if location == 'js.py': if location == 'js.py':
req.content_type = 'text/html' req.content_type = 'text/html'
req.write('''<!DOCTYPE html> req.write('''<!DOCTYPE html> <meta charset="ASCII" />
<meta charset="ASCII" />
<html> <html>
<head> <!-- TODO(daniel): host locally; jquery v1 for included IE support.. --!>
<script src="js/twofish/2-fish.js"> </script> <script src="js/crypto-js/aes.js"></script>
<script src="js/blowfish/blowfish.js"> </script> <script src="js/jquery-1.11.1.min.js"></script>
<!--<script src="js/aamcrypt/aamcrypt.js"> </script>--> <p id="data"> data </p>
<script src="js/seedrandom/seedrandom.min.js"> </script> <p id="stat"> stat </p>
</head> <p id="stat_post"> post </p>
<body> <p id="url"> url </p>
<script type="text/javascript">''') <script src="js-new.js"></script>
req.sendfile(req.document_root() + "/sd/js.js") <head> </head>
req.write(''' </script> </body> </html> ''') <body> </body>
</html> ''')
return apache.OK return apache.OK
# ecp # ecp
...@@ -87,31 +90,31 @@ def handler(req): ...@@ -87,31 +90,31 @@ def handler(req):
req.write(assertion) req.write(assertion)
return apache.OK return apache.OK
############ ########
# upload # # test #
############ ########
if location in ( 'test.py', 'testone.py', 'testtwo.py') : if location in ( 'test_transport.py') :
buf = req.read()
write_var (req, buf, 'buf')
req.write('Transport test done')
return apache.OK
if location in ( 'test_assertion.py') :
req.content_type = 'text/plain' req.content_type = 'text/plain'
form = util.FieldStorage(req) form = util.FieldStorage(req)
b64_encrypted_assertion = form.get("encrypted_assertion", "ooops").replace(' ', '+') b64_encrypted_assertion = form.get("encrypted_assertion", "Error: No assertion field sent").replace(' ', '+')
log_path=req.document_root() + '/assertions/' + location + '.txt' write_var (req, b64_encrypted_assertion, "b64_encrypted_assertion")
logfile=open(log_path, 'w')
logfile.write(b64_encrypted_assertion)
logfile.close()
return apache.OK return apache.OK
############
# upload #
############
if location in ( 'upload.py', 'jsupload.py'): if location in ( 'upload.py', 'jsupload.py'):
req.content_type = 'text/plain' req.content_type = 'text/plain'
# we expect the data via post in encrypted assertion. # we expect the data via post in encrypted assertion.
# we will return the url of where to collect the assertion # we will return the url of where to collect the assertion
# request. # request.
# This debug statement will destroy the whole processing
#log_path=req.document_root() + '/assertions/' + 'js-log'
#logfile=open(log_path, 'w')
#logfile.write(req.read())
#logfile.close()
if req.method != 'POST': if req.method != 'POST':
req.write("Error, i was expecting a post request") req.write("Error, i was expecting a post request")
return apache.OK return apache.OK
...@@ -121,89 +124,57 @@ def handler(req): ...@@ -121,89 +124,57 @@ def handler(req):
if not form.has_key("encrypted_assertion"): if not form.has_key("encrypted_assertion"):
req.write ("Error: did not obtain the encrypted_assertion") req.write ("Error: did not obtain the encrypted_assertion")
return apache.OK return apache.OK
#if client == 'javascript': b64 = form.get("encrypted_assertion", "Error: no assertion present").replace(' ', '+')
buf = form.get("encrypted_assertion", "ooops").replace(' ', '+') write_var (req, b64, 'b64')
client_version = form.get ("client_verions", "oops").replace(' ', '+') client_version = form.get ("client_verions", "oops").replace(' ', '+')
#else:
#buf = form.get("encrypted_assertion", "ooops")
#client_version = form.get ("client_verions", "oops")
# decode assertion # decode assertion
if client == 'perl': if client == 'perl':
encrypted_assertion = b64decode(buf) encrypted_assertion = b64decode(b64)
if client == 'javascript': elif client == 'javascript':
encrypted_assertion = b64decode(buf+'=') encrypted_assertion = unhexlify(b64)
else:
req.write ('client not supported')
return apache.OK
write_var (req, encrypted_assertion, 'encrypted_assertion')
# create hash # create hash
assertion_hash = str(hashlib.md5(encrypted_assertion).hexdigest()) assertion_hash = str(hashlib.md5(encrypted_assertion).hexdigest())
assertion_path=req.document_root() + '/assertions/' + assertion_hash
assertion_url ='https://' + req.hostname + '/assertions/' + assertion_hash assertion_url ='https://' + req.hostname + '/assertions/' + assertion_hash
# write to file # return the url as key=value FIXME
try: req.write("url=%s" % assertion_url)
file=open(assertion_path, 'w')
file.write(encrypted_assertion)
file.close()
except:
req.write("could not save assertion")
if location == 'jsupload.py':
req.write(assertion_url);
else:
req.write("url=%s" % assertion_url)
######### #########
# debug # # debug #
######### #########
# decrypt assertion in case password is provided # decrypt assertion in case password is provided
if form.has_key("key"):
from binascii import hexlify, unhexlify
log_path=req.document_root() + '/assertions/' + 'log'
logfile=open(log_path, 'w')
if client == 'perl':
key = unhexlify(form.get("key", "ooops"))
#key = form.get("key", "ooops")
iv = form.get("iv", "ooops")
if client == 'javascript':
key = form.get("key", "ooops")
iv = form.get("iv", "ooops")
encryption_algorithm = form.get("encryption_algorithm", "ooops")
logfile.write('iv: ' + iv + '\n')
logfile.write('key: ' + key + '\n')
if form.has_key("key"):
enc_key = form.get("key", "")
client = form.get("client","")
if client == "perl":
key = b64decode(enc_key)
if client == "javascript":
iv = unhexlify(form.get("iv",""))
key = unhexlify(enc_key)
enc_ass = encrypted_assertion
encrypted_assertion = iv + enc_ass
write_var(req,enc_key, "key")
write_var(req, encrypted_assertion, 'encrypted_assertion') write_var(req, encrypted_assertion, 'encrypted_assertion')
if client == 'perl': # some logging
# we need to initialise cipher twice: once to get the log_path=req.document_root() + '/assertions/' + 'log'
# amount of padding, and then to actually decrypt logfile=open(log_path, 'w')
if encryption_algorithm == 'Blowfish': logfile.write("keylen: %d\n" % len(key))
cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv) logfile.write("cipherlen: %d\n" % len(encrypted_assertion))
num_padding = ord(cipher.decrypt(encrypted_assertion)[-1]) #logfile.write("iv: %d\n" % len(iv))
cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv) logfile.close
plaintext = cipher.decrypt(encrypted_assertion)[:(-1*num_padding)]
if encryption_algorithm == 'AES':
cipher = AES.new(key, AES.MODE_CBC, iv)
num_padding = ord(cipher.decrypt(encrypted_assertion)[-1])
cipher = AES.new(key, AES.MODE_CBC, iv)
plaintext = cipher.decrypt(encrypted_assertion)[:(-1*num_padding)]
if client == 'javascript':
iv='asdasdff'
num_padding = 8
#key = 'this';
key = base64.decode
cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv)
plaintext = cipher.decrypt(encrypted_assertion[0:5680])[:(-1*num_padding)]
logfile.write("length: %d\n" % len(encrypted_assertion))
plaintext = decrypt(key, encrypted_assertion)
write_var(req, plaintext, 'plaintext') write_var(req, plaintext, 'plaintext')
logfile.close()
return apache.OK return apache.OK
req.content_type = 'text/plain' req.content_type = 'text/plain'
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment