Commit 7377ae67 authored by Daniel Hofmann's avatar Daniel Hofmann
Browse files

JS: encrypt/get/post example; local test server (b/c of same origin policy)

parent 00a2444c
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# notes:
# - local server, to test JS GET/POST (b/c of same origin policy), uses Flask, see: http://flask.pocoo.org/
# - deps: pip install -r requirements.txt
# - actual html+js is in 'templates' directory
from __future__ import print_function, division, with_statement # welcome to the future
from flask import Flask, request, render_template
app = Flask(__name__)
@app.route('/')
def index():
return render_template('interop.html')
@app.route('/assertion')
def assertion():
app.logger.info('sending: Hello')
return 'Hello'
@app.route('/upload', methods=['POST'])
def upload():
app.logger.info('received: {0}'.format(request.form))
return 'received'
def main():
app.run(host='127.0.0.1', port=8080, debug=True)
if __name__ == '__main__':
main()
# vim: set tabstop=4 shiftwidth=4 expandtab:
...@@ -4,10 +4,12 @@ ...@@ -4,10 +4,12 @@
<meta charset="utf-8"> <meta charset="utf-8">
<title>AES (in CBC mode) language interop tester</title> <title>AES (in CBC mode) language interop tester</title>
<!-- TODO(daniel) host locally! --!> <!-- TODO(daniel): host locally; jquery v1 for included IE support.. --!>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script> <script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script>
<script src="http://code.jquery.com/jquery-1.11.1.min.js"></script>
</head> </head>
<body> <body>
<h3>AES-128 CBC, PKCS#7, nosalt</h3> <h3>AES-128 CBC, PKCS#7, nosalt</h3>
<hr> <hr>
<div> <div>
...@@ -15,8 +17,23 @@ ...@@ -15,8 +17,23 @@
<p id="ciphertext"></p> <p id="ciphertext"></p>
<p id="key"></p> <p id="key"></p>
</div> </div>
<h3>Assertion Handling</h3>
<hr>
<div>
<button id="get-btn">Perform GET Request</button>
<p id="get-rv">..</p>
<button id="post-btn">Perform POST Request</button>
<p id="post-rv">..</p>
</div>
</body> </body>
<script> <script>
/* notes:
- this script block does not (yet?) use and therefore depend on jQuery for modularity reasons
- TODO: refactor this poc into a encrypt() function; remove console debugging
*/
"use strict"; "use strict";
var bs = 16; // aes block size is 16 bytes var bs = 16; // aes block size is 16 bytes
...@@ -24,11 +41,11 @@ ...@@ -24,11 +41,11 @@
document.getElementById('plaintext').onkeypress = function(e) { document.getElementById('plaintext').onkeypress = function(e) {
var event = e || window.event; var event = e || window.event;
var charCode = event.which || event.keyCode; var charCode = event.which || event.keyCode;
if (charCode == '13') { // enter pressed if (charCode == '13') { // enter pressed
var plaintext = document.getElementById("plaintext").value; var plaintext = document.getElementById("plaintext").value;
// note: no need for a key derivation functioni, we're _generating_ a key from scratch _every time_ // note: no need for a key derivation function, we're _generating_ a key from scratch _every time_
var key = CryptoJS.lib.WordArray.random(bs); var key = CryptoJS.lib.WordArray.random(bs);
var iv = CryptoJS.lib.WordArray.random(bs); var iv = CryptoJS.lib.WordArray.random(bs);
...@@ -51,5 +68,44 @@ ...@@ -51,5 +68,44 @@
} }
} }
</script> </script>
<script>
/* notes:
- full blown jQuery solution to keep my sanity; GET/POST assertion poc
- use local server for testing, same origin policy forbids requests otherwise
- ./runserver.py (and check source)
- TODO: chain post(encrypt(get()))
*/
"use strict";
var from = "http://127.0.0.1:8080/assertion";
var to = "http://127.0.0.1:8080/upload";
/*
var from = "https://saml-delegation.data.kit.edu/sd/ecp.py";
var to = "https://saml-delegation.data.kit.edu/sd/upload.py";
*/
$(document).ready(function() {
$("#get-btn").click(function() {
$("#get-rv").text(".."); // clear old state
$.get(from, function(data, stat){
$("#get-rv").text(stat);
});
});
$("#post-btn").click(function() {
var assertion = {role: 'dummy'}; // XXX: aes-cbc-128-pkcs#7-nosalt(get(assertion))
$("#post-rv").text(".."); // clear old state
$.post(to, assertion, function(data, stat){
$("#post-rv").text(stat);
});
});
});
</script>
</html> </html>
<!-- vim: set tabstop=4 shiftwidth=4 expandtab: --!> <!-- vim: set tabstop=4 shiftwidth=4 expandtab: --!>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment