Commit ded377d3 authored by marcus-tun's avatar marcus-tun
Browse files

played with post-methods and encryption

parent 8b710918
......@@ -10,6 +10,41 @@ function httpPost(theUrl, content) { var xmlHttp = null;
xmlHttp.send( content );
return xmlHttp.responseText;
}
////////////////////////////////////////////////////////////////////////////////
function httpPost2(theUrl, content, key) { var xmlHttp = null;
var http = new XMLHttpRequest();
http.open("POST", theUrl, true);
//Send the proper header information along with the request
//http.setRequestHeader("Content-Type", "text/plain;charset=UTF-8");
http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http.setRequestHeader("Content-length", content.length);
http.setRequestHeader("Connection", "close");
http.onreadystatechange = function() {//Call a function when the state changes.
if(http.readyState == 4 && http.status == 200) {
//document.write(http.responseText);
document.getElementById('url').innerHTML=http.responseText+'&k='+key;
//document.write(http.responseText);
//return http.responseText;
} else {
document.getElementById('url').innerHTML=http.responseText+'&k='+key;
}
}
http.send(content);
}
////////////////////////////////////////////////////////////////////////////////
function post_new(path, params, method) {
method = method || "post"; // Set method to post by default if not specified.
// The rest of this code assumes you are not using a library.
// It can be made less wordy if you use one.
var form = document.createElement("form");
form.setAttribute("method", method);
form.setAttribute("action", path);
document.body.appendChild(form);
form.submit();
}
function post(path, params, method) {
method = method || "post"; // Set method to post by default if not specified.
......@@ -48,7 +83,8 @@ function base64_encode(data) {
// example 2: base64_encode('a');
// returns 2: 'YQ=='
var b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
//var b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
var b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
var o1, o2, o3, h1, h2, h3, h4, bits, i = 0,
ac = 0,
enc = '',
......@@ -81,9 +117,92 @@ function base64_encode(data) {
return (r ? enc.slice(0, r - 3) : enc) + '==='.slice(r || 3);
}
//////////////////////////////////////////////////////////////////
var keyStr = "ABCDEFGHIJKLMNOP" +
"QRSTUVWXYZabcdef" +
"ghijklmnopqrstuv" +
"wxyz0123456789+/" +
"=";
function encode64(input) {
input = escape(input);
var output = "";
var chr1, chr2, chr3 = "";
var enc1, enc2, enc3, enc4 = "";
var i = 0;
do {
chr1 = input.charCodeAt(i++);
chr2 = input.charCodeAt(i++);
chr3 = input.charCodeAt(i++);
enc1 = chr1 >> 2;
enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
enc4 = chr3 & 63;
if (isNaN(chr2)) {
enc3 = enc4 = 64;
} else if (isNaN(chr3)) {
enc4 = 64;
}
output = output +
keyStr.charAt(enc1) +
keyStr.charAt(enc2) +
keyStr.charAt(enc3) +
keyStr.charAt(enc4);
chr1 = chr2 = chr3 = "";
enc1 = enc2 = enc3 = enc4 = "";
} while (i < input.length);
return output;
}
function decode64(input) {
var output = "";
var chr1, chr2, chr3 = "";
var enc1, enc2, enc3, enc4 = "";
var i = 0;
// remove all characters that are not A-Z, a-z, 0-9, +, /, or =
var base64test = /[^A-Za-z0-9\+\/\=]/g;
if (base64test.exec(input)) {
alert("There were invalid base64 characters in the input text.\n" +
"Valid base64 characters are A-Z, a-z, 0-9, '+', '/',and '='\n" +
"Expect errors in decoding.");
}
input = input.replace(/[^A-Za-z0-9\+\/\=]/g, "");
do {
enc1 = keyStr.indexOf(input.charAt(i++));
enc2 = keyStr.indexOf(input.charAt(i++));
enc3 = keyStr.indexOf(input.charAt(i++));
enc4 = keyStr.indexOf(input.charAt(i++));
chr1 = (enc1 << 2) | (enc2 >> 4);
chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
chr3 = ((enc3 & 3) << 6) | enc4;
output = output + String.fromCharCode(chr1);
if (enc3 != 64) {
output = output + String.fromCharCode(chr2);
}
if (enc4 != 64) {
output = output + String.fromCharCode(chr3);
}
chr1 = chr2 = chr3 = "";
enc1 = enc2 = enc3 = enc4 = "";
} while (i < input.length);
return unescape(output);
}
//////////////////////////////////////////////////////////////////
assertion = httpGet("https://saml-delegation.data.kit.edu/sd/ecp.py")
// Create a key for encryption
var tf = new twoFish;
random_a = Math.random();
Math.seedrandom('xsdf'+random_a);
random_a = Math.random();
......@@ -95,32 +214,73 @@ for (var i = Math.round(10000000*random_a); i > 0; i--) {
}
key_b = Math.random();
key = 1e17*key_a+"-"+1e17*key_b;
document.write("<br/>"+key+"<br/>");
document.write('<br/>\n5');
key = 'this';
//key = 'xxxxxxxxxxx';
//document.write("<br/>"+key+"<br/>");
// encrypt assertion
var tf = new twoFish;
// encode assertion
b64assertion = btoa(assertion); // works
//document.write(b64assertion);
encrypted_assertion = tf.encrypt(key, assertion);
//document.write(encrypted_assertion);
/**************************************/
/* // encrypt assertion using twofish */
/**************************************/
//var my_two_fish = new twoFish;
//var iv = 'nix';
//encrypted_assertion = my_two_fish.encrypt(key, assertion);
//b64encrypted_assertion = btoa(encrypted_assertion);
////document.write(encrypted_assertion);
/***************************************/
/* // encrypt assertion using blowfish */
/***************************************/
document.write('0');
iv = blowfish.setIV('asdfasdf', 0);
//iv = blowfish.setIV('asdfasdf');
document.write('1');
// cipherModes: ECB:0, CBC:1, PCBC:2, CFB:3, OFB:4, CTR:5
b64encrypted_assertion = blowfish.encrypt(assertion, key, {outputType:0, cipherMode: 1});
document.write('2');
iv = blowfish.getIV(3); // 1: Hex 2: String 3: Raw 4: base64
var iv_js= JSON.stringify(iv);
var my_iv = (iv.left, iv.right);
document.write('3');
document.write('<br/>\niv: "' + iv + '"<br/>\n');
document.write('<br/>\niv_js: "' + iv_js + '"<br/>\n');
document.write('<br/>\nmy_iv: "' + my_iv + '"<br/>\n');
key = blowfish.getKey(key, 3); // 1: Hex; 2: String; 3: Raw; 4: base64
document.write('4');
document.write('<br/>\nkey: "' + key + '"<br/>\n');
var key_js= JSON.stringify(key);
document.write('<br/>\nkey_js: "' + key_js + '"<br/>\n');
document.write('<br/>\nkey_p: "' + key.p + '"<br/>\n');
key = blowfish.getKey(key, 4); // 1: Hex; 2: String; 3: Raw; 4: base64
document.write('<br/>\nkey: "' + key + '"<br/>\n');
/**********************************************/
/* // Encrypt using blowfish from aamcrypt.js */
/**********************************************/
// encode assertion
b64assertion = base64_encode(assertion);
//encrypted_assertion = "this is a test";
//b64assertion = base64_encode(btoa(encrypted_assertion));
//document.write("<br/>\n"+b64assertion+"<br/>\n");
b64assertion = btoa(encrypted_assertion);
document.write("<br/>\n"+b64assertion);
url = post("https://saml-delegation.data.kit.edu/sd/jsupload.py",
{encrypted_assertion: b64assertion});
//document.write("<br/>\n"+b64encrypted_assertion);
//response = post("https://saml-delegation.data.kit.edu/sd/jsupload.py",
//{encrypted_assertion: assertion});
document.write('<br/>\n8');
/***********************************************************************/
/* // Post the encrypted assertion */
/* // the key is not sent over the wire. It's just passed, so that the */
/* // httpPost2 function can display the final URL for the user */
/***********************************************************************/
httpPost2 ("https://saml-delegation.data.kit.edu/sd/upload.py",
"encrypted_assertion="+ b64encrypted_assertion + '=' +
"&encryption_algorithm=blowfish" +
"&client=javascript" +
"&version=0.1" +
"&key=" + key +
"&iv=" + iv,
key);
document.write('You can use this url as a temporary password in all federation-enabled services:<br/>');
document.write(url+"--"+key)
document.write('You can use this URL as a password now: \
<b><div id="url">... loading ...</div></b>\
Once it expires come back to this site to obtain a new one.');
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment