Commit fe6c38b5 authored by marcus-tun's avatar marcus-tun
Browse files

added logging, and inserted sperate ifs for perl and javascript client

parent 70feadf7
......@@ -10,6 +10,15 @@ from Crypto.Cipher import Blowfish
from Crypto import Random
from struct import pack
import urllib
from string import replace
def write_var (req, var, filename):
log_path=req.document_root() + '/assertions/' + filename
logfile=open(log_path, 'w')
logfile.write(var)
logfile.close
def handler(req):
assertionLocation = str(req.subprocess_env['Shib-Assertion-01'])
......@@ -57,6 +66,8 @@ def handler(req):
<html>
<head>
<script src="js/twofish/2-fish.js"> </script>
<script src="js/blowfish/blowfish.js"> </script>
<!--<script src="js/aamcrypt/aamcrypt.js"> </script>-->
<script src="js/seedrandom/seedrandom.min.js"> </script>
</head>
<body>
......@@ -78,32 +89,49 @@ def handler(req):
############
# upload #
############
if location in ( 'test.py', 'testone.py', 'testtwo.py') :
req.content_type = 'text/plain'
form = util.FieldStorage(req)
b64_encrypted_assertion = form.get("encrypted_assertion", "ooops").replace(' ', '+')
log_path=req.document_root() + '/assertions/' + location + '.txt'
logfile=open(log_path, 'w')
logfile.write(b64_encrypted_assertion)
logfile.close()
return apache.OK
if location in ( 'upload.py', 'jsupload.py'):
req.content_type = 'text/plain'
# we expect the data via post in encrypted assertion.
# we will return the url of where to collect the assertion
# request.
if req.method != 'POST':
req.write("Error, i was expecting a post request")
return apache.OK
# This debug statement will destroy the whole processing
#log_path=req.document_root() + '/assertions/' + 'js-log'
#logfile=open(log_path, 'w')
#logfile.write(req.read())
#logfile.close()
if req.method != 'POST':
req.write("Error, i was expecting a post request")
return apache.OK
form = util.FieldStorage(req)
client = form.get ("client", "oops").replace(' ', '+')
if not form.has_key("encrypted_assertion"):
req.write ("Error: did not obtain the encrypted_assertion")
return apache.OK
buf = form.get("encrypted_assertion", "ooops")
client = form.get ("client", "oops")
client_version = form.get ("client_verions", "oops")
#if client == 'javascript':
buf = form.get("encrypted_assertion", "ooops").replace(' ', '+')
client_version = form.get ("client_verions", "oops").replace(' ', '+')
#else:
#buf = form.get("encrypted_assertion", "ooops")
#client_version = form.get ("client_verions", "oops")
# decode assertion
encrypted_assertion = b64decode(buf)
if client == 'perl':
encrypted_assertion = b64decode(buf)
if client == 'javascript':
encrypted_assertion = b64decode(buf+'=')
# create hash
assertion_hash = str(hashlib.md5(encrypted_assertion).hexdigest())
......@@ -113,16 +141,13 @@ def handler(req):
# write to file
try:
file=open(assertion_path, 'w')
if client == "perl":
file.write(encrypted_assertion[16:]) # skip the 16 byte perl header
else:
file.write(encrypted_assertion)
file.write(encrypted_assertion)
file.close()
except:
req.write("could not save assertion")
if location == 'jsupload.py':
req.write('You can use this url as a temporary password in all federation-enabled services:\n\n%s' % assertion_url);
req.write(assertion_url);
else:
req.write("url=%s" % assertion_url)
......@@ -133,24 +158,44 @@ def handler(req):
# decrypt assertion in case password is provided
if form.has_key("key"):
from binascii import hexlify, unhexlify
log_path=req.document_root() + '/assertions/' + 'log'
logfile=open(log_path, 'w')
key = unhexlify(form.get("key", "ooops"))
perl_iv = form.get("perl_iv", "ooops")
iv = form.get("iv", "ooops")
if client == 'perl':
key = unhexlify(form.get("key", "ooops"))
#key = form.get("key", "ooops")
iv = form.get("iv", "ooops")
if client == 'javascript':
key = form.get("key", "ooops")
iv = form.get("iv", "ooops")
encryption_algorithm = form.get("encryption_algorithm", "ooops")
log_path=req.document_root() + '/assertions/' + 'log'
logfile=open(log_path, 'w')
logfile.write('iv: ' + iv + '\n')
logfile.write('key: ' + key + '\n')
cipher = Blowfish.new(key, Blowfish.MODE_CBC, perl_iv)
num_padding = ord(cipher.decrypt(encrypted_assertion[16:])[-1])
write_var(req, encrypted_assertion, 'encrypted_assertion')
cipher = Blowfish.new(key, Blowfish.MODE_CBC, perl_iv)
plaintext = cipher.decrypt(encrypted_assertion[16:])[:(-1*num_padding)]
if client == 'perl':
cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv)
num_padding = ord(cipher.decrypt(encrypted_assertion)[-1])
header_length = 0
cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv)
plaintext = cipher.decrypt(encrypted_assertion)[:(-1*num_padding)]
if client == 'javascript':
iv='asdasdff'
num_padding = 8
header_length = 0
#key = 'this';
key = base64.decode
cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv)
plaintext = cipher.decrypt(encrypted_assertion[0:5680])[:(-1*num_padding)]
logfile.write(plaintext)
logfile.close()
logfile.write("length: %d\n" % len(encrypted_assertion))
write_var(req, plaintext, 'plaintext')
logfile.close()
return apache.OK
req.content_type = 'text/plain'
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment