added logging, and inserted sperate ifs for perl and javascript client

fe6c38b5 · marcus-tun · 70feadf7 · fe6c38b5
Commit fe6c38b5 authored Oct 14, 2014 by marcus-tun
--- a/server/sso.py
+++ b/server/sso.py
@@ -10,6 +10,15 @@ from Crypto.Cipher import Blowfish
 from Crypto import Random
 from struct import pack

+import urllib
+from string import replace
+
+def write_var (req, var, filename):
+    log_path=req.document_root() + '/assertions/' + filename
+    logfile=open(log_path, 'w')
+    logfile.write(var)
+    logfile.close
+

 def handler(req):
    assertionLocation = str(req.subprocess_env['Shib-Assertion-01'])
@@ -57,6 +66,8 @@ def handler(req):
            <html>
            <head>
            <script src="js/twofish/2-fish.js"> </script>
+            <script src="js/blowfish/blowfish.js"> </script>
+            <!--<script src="js/aamcrypt/aamcrypt.js"> </script>-->
            <script src="js/seedrandom/seedrandom.min.js"> </script>
            </head>
            <body>
@@ -78,32 +89,49 @@ def handler(req):
    ############
    #  upload  #
    ############
+    if location in ( 'test.py', 'testone.py', 'testtwo.py') :
+        req.content_type = 'text/plain'
+        form = util.FieldStorage(req)
+        b64_encrypted_assertion = form.get("encrypted_assertion", "ooops").replace(' ', '+')
+        log_path=req.document_root() + '/assertions/' + location + '.txt'
+        logfile=open(log_path, 'w')
+        logfile.write(b64_encrypted_assertion)
+        logfile.close()
+        return apache.OK
+
    if location in ( 'upload.py', 'jsupload.py'):
        req.content_type = 'text/plain'
        # we expect the data via post in encrypted assertion.
        # we will return the url of where to collect the assertion
        # request.

-        if req.method != 'POST':
-            req.write("Error, i was expecting a post request")
-            return apache.OK
-
        # This debug statement will destroy the whole processing
        #log_path=req.document_root() + '/assertions/' + 'js-log'
        #logfile=open(log_path, 'w')
        #logfile.write(req.read())
        #logfile.close()

+        if req.method != 'POST':
+            req.write("Error, i was expecting a post request")
+            return apache.OK
+
        form = util.FieldStorage(req)
+        client = form.get ("client", "oops").replace(' ', '+')
        if not form.has_key("encrypted_assertion"):
            req.write ("Error: did not obtain the encrypted_assertion")
            return apache.OK
-        buf = form.get("encrypted_assertion", "ooops")
-        client = form.get ("client", "oops")
-        client_version = form.get ("client_verions", "oops")
-
+        #if client == 'javascript':
+        buf = form.get("encrypted_assertion", "ooops").replace(' ', '+')
+        client_version = form.get ("client_verions", "oops").replace(' ', '+')
+        #else:
+            #buf = form.get("encrypted_assertion", "ooops")
+            #client_version = form.get ("client_verions", "oops")
        # decode assertion
-        encrypted_assertion = b64decode(buf)
+        if client == 'perl':
+            encrypted_assertion = b64decode(buf)
+        if client == 'javascript':
+            encrypted_assertion = b64decode(buf+'=')
+

        # create hash
        assertion_hash = str(hashlib.md5(encrypted_assertion).hexdigest())
@@ -113,16 +141,13 @@ def handler(req):
        # write to file
        try:
            file=open(assertion_path, 'w')
-            if client == "perl":
-                file.write(encrypted_assertion[16:]) # skip the 16 byte perl header
-            else:
-                file.write(encrypted_assertion)
+            file.write(encrypted_assertion) 
            file.close()
        except:
            req.write("could not save assertion")

        if location == 'jsupload.py':
-            req.write('You can use this url as a temporary password in all federation-enabled services:\n\n%s' % assertion_url);
+            req.write(assertion_url);

        else:
            req.write("url=%s" % assertion_url)
@@ -133,24 +158,44 @@ def handler(req):
        # decrypt assertion in case password is provided
        if form.has_key("key"):
            from binascii import hexlify, unhexlify
+            log_path=req.document_root() + '/assertions/' + 'log'
+            logfile=open(log_path, 'w')

-            key = unhexlify(form.get("key", "ooops"))
-            perl_iv = form.get("perl_iv",   "ooops")
-            iv =      form.get("iv",        "ooops")
+            if client == 'perl':
+                key = unhexlify(form.get("key", "ooops"))
+                #key = form.get("key", "ooops")
+                iv =  form.get("iv",  "ooops")
+            if client == 'javascript':
+                key = form.get("key", "ooops")
+                iv =  form.get("iv",  "ooops")
            encryption_algorithm = form.get("encryption_algorithm", "ooops")

-            log_path=req.document_root() + '/assertions/' + 'log'
-            logfile=open(log_path, 'w')
+            logfile.write('iv: ' + iv + '\n')
+            logfile.write('key: ' + key + '\n')

-            cipher = Blowfish.new(key, Blowfish.MODE_CBC, perl_iv)
-            num_padding = ord(cipher.decrypt(encrypted_assertion[16:])[-1])
+            write_var(req, encrypted_assertion, 'encrypted_assertion')

-            cipher = Blowfish.new(key, Blowfish.MODE_CBC, perl_iv)
-            plaintext = cipher.decrypt(encrypted_assertion[16:])[:(-1*num_padding)]
+            if client == 'perl':
+                cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv)
+                num_padding = ord(cipher.decrypt(encrypted_assertion)[-1])
+                header_length = 0
+                cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv)
+                plaintext = cipher.decrypt(encrypted_assertion)[:(-1*num_padding)]
+            if client == 'javascript':
+                iv='asdasdff'
+                num_padding = 8
+                header_length = 0
+                #key = 'this';
+                key = base64.decode
+                cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv)
+                plaintext = cipher.decrypt(encrypted_assertion[0:5680])[:(-1*num_padding)]

-            logfile.write(plaintext)
-            logfile.close()
+            logfile.write("length: %d\n" % len(encrypted_assertion))

+
+            write_var(req, plaintext, 'plaintext')
+
+            logfile.close()
        return apache.OK

    req.content_type = 'text/plain'