def __init__(self,pwd):
self.iv = [205,87,67,187,30,243,198,109,254,157,203,98,125,100,34,222]
self.moo = AESModeOfOperation()
m = md5.new()
m.update(pwd)
s = m.hexdigest()
self.key = []
for i in [0,2,4,6,8,10,12,14,16,18,20,22,24,26,28,30]:
self.key.append(int(s[i:i+2],16))
def process_response(self, request, response):
if not self._is_enabled(request):
return response
if UserAuthAttempt.is_banned(request):
return HttpResponseBadRequest()
if not request.COOKIES.get('satctoken'):
iv = TEST_COOKIE_REFRESH_ENCRYPT_COOKIE_IV
key = TEST_COOKIE_REFRESH_ENCRYPT_COOKIE_KEY
moo = AESModeOfOperation()
encrypted = moo.encrypt(
request.session['test_cookie_secret'], 2,
map(ord, key), moo.aes.keySize["SIZE_128"], map(ord, iv)
)
sec_uni = u''.join(map(unichr, encrypted[2]))
return render(
request, 'secureauth/test_cookie.html', {
'test_cookie_enc_key': key,
'test_cookie_enc_iv': iv,
'test_cookie_enc_set': quote(sec_uni.encode("utf-8")),
'test_cookie_next_url': request.get_full_path(),
})
elif response.status_code == 200:
from_cookie = request.COOKIES.get('satctoken').decode('hex')
from_session = request.session.get('test_cookie_secret')
if from_session is None:
self._clean(request, response)
elif from_cookie != from_session:
response.content = render_template(
'secureauth/session_expired.html')
self._clean(request, response)
logout(request)
return response
return response
def process_response(self, request, response):
if not self._is_enabled(request):
return response
if UserAuthAttempt.is_banned(request):
return HttpResponseBadRequest()
if not request.COOKIES.get('satctoken'):
iv = TEST_COOKIE_REFRESH_ENCRYPT_COOKIE_IV
key = TEST_COOKIE_REFRESH_ENCRYPT_COOKIE_KEY
moo = AESModeOfOperation()
encrypted = moo.encrypt(request.session['test_cookie_secret'], 2,
map(ord, key), moo.aes.keySize["SIZE_128"],
map(ord, iv))
sec_uni = u''.join(map(unichr, encrypted[2]))
return render(
request, 'secureauth/test_cookie.html', {
'test_cookie_enc_key': key,
'test_cookie_enc_iv': iv,
'test_cookie_enc_set': quote(sec_uni.encode("utf-8")),
'test_cookie_next_url': request.get_full_path(),
})
elif response.status_code == 200:
from_cookie = request.COOKIES.get('satctoken').decode('hex')
from_session = request.session.get('test_cookie_secret')
if from_session is None:
self._clean(request, response)
elif from_cookie != from_session:
response.content = render_template(
'secureauth/session_expired.html')
self._clean(request, response)
logout(request)
return response
return response
class Cipher:
def __init__(self,pwd):
self.iv = [205,87,67,187,30,243,198,109,254,157,203,98,125,100,34,222]
self.moo = AESModeOfOperation()
m = md5.new()
m.update(pwd)
s = m.hexdigest()
self.key = []
for i in [0,2,4,6,8,10,12,14,16,18,20,22,24,26,28,30]:
self.key.append(int(s[i:i+2],16))
def encrypt(self,input):
mode,orig_len,outList=self.moo.encrypt(input,self.moo.modeOfOperation["OFB"],self.key,self.moo.aes.keySize["SIZE_128"],self.iv)
ciph = u""
for i in range(orig_len):
ciph += unichr(outList[i])
return ciph
def decrypt(self, ciph):
inList=[]
for c in ciph:
inList.append(ord(c))
output = self.moo.decrypt(inList,None,self.moo.modeOfOperation["OFB"],self.key,self.moo.aes.keySize["SIZE_128"],self.iv)
return unicode(output, "utf-8", 'ignore')
