Created
May 11, 2011 19:35
-
-
Save BinaryMuse/967149 to your computer and use it in GitHub Desktop.
Verifying CampusCruiser SSO Signature
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'sinatra' | |
| require 'base64' | |
| require 'cgi' | |
| require 'erb' | |
| require 'openssl' | |
| require 'nokogiri' | |
| def get_sso_data(env) | |
| CGI.unescape env["rack.request.form_hash"]["imsEnterprise"] | |
| end | |
| def public_key | |
| Base64.decode64 File.read('ccsso-pubkey.b64').strip | |
| end | |
| def shared_secret | |
| File.read('shared-secret') | |
| end | |
| post '/sso' do | |
| rsa = OpenSSL::PKey::RSA.new public_key | |
| xml = get_sso_data env | |
| doc = Nokogiri::XML xml | |
| id = doc.xpath('//PERSON/SOURCEID/ID').text | |
| sig = Base64.decode64 doc.xpath('//CC-INFO/SIGNATURE').text | |
| data = shared_secret + id | |
| if rsa.verify(OpenSSL::Digest::SHA1.new, sig, data) | |
| @user = doc.xpath('//PERSON/USERID').text | |
| @first = doc.xpath('//PERSON/NAME/N/GIVEN').text | |
| @last = doc.xpath('//PERSON/NAME/N/FAMILY').text | |
| @uid = doc.xpath('//PERSON/EXTENSION/INSTITUTION_UID').text | |
| erb :success | |
| else | |
| erb :failure | |
| end | |
| end | |
| __END__ | |
| @@ layout | |
| <html> | |
| <head> | |
| <title>Cruiser SSO Test</title> | |
| </head> | |
| <body> | |
| <%= yield %> | |
| </body> | |
| </html> | |
| @@ success | |
| Signature verified. | |
| Hello, <b><%= "#{@first} #{@last}" %></b> (<b><%= @user %></b>). | |
| You are user <b><%= @uid %></b>. | |
| @@ failure | |
| Signature verification failed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| require 'base64' | |
| require 'openssl' | |
| require 'nokogiri' | |
| # Read the public key from the file and decode it from Base64 | |
| pub = Base64.decode64 File.read('ccsso-pubkey.b64') | |
| # Read the shared secret from the file | |
| secret = File.read('shared-secret') | |
| # Create a new RSA key | |
| rsa = OpenSSL::PKey::RSA.new pub | |
| # Read the XML from the file and create a Nokogiri document | |
| doc = Nokogiri::XML File.read('example.xml') | |
| # Find the CC UID | |
| id = doc.xpath('//PERSON/SOURCEID/ID').text | |
| # Find the CC signature | |
| sig = Base64.decode64 doc.xpath('//CC-INFO/SIGNATURE').text | |
| # Verify the signature against the concatenation of the shared secret and UID | |
| data = secret + id | |
| if rsa.verify(OpenSSL::Digest::SHA1.new, sig, data) | |
| puts "Signature verified!" | |
| else | |
| puts "Signature not verified." | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment