tstachl · November 18, 2014 19:43
diff --git a/multipass.pl b/multipass.pl
 #!/usr/bin/perl -w

 use Digest::SHA qw( sha1 hmac_sha1 );
 use Crypt::Random qw( makerandom_octet );
 use DateTime;
 use JSON;
 use Crypt::CBC;
 use Digest::HMAC;
 use URL::Encode qw( url_encode_utf8 );
 use MIME::Base64::Perl;

 my $site_key  = 'mysite';
 my $api_key   = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

 print "== Generating ==\n";
 print "    Create the encryption key using a 16 byte SHA1 digest of your api key and subdomain\n";

 my $salted = $api_key . $site_key;
 my $key    = substr( sha1( $salted ), 0, 16 );

 print "    Generate a random 16 byte IV\n";

 my $iv = substr( sha1( makerandom_octet( Length => 16, Strength => 1 ) ), 0, 16 );

 print "    Build json data\n";

 my $expires   = DateTime->now()->add( minutes => 5 );

 my %user_data = (
  'uid' => '19238333',
  'expires' => "$expires",
  'customer_email' => '[email protected]',
  'customer_name' => 'John'
 );

 my $data = encode_json( \%user_data );

 print "    Data: $data\n";
 print "    Encrypt data using AES128-cbc\n";

 my $cipher = Crypt::CBC->new(
  -key         => $key,
  -iv          => $iv,
  -cipher      => 'Crypt::Rijndael',
  -header      => 'none',
  -literal_key => 1,
  -keysize     => 16
 );

 my $encrypted = $cipher->encrypt( $data );

 print "    Prepend the IV to the encrypted data\n";

 $encrypted = $iv . $encrypted;

 print "    Base64 encode the encrypted data\n";

 my $multipass = encode_base64( $encrypted );

 print "    Build an HMAC-SHA1 signature using the encoded string and your api key\n";

 my $digest    = hmac_sha1( $multipass, $api_key );
 my $signature = encode_base64( $digest );

 print "    Finally, URL encode the multipass and signature\n";

 my $multipass_string = url_encode_utf8( $multipass );
 my $signature_string = url_encode_utf8( $signature );

 print "== Finished ==\n";
 print "URL: https://$site_key.desk.com/customer/authentication/multipass/callback?multipass=$multipass_string&signature=$signature_string\n"
	#!/usr/bin/perl -w

	use Digest::SHA qw( sha1 hmac_sha1 );
	use Crypt::Random qw( makerandom_octet );
	use DateTime;
	use JSON;
	use Crypt::CBC;
	use Digest::HMAC;
	use URL::Encode qw( url_encode_utf8 );
	use MIME::Base64::Perl;

	my $site_key = 'mysite';
	my $api_key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

	print "== Generating ==\n";
	print " Create the encryption key using a 16 byte SHA1 digest of your api key and subdomain\n";

	my $salted = $api_key . $site_key;
	my $key = substr( sha1( $salted ), 0, 16 );

	print " Generate a random 16 byte IV\n";

	my $iv = substr( sha1( makerandom_octet( Length => 16, Strength => 1 ) ), 0, 16 );

	print " Build json data\n";

	my $expires = DateTime->now()->add( minutes => 5 );

	my %user_data = (
	'uid' => '19238333',
	'expires' => "$expires",
	'customer_email' => '[email protected]',
	'customer_name' => 'John'
	);

	my $data = encode_json( \%user_data );

	print " Data: $data\n";
	print " Encrypt data using AES128-cbc\n";

	my $cipher = Crypt::CBC->new(
	-key => $key,
	-iv => $iv,
	-cipher => 'Crypt::Rijndael',
	-header => 'none',
	-literal_key => 1,
	-keysize => 16
	);

	my $encrypted = $cipher->encrypt( $data );

	print " Prepend the IV to the encrypted data\n";

	$encrypted = $iv . $encrypted;

	print " Base64 encode the encrypted data\n";

	my $multipass = encode_base64( $encrypted );

	print " Build an HMAC-SHA1 signature using the encoded string and your api key\n";

	my $digest = hmac_sha1( $multipass, $api_key );
	my $signature = encode_base64( $digest );

	print " Finally, URL encode the multipass and signature\n";

	my $multipass_string = url_encode_utf8( $multipass );
	my $signature_string = url_encode_utf8( $signature );

	print "== Finished ==\n";
	print "URL: https://$site_key.desk.com/customer/authentication/multipass/callback?multipass=$multipass_string&signature=$signature_string\n"