You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by Fayland Lam <fa...@gmail.com> on 2009/08/24 05:38:50 UTC
Perl and aes128cbcEncrypt
basically our site are using Perl, so we want to write the applications
system in Perl.
then the big problem is BasicSecurityToken which leads to a problem of
Crypto.php
our BasicBlobCrypter.pm is attached.
it's not the same as the one in PHP. and it doesn't work at all.
the shindig reports error like:
[Sun Aug 23 23:25:35 2009] [error] [client 222.216.168.150] PHP Fatal
error: Uncaught exception 'GadgetException' with message
'INVALID_GADGET_TOKEN' in
/var/www/html/shindig/src/common/sample/BasicSecurityTokenDecoder.php:
so my problem is that anyone can give me any idea to write correct code in
Perl? I can't find something the same like 'mcrypt_create_iv',
'mcrypt_generic_init' in Perl.
any hint is really appreciated.
Thanks.
--
Fayland Lam // http://www.fayland.org/
Foorum based on Catalyst // http://www.foorumbbs.com/
Re: Perl and aes128cbcEncrypt
Posted by Fayland Lam <fa...@gmail.com>.
hi, the last solution is
$perl = new Perl();
$perl->eval('
we use Perl code in the shindig/src/common/sample/BasicBlobCrypter.php
unwrap
and it seems working now.
Thanks
Fayland Lam wrote:
> Thanks for your help. I got your idea. I'll update you later.
>
> Thanks.
>
> On Mon, Aug 24, 2009 at 7:39 PM, Chris Chabot <chabotc@google.com
> <ma...@google.com>> wrote:
>
> Hey Fayland,
>
> I'm affraid I'm no perl expert so can't offer a direct solution on
> how you
> would implement that logic in perl.
>
> You could however if you don't find a solution to this code up a
> different
> Security Token Decoder in PHP that implements a logic which you
> can easily
> mirror in perl, you can tell php shindig which class to use using the
> 'security_token_signer' configuration key in
> shindig/php/config/container.php, and as long as you implement the
> interface
> correctly, and the result of createToken() is a BasicSecurityToken
> object
> with the owner/viewer/etc correctly set.
>
> The main point of the security tokens is that it's an encrypted
> string that
> contains the owner/viewer/app/container/etc values that is put on the
> gadget's iframe url (?st=<foo>) which is parsed as-is to the
> social backend,
> this needs to be encrypted so that the information can't be
> altered so you
> can't spoof identities, but there's no dependencies on how you
> implement it,
> so if something else makes more sense, go for it
>
> -- Chris
>
> On Mon, Aug 24, 2009 at 5:38 AM, Fayland Lam <fayland@gmail.com
> <ma...@gmail.com>> wrote:
>
> > basically our site are using Perl, so we want to write the
> applications
> > system in Perl.
> > then the big problem is BasicSecurityToken which leads to a
> problem of
> > Crypto.php
> > our BasicBlobCrypter.pm is attached.
> >
> > it's not the same as the one in PHP. and it doesn't work at all.
> > the shindig reports error like:
> > [Sun Aug 23 23:25:35 2009] [error] [client 222.216.168.150] PHP
> Fatal
> > error: Uncaught exception 'GadgetException' with message
> > 'INVALID_GADGET_TOKEN' in
> >
> /var/www/html/shindig/src/common/sample/BasicSecurityTokenDecoder.php:
> >
> > so my problem is that anyone can give me any idea to write
> correct code in
> > Perl? I can't find something the same like 'mcrypt_create_iv',
> > 'mcrypt_generic_init' in Perl.
> >
> > any hint is really appreciated.
> >
> > Thanks.
> >
> > --
> > Fayland Lam // http://www.fayland.org/
> > Foorum based on Catalyst // http://www.foorumbbs.com/
> >
>
>
>
>
> --
> Fayland Lam // http://www.fayland.org/
> Foorum based on Catalyst // http://www.foorumbbs.com/
--
Fayland Lam // http://www.fayland.org/
Foorum based on Catalyst // http://www.foorumbbs.com/
Re: Perl and aes128cbcEncrypt
Posted by Fayland Lam <fa...@gmail.com>.
Thanks for your help. I got your idea. I'll update you later.
Thanks.
On Mon, Aug 24, 2009 at 7:39 PM, Chris Chabot <ch...@google.com> wrote:
> Hey Fayland,
>
> I'm affraid I'm no perl expert so can't offer a direct solution on how you
> would implement that logic in perl.
>
> You could however if you don't find a solution to this code up a different
> Security Token Decoder in PHP that implements a logic which you can easily
> mirror in perl, you can tell php shindig which class to use using the
> 'security_token_signer' configuration key in
> shindig/php/config/container.php, and as long as you implement the
> interface
> correctly, and the result of createToken() is a BasicSecurityToken object
> with the owner/viewer/etc correctly set.
>
> The main point of the security tokens is that it's an encrypted string that
> contains the owner/viewer/app/container/etc values that is put on the
> gadget's iframe url (?st=<foo>) which is parsed as-is to the social
> backend,
> this needs to be encrypted so that the information can't be altered so you
> can't spoof identities, but there's no dependencies on how you implement
> it,
> so if something else makes more sense, go for it
>
> -- Chris
>
> On Mon, Aug 24, 2009 at 5:38 AM, Fayland Lam <fa...@gmail.com> wrote:
>
> > basically our site are using Perl, so we want to write the applications
> > system in Perl.
> > then the big problem is BasicSecurityToken which leads to a problem of
> > Crypto.php
> > our BasicBlobCrypter.pm is attached.
> >
> > it's not the same as the one in PHP. and it doesn't work at all.
> > the shindig reports error like:
> > [Sun Aug 23 23:25:35 2009] [error] [client 222.216.168.150] PHP Fatal
> > error: Uncaught exception 'GadgetException' with message
> > 'INVALID_GADGET_TOKEN' in
> > /var/www/html/shindig/src/common/sample/BasicSecurityTokenDecoder.php:
> >
> > so my problem is that anyone can give me any idea to write correct code
> in
> > Perl? I can't find something the same like 'mcrypt_create_iv',
> > 'mcrypt_generic_init' in Perl.
> >
> > any hint is really appreciated.
> >
> > Thanks.
> >
> > --
> > Fayland Lam // http://www.fayland.org/
> > Foorum based on Catalyst // http://www.foorumbbs.com/
> >
>
--
Fayland Lam // http://www.fayland.org/
Foorum based on Catalyst // http://www.foorumbbs.com/
Re: Perl and aes128cbcEncrypt
Posted by Chris Chabot <ch...@google.com>.
Hey Fayland,
I'm affraid I'm no perl expert so can't offer a direct solution on how you
would implement that logic in perl.
You could however if you don't find a solution to this code up a different
Security Token Decoder in PHP that implements a logic which you can easily
mirror in perl, you can tell php shindig which class to use using the
'security_token_signer' configuration key in
shindig/php/config/container.php, and as long as you implement the interface
correctly, and the result of createToken() is a BasicSecurityToken object
with the owner/viewer/etc correctly set.
The main point of the security tokens is that it's an encrypted string that
contains the owner/viewer/app/container/etc values that is put on the
gadget's iframe url (?st=<foo>) which is parsed as-is to the social backend,
this needs to be encrypted so that the information can't be altered so you
can't spoof identities, but there's no dependencies on how you implement it,
so if something else makes more sense, go for it
-- Chris
On Mon, Aug 24, 2009 at 5:38 AM, Fayland Lam <fa...@gmail.com> wrote:
> basically our site are using Perl, so we want to write the applications
> system in Perl.
> then the big problem is BasicSecurityToken which leads to a problem of
> Crypto.php
> our BasicBlobCrypter.pm is attached.
>
> it's not the same as the one in PHP. and it doesn't work at all.
> the shindig reports error like:
> [Sun Aug 23 23:25:35 2009] [error] [client 222.216.168.150] PHP Fatal
> error: Uncaught exception 'GadgetException' with message
> 'INVALID_GADGET_TOKEN' in
> /var/www/html/shindig/src/common/sample/BasicSecurityTokenDecoder.php:
>
> so my problem is that anyone can give me any idea to write correct code in
> Perl? I can't find something the same like 'mcrypt_create_iv',
> 'mcrypt_generic_init' in Perl.
>
> any hint is really appreciated.
>
> Thanks.
>
> --
> Fayland Lam // http://www.fayland.org/
> Foorum based on Catalyst // http://www.foorumbbs.com/
>