Create a gist now

Instantly share code, notes, and snippets.

@tstachl /multipass.pl
Created Nov 18, 2014

Embed
Download ZIP
A desk.com multipass example written in perl.
Raw
multipass.pl
#!/usr/bin/perl -w
use Digest::SHA qw( sha1 hmac_sha1 );
use Crypt::Random qw( makerandom_octet );
use DateTime;
use JSON;
use Crypt::CBC;
use Digest::HMAC;
use URL::Encode qw( url_encode_utf8 );
use MIME::Base64::Perl;
my $site_key = 'mysite';
my $api_key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
print "== Generating ==\n";
print " Create the encryption key using a 16 byte SHA1 digest of your api key and subdomain\n";
my $salted = $api_key . $site_key;
my $key = substr( sha1( $salted ), 0, 16 );
print " Generate a random 16 byte IV\n";
my $iv = substr( sha1( makerandom_octet( Length => 16, Strength => 1 ) ), 0, 16 );
print " Build json data\n";
my $expires = DateTime->now()->add( minutes => 5 );
my %user_data = (
'uid' => '19238333',
'expires' => "$expires",
'customer_email' => 'john@example.com',
'customer_name' => 'John'
);
my $data = encode_json( \%user_data );
print " Data: $data\n";
print " Encrypt data using AES128-cbc\n";
my $cipher = Crypt::CBC->new(
-key => $key,
-iv => $iv,
-cipher => 'Crypt::Rijndael',
-header => 'none',
-literal_key => 1,
-keysize => 16
);
my $encrypted = $cipher->encrypt( $data );
print " Prepend the IV to the encrypted data\n";
$encrypted = $iv . $encrypted;
print " Base64 encode the encrypted data\n";
my $multipass = encode_base64( $encrypted );
print " Build an HMAC-SHA1 signature using the encoded string and your api key\n";
my $digest = hmac_sha1( $multipass, $api_key );
my $signature = encode_base64( $digest );
print " Finally, URL encode the multipass and signature\n";
my $multipass_string = url_encode_utf8( $multipass );
my $signature_string = url_encode_utf8( $signature );
print "== Finished ==\n";
print "URL: https://$site_key.desk.com/customer/authentication/multipass/callback?multipass=$multipass_string&signature=$signature_string\n"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment