Changeset 49
- Timestamp:
- 07/27/06 02:35:10 (2 years ago)
- Files:
-
- 10kz/scripts/crypto-ui-injector.user.js (modified) (7 diffs)
- 10kz/shell/perl.jm3 (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
10kz/scripts/crypto-ui-injector.user.js
r48 r49 17 17 function get_error_bad_pass_for_signing() { return "clearsign failed: bad passphrase"; /* FIXME: localize-ready this */ } 18 18 function get_encrypted_message_note() { return "This is an encrypted message (wooo, scary!). To read it, enter your passphrase: "; } 19 function get_signed_message_note() { return "This is a signed message (whoa, cool!). The signature was/was not valid FIXME:"; }19 function get_signed_message_note() { return "This is a signed message (whoa, cool!)."; } 20 20 function get_adverlink() { return "\n\nWondering what this mysterious gibberish is? Learn more here: \nhttp://codeswami.com/secure-mail-that-doesnt-suck/\n\n"; } 21 21 … … 43 43 } 44 44 45 46 /* called when signing or encrypting -- anything that needs your pgp creds */ 45 47 function build_gpg_qs( arg_mode ) { 48 if( arg_mode == "verify" ) 49 return ""; 46 50 var strSubmit = ""; 47 51 var k = document.getElementById( "gpg_key_id" ); … … 197 201 function encrypt_message() { 198 202 return process_message( "encrypt", "" ); 203 } 204 205 function decrypt_or_verify( arg_mode, content ) { 206 var myfield = document.createElement( "div" ); 207 myfield.setAttribute( "mode", "verify" ); 208 209 rename_this_shit( myfield, content ); 199 210 } 200 211 … … 333 344 } 334 345 335 function handle_passphase_entry( myfield, e, content ) {346 function rename_this_shit( myfield, content ) { 336 347 var mode = myfield.getAttribute( "mode" ) ? myfield.getAttribute( "mode" ) : "decrypt"; 337 348 338 /* FIXME: const these: */349 /* FIXME: let const these: */ 339 350 var mode_verb = (mode == "sign") ? "signing" : "decryption"; 340 351 var mode_pasttense_verb = (mode == "sign") ? "signed" : "decrypted"; 341 352 353 /* FIXME: refactor the AJAX call out of this func: */ 354 var post_data = "mode=" + mode + "&passphrase=" + escape( myfield.value); 355 356 // HACK: FF javascript not correctly url-encoding pluses in textareas, so we do it ourselves... 357 var ct = myfield.getAttribute('ct'); 358 ct = (ct && ct != "undefined") ? ct : content; /* HACK: this can come in two different ways */ 359 ct = ct.replace(/\+/g, "__PLUS__"); 360 361 // make sure to strip anything preceding the --- HEADER stuff or GPG gets confused 362 if( ct.indexOf( '</script>' ) != -1 ) { 363 var regex=/^.*<div style="direction: ltr;">/m; 364 ct = ct.replace(regex,""); 365 } 366 post_data += "&plaintext=" + escape( ct ); 367 368 // close the GM_xhr over this for later 369 var mb = myfield.getAttribute('mb'); 370 371 // CONFUSING: wonky breakout to avoid duplicating above handle-enter code 372 if( mode == "sign" ) { 373 process_message( mode, myfield.value ); 374 return; 375 } // implied else 376 377 GM_xmlhttpRequest({ 378 method: 'POST', 379 url: get_crypto_url() + "/perl.jm3", 380 headers: { 381 'User-agent': 'Mozilla/4.0 (compatible) Greasemonkey', 382 'Accept': 'application/atom+xml,application/xml,text/xml', 383 'Content-Type': 'application/x-www-form-urlencoded', 384 }, 385 onload: function(responseDetails) { 386 log( responseDetails.responseText ); 387 /* FIXME: parse the response back for obvious errors like bad passphrase and signal them to user */ 388 /* FIXME: const this: */ 389 var bad_passphrase = "failed: bad passphrase"; 390 if( responseDetails.responseText.indexOf( bad_passphrase ) != -1) 391 return bail( "The passphrase you typed didn't work.\nPlease make sure it's correct."); 392 393 // reformat the mesg: 394 var regex=/\n/g; 395 var t = responseDetails.responseText.replace(regex,"<br>"); 396 397 var injection_point = document.getElementById( "mb" ); 398 if( !injection_point ) 399 injection_point = document.getElementById( "mb_0" ); 400 if( !injection_point ) { 401 var body = document.getElementById('ta_compose'); 402 body = !body ? document.getElementById('ta_0') : body; /* for drafts... */ 403 if( ! body ) { 404 bail( "can't find suitable injection point for " + mode_pasttense_verb + " message: " + responseDetails.responseText); 405 return; 406 } 407 body.value = responseDetails.responseText; 408 } 409 410 if( injection_point ) 411 injection_point.innerHTML = "<div style='direction:ltr;'>" + t + "</div>"; 412 else 413 return log( "can't find injection point: 'id: mb'" ); 414 415 }, 416 data: post_data 417 }); 418 } 419 420 function handle_passphase_entry( myfield, e, content ) { 342 421 var keycode; 343 422 if (window.event) … … 352 431 if (keycode == 13) { 353 432 if( myfield.value.length > 0 ) { 354 // refactor the AJAX call out of this func: 355 var post_data = "mode=" + mode + "&passphrase=" + escape( myfield.value); 356 357 // HACK: FF javascript not correctly url-encoding pluses in textareas, so we do it ourselves... 358 var ct = myfield.getAttribute('ct'); 359 ct = (ct && ct != "undefined") ? ct : content; /* HACK: this can come in two different ways */ 360 361 ct = ct.replace(/\+/g, "__PLUS__"); 362 363 // make sure to strip anything preceding the --- HEADER stuff or GPG gets confused 364 if( ct.indexOf( '</script>' ) != -1 ) { 365 var regex=/^.*<div style="direction: ltr;">/m; 366 ct = ct.replace(regex,""); 367 } 368 post_data += "&plaintext=" + escape( ct ); 369 370 // close the GM_xhr over this for later 371 var mb = myfield.getAttribute('mb'); 372 373 // CONFUSING: wonky breakout to avoid duplicating above handle-enter code 374 if( mode == "sign" ) { 375 process_message( mode, myfield.value ); 376 return; 377 } // implied else 378 379 GM_xmlhttpRequest({ 380 method: 'POST', 381 url: get_crypto_url() + "/perl.jm3", 382 headers: { 383 'User-agent': 'Mozilla/4.0 (compatible) Greasemonkey', 384 'Accept': 'application/atom+xml,application/xml,text/xml', 385 'Content-Type': 'application/x-www-form-urlencoded', 386 }, 387 onload: function(responseDetails) { 388 log( responseDetails.responseText ); 389 /* FIXME: parse the response back for obvious errors like bad passphrase and signal them to user */ 390 /* FIXME: const this: */ 391 var bad_passphrase = "failed: bad passphrase"; 392 if( responseDetails.responseText.indexOf( bad_passphrase ) != -1) 393 return bail( "The passphrase you typed didn't work.\nPlease make sure it's correct."); 394 395 // reformat the mesg: 396 var regex=/\n/g; 397 var t = responseDetails.responseText.replace(regex,"<br>"); 398 399 var injection_point = document.getElementById( "mb" ); 400 if( !injection_point ) 401 injection_point = document.getElementById( "mb_0" ); 402 if( !injection_point ) { 403 var body = document.getElementById('ta_compose'); 404 body = !body ? document.getElementById('ta_0') : body; /* for drafts... */ 405 if( ! body ) { 406 bail( "can't find suitable injection point for " + mode_pasttense_verb + " message: " + responseDetails.responseText); 407 return; 408 } 409 body.value = responseDetails.responseText; 410 } 411 412 if( injection_point ) 413 injection_point.innerHTML = "<div style='direction:ltr;'>" + t + "</div>"; 414 else 415 return log( "can't find injection point: 'id: mb'" ); 416 417 }, 418 data: post_data 419 }); 420 433 434 rename_this_shit( myfield, content ); 421 435 e.preventDefault(); 422 436 return false; … … 521 535 } else if( ct.indexOf( "-----BEGIN PGP SIGNED MESSAGE-----") != -1) { 522 536 523 /* inject verify UI*/537 /* unlike decryption which is user-initiated for security (to protect against shoulder-surfing), verification happens ASAP */ 524 538 525 539 mb.parentNode.insertBefore(f, mb); … … 527 541 528 542 log( "message body " + i + " contains signed PGP content"); 529 ct = html_to_text( ct ); 530 log( "clean message body: " + i + " contains " + ct); 543 decrypt_or_verify( "verify", html_to_text( ct )); 531 544 } 532 545 i++; 10kz/shell/perl.jm3
r47 r49 8 8 use IO::File; 9 9 10 $debug = 0;10 $debug = 1; 11 11 if( $debug ) { 12 12 open LOG, ">/tmp/10kz.log" or print "\n\nCouldn't open logfile for writing: $!\n"; … … 20 20 my $KEY_HOME = "/Users/jmanoogi/.gnupg"; 21 21 22 #print header;23 #if( $debug == 1 ) { print header('text/XMl'); } else {24 22 print header('text/plain'); 25 #}26 23 27 24 if (param()) { … … 36 33 $key_id =~ s/([\&;\`'\\\|"*?~<>^\(\)\[\]\{\}\$\n\r])/\\$1/g; 37 34 $passphrase =~ s/([\&;\`'\\\|"*?~<>^\(\)\[\]\{\}\$\n\r])/\\$1/g; 35 38 36 # don't shell-encode the plaintext (it will be stored in a file) 39 37 $recipients = parse_recips( $recipients ); 40 38 $recipients =~ s/([\&;\`'\\\|"*?~<>^\(\)\[\]\{\}\$\n\r])/\\$1/g; 41 39 $plaintext =~ s/__PLUS__/+/g; 40 my $pt = "/tmp/plaintext"; 42 41 43 my $pt = "/tmp/plaintext"; 42 my $default_ops = "--no-tty " 43 . " --no-permission-warning --load-extension idea --homedir $KEY_HOME"; 44 my $recips = "$recipients" . ($key_id ? " -r $key_id --default-key $key_id " : ""); 45 46 my $sign_cmd = "echo '$passphrase' | $bin/gpg $default_ops --command-fd 0 --passphrase-fd 0 --armor --clearsign $pt"; 47 my $verify_cmd = "$bin/gpg $default_ops --verify $pt"; 48 my $decrypt_cmd = "echo '$passphrase' | $bin/gpg $default_ops --command-fd 0 --passphrase-fd 0 --ignore-crc-error --output $pt.asc --decrypt $pt"; 49 my $cmd = "$bin/gpg $default_ops $recips --armor --encrypt $pt"; 50 51 if( $mode eq "verify" ) { 52 $cmd = $verify_cmd; 53 # replace gmail-rewritten links 54 print LOG "rewriting gmail-munged links\n"; 55 $plaintext =~ s/<a onclick="return top\.js\.[^>]*>(http[^<]*)<\/a>/$1/g; 56 57 } 58 if( $mode eq "sign" ) { $cmd = $sign_cmd; } 59 if( $mode eq "decrypt" ) { $cmd = $decrypt_cmd; } 60 if( $debug == 1 ) { print LOG "\$cmd: $cmd\n"; } 61 if( $debug == 1 ) { print LOG "\$plaintext: $plaintext\n"; } 62 44 63 open PLAINTEXT, ">$pt" or print "\n\nCouldn't open '$pt' to write: $!\n"; 45 64 print PLAINTEXT $plaintext; 46 65 close PLAINTEXT; 47 48 my $default_ops = "--no-tty "49 . " --no-permission-warning --load-extension idea --homedir $KEY_HOME";50 my $recips = "$recipients -r $key_id --default-key $key_id ";51 52 my $sign_cmd = "echo '$passphrase' | $bin/gpg $default_ops --command-fd 0 --passphrase-fd 0 --armor --clearsign $pt";53 my $decrypt_cmd = "echo '$passphrase' | $bin/gpg $default_ops --command-fd 0 --passphrase-fd 0 --ignore-crc-error --output $pt.asc --decrypt $pt";54 my $cmd = "$bin/gpg $default_ops $recips --armor --encrypt $pt";55 56 if( $mode eq "sign" ) { $cmd = $sign_cmd; }57 if( $mode eq "decrypt" ) { $cmd = $decrypt_cmd; }58 if( $debug == 1 ) { print LOG "\$cmd: $cmd\n"; }59 if( $debug == 1 ) { print LOG "\$plaintext: $plaintext\n"; }60 66 61 67 # FIXME: need to tee off stderr here so we can capture and optionally grovel through GPG's egregiously bad error messages … … 82 88 } 83 89 84 if( -f "$pt.asc" ) {90 if( -f "$pt.asc" && $mode ne "verify" ) { 85 91 $data = `cat $pt.asc`; 86 92 print "<?xml version='1.0'?>\n<data>$data</data>"; 93 } elsif( $mode eq "verify" ) { 94 print "<?xml version='1.0'?>\n<data>$err\n\n$plaintext</data>"; 87 95 } else { 88 96 print "<?xml version='1.0'?>\n<data><error>mode: $mode\n Source: $plaintext\n$err\nCommand:\n$cmd</error></data>"; 89 97 } 90 98 99 # cache these for post-hoc analysis 91 100 if( $debug == 1 ) { 92 `cp $pt /tmp/plaintext.bak`; 93 `cp $pt.asc /tmp/plaintext.asc.bak`; 101 if( -f $pt ) { 102 `cp $pt /tmp/plaintext.bak`; 103 } 104 if( -f "$pt.asc" ) { 105 `cp $pt.asc /tmp/plaintext.asc.bak`; 106 } 94 107 } 95 108 unlink $pt; 96 109 unlink "$pt.asc"; 97 110 98 #print "Your passphrase is: ",em($passphrase),p, "The key_id is: ",em(escapeHTML($key_id)),p, "The recipients are: ",em(escapeHTML($recipients)),p, "The plaintext is: ",em(escapeHTML($plaintext)), hr; 111 if( $debug ) { 112 #print LOG "Your passphrase is: $passphrase, key_id is: $key_id, the recipients are: $recipients, The plaintext is: $plaintext\n"; 113 } 99 114 100 115 } else {
