Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function authxhr(a, h) {
- function q(f, e) {
- var d = new XMLHttpRequest;
- d.onreadystatechange = function() {
- if (d.readyState === XMLHttpRequest.DONE)
- if (200 === d.status) {
- if (a.context) {
- a.context.username = k;
- a.context.salt = r;
- a.context.iterations = t;
- a.context.b = n;
- a.context.storedKey = u;
- var b = d.getResponseHeader("Authentication-Info");
- if (b) {
- var c = new z;
- c.init(b);
- if (b = c.a("sid")) a.context.h = b
- }
- }
- h(null, d.response, {
- storedKey: u
- })
- } else if (2 == A) h({
- message: "Maximum authorization attempts reached"
- });
- else if (b = d.getResponseHeader("WWW-Authenticate"),
- c = b.split(" "), 2 > c.length) h({
- message: "Invalid authorization header"
- });
- else {
- c.slice(1).join(" ");
- c = new z;
- c.init(b);
- var e = c.a("realm"),
- l = c.a("sr"),
- m = c.a("ttl"),
- v = c.a("data");
- b = c.a("sid");
- a.context && b && (a.context.h = b);
- a.context && l && (a.context.g = l, m && (a.context.m = parseInt(m) + Math.round((new Date).getTime() / 1E3)));
- v ? (p = c.headerValue, w = CryptoJS.enc.Utf8.stringify(CryptoJS.enc.Base64.parse(v)), c.init(w), x = c.a("r"), r = c.a("s"), t = c.a("i"), a.context && a.context.username != k && (a.context.username = null, a.context.salt =
- null, a.context.iterations = null, a.context.b = null, a.context.l = null)) : p = 'SCRAM-SHA-1 realm="' + e + '"';
- B(function() {
- if (v) {
- var a = C();
- a = p + ", data=" + btoa(a)
- } else a = y(p);
- A++;
- q(f, a)
- })
- }
- };
- d.open(a.u || "GET", f);
- "undefined" != typeof e && d.setRequestHeader("Authorization", e);
- d.send()
- }
- function B(f) {
- a.context && a.context.b && a.context.username ? (k = a.context.username, n = a.context.b, f()) : k && l && r && t ? (n = CryptoJS.PBKDF2(l, CryptoJS.enc.Base64.parse(r), {
- keySize: 5,
- iterations: t
- }), f()) : function(f) {
- D(a.credentials) ? a.credentials(function(a,
- b) {
- f(a, b)
- }) : f(a.credentials.user, a.credentials.password)
- }(function(a, d) {
- k = a;
- l = d;
- f()
- })
- }
- function D(a) {
- return !!(a && a.constructor && a.call && a.apply)
- }
- function C() {
- var a = "c=biws,r=" + x,
- e = CryptoJS.HmacSHA1("Client Key", n);
- u = CryptoJS.SHA1(e);
- var d = m + "," + w + "," + a,
- b = CryptoJS.HmacSHA1(d, u),
- c = [];
- if (e.words.length > b.words.length)
- for (var g = 0; g < b.words.length; g++) c.push(e.words[g] ^ b.words[g]);
- else
- for (g = 0; g < e.words.length; g++) c.push(e.words[g] ^ b.words[g]);
- e = new CryptoJS.lib.WordArray.init(c);
- b = CryptoJS.HmacSHA1("Server Key",
- n);
- CryptoJS.HmacSHA1(d, b);
- return a + ",p=" + e.toString(CryptoJS.enc.Base64)
- }
- function y(a) {
- m = "n=" + k + ",r=fyko+d2lbbFgONRv9qkxdawL";
- return a + ", data=" + btoa("n,," + m)
- }
- function z() {
- this.init = function(a) {
- this.headerValue = a;
- this.f = this.headerValue.split(",")
- };
- this.a = function(a) {
- for (var e = null, d, b = 0; b < this.f.length; b++)
- if (d = this.f[b].trim(), 0 == d.indexOf(a + "=")) {
- e = d.split(a + "=")[1];
- break
- } return e
- }
- }
- if (!this instanceof authxhr) return new authxhr(a, h);
- if (a) {
- var A = 0,
- m, r, t, l, u, p = "SCRAM-SHA-1";
- if (a.context && a.context.g &&
- a.context.username && a.context.b) {
- var x = a.context.g;
- var n = a.context.b;
- var k = a.context.username;
- var w = "r=" + x + ",s=" + a.context.salt + ",i=" + a.context.iterations.toString();
- y();
- var E = C();
- q(a.uri, p + ", data=" + btoa(E))
- } else a.j ? B(function() {
- q(a.uri, y("SCRAM-SHA-1"))
- }) : q(a.uri)
- }
- }
- authxhr.createServerPassword = function(a) {
- var h = CryptoJS.lib.WordArray.random(20);
- a = CryptoJS.PBKDF2(a, h, {
- keySize: 5,
- iterations: 4096
- });
- a = CryptoJS.HmacSHA1("Client Key", a);
- a = CryptoJS.SHA1(a);
- return "$00$4096$" + h.toString(CryptoJS.enc.Base64) + "$" + a.toString(CryptoJS.enc.i)
- };
- window.authxhr = authxhr;
- window.createserverpassword = authxhr.createServerPassword;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement