Skip to content

Epic Integration sample #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Epic Integration sample #1

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 68 additions & 0 deletions epic_integration/signtest.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
#!/usr/bin/env python2

import base64
import time
import urlparse as cgi
import urllib
from Crypto.Cipher import AES
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
import xml.etree.cElementTree as ET

b64key = open('urlkey.b64').read()
encuri = open('url.encrypted').read()

def sign_token(token):
key = RSA.importKey(open('private_key.der').read())
h = SHA256.new(token)
return PKCS1_v1_5.new(key).sign(h)

def make_ticket(username):
# Generate an XML login ticket for the specified username, with generic metadata suitable for
# JIT provisioning of user accounts within the target system (if enabled)
t = time.gmtime()
timestamp = time.strftime('%m%d%Y%H%M%S',t)

root = ET.Element('TICKET',DOMAIN="EPICURL")
root.set('TIMESTAMP',timestamp)

user = ET.SubElement(root,'USER',FIRST_NAME="Epic", LAST_NAME="User")
user.set('USERNAME', username)

return ET.tostring(root, encoding='utf8').decode('utf8')

def decrypturl(url):
# extract the iv and the ciphertext from the url by splitting it on the ==
ivb = url.split('==')[0] + '==';
datab = url.split('==')[1] + '==';

key = base64.b64decode(b64key)
iv = base64.b64decode(ivb)
data = base64.b64decode(datab)
cipher = AES.new(key, AES.MODE_CBC, iv)
content = cipher.decrypt(data)

return content.decode('utf-8')

def get_url(req):
uri = decrypturl(req)
if uri:
vals = cgi.parse_qs(uri,True)
if vals['login_user']:
# Convert the login request to a single-sign-on request for the requested user
ticket = make_ticket(vals['login_user'][0])
sig = sign_token(ticket)

if ticket and sig:
# replace any existing log-in information with the SSO information
vals['login_ticket'] = [ticket]
vals['login_signature'] = [base64.b64encode(sig)]
vals.pop('login_user')
vals.pop('login_passwd')

return urllib.urlencode(vals,True)


if __name__ == '__main__':
print(get_url(encuri))