2. 程式人生 > >PCS 配置Oauth記錄

PCS 配置Oauth記錄

阿新 發佈:2017-08-22
httpurl shm red nan adl leo index bsp trace

1.先生成一個客戶端的私鑰

keytool -genkeypair -keystore mykeystore.jks -alias myPcsClient -storepass welcome1 -keypass welcome1 -keyalg RSA -sigalg SHA1WithRSA -dname "CN=myPcsClient"

2.list一下確保沒問題

keytool -list -keystore mykeystore.jks -storepass welcome1 -v


[[email protected] ~]$ keytool -list -keystore mykeystore.jks -storepass welcome1 -v

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 
 
2 entries

Alias name: mypcsclient
Creation date: Aug 22, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=myPcsClient
Issuer: CN=myPcsClient
Serial number: 57b1c3b1
Valid from: Tue Aug 22 11:48:19 CST 2017 until: Mon Nov 20 11:48:19 CST 2017
Certificate fingerprints:
     MD5:  
 
17:0D:1F:8A:97:7A:B6:C9:C8:7B:36:F4:15:0A:2D:1B
     SHA1: EE:06:83:DF:F9:7F:85:71:1F:7B:A6:CD:CF:54:CC:EC:7D:E0:04:43
     SHA256: FA:33:2B:21:CC:4F:42:07:53:F2:FF:07:F7:6E:94:77:C8:06:D9:6B:38:D5:F8:AA:F1:52:55:D6:3C:B3:99:10
     Signature algorithm name: SHA1withRSA
     Version: 3

Extensions: 

#1: ObjectId: 2.5
 
.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 67 E4 CD 96 2E 87 AF   1C E5 AF 4E 16 76 B9 6C  Mg.........N.v.l
0010: 5F 7A D1 3B                                        _z.;
]
]



*******************************************
*******************************************


Alias name: mykey
Creation date: Aug 22, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=myPcsClient
Issuer: CN=myPcsClient
Serial number: 2f0e108c
Valid from: Tue Aug 22 10:45:24 CST 2017 until: Fri Aug 20 10:45:24 CST 2027
Certificate fingerprints:
     MD5:  A4:BE:28:54:FB:8F:7D:E5:A9:28:4F:85:3F:B2:B4:C7
     SHA1: B1:4B:65:AB:EA:F9:BC:70:99:5B:76:4B:7C:1A:10:AD:79:33:B0:90
     SHA256: DD:3A:C2:0A:8E:C4:E7:D9:8F:62:4A:04:9F:82:9A:FC:99:B7:C4:97:2C:1A:B1:39:20:EF:D9:55:77:71:80:96
     Signature algorithm name: SHA256withRSA
     Version: 3

Extensions: 

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: A6 8A 05 76 9E EC F3 A1   B6 88 50 2E B6 DE 22 8D  ...v......P...".
0010: A3 4C C3 8E                                        .L..
]
]



*******************************************
*******************************************

3.導出一個oauth的cer文件

keytool -exportcert -alias myPcsClient -keystore mykeystore.jks -file mykeyoauthclient.cer

4.在PCS的Oauth Administration界面上註冊一個trust client

技術分享

註冊的時候選擇trust,然後輸入cer文件

技術分享

技術分享


5.將生成的jks,cer放入jdeveloper中,進行調用就可

package test.oracle.oauth;

import com.sun.xml.internal.bind.v2.model.core.ID;

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;

import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.MessageDigest;

import java.security.PrivateKey;
import java.security.Signature;

import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

import java.util.ArrayList;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;

import org.apache.commons.codec.binary.Base64;

import org.json.simple.JSONValue;

import java.io.BufferedReader;  
import java.io.FileInputStream;  
import java.io.IOException;  
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;

import java.net.MalformedURLException;  
import java.net.URL;  
import java.security.GeneralSecurityException;  
import java.security.KeyStore;  
  
import javax.net.ssl.HostnameVerifier;  
import javax.net.ssl.HttpsURLConnection;  
import javax.net.ssl.KeyManagerFactory;  
import javax.net.ssl.SSLContext;  
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import java.net.HttpURLConnection;





@SuppressWarnings("unchecked")
public class OauthUserAssertionGenerator {
    
    // Make sure the following settings are correct
    private static String keystoreFile = "mykeystore.jks";
    private static String keystorePassword = "welcome1";
   // private static String alias = "TestOAuthClient";
    private static String alias = "myPcsClient";
    private static String keyPassword = "welcome1";
    
    private static String identityDomainName = "a508150";
    
    private static String clientID = "368e9de3-f662-4d4a-91fe-742615a1559f"; // client id of the trusted client
    private static String clientSecret = "pkwovUWMUlTfMpLTNeM2"; // client secret of the registered client
    
    private static String pcsUsername = "[email protected]"; // username of the user trying to access PCS
    
    
    private static String curlCommand = "curl -i -H ‘Content-Type: application/x-www-form-urlencoded;charset=UTF-8‘ -H ‘X-USER-IDENTITY-DOMAIN-NAME: #IDENTITY_DOMAIN_NAME‘ -H ‘Authorization: Basic #AUTHENTICATION_STRING‘ --request POST https://a508150.identity.europe.oraclecloud.com/oauth2/tokens -d ‘grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&assertion=#USER_ASSERTION‘";
    
    private static X509Certificate cert = null;
    private static PrivateKey privateKey = null;
    
    public OauthUserAssertionGenerator() {
        super();
    }

    public static void main(String[] args) {
  
        String aa = returnuserAssertion("[email protected]");
        System.out.println("============"+aa);
  
    } // end main

  
    
    public static void getClientKeyPair() {
        InputStream input = null;
        try {
            // Keystore type ex: jks 
            KeyStore keystore = KeyStore.getInstance("jks");
            // Path where the keystore file is placed 
            input = new FileInputStream(keystoreFile);
            // Keystore password given during key generation
            keystore.load(input, keystorePassword.toCharArray());
            
            // keyAlias is the name given for the key during key generation
            privateKey = (PrivateKey) keystore.getKey(alias, keyPassword.toCharArray());
            cert = (X509Certificate) keystore.getCertificate(alias);
        } catch (Exception ex) {
            ex.printStackTrace();
        } finally {
            if (input != null) {
                try {
                    input.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
        }
    } // end getClientCert()
    
    
    public static String returnuserAssertion(String username) {
        try {
            // The goal of this program is to generate a working curl command 
            // to retrieve an OAuth access token.
            
            // Replace the identity domain first
            curlCommand = curlCommand.replaceAll("#IDENTITY_DOMAIN_NAME", identityDomainName);
            
            // Generate an authentication string
            String authenticationString = Base64.encodeBase64URLSafeString((clientID+":"+clientSecret).getBytes("utf8"));
            curlCommand = curlCommand.replaceAll("#AUTHENTICATION_STRING", authenticationString);


            // Now working on user assertion string
            getClientKeyPair();

            // Prepare header
            Map<Object, Object> headerMap = new HashMap<Object, Object>();
            MessageDigest sha1 = MessageDigest.getInstance("SHA-1"); // SHA-256
            // Get the client certificate 
            sha1.update(cert.getEncoded());
            
            byte[] sha1thumbPrint = sha1.digest();
            headerMap.put("x5t", Base64.encodeBase64URLSafeString(sha1thumbPrint));
            headerMap.put("typ", "JWT");
            headerMap.put("alg", "RS256");
            String headerAsString = JSONValue.toJSONString(headerMap);
            String encodedHeader = Base64.encodeBase64URLSafeString(headerAsString.getBytes("utf8"));
  // Prepare body
           long currentTime = System.currentTimeMillis();
           
           Map<Object, Object> payloadMap = new HashMap<Object, Object>(10);
           payloadMap.put("iss", clientID );
           payloadMap.put("jti", UUID.randomUUID().toString());
           //changed to parameter by ericnie 
           payloadMap.put("prn", username);
           payloadMap.put("sub", username);
            
           payloadMap.put("iat", currentTime);
           payloadMap.put("exp", currentTime + 360000000L);
           List l = new ArrayList();
           l.add("oauth.idm.oracle.com");
           payloadMap.put("aud", l);
           payloadMap.put("oracle.oauth.prn.id_type", "LDAP_UID");
           payloadMap.put("oracle.oauth.sub.id_type", "LDAP_UID");
           payloadMap.put("user.tenant.name", identityDomainName);

           String payloadAsString = JSONValue.toJSONString(payloadMap);
           String encodedPayload = Base64.encodeBase64URLSafeString(payloadAsString.getBytes("utf8"));
  // Sign the user assertion        
           String toSign = encodedHeader + "." + encodedPayload;
           byte[] inputBytes = toSign.getBytes("utf8");
           Signature signature = Signature.getInstance("SHA256withRSA");
           signature.initSign(privateKey);
           signature.update(inputBytes);
           byte[] signatureBytes = signature.sign();
           String encodedSignature = Base64.encodeBase64URLSafeString(signatureBytes);
           
           String userAssertion = toSign + "." + encodedSignature;
               
           curlCommand = curlCommand.replaceAll("#USER_ASSERTION", userAssertion);
            
  // added by ericnie
            //System.out.println(userAssertion);
            
           HttpsURLConnection urlCon = null; 
            String httpsUrl="https://a508150.identity.europe.oraclecloud.com/oauth2/tokens";
            String xmlStr = "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&assertion="+userAssertion;
            SslUtils.ignoreSsl();  
            HttpsURLConnection httpUrlConn = null;
            
            try {  
          
                        
                        httpUrlConn = (HttpsURLConnection) (new URL(httpsUrl)).openConnection(); 
                        
                        httpUrlConn.addRequestProperty("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8");
                        httpUrlConn.addRequestProperty("X-USER-IDENTITY-DOMAIN-NAME", "a508150");
                        //httpUrlConn.addRequestProperty("Authorization", "Basic ZjM5ZTdlYjEtNWFjNC00ZDhhLTgwYmEtOGUzZDA5NmY3ZjYyOnN0dktNUXNhelBKZXhWRXhNVXcy");
                        httpUrlConn.addRequestProperty("Authorization", "Basic "+authenticationString);
                        
                        httpUrlConn.setDoInput(true);  
                        httpUrlConn.setDoOutput(true);  
                        httpUrlConn.setConnectTimeout(10000);
                        httpUrlConn.setReadTimeout(10000);
                
                
                        httpUrlConn.setRequestMethod("POST");  
                        httpUrlConn.setRequestProperty("Content-Length",   
                                String.valueOf(xmlStr.getBytes().length));  
                       
                        httpUrlConn.setUseCaches(false);  
                        httpUrlConn.connect();
                 
                        httpUrlConn.getOutputStream().write(xmlStr.getBytes());  
                        httpUrlConn.getOutputStream().flush();  
                        httpUrlConn.getOutputStream().close();  
                       
                        BufferedReader in = new BufferedReader(new InputStreamReader(  
                                httpUrlConn.getInputStream()));  
                        String line;
                        String serverreturn="";
                
                        while ((line = in.readLine()) != null) {
                            serverreturn = serverreturn + line;
                      //      System.out.println(line);  
                        }

                        int index = serverreturn.indexOf("access_token");
                
                        String returnassert = serverreturn.substring(index+15, serverreturn.length()-2);
                
                        return returnassert;
                
                    } catch (MalformedURLException e) {  
                        e.printStackTrace();  
                    } catch (IOException e) {  
                        e.printStackTrace();  
                    } catch (Exception e) {  
                        e.printStackTrace();  
                    }   
        }
        catch (Exception ex) {
            ex.printStackTrace();
        }
             return "error";
    }
    
}

PCS 配置Oauth記錄

相關推薦

PCS 配置Oauth記錄

httpurl shm red nan adl leo index bsp trace 1.先生成一個客戶端的私鑰 keytool -genkeypair -keystore mykeystore.jks -alias myPcsClient -storepass wel

mysql如何配置sql記錄

lean edit target 似的 51cto put cto www 不同 原文鏈接:http://www.qqdeveloper.com/detail/11/1.html 為什麽要記錄sql記錄 主要目的是為了檢測我們的網站安全問題,有效的避免一些sql註入或者是x

配置環境[記錄]

conf dep onf 重要 腳手架 depend lin 二維 依賴 Node記錄   網址:https://www.liaoxuefeng.com/wiki/001434446689867b27157e896e74d51a89c25cc8b43bdb3000/0014

關於CoDeSys OPC ua配置記錄

全局變量 es2017 右鍵 屬性設置 記錄 對象 .cn wid src 1.創建一個簡單的CoDeSys程序,TEST001. 在Device中配置網關連接. 其中, PLC_PRG中設置了局部變量, 在GVL_XJ中添加全局變量. 2.在device上右鍵->

思科交換機配置syslog記錄日誌到syslog watcher日誌記錄軟件

inter conf sta 時間戳 date 日誌 日誌服務器 mes amp C3560#config tC3560(config)#logging onC3560(config)#logging host 192.168.210 //日誌服務器的IP地址 C3560(

樹莓派上配置electron記錄

pos 樹莓派 命令 sta src 默認 art log sudo 首先是最新版本的樹莓派鏡像默認不開啟ssh,所以燒寫好系統之後沒法ssh登錄 解決方法就是在燒寫的內存卡分區內建立一個ssh文件(無後綴名),這樣啟動的時候就有ssh服務了 在~/.bashrc裏面添

RFC4862 IPV6無狀態地址自動配置 閱讀記錄2

ipv6 RFC4862RFC4862 IPV6無狀態地址自動配置 閱讀記錄2 第五章 協議標準節點必須允許系統管理為每個有多播能力的接口配置下面這個與自動配置有關的變量:節點配置變量--> DupAddrDetectTransmits當在臨時地址上執行 Duplicate Address Detec

nginx配置owncloud記錄

ref last found efault .so pri emp assets param 開始配置時忘看php-fpm配置 結果這裏 server unix:/dev/shm/php-cgi.sock; 一直502,後面加上了錯誤日誌輸出,才發現問題。 upstr

Web配置簡單記錄(多更新)

cdh list csr 系統 ecdh web 記錄 並且 簡單 1.Nginx配置SSL,禁止http訪問 證書文件CERT.pem,包含兩段內容,請不要刪除任何一段內容。 如果是證書系統創建的CSR,還包含:證書私鑰文件CERT.key。 ( 1 ) 在Nginx的安

centos7 + ambari 2.6安裝與系統配置過程記錄

繼上一篇部落格記錄如何u盤安裝centos,centos7 u盤安裝遇到的坑以及靠譜解決方法,繼續寫安裝的ambari的過程。 安裝的過程主要是參考這個部落格的,CentOS 7.4 安裝 Ambari 2.6.0 + HDP 2.6.3 搭建Hadoop叢集 在安裝過程出現了很多配置相關問題,

weblogic連線oracle資料來源配置優化記錄

之前在專案上部署的weblogic的資料來源的優化配置,記錄在此,希望可以幫助其他的小夥伴在使用weblogic進行配置資料來源的時候參考下! skyjdbc 初始容量: 20 最大容量: 100 最小容量: 50 語句快取記憶體型別: LRU 語句快取記憶體大小:

一次多資料來源 配置問題記錄

  現在的專案是個多資料來源的配置,前兩天 做專案遷移,要把另一個專案遷移到api的專案裡面。於是 貼上複製後,發現不能執行。。。 最後發現是多資料來源配置出了問題。      <?xml version="1.0" encoding="UTF-8"?

git碼雲的一次配置記錄

首先這個碼雲,顧名思義,程式碼在雲端,可以說git是一個程式設計師的標配工具,具體有啥用先看教程吧 首先我們先安裝git,這裡我用centos7做一個演示,第一步安裝git yum install -y git 第二步去碼雲註冊一個賬號,然後新建一個專案,專案命名隨意 然後返回

tomcat訪問(access)日誌配置記錄Post請求引數

一、配置與說明 tomcat訪問日誌格式配置,在config/server.xml裡Host標籤下加上 1 2 3 <Valve className="org.apache.catalina.valves.AccessLogValve" dire

SnapKit配置過程記錄

SnapKit是大名鼎鼎的Masonry的Swift版本,主要是能讓開發者在iOS和OS X上更簡單地進行Auto Layout的DSL。 首先補充下,DSL的全稱是domain-specific language,與之相對的是GPL(general-purpose lang

PKI/CA: Win2012 R2標準版 分散式部署AD域控環境的智慧卡登陸配置問題記錄_20180919_七俠鎮莫尛貝

概述:    PC1: DNS + IIS + AD, Win2012 R2標準版    PC2: AD證書服務, Win2012 R2標準版,    PC3: 智慧卡(飛天ePass3000)登陸測試客戶端. &nbs

【Caffe2】Windows7下caffe2編譯配置記錄(GPU版)

caffe2跟老版caffe相比變化較大,更容易上手和使用。但caffe2的windows版配置比linux下要麻煩一些、且更容易出錯,把全過程記錄下,以供參考。 1. 準備工作 (1)安裝CUDA、cuDNN (

CentOS安裝PotsgreSQL11及簡單配置過程記錄

根據蒐集的資料安裝測試並在安裝測試過程中整理的文件,如有不足希望不吝賜教。 因為公司一個專案可能使用PotsgreSQL作為資料庫,因此領導領導安排先初步瞭解下其安裝配置以及簡單的備份,以下是對安裝過程的簡單記錄。 這個是備份記錄:《CentOS7中PotsgreSQL11

Rabbitmq一些基本使用時配置記錄

埠的使用 5672為程式中連結rabbitmq,15672為網頁端訪問rabbitmq控制檯的埠,預設不允許guest登入; 各模式下的一些配置情況: 在釋出/訂閱(Pub/Sub)模式下: 交換機型別為:fanout 在Routing(路由)模式下: 交

QT | Qt creator配置opencv記錄

安裝參考文章:用OT Creator配置opencv QT下載地址:http://download.qt.io/archive/qt/ 安裝版本: Qt Creator 4.6.2(Qt 5.11.1 MinGW 32bit)  cmake 3.12.1 openc