Sample code for querying ATS server and validating the returned auth
token.
This commit is contained in:
S Rahul
parent
8794590e50
commit
15ad4aec02
137
CASA-auth-token/sample/CASA-auth.pl
Executable file
137
CASA-auth-token/sample/CASA-auth.pl
Executable file
@ -0,0 +1,137 @@
|
||||
#!/usr/bin/perl
|
||||
|
||||
use MIME::Base64();
|
||||
|
||||
# Prompt for ATS details
|
||||
print "ATS host: ";
|
||||
$ATShost = <>;
|
||||
chomp $ATShost;
|
||||
$ATSport = 2645;
|
||||
|
||||
# Request authentication policy for end service
|
||||
print "CASA enabled service host: ";
|
||||
$CASAEnabledServer = <>;
|
||||
chomp $CASAEnabledServer;
|
||||
print "CASA enabled service name: ";
|
||||
$CASAEnabledService = <>;
|
||||
chomp $CASAEnabledService;
|
||||
|
||||
# Send auth-policy request
|
||||
$getAuthPolicyReq = &getAuthPolicyRequest($CASAEnabledService, $CASAEnabledServer);
|
||||
#print "$getAuthPolicyReq\n";
|
||||
$ret = `curl -k -sS --data-binary \'$getAuthPolicyReq\' https://$ATShost:$ATSport/CasaAuthTokenSvc/Rpc?method=GetAuthPolicy`;
|
||||
print $ret;
|
||||
$ret =~ /<auth_policy>(.*)<\/auth_policy>/;
|
||||
$authPolicyB64 = $1;
|
||||
$authPolicy = MIME::Base64::decode($authPolicyB64);
|
||||
print "\n\nPOLICY FOR $CASAEnabledService/$CASAEnabledServer:\n$authPolicy\n";
|
||||
$authPolicy =~ /<realm>(.*)<\/realm>/;
|
||||
$realm = $1;
|
||||
|
||||
if ($realm eq "") {
|
||||
print "Realm: ";
|
||||
$realm = <>;
|
||||
chomp $realm;
|
||||
}
|
||||
|
||||
# Request session token
|
||||
$authenticateReq = &getSessionTokenRequest($realm);
|
||||
#print "$authenticateReq\n";
|
||||
$ret = `curl -k -sS --data-binary \'$authenticateReq\' https://$ATShost:$ATSport/CasaAuthTokenSvc/Rpc?method=Authenticate`;
|
||||
#print "$ret\n";
|
||||
$ret =~ />([^>]*)<\/session_token>/;
|
||||
$sessionTokenB64 = $1;
|
||||
$sessionToken = MIME::Base64::decode($sessionTokenB64);
|
||||
print "\n\nSESSION TOKEN CONTENTS:\n$sessionToken\n";
|
||||
|
||||
# Request auth token
|
||||
$getAuthTokenReq = &getAuthTokenRequest($CASAEnabledService, $CASAEnabledServer, $sessionTokenB64);
|
||||
#print "$getAuthTokenReq\n";
|
||||
$ret = `curl -k -sS --data-binary \'$getAuthTokenReq\' https://$ATShost:$ATSport/CasaAuthTokenSvc/Rpc?method=GetAuthToken`;
|
||||
open $tokfile, ">token.txt";
|
||||
$ret =~ /(<auth_token>.*<\/auth_token>)/;
|
||||
#print $tokfile "$1\n";
|
||||
$ret =~ />([^>]*)<\/auth_token>/;
|
||||
$authTokenB64 = $1;
|
||||
$WSS_msg = MIME::Base64::decode($authTokenB64);
|
||||
print $tokfile "$WSS_msg\n";
|
||||
$WSS_msg =~ /<ident_token_data>(.*)<\/ident_token_data>/;
|
||||
$authToken = MIME::Base64::decode($1);
|
||||
print "\n\nAUTH TOKEN ID INFO:\n$authToken\n";
|
||||
|
||||
# Validate the auth token
|
||||
$ret = `./validate_auth_token.exe \'$CASAEnabledService\' \'$authTokenB64\'`;
|
||||
print "$ret\n";
|
||||
|
||||
# CASA request URLs:
|
||||
# 1. https://<host>:<port>/CasaAuthTokenSvc/Rpc?method=GetAuthPolicy
|
||||
# 2. https://<host>:<port>/CasaAuthTokenSvc/Rpc?method=Authenticate
|
||||
# 3. https://<host>:<port>/CasaAuthTokenSvc/Rpc?method=GetAuthToken
|
||||
|
||||
sub getAuthPolicyRequest {
|
||||
my ($service, $host, $policyRequest);
|
||||
$service = $_[0];
|
||||
$host = $_[1];
|
||||
|
||||
# $policyRequest = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>
|
||||
$policyRequest = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
|
||||
<get_auth_policy_req>
|
||||
<service>$service</service>
|
||||
<host>$host</host>
|
||||
</get_auth_policy_req>";
|
||||
|
||||
return $policyRequest;
|
||||
}
|
||||
|
||||
sub getSessionTokenRequest {
|
||||
my ($realm, $mechanismID, $mechanismTokenData, $sessionTokeniReq);
|
||||
$realm = $_[0];
|
||||
# print "Realm: ";
|
||||
# $realm = <>;
|
||||
# chomp $realm;
|
||||
|
||||
# PwdAuthenticate or Krb5Authenticate
|
||||
$mechanismID = "PwdAuthenticate";
|
||||
$mechanismTokenData = &getPasswordMechToken();
|
||||
|
||||
$sessionTokenReq = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>
|
||||
<auth_req>
|
||||
<realm>$realm</realm>
|
||||
<mechanism>$mechanismID</mechanism>
|
||||
<auth_mech_token>$mechanismTokenData</auth_mech_token>
|
||||
</auth_req>";
|
||||
|
||||
return $sessionTokenReq;
|
||||
}
|
||||
|
||||
sub getPasswordMechToken {
|
||||
my ($username, $password, $mechData, $mechTokenData);
|
||||
print "User: ";
|
||||
$username = <>;
|
||||
chomp $username;
|
||||
print "Password: ";
|
||||
$password = <>;
|
||||
chomp $password;
|
||||
$mechData = "$username\r\n$password\r\n";
|
||||
$mechTokenData = MIME::Base64::encode("$mechData", '');
|
||||
return $mechTokenData;
|
||||
}
|
||||
|
||||
sub getKerberosMechToken {
|
||||
}
|
||||
|
||||
sub getAuthTokenRequest {
|
||||
my ($service, $host, $sessionTokenB64, $authTokenReq);
|
||||
$service = $_[0];
|
||||
$host = $_[1];
|
||||
$sessionTokenB64 = $_[2];
|
||||
|
||||
$authTokenReq = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
|
||||
<get_auth_tok_req>
|
||||
<service>$service</service>
|
||||
<host>$host</host>
|
||||
<session_token>$sessionTokenB64</session_token>
|
||||
</get_auth_tok_req>";
|
||||
|
||||
return $authTokenReq;
|
||||
}
|
||||
8
CASA-auth-token/sample/Makefile
Normal file
8
CASA-auth-token/sample/Makefile
Normal file
@ -0,0 +1,8 @@
|
||||
all: tokenValidate.class
|
||||
|
||||
tokenValidate.class: tokenValidate.java
|
||||
javac -classpath /srv/www/casaats/webapps/CasaAuthTokenSvc/WEB-INF/classes tokenValidate.java
|
||||
|
||||
clean:
|
||||
rm -f *.class
|
||||
|
||||
14
CASA-auth-token/sample/README
Normal file
14
CASA-auth-token/sample/README
Normal file
@ -0,0 +1,14 @@
|
||||
Files in this directory:
|
||||
-----------------------
|
||||
|
||||
CASA-auth.pl: Tool for requesting auth token from ATS. The auth token will be
|
||||
put in a file "token.txt".
|
||||
|
||||
tokenValidate.java: Code for validating auth token.
|
||||
|
||||
Makefile: Builds tokenValidate.class
|
||||
|
||||
validate.sh: Run this after running CASA-auth.pl. It will validate the token in
|
||||
"token.txt" and print the identity token to stdout. This should be run on a
|
||||
machine where ATS certificates have been properly configured. It is better to
|
||||
run this on the server where ATS runs.
|
||||
22
CASA-auth-token/sample/tokenValidate.java
Normal file
22
CASA-auth-token/sample/tokenValidate.java
Normal file
@ -0,0 +1,22 @@
|
||||
import java.io.FileReader;
|
||||
import java.io.BufferedReader;
|
||||
import java.io.IOException;
|
||||
|
||||
import com.novell.casa.authtoksvc.AuthToken;
|
||||
|
||||
public class tokenValidate {
|
||||
public static void main(String[] args) throws IOException {
|
||||
BufferedReader tokenFile = null;
|
||||
|
||||
tokenFile = new BufferedReader(new FileReader("token.txt"));
|
||||
|
||||
String l;
|
||||
l = tokenFile.readLine();
|
||||
|
||||
String id;
|
||||
id = AuthToken.validate(l);
|
||||
|
||||
System.out.println(id);
|
||||
}
|
||||
}
|
||||
|
||||
14
CASA-auth-token/sample/validate.sh
Executable file
14
CASA-auth-token/sample/validate.sh
Executable file
@ -0,0 +1,14 @@
|
||||
#!/bin/bash
|
||||
|
||||
CLASSPATH=.
|
||||
CLASSPATH=$CLASSPATH:/srv/www/casaats/webapps/CasaAuthTokenSvc/WEB-INF/classes
|
||||
CLASSPATH=$CLASSPATH:/usr/share/java/xerces-j2.jar
|
||||
CLASSPATH=$CLASSPATH:/usr/share/java/log4j.jar
|
||||
CLASSPATH=$CLASSPATH:/opt/novell/zenworks/share/tomcat/common/classes
|
||||
CLASSPATH=$CLASSPATH:/srv/www/casaats/webapps/CasaAuthTokenSvc/WEB-INF/lib/xmlsec-1.4.0.jar
|
||||
CLASSPATH=$CLASSPATH:/srv/www/casaats/webapps/CasaAuthTokenSvc/WEB-INF/lib/commons-logging.jar
|
||||
|
||||
export CLASSPATH
|
||||
id_token=`java tokenValidate`
|
||||
|
||||
perl -e "use MIME::Base64(); print MIME::Base64::decode('$id_token')"
|
||||
Loading…
Reference in New Issue
Block a user