PCS 配置Oauth记录
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了PCS 配置Oauth记录相关的知识,希望对你有一定的参考价值。
1.先生成一个客户端的私钥
keytool -genkeypair -keystore mykeystore.jks -alias myPcsClient -storepass welcome1 -keypass welcome1 -keyalg RSA -sigalg SHA1WithRSA -dname "CN=myPcsClient"
2.list一下确保没问题
keytool -list -keystore mykeystore.jks -storepass welcome1 -v [[email protected] ~]$ keytool -list -keystore mykeystore.jks -storepass welcome1 -v Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries Alias name: mypcsclient Creation date: Aug 22, 2017 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=myPcsClient Issuer: CN=myPcsClient Serial number: 57b1c3b1 Valid from: Tue Aug 22 11:48:19 CST 2017 until: Mon Nov 20 11:48:19 CST 2017 Certificate fingerprints: MD5: 17:0D:1F:8A:97:7A:B6:C9:C8:7B:36:F4:15:0A:2D:1B SHA1: EE:06:83:DF:F9:7F:85:71:1F:7B:A6:CD:CF:54:CC:EC:7D:E0:04:43 SHA256: FA:33:2B:21:CC:4F:42:07:53:F2:FF:07:F7:6E:94:77:C8:06:D9:6B:38:D5:F8:AA:F1:52:55:D6:3C:B3:99:10 Signature algorithm name: SHA1withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 4D 67 E4 CD 96 2E 87 AF 1C E5 AF 4E 16 76 B9 6C Mg.........N.v.l 0010: 5F 7A D1 3B _z.; ] ] ******************************************* ******************************************* Alias name: mykey Creation date: Aug 22, 2017 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=myPcsClient Issuer: CN=myPcsClient Serial number: 2f0e108c Valid from: Tue Aug 22 10:45:24 CST 2017 until: Fri Aug 20 10:45:24 CST 2027 Certificate fingerprints: MD5: A4:BE:28:54:FB:8F:7D:E5:A9:28:4F:85:3F:B2:B4:C7 SHA1: B1:4B:65:AB:EA:F9:BC:70:99:5B:76:4B:7C:1A:10:AD:79:33:B0:90 SHA256: DD:3A:C2:0A:8E:C4:E7:D9:8F:62:4A:04:9F:82:9A:FC:99:B7:C4:97:2C:1A:B1:39:20:EF:D9:55:77:71:80:96 Signature algorithm name: SHA256withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: A6 8A 05 76 9E EC F3 A1 B6 88 50 2E B6 DE 22 8D ...v......P...". 0010: A3 4C C3 8E .L.. ] ] ******************************************* *******************************************
3.导出一个oauth的cer文件
keytool -exportcert -alias myPcsClient -keystore mykeystore.jks -file mykeyoauthclient.cer
4.在PCS的Oauth Administration界面上注册一个trust client
注册的时候选择trust,然后输入cer文件
5.将生成的jks,cer放入jdeveloper中,进行调用就可
package test.oracle.oauth; import com.sun.xml.internal.bind.v2.model.core.ID; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.FileWriter; import java.io.IOException; import java.io.InputStream; import java.security.GeneralSecurityException; import java.security.KeyStore; import java.security.MessageDigest; import java.security.PrivateKey; import java.security.Signature; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.UUID; import org.apache.commons.codec.binary.Base64; import org.json.simple.JSONValue; import java.io.BufferedReader; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStreamReader; import java.io.OutputStreamWriter; import java.net.MalformedURLException; import java.net.URL; import java.security.GeneralSecurityException; import java.security.KeyStore; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import java.net.HttpURLConnection; @SuppressWarnings("unchecked") public class OauthUserAssertionGenerator { // Make sure the following settings are correct private static String keystoreFile = "mykeystore.jks"; private static String keystorePassword = "welcome1"; // private static String alias = "TestOAuthClient"; private static String alias = "myPcsClient"; private static String keyPassword = "welcome1"; private static String identityDomainName = "a508150"; private static String clientID = "368e9de3-f662-4d4a-91fe-742615a1559f"; // client id of the trusted client private static String clientSecret = "pkwovUWMUlTfMpLTNeM2"; // client secret of the registered client private static String pcsUsername = "[email protected]"; // username of the user trying to access PCS private static String curlCommand = "curl -i -H ‘Content-Type: application/x-www-form-urlencoded;charset=UTF-8‘ -H ‘X-USER-IDENTITY-DOMAIN-NAME: #IDENTITY_DOMAIN_NAME‘ -H ‘Authorization: Basic #AUTHENTICATION_STRING‘ --request POST https://a508150.identity.europe.oraclecloud.com/oauth2/tokens -d ‘grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&assertion=#USER_ASSERTION‘"; private static X509Certificate cert = null; private static PrivateKey privateKey = null; public OauthUserAssertionGenerator() { super(); } public static void main(String[] args) { String aa = returnuserAssertion("[email protected]"); System.out.println("============"+aa); } // end main public static void getClientKeyPair() { InputStream input = null; try { // Keystore type ex: jks KeyStore keystore = KeyStore.getInstance("jks"); // Path where the keystore file is placed input = new FileInputStream(keystoreFile); // Keystore password given during key generation keystore.load(input, keystorePassword.toCharArray()); // keyAlias is the name given for the key during key generation privateKey = (PrivateKey) keystore.getKey(alias, keyPassword.toCharArray()); cert = (X509Certificate) keystore.getCertificate(alias); } catch (Exception ex) { ex.printStackTrace(); } finally { if (input != null) { try { input.close(); } catch (IOException e) { e.printStackTrace(); } } } } // end getClientCert() public static String returnuserAssertion(String username) { try { // The goal of this program is to generate a working curl command // to retrieve an OAuth access token. // Replace the identity domain first curlCommand = curlCommand.replaceAll("#IDENTITY_DOMAIN_NAME", identityDomainName); // Generate an authentication string String authenticationString = Base64.encodeBase64URLSafeString((clientID+":"+clientSecret).getBytes("utf8")); curlCommand = curlCommand.replaceAll("#AUTHENTICATION_STRING", authenticationString); // Now working on user assertion string getClientKeyPair(); // Prepare header Map<Object, Object> headerMap = new HashMap<Object, Object>(); MessageDigest sha1 = MessageDigest.getInstance("SHA-1"); // SHA-256 // Get the client certificate sha1.update(cert.getEncoded()); byte[] sha1thumbPrint = sha1.digest(); headerMap.put("x5t", Base64.encodeBase64URLSafeString(sha1thumbPrint)); headerMap.put("typ", "JWT"); headerMap.put("alg", "RS256"); String headerAsString = JSONValue.toJSONString(headerMap); String encodedHeader = Base64.encodeBase64URLSafeString(headerAsString.getBytes("utf8")); // Prepare body long currentTime = System.currentTimeMillis(); Map<Object, Object> payloadMap = new HashMap<Object, Object>(10); payloadMap.put("iss", clientID ); payloadMap.put("jti", UUID.randomUUID().toString()); //changed to parameter by ericnie payloadMap.put("prn", username); payloadMap.put("sub", username); payloadMap.put("iat", currentTime); payloadMap.put("exp", currentTime + 360000000L); List l = new ArrayList(); l.add("oauth.idm.oracle.com"); payloadMap.put("aud", l); payloadMap.put("oracle.oauth.prn.id_type", "LDAP_UID"); payloadMap.put("oracle.oauth.sub.id_type", "LDAP_UID"); payloadMap.put("user.tenant.name", identityDomainName); String payloadAsString = JSONValue.toJSONString(payloadMap); String encodedPayload = Base64.encodeBase64URLSafeString(payloadAsString.getBytes("utf8")); // Sign the user assertion String toSign = encodedHeader + "." + encodedPayload; byte[] inputBytes = toSign.getBytes("utf8"); Signature signature = Signature.getInstance("SHA256withRSA"); signature.initSign(privateKey); signature.update(inputBytes); byte[] signatureBytes = signature.sign(); String encodedSignature = Base64.encodeBase64URLSafeString(signatureBytes); String userAssertion = toSign + "." + encodedSignature; curlCommand = curlCommand.replaceAll("#USER_ASSERTION", userAssertion); // added by ericnie //System.out.println(userAssertion); HttpsURLConnection urlCon = null; String httpsUrl="https://a508150.identity.europe.oraclecloud.com/oauth2/tokens"; String xmlStr = "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&assertion="+userAssertion; SslUtils.ignoreSsl(); HttpsURLConnection httpUrlConn = null; try { httpUrlConn = (HttpsURLConnection) (new URL(httpsUrl)).openConnection(); httpUrlConn.addRequestProperty("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8"); httpUrlConn.addRequestProperty("X-USER-IDENTITY-DOMAIN-NAME", "a508150"); //httpUrlConn.addRequestProperty("Authorization", "Basic ZjM5ZTdlYjEtNWFjNC00ZDhhLTgwYmEtOGUzZDA5NmY3ZjYyOnN0dktNUXNhelBKZXhWRXhNVXcy"); httpUrlConn.addRequestProperty("Authorization", "Basic "+authenticationString); httpUrlConn.setDoInput(true); httpUrlConn.setDoOutput(true); httpUrlConn.setConnectTimeout(10000); httpUrlConn.setReadTimeout(10000); httpUrlConn.setRequestMethod("POST"); httpUrlConn.setRequestProperty("Content-Length", String.valueOf(xmlStr.getBytes().length)); httpUrlConn.setUseCaches(false); httpUrlConn.connect(); httpUrlConn.getOutputStream().write(xmlStr.getBytes()); httpUrlConn.getOutputStream().flush(); httpUrlConn.getOutputStream().close(); BufferedReader in = new BufferedReader(new InputStreamReader( httpUrlConn.getInputStream())); String line; String serverreturn=""; while ((line = in.readLine()) != null) { serverreturn = serverreturn + line; // System.out.println(line); } int index = serverreturn.indexOf("access_token"); String returnassert = serverreturn.substring(index+15, serverreturn.length()-2); return returnassert; } catch (MalformedURLException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } catch (Exception e) { e.printStackTrace(); } } catch (Exception ex) { ex.printStackTrace(); } return "error"; } }