一、发送GET请求获取RSA公钥和JSESSIONID
请求地址:/cas/login,请求类型:GET
curl -I http://cas.gfstack.geo:8080/cas/login
返回如下:
HTTP/1.1 200
Set-Cookie: JSESSIONID=2AC7AF14F7798FA770E927F8EFB356FE; Path=/cas; HttpOnly
Set-Cookie: publicKey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOrwpYIEi0CTd7TSVqQZ/EhHqysaKT0XEn7pjkO4LQ4g6IfJ/4tcbgn4XpS0cR/9P0WpV93Fsnc40s8VINoMqBH64cNHqE4boEqftRSi/L3FQvMSLxctLavu/kF5bzURPRMPyKlW2FQqMkhVautguT939cu+EitEQKMj29hikAyQIDAQAB; Path=/cas
Cache-Control: no-store
Content-Type: text/html;charset=UTF-8
Content-Length: 9856
Date: Tue, 14 May 2019 04:07:12 GMT
获取到 JSESSIONID 和 publicKey
二、发送POST请求获取请求头中的Location
拿 publicKey 做为RSA公钥对用户密码明文做加密得到 password ,提供java实现,其他语言请自行百度
package com.geostar.gfstack.cas.support.util;
import org.apache.commons.codec.binary.Base64;
import javax.crypto.Cipher;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
/**
* RSA加解密工具类,实现公钥加密私钥解密和私钥解密公钥解密
* link:https://www.cnblogs.com/nihaorz/p/10690643.html
*/
public class RSAUtils {
private static final String src = "abcdefghijklmnopqrstuvwxyz";
public static void main(String[] args) throws Exception {
System.out.println("\n");
RSAKeyPair keyPair = generateKeyPair();
System.out.println("公钥:" + keyPair.getPublicKey());
System.out.println("私钥:" + keyPair.getPrivateKey());
System.out.println("\n");
test1(keyPair, src);
System.out.println("\n");
test2(keyPair, src);
System.out.println("\n");
}
/**
* 公钥加密私钥解密
*/
private static void test1(RSAKeyPair keyPair, String source) throws Exception {
System.out.println("***************** 公钥加密私钥解密开始 *****************");
String text1 = encryptByPublicKey(keyPair.getPublicKey(), source);
String text2 = decryptByPrivateKey(keyPair.getPrivateKey(), text1);
System.out.println("加密前:" + source);
System.out.println("加密后:" + text1);
System.out.println("解密后:" + text2);
if (source.equals(text2)) {
System.out.println("解密字符串和原始字符串一致,解密成功");
} else {
System.out.println("解密字符串和原始字符串不一致,解密失败");
}
System.out.println("***************** 公钥加密私钥解密结束 *****************");
}
/**
* 私钥加密公钥解密
*
* @throws Exception
*/
private static void test2(RSAKeyPair keyPair, String source) throws Exception {
System.out.println("***************** 私钥加密公钥解密开始 *****************");
String text1 = encryptByPrivateKey(keyPair.getPrivateKey(), source);
String text2 = decryptByPublicKey(keyPair.getPublicKey(), text1);
System.out.println("加密前:" + source);
System.out.println("加密后:" + text1);
System.out.println("解密后:" + text2);
if (source.equals(text2)) {
System.out.println("解密字符串和原始字符串一致,解密成功");
} else {
System.out.println("解密字符串和原始字符串不一致,解密失败");
}
System.out.println("***************** 私钥加密公钥解密结束 *****************");
}
/**
* 公钥解密
*
* @param publicKeyText
* @param text
* @return
* @throws Exception
*/
public static String decryptByPublicKey(String publicKeyText, String text) throws Exception {
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKeyText));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, publicKey);
byte[] result = cipher.doFinal(Base64.decodeBase64(text));
return new String(result);
}
/**
* 私钥加密
*
* @param privateKeyText
* @param text
* @return
* @throws Exception
*/
public static String encryptByPrivateKey(String privateKeyText, String text) throws Exception {
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKeyText));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
byte[] result = cipher.doFinal(text.getBytes());
return Base64.encodeBase64String(result);
}
/**
* 私钥解密
*
* @param privateKeyText
* @param text
* @return
* @throws Exception
*/
public static String decryptByPrivateKey(String privateKeyText, String text) throws Exception {
PKCS8EncodedKeySpec pkcs8EncodedKeySpec5 = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKeyText));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec5);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] result = cipher.doFinal(Base64.decodeBase64(text));
return new String(result);
}
/**
* 公钥加密
*
* @param publicKeyText
* @param text
* @return
*/
public static String encryptByPublicKey(String publicKeyText, String text) throws Exception {
X509EncodedKeySpec x509EncodedKeySpec2 = new X509EncodedKeySpec(Base64.decodeBase64(publicKeyText));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec2);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] result = cipher.doFinal(text.getBytes());
return Base64.encodeBase64String(result);
}
/**
* 构建RSA密钥对
*
* @return
* @throws NoSuchAlgorithmException
*/
public static RSAKeyPair generateKeyPair() throws NoSuchAlgorithmException {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate();
String publicKeyString = Base64.encodeBase64String(rsaPublicKey.getEncoded());
String privateKeyString = Base64.encodeBase64String(rsaPrivateKey.getEncoded());
RSAKeyPair rsaKeyPair = new RSAKeyPair(publicKeyString, privateKeyString);
return rsaKeyPair;
}
/**
* RSA密钥对对象
*/
public static class RSAKeyPair {
private String publicKey;
private String privateKey;
public RSAKeyPair(String publicKey, String privateKey) {
this.publicKey = publicKey;
this.privateKey = privateKey;
}
public String getPublicKey() {
return publicKey;
}
public String getPrivateKey() {
return privateKey;
}
}
}
将 JSESSION 带到cookie中发送POST请求(参数包含用户名和RSA公钥加密后的密码),请求地址:/cas/v1/tickets,请求类型POST,Content-Type: application/x-www-form-urlencoded
curl -i -X POST \
http://cas.gfstack.geo:8080/cas/v1/tickets \
-H 'Content-Type: application/x-www-form-urlencoded' \
--cookie 'JSESSIONID=2AC7AF14F7798FA770E927F8EFB356FE' \
-d 'username=admin&password=ifP607Amuqxy19VUvZZ79Aq9pTzCYbShrLtSzChhm+GAmtCWUQyryCPjnh7/RhWow2qOSkCy/JynFtkznvwRgofDKN7aCOPDiIEe04IyDMOCEpCws/su+Gp4Jr2kUZHKR6iJ9Ht/adNQqFZ+r2RPiaJSIvNMYSTnY2RBZvwyxNY='
返回如下:
HTTP/1.1 201
Cache-Control: no-store
Location: http://cas.gfstack.geo:8080/cas/v1/tickets/TGT-6-NK2bhU6TddIyeqmY94BKm2dzFc7BuPQHaMe1pUhX2RrVBmFKQp-cas01.example.org
Content-Type: text/html;charset=UTF-8
Content-Length: 382
Date: Tue, 14 May 2019 04:08:13 GMT
<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"><html><head><title>201 Created</title></head><body><h1>TGT Created</h1><form action="http://cas.gfstack.geo:8080/cas/v1/tickets/TGT-6-NK2bhU6TddIyeqmY94BKm2dzFc7BuPQHaMe1pUhX2RrVBmFKQp-cas01.example.org" method="POST">Service:<input type="text" name="service" value=""><br><input type="submit" value="Submit"></form></body></html>
获取请求头中的 Location
三、发送POST请求获取ST
请求地址:上一步返回的 Location ,请求类型:POST,Content-Type: application/x-www-form-urlencoded
curl -X POST \
http://cas.gfstack.geo:8080/cas/v1/tickets/TGT-6-NK2bhU6TddIyeqmY94BKm2dzFc7BuPQHaMe1pUhX2RrVBmFKQp-cas01.example.org \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'service=http%3A%2F%2F192.168.36.158%3A8080%2Fdemo%2F'
其中 service 是CAS客户端地址(综合运维、服务中心、数据中心等),需要经过encodeURI编码
返回如下:
ST-9-kzS0oIyS9DZmveLy4vZs-cas01.example.org
返回内容即是ST,成功拿到ST即成功使用REST登录
四、关于ST校验
请参照:https://www.cnblogs.com/nihaorz/p/10445514.html 部署cas-sample-java-webapp应用完成校验
