API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 8th, 2017
145
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.96 KB | None | 0 0
raw download clone embed print report
  1. body="j_username=$user&j_password=$pass"
  2.  
  3. j_sec_check=`curl -k --silent -L -i
  4. -H "Content-Type: application/x-www-form-urlencoded"
  5. -X POST
  6. -A "Apache-HttpClient/4.1.1 (java 1.5)"
  7. -d "$body"
  8. https://${host}/inet/ent_logon/j_security_check`
  9.  
  10. memberCookie=`echo "$j_sec_check" | grep -Fi "Set-Cookie: MemberGlobalSession"`
  11. memberCookie=${memberCookie#"Set-Cookie: "}
  12. memberCookie=${memberCookie%"Comment=.company.com; Secure; Path=/; Domain=.company.com"}
  13.  
  14. jsession=`echo "$j_sec_check" | grep -Fi "Set-Cookie: JSESSIONID"`
  15. jsession=${jsession#"Set-Cookie: "}
  16. jsession=${jsession%"Secure; Path=/; Domain=.company.com; HttpOnly"}
  17.  
  18. cookies="$memberCookie $jsession"
  19.  
  20. login_result=`curl -k --silent -i
  21. -H "Content-Type: application/x-www-form-urlencoded"
  22. -H "cookie: $cookies"
  23. -X POST
  24. -A "Apache-HttpClient/4.1.1 (java 1.5)"
  25. -d "$body"
  26. https://${host}/inet/ent_logon/j_security_check`
  27.  
  28. Set-Cookie: dcenv=2; Path=/; Domain=.company.com
  29. Set-Cookie: tgenv=prod; Path=/; Domain=.company.com
  30. Set-Cookie: LtpaToken2=ltpatoken2value Path=/
  31. Set-Cookie: LtpaToken=ltpatoken2value; Path=/
  32. Set-Cookie: id_token=idtokenvalue; Path=/; Domain=.company.com; HttpOnly
  33. Set-Cookie: id_token_marker=idtokenmarkervalue; Path=/; Domain=.company.com
  34. Set-Cookie: TDO_RANDOM_COOKIE=33760687320170817092545; Path=/; Domain=.company.com
  35. Set-Cookie: CompanyMbWebMemberLoggedIn=true; Expires=Mon, 16-Jan-18 14:25:45 GMT; Path=/; Domain=.company.com; Secure
  36.  
  37. /**
  38. *
  39. */
  40. package com.example.clazz;
  41.  
  42. import java.io.*;
  43. import java.net.*;
  44. import java.util.*;
  45.  
  46. import org.apache.commons.codec.binary.Base64;
  47.  
  48. /**
  49. * @author adbdkb
  50. *
  51. */
  52. public class DW_RetrieveLTPAToken
  53. {
  54.  
  55. /**
  56. *
  57. */
  58. public DW_RetrieveLTPAToken() {
  59. // TODO Auto-generated constructor stub
  60. }
  61.  
  62. /**
  63. * @param args
  64. * @throws IOException
  65. */
  66. public static void main(String[] args) throws IOException {
  67. // set up the certs - keymanager and trustmanager
  68. setupCertificatesSecurity();
  69. // CookieHandler.setDefault( new CookieManager( null,
  70. // CookiePolicy.ACCEPT_ALL ) );
  71.  
  72. String secUrl = getSecurityUrl();
  73. String requestCookie = "";
  74. boolean followDirect = true;
  75. HttpURLConnection conn = connectToSecurityUrl(secUrl, requestCookie, followDirect);
  76.  
  77. String cookiesToResend = getNamedCookies(conn);
  78. getConnResponse(conn);
  79. conn.disconnect();
  80.  
  81. System.out.println("Second call");
  82. // HttpURLConnection.setFollowRedirects(false);
  83. followDirect = false;
  84. HttpURLConnection conn2 = connectToSecurityUrl(secUrl, cookiesToResend, followDirect);
  85. // conn2.setInstanceFollowRedirects(false);
  86.  
  87. getConnResponse(conn2);
  88.  
  89. }
  90.  
  91. /**
  92. * @param conn
  93. * @return
  94. */
  95. private static String getNamedCookies(HttpURLConnection conn) {
  96. String jSessionId = "JSESSIONID";
  97. String jSessionCookie = extractCookieByName(conn, jSessionId);
  98. System.out.println("jSessionCookie : " + jSessionCookie);
  99.  
  100. String memberSession = "GlobalSession";
  101. String memberSessionCookie = extractCookieByName(conn, memberSession);
  102. System.out.println("memberSessionCookie : " + memberSessionCookie);
  103. return jSessionCookie + ";" + memberSessionCookie;
  104. }
  105.  
  106. /**
  107. * @param requestCookie
  108. * @param followDirect
  109. * @param secUrl
  110. * @throws IOException
  111. *
  112. */
  113. private static HttpURLConnection connectToSecurityUrl(String secUrlPath,
  114. String requestCookie, boolean followDirect) throws IOException {
  115. URL url = new URL(secUrlPath);
  116. HttpURLConnection conn = (HttpURLConnection) url.openConnection();
  117.  
  118. if(!followDirect) {
  119. conn.setInstanceFollowRedirects(false);
  120. }
  121. // conn.setReadTimeout(5000);
  122.  
  123. // setDoInput(true) is used to fetch the response and is true by default.
  124. // Set the DoInput flag to true if you intend to use the URL connection
  125. // for input, false if not. The default is true.
  126. conn.setDoInput(true);
  127.  
  128. // setDoOutput(true) is used with POST to allow sending a body via the
  129. // connection:
  130. // When using a different method e.g. GET, you have nothing to pass to the
  131. // connection,
  132. // so an OutputStream is not necessary.
  133. // Set the DoOutput flag to true if you intend to use the URL connection
  134. // for output, false if not. The default is false.
  135. conn.setDoOutput(true);
  136.  
  137. // Add http headers for the connection
  138. addHeaders(conn);
  139.  
  140. conn.setRequestMethod(getUrlConnMethod());
  141.  
  142. System.out.println("requestCookie " + requestCookie);
  143. if (requestCookie != null && !requestCookie.isEmpty()) {
  144. conn.addRequestProperty("cookie", requestCookie);
  145. }
  146.  
  147. // Add POST parameters
  148. addPostParameters(conn);
  149. conn.connect();
  150.  
  151. return conn;
  152. }
  153.  
  154. /**
  155. * @param conn
  156. * @throws IOException
  157. * @throws MalformedURLException
  158. *
  159. */
  160. private static void getConnResponse(HttpURLConnection conn)
  161. throws MalformedURLException, IOException {
  162. int status = conn.getResponseCode();
  163. printAllHeaders(conn);
  164. System.out.println("Response Code ... " + status);
  165.  
  166. // Read response from original call
  167. retrieveResponse(conn);
  168. System.out.println("Done");
  169.  
  170. return;
  171. }
  172.  
  173. /**
  174. * @param conn
  175. */
  176. private static void printAllHeaders(HttpURLConnection conn) {
  177.  
  178. for (String s : conn.getHeaderFields().keySet()) {
  179. if (s == null) {
  180. System.out.println(" " + conn.getHeaderField(s));
  181. } else {
  182. System.out.println(" " + s + "=" + conn.getHeaderField(s));
  183. }
  184. }
  185. for (int i = 0;; i++) {
  186. String headerName = conn.getHeaderFieldKey(i);
  187. String headerValue = conn.getHeaderField(i);
  188.  
  189. if (headerName == null && headerValue == null) {
  190. break;
  191. }
  192. System.out.println("headerName : " + headerName + " headerValue : "
  193. + headerValue);
  194. }
  195. return;
  196. }
  197.  
  198. /**
  199. * @param conn
  200. * @throws IOException
  201. * @throws UnsupportedEncodingException
  202. */
  203. private static void retrieveResponse(HttpURLConnection conn)
  204. throws UnsupportedEncodingException, IOException {
  205. StringBuilder html = new StringBuilder();
  206. try (InputStreamReader isr = new InputStreamReader(conn.getInputStream(),
  207. "UTF-8"); BufferedReader in = new BufferedReader(isr)) {
  208. String inputLine;
  209.  
  210. while ((inputLine = in.readLine()) != null) {
  211. html.append(inputLine);
  212. }
  213. }
  214. System.out.println("output from call " + html.toString());
  215.  
  216. printCookies(conn);
  217. String jSessionId = "JSESSIONID";
  218. String jSessionCookie = extractCookieByName(conn, jSessionId);
  219. System.out.println("jSessionCookie : " + jSessionCookie);
  220.  
  221. String memberSession = "GlobalSession";
  222. String memberSessionCookie = extractCookieByName(conn, memberSession);
  223. System.out.println("memberSessionCookie : " + memberSessionCookie);
  224.  
  225. return;
  226.  
  227. }
  228.  
  229. /**
  230. * @param conn
  231. * @param jSessionId
  232. * @return
  233. */
  234. private static String extractCookieByName(HttpURLConnection conn,
  235. String cookieName) {
  236. String extractedCookie = "";
  237. Map<String, List<String>> headerFields = conn.getHeaderFields();
  238. Set<String> headerFieldsSet = headerFields.keySet();
  239. for (String headerFieldKey : headerFieldsSet) {
  240. if ("Set-Cookie".equalsIgnoreCase(headerFieldKey)) {
  241. // Get all cookies
  242. List<String> headerCookieValue = headerFields.get(headerFieldKey);
  243. for (String headerValue : headerCookieValue) {
  244. String[] fields = headerValue.split(";\s*");
  245. String cookie = fields[0];
  246. String[] cookieDetails = cookie.split("=");
  247. String headerCookieName = cookieDetails[0];
  248. if (cookieName.equalsIgnoreCase(headerCookieName)
  249. || headerCookieName.endsWith(cookieName)) {
  250. extractedCookie = cookie;
  251. }
  252. }
  253.  
  254. }
  255. }
  256. return extractedCookie;
  257. // // Grab Set-Cookie headers:
  258. // List<String> cookies = conn.getHeaderFields().get("Set-Cookie");
  259. //
  260. // // ...
  261. //
  262. // // Send them back in subsequent requests:
  263. // for (String cookie : cookies) {
  264. // conn.addRequestProperty("Cookie", cookie.split(";", 2)[0]);
  265. // }
  266. //
  267. //
  268. // return null;
  269. }
  270.  
  271. /**
  272. * @param conn
  273. */
  274. private static void printCookies(HttpURLConnection conn) {
  275. Map<String, List<String>> headerFields = conn.getHeaderFields();
  276. Set<String> headerFieldsSet = headerFields.keySet();
  277. Iterator<String> hearerFieldsIter = headerFieldsSet.iterator();
  278. while (hearerFieldsIter.hasNext()) {
  279. String headerFieldKey = hearerFieldsIter.next();
  280. if ("Set-Cookie".equalsIgnoreCase(headerFieldKey)) {
  281. List<String> headerFieldValue = headerFields.get(headerFieldKey);
  282. for (String headerValue : headerFieldValue) {
  283. System.out.println("Cookie Found...");
  284. String[] fields = headerValue.split(";\s*");
  285. String cookieValue = fields[0];
  286. String expires = null;
  287. String path = null;
  288. String domain = null;
  289. boolean secure = false;
  290.  
  291. // Parse each field
  292. for (int j = 1; j < fields.length; j++) {
  293. if ("secure".equalsIgnoreCase(fields[j])) {
  294. secure = true;
  295. } else if (fields[j].indexOf('=') > 0) {
  296. String[] f = fields[j].split("=");
  297. if ("expires".equalsIgnoreCase(f[0])) {
  298. expires = f[1];
  299. } else if ("domain".equalsIgnoreCase(f[0])) {
  300. domain = f[1];
  301. } else if ("path".equalsIgnoreCase(f[0])) {
  302. path = f[1];
  303. }
  304. }
  305. }
  306.  
  307. System.out.println("cookieValue:" + cookieValue);
  308. System.out.println("expires:" + expires);
  309. System.out.println("path:" + path);
  310. System.out.println("domain:" + domain);
  311. System.out.println("secure:" + secure);
  312.  
  313. System.out.println("*****************************************");
  314. }
  315. }
  316. }
  317.  
  318. // temporary to build request cookie header
  319. StringBuilder sb = new StringBuilder();
  320.  
  321. // find the cookies in the response header from the first request
  322. List<String> cookies = conn.getHeaderFields().get("Set-Cookie");
  323. if (cookies != null) {
  324. for (String cookie : cookies) {
  325. if (sb.length() > 0) {
  326. sb.append("; ");
  327. }
  328.  
  329. // only want the first part of the cookie header that has the value
  330. String value = cookie.split(";")[0];
  331. sb.append(value);
  332. }
  333. }
  334.  
  335. // build request cookie header to send on all subsequent requests
  336. String cookieHeader = sb.toString();
  337. System.out.println("cookieHeader : " + cookieHeader);
  338.  
  339. return;
  340. }
  341.  
  342. /**
  343. * @param conn
  344. * @throws IOException
  345. *
  346. */
  347. private static void addPostParameters(HttpURLConnection conn)
  348. throws IOException {
  349. StringBuilder postParams = new StringBuilder("j_username=");
  350. postParams.append(Base64.encodeBase64(getUser().getBytes()));
  351. postParams.append("&j_password=");
  352. postParams.append(Base64.encodeBase64(getPassWd().getBytes()));
  353. conn.setDoOutput(true);
  354. try (OutputStreamWriter outputStreamWriter = new OutputStreamWriter(
  355. conn.getOutputStream())) {
  356. outputStreamWriter.write(postParams.toString());
  357. outputStreamWriter.flush();
  358. }
  359. return;
  360. }
  361.  
  362. /**
  363. * @param conn
  364. */
  365. private static void addHeaders(HttpURLConnection conn) {
  366. // add headers
  367. final String USER_AGENT = "HttpUrlConnection (java 1.7)";
  368. final String keepAlivetime = "300";
  369. Map<String, String> header = new LinkedHashMap<String, String>();
  370. // header.put("REFERER", "");
  371. header.put("Content-Type", "application/x-www-form-urlencoded");
  372. header.put("Connection", "keep-alive");
  373. // header.put("Keep-Alive", keepAlivetime);
  374. header.put("User-Agent", USER_AGENT);
  375. // header.put("Accept-Language", "en-US,en;q=0.5");
  376. // header.put("Accept",
  377. // "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8");
  378. for (String key : header.keySet()) {
  379. conn.addRequestProperty(key, header.get(key));
  380. }
  381. return;
  382. }
  383.  
  384. /**
  385. * @return
  386. */
  387. private static String getUrlConnMethod() {
  388. String connMethod = "POST";
  389. return connMethod;
  390. }
  391.  
  392. /**
  393. * @return
  394. */
  395. private static String getHost() {
  396. String host = "test.company.com";
  397. return host;
  398. }
  399.  
  400. /**
  401. * @return
  402. */
  403. private static String getUser() {
  404. String user = "validUser";
  405. return user;
  406. }
  407.  
  408. /**
  409. * @return
  410. */
  411. private static String getPassWd() {
  412. String pw = "validPass";
  413. return pw;
  414. }
  415.  
  416. /**
  417. * @return
  418. */
  419. private static String getPin() {
  420. String pin = "1234";
  421. return pin;
  422. }
  423.  
  424. /**
  425. * @return
  426. */
  427. private static String getSecurityUrl() {
  428. StringBuilder sb = new StringBuilder();
  429. sb.append("https://").append(getHost()).append(getSecCheckPath());
  430. String securityUrl = sb.toString();
  431. return securityUrl;
  432. }
  433.  
  434. /**
  435. * @return
  436. */
  437. private static String getSecCheckPath() {
  438. String secCheckPath = "/logon/j_security_check";
  439. return secCheckPath;
  440. }
  441.  
  442. /**
  443. *
  444. */
  445. private static void setupCertificatesSecurity() {
  446. System.setProperty("javax.net.ssl.trustStore",
  447. "C:\TestBed\TestStandaloneConnTrustStore.jks");
  448. System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
  449. System.setProperty("javax.net.ssl.keyStoreType", "JKS");
  450. System.setProperty("javax.net.ssl.keyStore",
  451. "C:\TestBed\TestStandaloneConnKeyStore.jks");
  452. System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
  453.  
  454. return;
  455. }
  456.  
  457. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!