From 21d247052d15f3038d0ff19e1cec065fe0d337e4 Mon Sep 17 00:00:00 2001 From: Caesar2011 Date: Wed, 9 Jan 2019 01:22:13 +0100 Subject: [PATCH] New KVV login preparation (works only via VPN or internal) --- .../services/fulogin/UserLoginTask.java | 10 +- .../fuplanner/services/kvv/sync/Login.java | 235 ++++++++---------- 2 files changed, 105 insertions(+), 140 deletions(-) diff --git a/app/src/main/java/de/sebse/fuplanner/services/fulogin/UserLoginTask.java b/app/src/main/java/de/sebse/fuplanner/services/fulogin/UserLoginTask.java index 50f0e34..577fe7f 100644 --- a/app/src/main/java/de/sebse/fuplanner/services/fulogin/UserLoginTask.java +++ b/app/src/main/java/de/sebse/fuplanner/services/fulogin/UserLoginTask.java @@ -62,8 +62,14 @@ public class UserLoginTask extends AsyncTask { mVolleyLogin.testLoginToken(success, success1 -> { login.set(success); latch.countDown(); - }, error -> latch.countDown()); - }, error -> latch.countDown()); + }, error -> { + log.e(error); + latch.countDown(); + }); + }, error -> { + log.e(error); + latch.countDown(); + }); try { latch.await(); } catch (InterruptedException e) { diff --git a/app/src/main/java/de/sebse/fuplanner/services/kvv/sync/Login.java b/app/src/main/java/de/sebse/fuplanner/services/kvv/sync/Login.java index 52bd73f..cbf1d0a 100644 --- a/app/src/main/java/de/sebse/fuplanner/services/kvv/sync/Login.java +++ b/app/src/main/java/de/sebse/fuplanner/services/kvv/sync/Login.java @@ -56,56 +56,35 @@ public class Login extends HTTPService { public void doLogin(String username, String password, NetworkCallback callback, NetworkErrorCallback error) { - startKVVSession(success -> { - String kvvJSESSIONID = success.get("JSESSIONID"); - getSAMLRequest(kvvJSESSIONID, success1 -> startIdentSession(success1.get("Location"), success11 -> { - String identJSESSIONID = success11.get("JSESSIONID"); - String ident_idp_authn_lc_key = success11.get("_idp_authn_lc_key"); - String identROUTEID = success11.get("ROUTEID"); - loginIdent(true, username, password, identJSESSIONID, ident_idp_authn_lc_key, identROUTEID, success111 -> loginIdent(false, username, password, identJSESSIONID, ident_idp_authn_lc_key, identROUTEID, success11112 -> { - String ident_idp_session = success11112.get("_idp_session"); - getSAMLResponse(identJSESSIONID, ident_idp_authn_lc_key, identROUTEID, ident_idp_session, success1111 -> loginKVV(success1111.get("RelayState"), success1111.get("SAMLResponse"), kvvJSESSIONID, success111112 -> { - LoginToken token = new LoginToken(username, success111112.get("shibsessionKey"), success111112.get("shibsessionName"), kvvJSESSIONID); - finishKVVlogin(token, success11111 -> callback.onResponse(token), error); - }, error), error); - }, error), error); - }, error), error); + step1(success1 -> { + String samlLocation = success1.get("Location"); + step2(samlLocation, success2 -> { + String fuJSESSIONID = success2.get("JSESSIONID"); + step3(fuJSESSIONID, success3 -> { + step4(username, password, fuJSESSIONID, success4 -> { + String fuSHIBSession = success4.get("shib_idp_session"); + String samlResponse = success4.get("SAMLResponse"); + step5(samlResponse, success5 -> { + String shibsessionKey = success5.get("shibsessionKey"); + String shibsessionName = success5.get("shibsessionName"); + step6(shibsessionKey, shibsessionName, success6 -> { + String kvvJSESSIONID = success6.get("JSESSIONID"); + LoginToken token = new LoginToken(username, shibsessionKey, shibsessionName, kvvJSESSIONID); + callback.onResponse(token); + }, error); + }, error); + }, error); + }, error); + }, error); }, error); } /* - GET https://kvv.imp.fu-berlin.de/portal/login - -> JSESSIONID 5c10406f-588c-4c16-96e9-c80d115417de.tomcat1 + 1= GET https://kvv.imp.fu-berlin.de/Shibboleth.sso/Login?entityID=https://identity.fu-berlin.de/idp-fub-qa + -> Location-Header: https://identity.fu-berlin.de:9443/idp-fub-qa/profile/SAML2/Redirect/SSO?SAMLResponse=[SAMLResponse]&RelayState=[RelayState] */ - private void startKVVSession(final NetworkCallback> callback, final NetworkErrorCallback errorCallback) { - get("https://kvv.imp.fu-berlin.de/portal/login", null, response -> { - String cookies = response.getHeaders().get("Set-Cookie"); - if (cookies==null) { - errorCallback.onError(new NetworkError(100101, -1, "Error on starting KVV session!")); - return; - } - HashMap object; - try { - object = getCookie(cookies, new String[]{"JSESSIONID"}); - } catch (NoSuchFieldException e) { - errorCallback.onError(new NetworkError(100102, -1, "Error on starting KVV session!")); - return; - } - callback.onResponse(object); - }, error -> errorCallback.onError(new NetworkError(100100, error.networkResponse.statusCode, "Error on starting KVV session!"))); - } - - /* - GET https://kvv.imp.fu-berlin.de/sakai-login-tool/container - <- JSESSIONID - -> (Location-Header) https://identity.fu-berlin.de/idp-fub/profile/SAML2/Redirect/SSO - ?SAMLRequest=fZLLb.....Q8yre3X1IHwkJKE0Mnpy/V9TH4A - &RelayState=ss:mem:7ea01e29157b8bd906f7002176.....0d1a505f2c8bf - */ - private void getSAMLRequest(String JSESSIONID, final NetworkCallback> callback, final NetworkErrorCallback errorCallback) { - HashMap cookies = new HashMap<>(); - cookies.put("JSESSIONID", JSESSIONID); - get("https://kvv.imp.fu-berlin.de/sakai-login-tool/container", cookies, response -> { + private void step1(final NetworkCallback> callback, final NetworkErrorCallback errorCallback) { + get("https://kvv.imp.fu-berlin.de/Shibboleth.sso/Login?entityID=https://identity.fu-berlin.de/idp-fub-qa", null, response -> { String location = response.getHeaders().get("Location"); if (location==null) { errorCallback.onError(new NetworkError(100111, -1, "Error on getting SAML request!")); @@ -118,133 +97,98 @@ public class Login extends HTTPService { } /* - GET https://identity.fu-berlin.de/idp-fub/profile/SAML2/Redirect/SSO - ?SAMLRequest=fZLLbsIwEEV/JfI+cWJAUIsgpbAoEi2IpF10UznxUKw6dupxaPn7hkdb2LD29bkzRzNGUeuGZ63fmjV8toA++K61QX58SEnrDLcCFXIjakDuK55njwvOopg3znpbWU2CDBGcV9ZMrcG2BpeD26kKnteLlGy9b5BT+rHbRapuok0bluC0MpEEmm9VWVoNfhshWnpgM7pa5gUJZt0wyogD9h+iJBiv/P6aomQTbtqSdhNtlIYzZg1SOag8zfMlCeazlLyNqpHsy1gO2V1fVsNBMuqJoUyAJaxXDUaiiyG2MDfohfEpYXEyDJM4ZKxgCe/FPI5fSbA6L36vjFTm/bal8hRC/lAUq/C02gs4PK7VBchkfHDNj8Xuwv5trPhVTiY3BeOf4DG96DmVNvypA89nK6tVtQ8yre3X1IHwkJKE0Mnpy/V9TH4A - &RelayState=ss:mem:7ea01e29157b8bd906f7002176213b6db5e1f45ebb88716a9820d1a505f2c8bf - -> JSESSIONID C4B6A428BA1F50746235D03F5D107A57 - -> _idp_authn_lc_key 57a6ae26067f374cc3d0ccfc47e27b04b47752d2a3d4eb2782af0d3994535395 - -> ROUTEID .1 + 2= GET [Location-Header 1] + -> Set-Cookie: JSESSIONID=[JSESSION-FU] + -> Location: /idp-fub-qa/profile/SAML2/Redirect/SSO?execution=e1s1 */ - private void startIdentSession(String url, final NetworkCallback> callback, final NetworkErrorCallback errorCallback) { + private void step2(String url, final NetworkCallback> callback, final NetworkErrorCallback errorCallback) { get(url, null, response -> { String cookies = response.getHeaders().get("Set-Cookie"); if (cookies==null) { - errorCallback.onError(new NetworkError(100121, -1, "Error on starting Ident session!")); + errorCallback.onError(new NetworkError(100121, -1, "Error on starting FU session!")); return; } HashMap object; try { - object = getCookie(cookies, new String[]{"JSESSIONID", "_idp_authn_lc_key", "ROUTEID"}); + object = getCookie(cookies, new String[]{"JSESSIONID"}); } catch (NoSuchFieldException e) { - errorCallback.onError(new NetworkError(100122, -1, "Error on starting Ident session!")); + errorCallback.onError(new NetworkError(100122, -1, "Error on starting FU session!")); return; } callback.onResponse(object); - }, error -> errorCallback.onError(new NetworkError(100120, error.networkResponse.statusCode, "Error on starting Ident session!"))); + }, error -> errorCallback.onError(new NetworkError(100120, error.networkResponse.statusCode, "Error on starting FU session!"))); } /* - POST https://identity.fu-berlin.de/idp-fub/Authn/UserPassword - <- j_username seedorf96 - <- j_password neinhieristpatrick - <- (Header-"Content-Type") application/x-www-form-urlencoded - <- JSESSIONID - <- _idp_authn_lc_key - <- ROUTEID - -> _idp_session OTMuMTkzLjg1LjMz|LQ==|OGYxOWI4MjA2NTQ4YWUwYzJkOWM4Mjk4YzcwZDMwZmJiZjBmMTdmMzkyZGU2OWIwY2JkNmZlNjlmNTRmNzBlMQ==|wLlzQal7VqyntmG2vLNn06wt8wQ= + 3= GET [Location-Header 2] + + Cookie: JSESSIONID=[JSESSION-FU] */ - private void loginIdent(final boolean first, String username, String password, String JSESSIONID, String _idp_authn_lc_key, String ROUTEID, final NetworkCallback> callback, final NetworkErrorCallback errorCallback) { + private void step3(String JSESSIONID_FU, final NetworkCallback callback, final NetworkErrorCallback errorCallback) { HashMap cookies = new HashMap<>(); - cookies.put("JSESSIONID", JSESSIONID); - cookies.put("_idp_authn_lc_key", _idp_authn_lc_key); - cookies.put("ROUTEID", ROUTEID); + cookies.put("JSESSIONID", JSESSIONID_FU); + get("https://identity.fu-berlin.de:9443/idp-fub-qa/profile/SAML2/Redirect/SSO?execution=e1s1", cookies, response -> { + callback.onResponse(true); + }, error -> errorCallback.onError(new NetworkError(100130, error.networkResponse.statusCode, "Error starting login page!"))); + } + + /* + 4= POST [Location-Header 2] + + Body: j_username=[USERNAME]&j_password=[PASSWORD]&_eventId_proceed= + + Header: Content-Type: application/x-www-form-urlencoded + + Header: Referer: [Location-Header 2] + + Cookie: JSESSIONID=[JSESSION-FU] + -> Set-Cookie: shib_idp_session=[SHIB-IDP-SESSION] + -> Body SAMLResponse-Input-value + */ + private void step4(String username, String password, String JSESSIONID_FU, final NetworkCallback> callback, final NetworkErrorCallback errorCallback) { + HashMap cookies = new HashMap<>(); + cookies.put("JSESSIONID", JSESSIONID_FU); HashMap body = new HashMap<>(); body.put("j_username", username); body.put("j_password", password); - post("https://identity.fu-berlin.de/idp-fub/Authn/UserPassword", cookies, body, response -> { - if (first) { - callback.onResponse(new HashMap<>()); - return; - } - + body.put("_eventId_proceed", ""); + post("https://identity.fu-berlin.de:9443/idp-fub-qa/profile/SAML2/Redirect/SSO?execution=e1s1", cookies, body, response -> { String cookies1 = response.getHeaders().get("Set-Cookie"); if (cookies1 ==null) { - errorCallback.onError(new NetworkError(100131, -1, "Error on logging in to Identity Server!")); + errorCallback.onError(new NetworkError(100141, -1, "Error on logging in to FU Identity Server!")); return; } HashMap object; try { - object = getCookie(cookies1, new String[]{"_idp_session"}); + object = getCookie(cookies1, new String[]{"shib_idp_session"}); } catch (NoSuchFieldException e) { - errorCallback.onError(new NetworkError(100132, -1, "Error on logging in to Identity Server!")); + errorCallback.onError(new NetworkError(100142, -1, "Error on logging in to FU Identity Server!")); return; } - callback.onResponse(object); - }, error -> errorCallback.onError(new NetworkError(100130, error.networkResponse.statusCode, "Error on logging in to Identity Server!"))); - } - /* - GET https://identity.fu-berlin.de/idp-fub/profile/SAML2/Redirect/SSO - <- JSESSIONID - <- _idp_authn_lc_key - <- ROUTEID - <- _idp_session - -> (BODY) RelayState 7ea01e29157b8bd906f7002176213b6db5e1f45ebb88716a9820d1a505f2c8bf - -> (BODY) SAMLResponse PD94bWwgdmVyc2lvbj0...........wvc2FtbDJwOlJlc3BvbnNlPg== - */ - private void getSAMLResponse(String JSESSIONID, String _idp_authn_lc_key, String ROUTEID, String _idp_session, final NetworkCallback> callback, final NetworkErrorCallback errorCallback) { - HashMap cookies = new HashMap<>(); - cookies.put("JSESSIONID", JSESSIONID); - cookies.put("_idp_authn_lc_key", _idp_authn_lc_key); - cookies.put("ROUTEID", ROUTEID); - cookies.put("_idp_session", _idp_session); - get("https://identity.fu-berlin.de/idp-fub/profile/SAML2/Redirect/SSO", cookies, response -> { - String body = response.getParsed(); - if (body == null) { + String content = response.getParsed(); + if (content == null) { errorCallback.onError(new NetworkError(100143, -1, "Error on getting SAML response!")); return; } - - HashMap object = new HashMap<>(); - - Pattern pattern = Pattern.compile("ss:mem:([0-9a-f]+)"); - Matcher matcher = pattern.matcher(body); + Pattern pattern = Pattern.compile("name=\"SAMLResponse\" value=\"([0-9a-zA-Z+]+=*)"); + Matcher matcher = pattern.matcher(content); if (!matcher.find()) { - errorCallback.onError(new NetworkError(100142, -1, "Error on getting SAML response!")); - return; - } - object.put("RelayState", "ss:mem:"+matcher.group(1)); - - pattern = Pattern.compile("name=\"SAMLResponse\" value=\"([0-9a-zA-Z+]+=*)"); - matcher = pattern.matcher(body); - if (!matcher.find()) { - errorCallback.onError(new NetworkError(100141, -1, "Error on getting SAML response!")); + errorCallback.onError(new NetworkError(100144, -1, "Error on getting SAML response!")); return; } object.put("SAMLResponse", matcher.group(1)); - callback.onResponse(object); - }, error -> errorCallback.onError(new NetworkError(100140, error.networkResponse.statusCode, "Error on getting SAML response!"))); + }, error -> errorCallback.onError(new NetworkError(100145, error.networkResponse.statusCode, "Error on logging in to FU Identity Server!"))); } - /* - POST https://kvv.imp.fu-berlin.de/Shibboleth.sso/SAML2/POST - <- RelayState 7ea01e29157b8bd906f7002176213b6db5e1f45ebb88716a9820d1a505f2c8bf - <- SAMLResponse PD94bWwgdmVyc2lvbj0...........wvc2FtbDJwOlJlc3BvbnNlPg== - <- JSESSIONID - -> _shibsession_64656661756c7468747470733a2f2f6b76762e696d702e66752d6265726c696e2e64652f73686962626f6c657468 - _b1912c5a03d733a80bd3fee772bf68d4 - */ - private void loginKVV(String RelayState, String SAMLResponse, String JSESSIONID, final NetworkCallback> callback, final NetworkErrorCallback errorCallback) { - HashMap cookies = new HashMap<>(); - cookies.put("JSESSIONID", JSESSIONID); + 5= POST https://kvv.imp.fu-berlin.de/Shibboleth.sso/SAML2/POST + + Body: SAMLResponse=[SAML-RESPONSE] + + Header: Content-Type: application/x-www-form-urlencoded + -> Set-Cookie: _shibsession_[SESS-NR]: [SESS-VALUE] + */ + private void step5(String SAMLResponse, final NetworkCallback> callback, final NetworkErrorCallback errorCallback) { HashMap body = new HashMap<>(); - body.put("RelayState", RelayState); body.put("SAMLResponse", SAMLResponse); - post("https://kvv.imp.fu-berlin.de/Shibboleth.sso/SAML2/POST", cookies, body, response -> { - String cookies1 = response.getHeaders().get("Set-Cookie"); - if (cookies1 ==null) { + post("https://kvv.imp.fu-berlin.de/Shibboleth.sso/SAML2/POST", null, body, response -> { + String cookies = response.getHeaders().get("Set-Cookie"); + if (cookies ==null) { errorCallback.onError(new NetworkError(100151, -1, "Error on starting KVV session!")); return; } @@ -252,26 +196,41 @@ public class Login extends HTTPService { Pattern pattern = Pattern.compile("(_shibsession_[0-9a-f]+)=([^;]+);"); - Matcher matcher = pattern.matcher(cookies1); + Matcher matcher = pattern.matcher(cookies); if (!matcher.find()) { - errorCallback.onError(new NetworkError(100152, -1, "Error on starting Ident session!")); + errorCallback.onError(new NetworkError(100152, -1, "Error on starting KVV session!")); } object.put("shibsessionKey", matcher.group(1)); object.put("shibsessionName", matcher.group(2)); callback.onResponse(object); - }, error -> errorCallback.onError(new NetworkError(100150, error.networkResponse.statusCode, "Error on starting Ident session!"))); + }, error -> errorCallback.onError(new NetworkError(100150, error.networkResponse.statusCode, "Error on starting KVV session!"))); } /* - GET https://kvv.imp.fu-berlin.de/sakai-login-tool/container - <- JSESSIONID - <- _shibsession_64656661756c7468747470733a2f2f6b76762e696d702e66752d6265726c696e2e64652f73686962626f6c657468 - _b1912c5a03d733a80bd3fee772bf68d4 + 6= https://kvv.imp.fu-berlin.de/sakai-login-tool/container + + Cookie: _shibsession_[SESS-NR]: [SESS-VALUE] + -> Set-Cookie: JSESSIONID: [JSESSION-KVV] */ - private void finishKVVlogin(LoginToken loginToken, final NetworkCallback> callback, final NetworkErrorCallback errorCallback) { - get("https://kvv.imp.fu-berlin.de/sakai-login-tool/container", loginToken.getCookies(), response -> callback.onResponse(new HashMap<>()), error -> errorCallback.onError(new NetworkError(100160, error.networkResponse.statusCode, "Cannot finish login process!"))); + private void step6(String shibsessionKey, String shibsessionName, final NetworkCallback> callback, final NetworkErrorCallback errorCallback) { + HashMap cookies = new HashMap<>(); + cookies.put(shibsessionKey, shibsessionName); + get("https://kvv.imp.fu-berlin.de/sakai-login-tool/container", cookies, response -> { + String cookies1 = response.getHeaders().get("Set-Cookie"); + if (cookies1 ==null) { + errorCallback.onError(new NetworkError(100161, -1, "Cannot finish login process!")); + return; + } + HashMap object; + try { + object = getCookie(cookies1, new String[]{"JSESSIONID"}); + } catch (NoSuchFieldException e) { + errorCallback.onError(new NetworkError(100162, -1, "Cannot finish login process!")); + return; + } + callback.onResponse(object); + }, error -> errorCallback.onError(new NetworkError(100160, error.networkResponse.statusCode, "Cannot finish login process!"))); }