CAS-4.2.7接入REST登陸認證，移動端、C/S端登陸解決方案

1、發送GET請求獲取RSA公鑰和JSESSIONID

請求地址：/cas/login，請求類型：GET

curl -I http://cas.gfstack.geo:8080/cas/login

返回以下：

HTTP/1.1 200
Set-Cookie: JSESSIONID=2AC7AF14F7798FA770E927F8EFB356FE; Path=/cas; HttpOnly
Set-Cookie: publicKey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOrwpYIEi0CTd7TSVqQZ/EhHqysaKT0XEn7pjkO4LQ4g6IfJ/4tcbgn4XpS0cR/9P0WpV93Fsnc40s8VINoMqBH64cNHqE4boEqftRSi/L3FQvMSLxctLavu/kF5bzURPRMPyKlW2FQqMkhVautguT939cu+EitEQKMj29hikAyQIDAQAB; Path=/cas
Cache-Control: no-store
Content-Type: text/html;charset=UTF-8
Content-Length: 9856
Date: Tue, 14 May 2019 04:07:12 GMT

獲取到 JSESSIONID 和 publicKey

 

2、發送POST請求獲取請求頭中的Location

拿 publicKey 作爲RSA公鑰對用戶密碼明文作加密獲得 password ，提供java實現，其餘語言請自行百度

package com.geostar.gfstack.cas.support.util;

import org.apache.commons.codec.binary.Base64;

import javax.crypto.Cipher;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

/**
 * RSA加解密工具類，實現公鑰加密私鑰解密和私鑰解密公鑰解密
 * link：https://www.cnblogs.com/nihaorz/p/10690643.html
 */
public class RSAUtils {

    private static final String src = "abcdefghijklmnopqrstuvwxyz";

    public static void main(String[] args) throws Exception {
        System.out.println("\n");
        RSAKeyPair keyPair = generateKeyPair();
        System.out.println("公鑰：" + keyPair.getPublicKey());
        System.out.println("私鑰：" + keyPair.getPrivateKey());
        System.out.println("\n");
        test1(keyPair, src);
        System.out.println("\n");
        test2(keyPair, src);
        System.out.println("\n");
    }

    /**
     * 公鑰加密私鑰解密
     */
    private static void test1(RSAKeyPair keyPair, String source) throws Exception {
        System.out.println("***************** 公鑰加密私鑰解密開始 *****************");
        String text1 = encryptByPublicKey(keyPair.getPublicKey(), source);
        String text2 = decryptByPrivateKey(keyPair.getPrivateKey(), text1);
        System.out.println("加密前：" + source);
        System.out.println("加密後：" + text1);
        System.out.println("解密後：" + text2);
        if (source.equals(text2)) {
            System.out.println("解密字符串和原始字符串一致，解密成功");
        } else {
            System.out.println("解密字符串和原始字符串不一致，解密失敗");
        }
        System.out.println("***************** 公鑰加密私鑰解密結束 *****************");
    }

    /**
     * 私鑰加密公鑰解密
     *
     * @throws Exception
     */
    private static void test2(RSAKeyPair keyPair, String source) throws Exception {
        System.out.println("***************** 私鑰加密公鑰解密開始 *****************");
        String text1 = encryptByPrivateKey(keyPair.getPrivateKey(), source);
        String text2 = decryptByPublicKey(keyPair.getPublicKey(), text1);
        System.out.println("加密前：" + source);
        System.out.println("加密後：" + text1);
        System.out.println("解密後：" + text2);
        if (source.equals(text2)) {
            System.out.println("解密字符串和原始字符串一致，解密成功");
        } else {
            System.out.println("解密字符串和原始字符串不一致，解密失敗");
        }
        System.out.println("***************** 私鑰加密公鑰解密結束 *****************");
    }

    /**
     * 公鑰解密
     *
     * @param publicKeyText
     * @param text
     * @return
     * @throws Exception
     */
    public static String decryptByPublicKey(String publicKeyText, String text) throws Exception {
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKeyText));
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
        Cipher cipher = Cipher.getInstance("RSA");
        cipher.init(Cipher.DECRYPT_MODE, publicKey);
        byte[] result = cipher.doFinal(Base64.decodeBase64(text));
        return new String(result);
    }

    /**
     * 私鑰加密
     *
     * @param privateKeyText
     * @param text
     * @return
     * @throws Exception
     */
    public static String encryptByPrivateKey(String privateKeyText, String text) throws Exception {
        PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKeyText));
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
        Cipher cipher = Cipher.getInstance("RSA");
        cipher.init(Cipher.ENCRYPT_MODE, privateKey);
        byte[] result = cipher.doFinal(text.getBytes());
        return Base64.encodeBase64String(result);
    }

    /**
     * 私鑰解密
     *
     * @param privateKeyText
     * @param text
     * @return
     * @throws Exception
     */
    public static String decryptByPrivateKey(String privateKeyText, String text) throws Exception {
        PKCS8EncodedKeySpec pkcs8EncodedKeySpec5 = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKeyText));
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec5);
        Cipher cipher = Cipher.getInstance("RSA");
        cipher.init(Cipher.DECRYPT_MODE, privateKey);
        byte[] result = cipher.doFinal(Base64.decodeBase64(text));
        return new String(result);
    }

    /**
     * 公鑰加密
     *
     * @param publicKeyText
     * @param text
     * @return
     */
    public static String encryptByPublicKey(String publicKeyText, String text) throws Exception {
        X509EncodedKeySpec x509EncodedKeySpec2 = new X509EncodedKeySpec(Base64.decodeBase64(publicKeyText));
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec2);
        Cipher cipher = Cipher.getInstance("RSA");
        cipher.init(Cipher.ENCRYPT_MODE, publicKey);
        byte[] result = cipher.doFinal(text.getBytes());
        return Base64.encodeBase64String(result);
    }

    /**
     * 構建RSA密鑰對
     *
     * @return
     * @throws NoSuchAlgorithmException
     */
    public static RSAKeyPair generateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024);
        KeyPair keyPair = keyPairGenerator.generateKeyPair();
        RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic();
        RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate();
        String publicKeyString = Base64.encodeBase64String(rsaPublicKey.getEncoded());
        String privateKeyString = Base64.encodeBase64String(rsaPrivateKey.getEncoded());
        RSAKeyPair rsaKeyPair = new RSAKeyPair(publicKeyString, privateKeyString);
        return rsaKeyPair;
    }


    /**
     * RSA密鑰對對象
     */
    public static class RSAKeyPair {

        private String publicKey;
        private String privateKey;

        public RSAKeyPair(String publicKey, String privateKey) {
            this.publicKey = publicKey;
            this.privateKey = privateKey;
        }

        public String getPublicKey() {
            return publicKey;
        }

        public String getPrivateKey() {
            return privateKey;
        }

    }

}

將 JSESSION 帶到cookie中發送POST請求（參數包含用戶名和RSA公鑰加密後的密碼），請求地址：/cas/v1/tickets，請求類型POST，Content-Type: application/x-www-form-urlencoded

curl -i -X POST \
  http://cas.gfstack.geo:8080/cas/v1/tickets \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  --cookie 'JSESSIONID=2AC7AF14F7798FA770E927F8EFB356FE' \
  -d 'username=admin&password=ifP607Amuqxy19VUvZZ79Aq9pTzCYbShrLtSzChhm+GAmtCWUQyryCPjnh7/RhWow2qOSkCy/JynFtkznvwRgofDKN7aCOPDiIEe04IyDMOCEpCws/su+Gp4Jr2kUZHKR6iJ9Ht/adNQqFZ+r2RPiaJSIvNMYSTnY2RBZvwyxNY='

返回以下：

HTTP/1.1 201
Cache-Control: no-store
Location: http://cas.gfstack.geo:8080/cas/v1/tickets/TGT-6-NK2bhU6TddIyeqmY94BKm2dzFc7BuPQHaMe1pUhX2RrVBmFKQp-cas01.example.org
Content-Type: text/html;charset=UTF-8
Content-Length: 382
Date: Tue, 14 May 2019 04:08:13 GMT

<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"><html><head><title>201 Created</title></head><body><h1>TGT Created</h1><form action="http://cas.gfstack.geo:8080/cas/v1/tickets/TGT-6-NK2bhU6TddIyeqmY94BKm2dzFc7BuPQHaMe1pUhX2RrVBmFKQp-cas01.example.org" method="POST">Service:<input type="text" name="service" value=""><br><input type="submit" value="Submit"></form></body></html>

獲取請求頭中的 Location

3、發送POST請求獲取ST

請求地址：上一步返回的 Location ，請求類型：POST，Content-Type: application/x-www-form-urlencoded

curl -X POST \
  http://cas.gfstack.geo:8080/cas/v1/tickets/TGT-6-NK2bhU6TddIyeqmY94BKm2dzFc7BuPQHaMe1pUhX2RrVBmFKQp-cas01.example.org \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'service=http%3A%2F%2F192.168.36.158%3A8080%2Fdemo%2F'

其中 service 是CAS客戶端地址（綜合運維、服務中心、數據中心等），須要通過encodeURI編碼

返回以下：

ST-9-kzS0oIyS9DZmveLy4vZs-cas01.example.org

返回內容便是ST，成功拿到ST即成功使用REST登陸

4、關於ST校驗

請參照：http://www.javashuo.com/article/p-voeeyjfp-cm.html 部署cas-sample-java-webapp應用完成校驗