Skip to content

Instantly share code, notes, and snippets.

@handersonbf

handersonbf/FeatureCertificadoMetadata.java

Last active June 18, 2021 14:13
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save handersonbf/8d13da4daec78c76ab9c130ef5b90387 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save handersonbf/8d13da4daec78c76ab9c130ef5b90387 to your computer and use it in GitHub Desktop.
Download ZIP
POC Certificado & Metadata
Raw
FeatureCertificadoMetadata.java
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class Teste {
public static void main(String[] args) {
String url = "https://dev-1178112.okta.com/app/exksdo65e66HD4Rfr5d6/sso/saml/metadata";
String domain = getDomain(url);
if(!domain.isEmpty()){
StringBuilder command = new StringBuilder("echo | openssl s_client -connect ");
command.append(domain).append(":443 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'");
String certificado = getCertificado(command.toString());
System.out.println(certificado);
}
}
private static String getDomain(String url) {
Pattern pattern = Pattern.compile("(https?://)([^:^/]*)(:\\d*)?(.*)?");
Matcher matcher = pattern.matcher(url);
if (matcher.find()){
return matcher.group(2);
}
return matcher.group(2);
}
public static String getCertificado(String cmd){
StringBuilder certificado = new StringBuilder();
ProcessBuilder builder = new ProcessBuilder();
builder.command("sh", "-c", cmd);
try {
Process process = builder.start();
BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
String line;
while ((line = reader.readLine()) != null) {
certificado.append(line + "\n");
}
int exitVal = process.waitFor();
if (exitVal != 0) {
return "error";
}
} catch (IOException e) {
e.printStackTrace();
} catch (InterruptedException e) {
e.printStackTrace();
}
return certificado.toString();
}
}
Raw
FeatureCertificadoMetadata.kt
import java.io.BufferedReader
import java.io.IOException
import java.io.InputStreamReader
import java.util.regex.Pattern
object FeatureCertificadoMetadata {
@JvmStatic
fun main(args: Array<String>) {
val url = "https://dev-1178112.okta.com/app/exksdo65e66HD4Rfr5d6/sso/saml/metadata"
val domain = getDomain(url)
if (!domain.isEmpty()) {
val command = StringBuilder("echo | openssl s_client -connect ")
command.append(domain).append(":443 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'")
val certificado = getCertificado(command.toString())
println(certificado)
}
}
private fun getDomain(url: String?): String {
val pattern = Pattern.compile("(https?://)([^:^/]*)(:\\d*)?(.*)?")
val matcher = pattern.matcher(url)
return if (matcher.find()) {
matcher.group(2)
} else ""
}
fun getCertificado(cmd: String?): String {
val certificado = StringBuilder()
val builder = ProcessBuilder()
builder.command("sh", "-c", cmd)
try {
val process = builder.start()
val reader = BufferedReader(InputStreamReader(process.inputStream))
var line: String?
while (reader.readLine().also { line = it } != null) {
certificado.append(
"""
$line
""".trimIndent()
)
}
val exitVal = process.waitFor()
if (exitVal != 0) {
return "error"
}
} catch (e: IOException) {
e.printStackTrace()
} catch (e: InterruptedException) {
e.printStackTrace()
}
return certificado.toString()
}
}
Raw
TesteSAML.kt
package com.greenmile.auth.saml
import org.springframework.http.HttpStatus
import org.springframework.web.server.ResponseStatusException
import java.io.BufferedReader
import java.io.IOException
import java.io.InputStreamReader
import java.util.regex.Pattern
object TesteSAML {
@JvmStatic
fun main(args: Array<String>) {
val url = "https://dev-1178112.okta.com/app/exksdo65e66HD4Rfr5d6/sso/saml/metadata"
val domain = getDomain(url)
val certificado = getCertificado(domain)
println(certificado)
}
@Throws(ResponseStatusException::class)
private fun getDomain(url: String?): String {
val pattern = Pattern.compile("(https://)([^:^/]*)(:\\d*)?(.*)?")
val matcher = pattern.matcher(url)
return if (matcher.find()) {
if (matcher.group(2).isEmpty()){
throw ResponseStatusException(HttpStatus.PRECONDITION_REQUIRED, "DOMAIN not found")
}else matcher.group(2)
} else throw ResponseStatusException(HttpStatus.PRECONDITION_REQUIRED, "Invalid URL Metadata")
}
@Throws(ResponseStatusException::class)
fun getCertificado(domain: String?): String {
val certificado = StringBuilder()
val builder = ProcessBuilder()
val cmd = StringBuilder("echo | openssl s_client -connect ")
cmd.append(domain).append(":443 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'")
builder.command("sh", "-c", cmd.toString())
try {
val process = builder.start()
val reader = BufferedReader(InputStreamReader(process.inputStream))
var line: String?
while (reader.readLine().also { line = it } != null) {
certificado.append(
"""
$line
""".trimIndent()
)
}
val exitVal = process.waitFor()
if (exitVal != 0) {
return throw ResponseStatusException(HttpStatus.PRECONDITION_REQUIRED, "Error process command: $exitVal")
}
} catch (e: IOException) {
throw ResponseStatusException(HttpStatus.PRECONDITION_REQUIRED, "Error IO: ${e.message}")
} catch (e: InterruptedException) {
throw ResponseStatusException(HttpStatus.PRECONDITION_REQUIRED, "Error Interrupted: ${e.message}")
}
return if (certificado.toString().isEmpty()){
throw ResponseStatusException(HttpStatus.PRECONDITION_REQUIRED, "URL does not have certificate")
} else certificado.toString()
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment