malys · August 4, 2020 10:13
diff --git a/authorizatio_code.sh b/authorizatio_code.sh
 #!/bin/bash
 #https://medium.com/@robert.broeckelmann/openid-connect-authorization-code-flow-with-red-hat-sso-d141dde4ed3f
 #set -x
 #Apache License 2.0

 SERVER=
 REALM=
 CLIENT=
 USER=
 PW=
 CLIENT_SECRET=


 function jwt() {
  #https://www.jvt.me/posts/2019/06/13/pretty-printing-jwt-openssl/    
  for part in 1 2; do
    b64="$(cut -f$part -d. <<< "$1" | tr '_-' '/+')"
    len=${#b64}
    n=$((len % 4))
    if [[ 2 -eq n ]]; then
      b64="${b64}=="
    elif [[ 3 -eq n ]]; then
      b64="${b64}="
    fi
    openssl enc -base64 -d <<< "$b64" | python -mjson.tool
  done
 }

 function parse(){
  ACCESS_TOKEN=`echo ${CURL_OUTPUT} | python -c "import sys, json; print json.load(sys.stdin)['access_token']"`
  echo "-------------------------------------"
  echo ACCESS_TOKEN
  jwt ${ACCESS_TOKEN}
  echo "-------------------------------------"
  ID_TOKEN=`echo ${CURL_OUTPUT} | python -c "import sys, json; print json.load(sys.stdin)['id_token']"`
  echo "-------------------------------------"
  echo ID_TOKEN
  jwt ${ID_TOKEN}
  echo "-------------------------------------"
  REFRESH_TOKEN=`echo ${CURL_OUTPUT} | python -c "import sys, json; print json.load(sys.stdin)['refresh_token']"`
  echo "-------------------------------------"
  echo REFRESH_TOKEN
  jwt ${REFRESH_TOKEN}
  echo "-------------------------------------"
 }

 HEADERS=headers.out
 STATE=`python -c "import uuid; print  str(uuid.uuid4())"`
 CURL="curl -s -k"
 FINAL_REDIRECT_URI=http://localhost:3000/callback
 BASE_REALM=$SERVER/auth/realms/$REALM
 IDP_BASE_URL=${BASE_REALM}/protocol/openid-connect

 CURL_OUTPUT=`${CURL} -X GET "${IDP_BASE_URL}/auth?client_id=${CLIENT}&response_type=code&scope=openid%20profile%20email&state=${STATE}&redirect_uri=${FINAL_REDIRECT_URI}"  -c $HEADERS`
 #echo CURL_OUTPUT=${CURL_OUTPUT}
 PASSWORD_SUBMIT_URL=`sed -n 's/.*action="\([^"]*\).*/\1/p' <<< $CURL_OUTPUT`
 PASSWORD_SUBMIT_URL=`sed 's/\&amp;/\&/g' <<< $PASSWORD_SUBMIT_URL`
 #echo PASSWORD_SUBMIT_URL=${PASSWORD_SUBMIT_URL}
 CURL_OUTPUT=`${CURL} -X POST "${PASSWORD_SUBMIT_URL}" -d "username=${USER}&password=${PW}"  -b $HEADERS -D $HEADERS.2`
 #echo CURL_OUTPUT=$CURL_OUTPUT
 #echo $HEADERS
 REDIRECT_URL=`cat $HEADERS.2 | grep ^Location | cut -c10-`
 #echo $REDIRECT_URL
 CODE=`echo $REDIRECT_URL | awk -F"?" '{ print $2 }' | awk -F"&" '{print $3}' | awk -F"=" '{print $2}' | sed 's/\r//g'`
 #echo CODE=$CODE
 CURL_OUTPUT=`${CURL} -X POST "${IDP_BASE_URL}/token" -d "state=${STATE}&code=${CODE}&grant_type=authorization_code&client_id=${CLIENT}&client_secret=${CLIENT_SECRET}&redirect_uri=${FINAL_REDIRECT_URI}"  -c $HEADERS`
 parse
 while true
 do
    for i in {1..60}
    do
      date
      ${CURL} -X POST "${IDP_BASE_URL}/userinfo" -H "Content-Type: application/x-www-form-urlencoded"  -d "access_token=$ACCESS_TOKEN"
      echo "-------------------------------------"
      sleep 3
    done
    echo "-------------------------------------"
    echo REFRESH ACCESS TOKEN
    CURL_OUTPUT=`${CURL} -X POST  -d "grant_type=refresh_token&client_id=${CLIENT}&refresh_token=${REFRESH_TOKEN}" ${IDP_BASE_URL}/token`
    parse
    echo "-------------------------------------"
 done
diff --git a/grant_type_password.sh b/grant_type_password.sh
 #!/bin/bash
 # exit 1: service down
 # exit 0 && time <= 1500ms: service up
 # exit 0 && time > 1500ms: service deteriorated 
 START=$(date +%s%N)
 REALM=xx
 CLIENT=xx
 USER=xxx
 PW=xxx
 URL=$1 
 #ex :https://xxxxx:8443/auth
 RESULT=`curl -s -k --data "grant_type=password&client_id=$CLIENT&username=$USER&password=$PW" $URL/realms/$REALM/protocol/openid-connect/token`
 #echo $RESULT
 TOKEN=`echo $RESULT | sed 's/.*access_token":"//g' | sed 's/".*//g'`
 A="$(cut -d'.' -f2 <<< $TOKEN)"
 echo $A | base64 --decode | python -m json.tool
 AUTH="Authorization: bearer $TOKEN"
 SIZE=$(echo -n $AUTH | wc -c)
 echo SIZE=$SIZE
 #echo $TOKEN
 INFO=`curl  -s -X POST -k $URL/realms/$REALM/protocol/openid-connect/userinfo -H "$AUTH" -H "Content-Type: application/x-www-form-urlencoded"`
 NAME=`echo $INFO | sed 's/.*given_name":"//g' | sed 's/".*//g'`
 #echo $NAME
 END=$(date +%s%N)
 if [ "$NAME" = "$USER" ]; then
    DIFF=$((( $END - $START ) / 1000000))
    # Time performance
    echo $DIFF
    exit 0
 else
    exit 1
 fi
	#!/bin/bash
	#https://medium.com/@robert.broeckelmann/openid-connect-authorization-code-flow-with-red-hat-sso-d141dde4ed3f
	#set -x
	#Apache License 2.0

	SERVER=
	REALM=
	CLIENT=
	USER=
	PW=
	CLIENT_SECRET=


	function jwt() {
	#https://www.jvt.me/posts/2019/06/13/pretty-printing-jwt-openssl/
	for part in 1 2; do
	b64="$(cut -f$part -d. <<< "$1" \| tr '_-' '/+')"
	len=${#b64}
	n=$((len % 4))
	if [[ 2 -eq n ]]; then
	b64="${b64}=="
	elif [[ 3 -eq n ]]; then
	b64="${b64}="
	fi
	openssl enc -base64 -d <<< "$b64" \| python -mjson.tool
	done
	}

	function parse(){
	ACCESS_TOKEN=`echo ${CURL_OUTPUT} \| python -c "import sys, json; print json.load(sys.stdin)['access_token']"`
	echo "-------------------------------------"
	echo ACCESS_TOKEN
	jwt ${ACCESS_TOKEN}
	echo "-------------------------------------"
	ID_TOKEN=`echo ${CURL_OUTPUT} \| python -c "import sys, json; print json.load(sys.stdin)['id_token']"`
	echo "-------------------------------------"
	echo ID_TOKEN
	jwt ${ID_TOKEN}
	echo "-------------------------------------"
	REFRESH_TOKEN=`echo ${CURL_OUTPUT} \| python -c "import sys, json; print json.load(sys.stdin)['refresh_token']"`
	echo "-------------------------------------"
	echo REFRESH_TOKEN
	jwt ${REFRESH_TOKEN}
	echo "-------------------------------------"
	}

	HEADERS=headers.out
	STATE=`python -c "import uuid; print str(uuid.uuid4())"`
	CURL="curl -s -k"
	FINAL_REDIRECT_URI=http://localhost:3000/callback
	BASE_REALM=$SERVER/auth/realms/$REALM
	IDP_BASE_URL=${BASE_REALM}/protocol/openid-connect

	CURL_OUTPUT=`${CURL} -X GET "${IDP_BASE_URL}/auth?client_id=${CLIENT}&response_type=code&scope=openid%20profile%20email&state=${STATE}&redirect_uri=${FINAL_REDIRECT_URI}" -c $HEADERS`
	#echo CURL_OUTPUT=${CURL_OUTPUT}
	PASSWORD_SUBMIT_URL=`sed -n 's/.action="\([^"]\).*/\1/p' <<< $CURL_OUTPUT`
	PASSWORD_SUBMIT_URL=`sed 's/\&/\&/g' <<< $PASSWORD_SUBMIT_URL`
	#echo PASSWORD_SUBMIT_URL=${PASSWORD_SUBMIT_URL}
	CURL_OUTPUT=`${CURL} -X POST "${PASSWORD_SUBMIT_URL}" -d "username=${USER}&password=${PW}" -b $HEADERS -D $HEADERS.2`
	#echo CURL_OUTPUT=$CURL_OUTPUT
	#echo $HEADERS
	REDIRECT_URL=`cat $HEADERS.2 \| grep ^Location \| cut -c10-`
	#echo $REDIRECT_URL
	CODE=`echo $REDIRECT_URL \| awk -F"?" '{ print $2 }' \| awk -F"&" '{print $3}' \| awk -F"=" '{print $2}' \| sed 's/\r//g'`
	#echo CODE=$CODE
	CURL_OUTPUT=`${CURL} -X POST "${IDP_BASE_URL}/token" -d "state=${STATE}&code=${CODE}&grant_type=authorization_code&client_id=${CLIENT}&client_secret=${CLIENT_SECRET}&redirect_uri=${FINAL_REDIRECT_URI}" -c $HEADERS`
	parse
	while true
	do
	for i in {1..60}
	do
	date
	${CURL} -X POST "${IDP_BASE_URL}/userinfo" -H "Content-Type: application/x-www-form-urlencoded" -d "access_token=$ACCESS_TOKEN"
	echo "-------------------------------------"
	sleep 3
	done
	echo "-------------------------------------"
	echo REFRESH ACCESS TOKEN
	CURL_OUTPUT=`${CURL} -X POST -d "grant_type=refresh_token&client_id=${CLIENT}&refresh_token=${REFRESH_TOKEN}" ${IDP_BASE_URL}/token`
	parse
	echo "-------------------------------------"
	done
	#!/bin/bash
	# exit 1: service down
	# exit 0 && time <= 1500ms: service up
	# exit 0 && time > 1500ms: service deteriorated
	START=$(date +%s%N)
	REALM=xx
	CLIENT=xx
	USER=xxx
	PW=xxx
	URL=$1
	#ex :https://xxxxx:8443/auth
	RESULT=`curl -s -k --data "grant_type=password&client_id=$CLIENT&username=$USER&password=$PW" $URL/realms/$REALM/protocol/openid-connect/token`
	#echo $RESULT
	TOKEN=`echo $RESULT \| sed 's/.access_token":"//g' \| sed 's/".//g'`
	A="$(cut -d'.' -f2 <<< $TOKEN)"
	echo $A \| base64 --decode \| python -m json.tool
	AUTH="Authorization: bearer $TOKEN"
	SIZE=$(echo -n $AUTH \| wc -c)
	echo SIZE=$SIZE
	#echo $TOKEN
	INFO=`curl -s -X POST -k $URL/realms/$REALM/protocol/openid-connect/userinfo -H "$AUTH" -H "Content-Type: application/x-www-form-urlencoded"`
	NAME=`echo $INFO \| sed 's/.given_name":"//g' \| sed 's/".//g'`
	#echo $NAME
	END=$(date +%s%N)
	if [ "$NAME" = "$USER" ]; then
	DIFF=$((( $END - $START ) / 1000000))
	# Time performance
	echo $DIFF
	exit 0
	else
	exit 1
	fi