diff --git a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiCndnsApiMailAdapter.java b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiCndnsApiMailAdapter.java new file mode 100644 index 000000000..da25677c7 --- /dev/null +++ b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiCndnsApiMailAdapter.java @@ -0,0 +1,125 @@ +/* + * Copyright [2020] [MaxKey of copyright http://www.maxkey.top] + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +package org.maxkey.authz.exapi.endpoint.adapter; + +import java.time.Instant; +import java.util.HashMap; + +import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; +import org.maxkey.client.http.HttpVerb; +import org.maxkey.client.oauth.OAuthClient; +import org.maxkey.client.oauth.model.Token; +import org.maxkey.crypto.DigestUtils; +import org.maxkey.util.HttpsTrusts; +import org.maxkey.util.JsonUtils; +import org.maxkey.domain.ExtraAttrs; +import org.maxkey.domain.UserInfo; +import org.maxkey.domain.apps.Apps; +import org.maxkey.web.WebContext; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.web.servlet.ModelAndView; +/** + * https://exmail.qq.com/qy_mng_logic/doc + * exmail sso + * @author shimingxy + * + */ +public class ExtendApiCndnsApiMailAdapter extends AbstractAuthorizeAdapter { + final static Logger _logger = LoggerFactory.getLogger(ExtendApiCndnsApiMailAdapter.class); + //sign no parameter + //sign=md5(action=getDomainInfo&appid=***&time=1579736456 + md5(token)) + //sign with parameter + //sign=md5(action=getUserInfo&appid=***&email=admin@maxkey.org&time=1579736456 + md5(token)) + + static String SIGN_STRING ="action=getDomainInfo&appid=%s%s"; + + static String SIGN_EMAIL_STRING ="action=getUserInfo&appid=%s&email=%s&time=%s%s"; + + static String ADMIN_AUTHKEY_URI ="https://www.cndnsapi.com/email/clientmanagement?action=getDomailUrl&appid=%s&sign=%s&time=%s"; + + static String AUTHKEY_URI ="https://www.cndnsapi.com/email/clientmanagement?action=getWebMailUrl&appid=%s&sign=%s&time=%s"; + + + @Override + public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) { + return null; + } + + @Override + public String encrypt(String data, String algorithmKey, String algorithm) { + return null; + } + + @Override + public ModelAndView authorize(UserInfo userInfo, Object app, String data,ModelAndView modelAndView) { + HttpsTrusts.beforeConnection(); + + Apps details=(Apps)app; + //extraAttrs from Applications + ExtraAttrs extraAttrs=null; + String action = "getWebMailUrl"; + String domain = null; + if(details.getIsExtendAttr()==1){ + extraAttrs=new ExtraAttrs(details.getExtendAttr()); + if(extraAttrs.get("action")==null || extraAttrs.get("action").equalsIgnoreCase("getWebMailUrl")) { + action = "getWebMailUrl"; + }else if(extraAttrs.get("action").equalsIgnoreCase("getDomailUrl")){ + action = "getDomailUrl"; + domain = extraAttrs.get("domain"); + } + } + + String timestamp = ""+Instant.now().getEpochSecond(); + + String tokenMd5 =DigestUtils.md5Hex(details.getCredentials()); + HashMap requestParamenter =new HashMap(); + String redirec_uri = ""; + if(action.equalsIgnoreCase("getDomailUrl")) { + String sign =DigestUtils.md5Hex + (String.format( + SIGN_STRING, + details.getPrincipal(),timestamp,tokenMd5)); + requestParamenter.put("domain", domain); + OAuthClient authkeyRestClient=new OAuthClient( + String.format(ADMIN_AUTHKEY_URI,details.getPrincipal(),sign,timestamp),HttpVerb.POST); + authkeyRestClient.addRestObject(requestParamenter); + + HashMap authKey=JsonUtils.gson2Object(authkeyRestClient.execute().getBody(), HashMap.class); + redirec_uri=authKey.get("adminUrl"); + + }else { + String sign =DigestUtils.md5Hex + (String.format( + SIGN_EMAIL_STRING, + details.getPrincipal(),userInfo.getEmail(),timestamp,tokenMd5)); + requestParamenter.put("email", userInfo.getWorkEmail()); + OAuthClient authkeyRestClient=new OAuthClient( + String.format(AUTHKEY_URI,details.getPrincipal(),sign,timestamp),HttpVerb.POST); + authkeyRestClient.addRestObject(requestParamenter); + + HashMap authKey=JsonUtils.gson2Object(authkeyRestClient.execute().getBody(), HashMap.class); + redirec_uri=authKey.get("webmailUrl"); + } + + _logger.debug("redirec_uri : "+redirec_uri); + return WebContext.redirect(redirec_uri); + } + +} diff --git a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailDefaultAdapter.java b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailAdapter.java similarity index 68% rename from maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailDefaultAdapter.java rename to maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailAdapter.java index 577d51e78..af157e4b7 100644 --- a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailDefaultAdapter.java +++ b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailAdapter.java @@ -23,6 +23,7 @@ import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.client.oauth.OAuthClient; import org.maxkey.client.oauth.model.Token; +import org.maxkey.util.HttpsTrusts; import org.maxkey.util.JsonUtils; import org.maxkey.domain.ExtraAttrs; import org.maxkey.domain.UserInfo; @@ -31,12 +32,18 @@ import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.web.servlet.ModelAndView; - -public class ExtendApiQQExmailDefaultAdapter extends AbstractAuthorizeAdapter { - final static Logger _logger = LoggerFactory.getLogger(ExtendApiQQExmailDefaultAdapter.class); - static String login_url_template="https://exmail.qq.com/cgi-bin/login?fun=bizopenssologin&method=bizauth&agent=%s&user=%s&ticket=%s"; - static String token_uri="https://exmail.qq.com/cgi-bin/token"; - static String authkey_uri="http://openapi.exmail.qq.com:12211/openapi/mail/authkey"; +/** + * https://exmail.qq.com/qy_mng_logic/doc + * exmail sso + * @author shimingxy + * + */ +public class ExtendApiQQExmailAdapter extends AbstractAuthorizeAdapter { + final static Logger _logger = LoggerFactory.getLogger(ExtendApiQQExmailAdapter.class); + //https://exmail.qq.com/qy_mng_logic/doc#10003 + static String TOKEN_URI="https://api.exmail.qq.com/cgi-bin/gettoken?corpid=%s&corpsecret=%s"; + //https://exmail.qq.com/qy_mng_logic/doc#10036 + static String AUTHKEY_URI="https://api.exmail.qq.com/cgi-bin/service/get_login_url?access_token=%s&userid=%s"; @Override public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) { @@ -50,26 +57,26 @@ public class ExtendApiQQExmailDefaultAdapter extends AbstractAuthorizeAdapter { @Override public ModelAndView authorize(UserInfo userInfo, Object app, String data,ModelAndView modelAndView) { + HttpsTrusts.beforeConnection(); + Apps details=(Apps)app; //extraAttrs from Applications ExtraAttrs extraAttrs=null; if(details.getIsExtendAttr()==1){ extraAttrs=new ExtraAttrs(details.getExtendAttr()); } - OAuthClient tokenRestClient=new OAuthClient(token_uri); - tokenRestClient.addParameter("grant_type", "client_credentials"); - tokenRestClient.addBasicAuthorization(details.getPrincipal(), details.getCredentials()); + OAuthClient tokenRestClient=new OAuthClient( + String.format(TOKEN_URI,details.getPrincipal(),details.getCredentials())); Token token =tokenRestClient.requestAccessToken(); _logger.debug(""+token); - OAuthClient authkeyRestClient=new OAuthClient(authkey_uri); - authkeyRestClient.addBearerAuthorization(token.getAccess_token()); - authkeyRestClient.addParameter("Alias", details.getAppUser().getRelatedUsername()); + OAuthClient authkeyRestClient=new OAuthClient( + String.format(AUTHKEY_URI,token.getAccess_token(),details.getAppUser().getRelatedUsername())); HashMap authKey=JsonUtils.gson2Object(authkeyRestClient.execute().getBody(), HashMap.class); _logger.debug("authKey : "+authKey); - String redirec_uri=String.format(login_url_template,details.getPrincipal(),details.getAppUser().getRelatedUsername(),authKey.get("auth_key")); + String redirec_uri=authKey.get("login_url"); _logger.debug("redirec_uri : "+redirec_uri); return WebContext.redirect(redirec_uri); } diff --git a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiTimestampSignAdapter.java b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiTimestampSignAdapter.java new file mode 100644 index 000000000..02c99f287 --- /dev/null +++ b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiTimestampSignAdapter.java @@ -0,0 +1,94 @@ +/* + * Copyright [2021] [MaxKey of copyright http://www.maxkey.top] + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +package org.maxkey.authz.exapi.endpoint.adapter; + +import java.time.Instant; +import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; +import org.maxkey.crypto.DigestUtils; +import org.maxkey.domain.ExtraAttrs; +import org.maxkey.domain.UserInfo; +import org.maxkey.domain.apps.Apps; +import org.maxkey.web.WebContext; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.web.servlet.ModelAndView; +/** + * + * http://target.maxkey.org/demo/login?code=maxkey&time=timestamp&token=token + * login url http://target.maxkey.org/demo/login?code=%s×tamp=%s&token=%s + * + * $code = 'maxkey'; + * $key = 'a5246932b0f371263c252384076cd3f0'; + * $timestamp = '1557034496'; + * $token = md5($code . $key . $time); + * + * @author shimingxy + * + */ +public class ExtendApiTimestampSignAdapter extends AbstractAuthorizeAdapter { + final static Logger _logger = LoggerFactory.getLogger(ExtendApiTimestampSignAdapter.class); + + @Override + public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) { + return null; + } + + @Override + public String encrypt(String data, String algorithmKey, String algorithm) { + return null; + } + + @Override + public ModelAndView authorize(UserInfo userInfo, Object app, String data,ModelAndView modelAndView) { + Apps details=(Apps)app; + + String code = details.getPrincipal(); + String key = details.getCredentials(); + String timestamp = ""+Instant.now().getEpochSecond(); + String token =DigestUtils.md5Hex(code+key+timestamp); + + //extraAttrs from Applications + ExtraAttrs extraAttrs=null; + if(details.getIsExtendAttr()==1){ + extraAttrs=new ExtraAttrs(details.getExtendAttr()); + if(extraAttrs.get("sign") == null || extraAttrs.get("sign").equalsIgnoreCase("md5")) { + + }else if(extraAttrs.get("sign").equalsIgnoreCase("sha") || extraAttrs.get("sign").equalsIgnoreCase("sha1")) { + token =DigestUtils.shaHex(code+key+timestamp); + }else if(extraAttrs.get("sign").equalsIgnoreCase("sha256")) { + token =DigestUtils.sha256Hex(code+key+timestamp); + }else if(extraAttrs.get("sign").equalsIgnoreCase("sha384")) { + token =DigestUtils.sha384Hex(code+key+timestamp); + }else if(extraAttrs.get("sign").equalsIgnoreCase("sha512")) { + token =DigestUtils.sha512Hex(code+key+timestamp); + } + } + + _logger.debug(""+token); + String account = userInfo.getUsername(); + + String redirec_uri = String.format(details.getLoginUrl(),account,code,timestamp,token); + + + _logger.debug("redirec_uri : "+redirec_uri); + + return WebContext.redirect(redirec_uri); + } + +} \ No newline at end of file diff --git a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiZentaoDefaultAdapter.java b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiZentaoAdapter.java similarity index 96% rename from maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiZentaoDefaultAdapter.java rename to maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiZentaoAdapter.java index bb51000f0..97af8c0b0 100644 --- a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiZentaoDefaultAdapter.java +++ b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiZentaoAdapter.java @@ -40,8 +40,8 @@ import org.springframework.web.servlet.ModelAndView; * @author shimi * */ -public class ExtendApiZentaoDefaultAdapter extends AbstractAuthorizeAdapter { - final static Logger _logger = LoggerFactory.getLogger(ExtendApiZentaoDefaultAdapter.class); +public class ExtendApiZentaoAdapter extends AbstractAuthorizeAdapter { + final static Logger _logger = LoggerFactory.getLogger(ExtendApiZentaoAdapter.class); static String login_url_template="api.php?m=user&f=apilogin&account=%s&code=%s&time=%s&token=%s"; static String login_url_m_template="account=%s&code=%s&time=%s&token=%s"; @@ -91,3 +91,4 @@ public class ExtendApiZentaoDefaultAdapter extends AbstractAuthorizeAdapter { } } +