Last active
July 8, 2022 11:16
-
-
Save rolandyoung/176dd310a6948e094be6 to your computer and use it in GitHub Desktop.
Revisions
-
rolandyoung revised this gist
Aug 21, 2015 . 1 changed file with 4 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,7 +7,10 @@ assert() { if [[ $1 != $2 ]]; then echo "assert" $3; exit; fi } url=http://192.168.10.221:8088/auth/realms/ATS-ci/protocol/openid-connect/token resp=$(curl -X POST $url \ --data "username=ats1" --data "password=xxx" --data "client_id=geneos-client" \ --data "grant_type=password" 2> err.log) if [[ $? -eq 0 ]]; then rm err.log; else cat err.log; exit; fi # echo $resp > message.txt # resp=$(cat message.txt) -
Aug 20, 2015 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Aug 20, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,41 @@ #!/bin/bash # tested with OpenSSL 1.0.1e-fips on Centos 6 # Note hardcoded Keycloak URL and credentials. # Keycloak public key is in ATS-ci.key.pem with -----BEGIN PUBLIC KEY----- (etc) assert() { if [[ $1 != $2 ]]; then echo "assert" $3; exit; fi } url=http://192.168.10.221:8088/auth/realms/ATS-ci/protocol/openid-connect/token resp=$(curl -X POST $url --data "username=ats1" --data "password=xxx" --data "grant_type=password" --data "client_id=client") # echo $resp > message.txt # resp=$(cat message.txt) resp=${resp%%?,?expires_in*} jwt=${resp#*token?:?} echo JWT: echo $jwt input=${jwt%.*} encHdr=${input%.*} encPayload=${input#*.} encSig=${jwt##*.} assert $jwt "$encHdr.$encPayload.$encSig" "failed to decompose jwt" echo Header: echo $encHdr | openssl enc -base64 -d echo echo Payload: echo -n $encPayload \ | perl -ne 'tr|-_|+/|; print "$1\n" while length>76 and s/(.{0,76})//; $_ .= ("", "", "==", "=")[length($_) % 4]; print' \ | openssl enc -base64 -d echo echo -n $encSig \ | perl -ne 'tr|-_|+/|; print "$1\n" while length>76 and s/(.{0,76})//; $_ .= ("", "", "==", "=")[length($_) % 4]; print' \ | openssl enc -base64 -d > ATS-ci.sig.dat echo -n $input > ATS-ci.input.txt openssl dgst -sha256 -verify ATS-ci.key.pem -signature ATS-ci.sig.dat ATS-ci.input.txt