From 7453c086709d60c13b3976da9fa5bc26fd26f2f1 Mon Sep 17 00:00:00 2001 From: anhefti Date: Mon, 11 Oct 2021 10:59:20 +0200 Subject: [PATCH 1/8] merge with 1.2.2 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 6426509d..674093f6 100644 --- a/pom.xml +++ b/pom.xml @@ -18,7 +18,7 @@ jar - 1.2.2 + 1.2-SNAPSHOT ${sebserver-version} ${sebserver-version} UTF-8 From 519ad5a9f8fb425d8410a1877430135c7bc33b10 Mon Sep 17 00:00:00 2001 From: Carol Alexandru Date: Wed, 13 Oct 2021 11:29:02 +0200 Subject: [PATCH 2/8] authenticate with OLAT using POST instead of GET --- .../lms/impl/olat/OlatLmsRestTemplate.java | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/lms/impl/olat/OlatLmsRestTemplate.java b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/lms/impl/olat/OlatLmsRestTemplate.java index 6c326124..4e759384 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/lms/impl/olat/OlatLmsRestTemplate.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/lms/impl/olat/OlatLmsRestTemplate.java @@ -12,6 +12,7 @@ import java.io.IOException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.http.HttpEntity; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpRequest; import org.springframework.http.HttpStatus; @@ -66,12 +67,16 @@ public class OlatLmsRestTemplate extends RestTemplate { private void authenticate() { // Authenticate with OLAT and store the received X-OLAT-TOKEN this.token = "authenticating"; - final String authUrl = String.format("%s%s?password=%s", - this.details.getAccessTokenUri(), + final String authUrl = this.details.getAccessTokenUri(); + final String credentials = String.format( + "{\"username\": \"%s\", \"password\": \"%s\"}", this.details.getClientId(), this.details.getClientSecret()); + final HttpHeaders httpHeaders = new HttpHeaders(); + httpHeaders.set("content-type", "application/json"); + final HttpEntity requestEntity = new HttpEntity<>(credentials, httpHeaders); try { - final ResponseEntity response = this.getForEntity(authUrl, String.class); + final ResponseEntity response = this.postForEntity(authUrl, requestEntity, String.class); final HttpHeaders responseHeaders = response.getHeaders(); log.debug("OLAT [authenticate] {} Headers: {}", response.getStatusCode(), responseHeaders); this.token = responseHeaders.getFirst("X-OLAT-TOKEN"); From 1449de217cbadf485eb6b97aad8527d2095262ac Mon Sep 17 00:00:00 2001 From: Carol Alexandru Date: Wed, 13 Oct 2021 12:01:12 +0200 Subject: [PATCH 3/8] don't construct json manually --- .../lms/impl/olat/OlatLmsRestTemplate.java | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/lms/impl/olat/OlatLmsRestTemplate.java b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/lms/impl/olat/OlatLmsRestTemplate.java index 4e759384..bc026a1f 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/lms/impl/olat/OlatLmsRestTemplate.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/lms/impl/olat/OlatLmsRestTemplate.java @@ -9,6 +9,8 @@ package ch.ethz.seb.sebserver.webservice.servicelayer.lms.impl.olat; import java.io.IOException; +import java.util.HashMap; +import java.util.Map; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -68,13 +70,12 @@ public class OlatLmsRestTemplate extends RestTemplate { // Authenticate with OLAT and store the received X-OLAT-TOKEN this.token = "authenticating"; final String authUrl = this.details.getAccessTokenUri(); - final String credentials = String.format( - "{\"username\": \"%s\", \"password\": \"%s\"}", - this.details.getClientId(), - this.details.getClientSecret()); + final Map credentials = new HashMap<>(); + credentials.put("username", this.details.getClientId()); + credentials.put("password", this.details.getClientSecret()); final HttpHeaders httpHeaders = new HttpHeaders(); httpHeaders.set("content-type", "application/json"); - final HttpEntity requestEntity = new HttpEntity<>(credentials, httpHeaders); + final HttpEntity> requestEntity = new HttpEntity<>(credentials, httpHeaders); try { final ResponseEntity response = this.postForEntity(authUrl, requestEntity, String.class); final HttpHeaders responseHeaders = response.getHeaders(); From b06e6d54245410b7c63b1fcad48eef7063dede94 Mon Sep 17 00:00:00 2001 From: anhefti Date: Mon, 25 Oct 2021 13:31:05 +0200 Subject: [PATCH 4/8] Fixed Zoom SDK JWT-Token generation --- .../ch/ethz/seb/sebserver/gbl/util/Utils.java | 5 ++ .../proctoring/ZoomProctoringService.java | 85 +++++++++++++++++-- 2 files changed, 82 insertions(+), 8 deletions(-) diff --git a/src/main/java/ch/ethz/seb/sebserver/gbl/util/Utils.java b/src/main/java/ch/ethz/seb/sebserver/gbl/util/Utils.java index cc097985..8d79797b 100644 --- a/src/main/java/ch/ethz/seb/sebserver/gbl/util/Utils.java +++ b/src/main/java/ch/ethz/seb/sebserver/gbl/util/Utils.java @@ -530,6 +530,10 @@ public final class Utils { return getMillisecondsNow() / 1000; } + public static long toSeconds(final long millis) { + return millis / 1000; + } + public static RGB toRGB(final String rgbString) { if (StringUtils.isNotBlank(rgbString)) { return new RGB( @@ -661,4 +665,5 @@ public final class Utils { return false; // Either timeout or unreachable or failed DNS lookup. } } + } diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/session/impl/proctoring/ZoomProctoringService.java b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/session/impl/proctoring/ZoomProctoringService.java index e4157f39..0118f4b9 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/session/impl/proctoring/ZoomProctoringService.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/session/impl/proctoring/ZoomProctoringService.java @@ -56,6 +56,7 @@ import ch.ethz.seb.sebserver.gbl.api.JSONMapper; import ch.ethz.seb.sebserver.gbl.async.AsyncService; import ch.ethz.seb.sebserver.gbl.async.CircuitBreaker; import ch.ethz.seb.sebserver.gbl.client.ClientCredentials; +import ch.ethz.seb.sebserver.gbl.model.exam.Exam; import ch.ethz.seb.sebserver.gbl.model.exam.ProctoringRoomConnection; import ch.ethz.seb.sebserver.gbl.model.exam.ProctoringServiceSettings; import ch.ethz.seb.sebserver.gbl.model.exam.ProctoringServiceSettings.ProctoringServerType; @@ -92,6 +93,8 @@ public class ZoomProctoringService implements ExamProctoringService { "{\"alg\":\"HS256\",\"typ\":\"JWT\"}"; private static final String ZOOM_API_ACCESS_TOKEN_PAYLOAD = "{\"iss\":\"%s\",\"exp\":%s}"; + private static final String ZOOM_SDK_ACCESS_TOKEN_PAYLOAD = + "{\"appKey\":\"%s\",\"iat\":%s,\"exp\":%s,\"tokenExp\":%s}"; private static final Map SEB_API_NAME_INSTRUCTION_NAME_MAPPING = Utils.immutableMapOf(Arrays.asList( new Tuple<>( @@ -260,7 +263,7 @@ public class ZoomProctoringService implements ExamProctoringService { proctoringSettings.appSecret, remoteProctoringRoom.joinKey); - final String jwt = this.createJWTForMeetingAccess( + final String jwt = this.createSignatureForMeetingAccess( credentials, String.valueOf(additionalZoomRoomData.meeting_id), true); @@ -275,7 +278,7 @@ public class ZoomProctoringService implements ExamProctoringService { sdkJWT = this.createJWTForSDKAccess( sdkCredentials, - String.valueOf(additionalZoomRoomData.meeting_id)); + forExam(proctoringSettings)); } return new ProctoringRoomConnection( @@ -316,7 +319,7 @@ public class ZoomProctoringService implements ExamProctoringService { proctoringSettings.appSecret, remoteProctoringRoom.joinKey); - final String jwt = this.createJWTForMeetingAccess( + final String signature = this.createSignatureForMeetingAccess( credentials, String.valueOf(additionalZoomRoomData.meeting_id), false); @@ -335,7 +338,7 @@ public class ZoomProctoringService implements ExamProctoringService { sdkJWT = this.createJWTForSDKAccess( sdkCredentials, - String.valueOf(additionalZoomRoomData.meeting_id)); + forExam(proctoringSettings)); } return new ProctoringRoomConnection( @@ -345,7 +348,7 @@ public class ZoomProctoringService implements ExamProctoringService { additionalZoomRoomData.join_url, roomName, subject, - jwt, + signature, sdkJWT, credentials.accessToken, credentials.clientId, @@ -646,12 +649,57 @@ public class ZoomProctoringService implements ExamProctoringService { private String createJWTForSDKAccess( final ClientCredentials sdkCredentials, - final String meetingId) { + final Long expTime) { - return createJWTForMeetingAccess(sdkCredentials, meetingId, false); + try { + + final CharSequence decryptedSecret = this.cryptor + .decrypt(sdkCredentials.secret) + .getOrThrow(); + + final StringBuilder builder = new StringBuilder(); + final Encoder urlEncoder = Base64.getUrlEncoder().withoutPadding(); + + final String jwtHeaderPart = urlEncoder + .encodeToString(ZOOM_ACCESS_TOKEN_HEADER.getBytes(StandardCharsets.UTF_8)); + + // epoch time in seconds + final long secondsNow = Utils.getSecondsNow(); + + final String jwtPayload = String.format( + ZOOM_SDK_ACCESS_TOKEN_PAYLOAD + .replaceAll(" ", "") + .replaceAll("\n", ""), + sdkCredentials.clientIdAsString(), + secondsNow, + expTime, + expTime); + + final String jwtPayloadPart = urlEncoder + .encodeToString(jwtPayload.getBytes(StandardCharsets.UTF_8)); + + final String message = jwtHeaderPart + "." + jwtPayloadPart; + + final Mac sha256_HMAC = Mac.getInstance(TOKEN_ENCODE_ALG); + final SecretKeySpec secret_key = new SecretKeySpec( + Utils.toByteArray(decryptedSecret), + TOKEN_ENCODE_ALG); + + sha256_HMAC.init(secret_key); + final String hash = urlEncoder + .encodeToString(sha256_HMAC.doFinal(Utils.toByteArray(message))); + + builder.append(message) + .append(".") + .append(hash); + + return builder.toString(); + } catch (final Exception e) { + throw new RuntimeException("Failed to create JWT for Zoom API access: ", e); + } } - private String createJWTForMeetingAccess( + private String createSignatureForMeetingAccess( final ClientCredentials credentials, final String meetingId, final boolean host) { @@ -683,6 +731,27 @@ public class ZoomProctoringService implements ExamProctoringService { } } + private long forExam(final ProctoringServiceSettings examProctoring) { + if (examProctoring.examId == null) { + throw new IllegalStateException("Missing exam identifier from ExamProctoring data"); + } + + long expTime = Utils.toSeconds(System.currentTimeMillis() + Constants.DAY_IN_MILLIS); + if (this.examSessionService.isExamRunning(examProctoring.examId)) { + final Exam exam = this.examSessionService.getRunningExam(examProctoring.examId) + .getOrThrow(); + if (exam.endTime != null) { + expTime = Utils.toSeconds(exam.endTime.getMillis()); + } + } + // refer to https://marketplace.zoom.us/docs/sdk/native-sdks/auth + // "exp": 0, //JWT expiration date (Min:1800 seconds greater than iat value, Max: 48 hours greater than iat value) in epoch format. + if (expTime - Utils.getSecondsNow() > Utils.toSeconds(2 * Constants.DAY_IN_MILLIS)) { + expTime = Utils.toSeconds(System.currentTimeMillis() + Constants.DAY_IN_MILLIS); + } + return expTime; + } + private final static class ZoomRestTemplate { private static final int LIZENSED_USER = 2; From d763da6a79fd82c1aead8af89438d486ac53784f Mon Sep 17 00:00:00 2001 From: anhefti Date: Wed, 27 Oct 2021 12:45:51 +0200 Subject: [PATCH 5/8] fixed exam update task for finished exams finished exams where opened-up and immediately closed agian and again on every task run. --- .../servicelayer/session/impl/ExamSessionControlTask.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/session/impl/ExamSessionControlTask.java b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/session/impl/ExamSessionControlTask.java index f2430c4f..2e1106ee 100644 --- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/session/impl/ExamSessionControlTask.java +++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/session/impl/ExamSessionControlTask.java @@ -133,6 +133,7 @@ class ExamSessionControlTask implements DisposableBean { .getOrThrow() .stream() .filter(exam -> exam.startTime.minus(this.examTimePrefix).isBefore(now)) + .filter(exam -> exam.endTime != null && exam.endTime.plus(this.examTimeSuffix).isAfter(now)) .flatMap(exam -> Result.skipOnError(this.examUpdateHandler.setRunning(exam, updateId))) .collect(Collectors.toMap(Exam::getId, Exam::getName)); From 7a0582027463a6b4a0496dd77bcd6db97a5c1a9f Mon Sep 17 00:00:00 2001 From: anhefti Date: Thu, 28 Oct 2021 14:33:51 +0200 Subject: [PATCH 6/8] SEBSERV-236 fixed --- .../service/session/proctoring/MonitoringProctoringService.java | 2 +- .../gui/service/session/proctoring/ProctoringGUIService.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/ch/ethz/seb/sebserver/gui/service/session/proctoring/MonitoringProctoringService.java b/src/main/java/ch/ethz/seb/sebserver/gui/service/session/proctoring/MonitoringProctoringService.java index 3d056de1..9ffb7886 100644 --- a/src/main/java/ch/ethz/seb/sebserver/gui/service/session/proctoring/MonitoringProctoringService.java +++ b/src/main/java/ch/ethz/seb/sebserver/gui/service/session/proctoring/MonitoringProctoringService.java @@ -487,7 +487,7 @@ public class MonitoringProctoringService { try { - final boolean active = room.roomSize > 0 && !room.isOpen; + final boolean active = room.roomSize > 0 /* && !room.isOpen SEBSERV-236 */; final Display display = pageContext.getRoot().getDisplay(); final PageAction action = (PageAction) treeItem.getData(ActionPane.ACTION_EVENT_CALL_KEY); final Image image = active diff --git a/src/main/java/ch/ethz/seb/sebserver/gui/service/session/proctoring/ProctoringGUIService.java b/src/main/java/ch/ethz/seb/sebserver/gui/service/session/proctoring/ProctoringGUIService.java index 9d69b307..63451f1e 100644 --- a/src/main/java/ch/ethz/seb/sebserver/gui/service/session/proctoring/ProctoringGUIService.java +++ b/src/main/java/ch/ethz/seb/sebserver/gui/service/session/proctoring/ProctoringGUIService.java @@ -101,7 +101,7 @@ public class ProctoringGUIService { public boolean isCollectingRoomEnabled(final String roomName) { try { final Pair pair = this.collectingRoomsActionState.get(roomName); - return pair.a.roomSize > 0 && !pair.a.isOpen; + return pair.a.roomSize > 0 /* && !pair.a.isOpen SEBSERV-236 */; } catch (final Exception e) { log.error("Failed to get actual collecting room size for room: {} cause: ", roomName, e.getMessage()); return false; From b90a28f569ead4c7704627a1d93218f9abc8abc9 Mon Sep 17 00:00:00 2001 From: anhefti Date: Mon, 1 Nov 2021 08:45:13 +0100 Subject: [PATCH 7/8] prepare for patch release v1.2.3 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 674093f6..82f3e9d6 100644 --- a/pom.xml +++ b/pom.xml @@ -18,7 +18,7 @@ jar - 1.2-SNAPSHOT + 1.2.3 ${sebserver-version} ${sebserver-version} UTF-8 From 39cac216e04346bd0f89432e4de56eddb824cd61 Mon Sep 17 00:00:00 2001 From: anhefti Date: Mon, 1 Nov 2021 09:40:20 +0100 Subject: [PATCH 8/8] prepared 1.2.4-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 82f3e9d6..730c5098 100644 --- a/pom.xml +++ b/pom.xml @@ -18,7 +18,7 @@ jar - 1.2.3 + 1.2.4-SNAPSHOT ${sebserver-version} ${sebserver-version} UTF-8