private string GetCurrentTimesCypherText(AuthorizeValueModel authorizeModel, string hashNMinusI, string authZKey, string authZIv)
{
AuthorizeCypherTextModel cypherTextModel = new AuthorizeCypherTextModel
{
ClientTempId = authorizeModel.ClientTempId,
ExpiredTime = UnixTimeGenerator.GetExpiredUtc0UnixTime(addMinuteExpiredTime),
HashValue = hashNMinusI,
ProtectedId = authorizeModel.ProtectedId
};
string authorizeCypherTextStr = JsonConvert.SerializeObject(cypherTextModel);
aesCrypter.SetKey(authZKey);
aesCrypter.SetIV(authZIv.Substring(0, 16));
string currentTimesCypherText = aesCrypter.Encrypt(authorizeCypherTextStr);
return(currentTimesCypherText);
}
/// <summary>
/// 依照設定值計算後取得 ExpiredTime
/// </summary>
/// <returns></returns>
public virtual long GetExpiredUtc0UnixTime()
{
return(UnixTimeGenerator.GetExpiredUtc0UnixTime(addMinuteExpiredTime));
}
/// <summary>
/// 確認 Auth Server 驗證回應值,且請求資源保護者驗證
/// </summary>
/// <param name="cypherText"></param>
/// <param name="protectedId"></param>
/// <returns></returns>
public AuthorizeValueModel SendCypherTextToProtectedResourceForVerify(AuthClientCypherTextModel authClientCypherTextModel, string protectedId)
{
//check
if (authClientCypherTextModel.ClientId != clientResource.ClientId)
{
throw new ClientNotEqualException("ClientId is not equal.");
}
if (authClientCypherTextModel.ProtectedId != protectedId)
{
throw new ProtectedServerNotEqualException("ProtectedId is not equal. ");
}
if (UnixTimeGenerator.GetUtcNowUnixTime() > authClientCypherTextModel.ExpiredTime)
{
throw new ClientAuthorizeTokenExpiredException("Client authorized token has expired, please re-authenticate and get new token");
}
//請求資源保護者驗證
long expiredTime = GetExpiredUtc0UnixTime();
string hashValue = HashMultipleTimes(authClientCypherTextModel.RandomValue, authClientCypherTextModel.AuthZTimes);
ClientProtectedMacModel macModel = new ClientProtectedMacModel()
{
Salt = "2",
ClientTempId = authClientCypherTextModel.ClientTempId,
ProtectedId = authClientCypherTextModel.ProtectedId,
AuthZTimes = authClientCypherTextModel.AuthZTimes,
HashValue = hashValue,
ExpiredTime = expiredTime,
ClientProtectedCryptoModel = authClientCypherTextModel.ClientProtectedCryptoModel,
};
string clientResrcMacStr = JsonConvert.SerializeObject(macModel);
string macValue = MD5Hasher.Hash(clientResrcMacStr);
CheckClientReqModel reqModel = new CheckClientReqModel()
{
ClientProtectedMac = macValue,
ExpiredTime = expiredTime,
ClientTempId = authClientCypherTextModel.ClientTempId
};
string reqStr = JsonConvert.SerializeObject(reqModel);
ApiResult <bool> resrcResp = AuthenHttpHandler.SendRequestByPost <bool>(protectedAuthenApiUrl, reqStr);
//Protected Server 驗證結果
if (!resrcResp.Value)
{
throw new ProtectedServerAuthorizeException("The cypherText is not valid. Protected Server authorize fail.");
}
else
{
AuthorizeValueModel authorizeModel = new AuthorizeValueModel()
{
AuthZTimes = authClientCypherTextModel.AuthZTimes,
ClientProtectedCryptoModel = authClientCypherTextModel.ClientProtectedCryptoModel,
ClientTempId = authClientCypherTextModel.ClientTempId,
CurrentTimes = 1,
RandomValue = authClientCypherTextModel.RandomValue,
ProtectedId = authClientCypherTextModel.ProtectedId,
ValidUrlList = authClientCypherTextModel.ValidUrlList,
};
return(authorizeModel);
}
}
public virtual long GetUtcNowUnixTime()
{
return(UnixTimeGenerator.GetUtcNowUnixTime());
}
