/// <summary>
/// Client 呼叫 Protected Server進行驗證
/// </summary>
/// <param name="reqModel"></param>
public void Verify(CheckClientReqModel reqModel)
{
//用 ProtectedServerMemberClient 組出 HashMac
ClientTempIdentityModel clientTempId = new ClientTempIdentityModel()
{
ClientId = this.memberClientModel.ClientId,
HashValue = this.memberClientModel.HashValue,
};
SymCryptoModel clientProtectedCryptoModel = new SymCryptoModel()
{
Key = this.memberClientModel.ShareKeyClientWithProtectedServer,
IV = this.memberClientModel.ShareIVClientWithProtectedServer,
};
ClientProtectedMacModel clientProtectedMacModel = new ClientProtectedMacModel();
clientProtectedMacModel.Salt = "2";
clientProtectedMacModel.ClientTempId = clientTempId;
clientProtectedMacModel.ProtectedId = this.memberClientModel.ProtectedId;
clientProtectedMacModel.AuthZTimes = this.memberClientModel.AuthZTimes;
clientProtectedMacModel.HashValue = clientTempId.HashValue;
clientProtectedMacModel.ExpiredTime = reqModel.ExpiredTime;
clientProtectedMacModel.ClientProtectedCryptoModel = clientProtectedCryptoModel;
string shareMacClientWithResrJson = JsonConvert.SerializeObject(clientProtectedMacModel);
//組出HashMac
string shareHashMacClientWithResr = MD5Hasher.Hash(shareMacClientWithResrJson);
//檢核是否一致
if (shareHashMacClientWithResr != reqModel.ClientProtectedMac)
{
throw new ShareHashMacClientWithProtectedNotEqualException("Client request mac in model is invalid. " +
"More message: the share mac in client is not equal after protected server decrypted and compare " +
"the mac message which client request");
}
}
/// <summary>
/// 確認 Auth Server 驗證回應值,且請求資源保護者驗證
/// </summary>
/// <param name="cypherText"></param>
/// <param name="protectedId"></param>
/// <returns></returns>
public AuthorizeValueModel SendCypherTextToProtectedResourceForVerify(AuthClientCypherTextModel authClientCypherTextModel, string protectedId)
{
//check
if (authClientCypherTextModel.ClientId != clientResource.ClientId)
{
throw new ClientNotEqualException("ClientId is not equal.");
}
if (authClientCypherTextModel.ProtectedId != protectedId)
{
throw new ProtectedServerNotEqualException("ProtectedId is not equal. ");
}
if (UnixTimeGenerator.GetUtcNowUnixTime() > authClientCypherTextModel.ExpiredTime)
{
throw new ClientAuthorizeTokenExpiredException("Client authorized token has expired, please re-authenticate and get new token");
}
//請求資源保護者驗證
long expiredTime = GetExpiredUtc0UnixTime();
string hashValue = HashMultipleTimes(authClientCypherTextModel.RandomValue, authClientCypherTextModel.AuthZTimes);
ClientProtectedMacModel macModel = new ClientProtectedMacModel()
{
Salt = "2",
ClientTempId = authClientCypherTextModel.ClientTempId,
ProtectedId = authClientCypherTextModel.ProtectedId,
AuthZTimes = authClientCypherTextModel.AuthZTimes,
HashValue = hashValue,
ExpiredTime = expiredTime,
ClientProtectedCryptoModel = authClientCypherTextModel.ClientProtectedCryptoModel,
};
string clientResrcMacStr = JsonConvert.SerializeObject(macModel);
string macValue = MD5Hasher.Hash(clientResrcMacStr);
CheckClientReqModel reqModel = new CheckClientReqModel()
{
ClientProtectedMac = macValue,
ExpiredTime = expiredTime,
ClientTempId = authClientCypherTextModel.ClientTempId
};
string reqStr = JsonConvert.SerializeObject(reqModel);
ApiResult <bool> resrcResp = AuthenHttpHandler.SendRequestByPost <bool>(protectedAuthenApiUrl, reqStr);
//Protected Server 驗證結果
if (!resrcResp.Value)
{
throw new ProtectedServerAuthorizeException("The cypherText is not valid. Protected Server authorize fail.");
}
else
{
AuthorizeValueModel authorizeModel = new AuthorizeValueModel()
{
AuthZTimes = authClientCypherTextModel.AuthZTimes,
ClientProtectedCryptoModel = authClientCypherTextModel.ClientProtectedCryptoModel,
ClientTempId = authClientCypherTextModel.ClientTempId,
CurrentTimes = 1,
RandomValue = authClientCypherTextModel.RandomValue,
ProtectedId = authClientCypherTextModel.ProtectedId,
ValidUrlList = authClientCypherTextModel.ValidUrlList,
};
return(authorizeModel);
}
}