Ejemplo n.º 1
0
        /// <summary>
        /// Client 呼叫 Protected Server進行驗證
        /// </summary>
        /// <param name="reqModel"></param>
        public void Verify(CheckClientReqModel reqModel)
        {
            //用 ProtectedServerMemberClient 組出 HashMac
            ClientTempIdentityModel clientTempId = new ClientTempIdentityModel()
            {
                ClientId  = this.memberClientModel.ClientId,
                HashValue = this.memberClientModel.HashValue,
            };

            SymCryptoModel clientProtectedCryptoModel = new SymCryptoModel()
            {
                Key = this.memberClientModel.ShareKeyClientWithProtectedServer,
                IV  = this.memberClientModel.ShareIVClientWithProtectedServer,
            };

            ClientProtectedMacModel clientProtectedMacModel = new ClientProtectedMacModel();

            clientProtectedMacModel.Salt         = "2";
            clientProtectedMacModel.ClientTempId = clientTempId;
            clientProtectedMacModel.ProtectedId  = this.memberClientModel.ProtectedId;
            clientProtectedMacModel.AuthZTimes   = this.memberClientModel.AuthZTimes;
            clientProtectedMacModel.HashValue    = clientTempId.HashValue;
            clientProtectedMacModel.ExpiredTime  = reqModel.ExpiredTime;
            clientProtectedMacModel.ClientProtectedCryptoModel = clientProtectedCryptoModel;

            string shareMacClientWithResrJson = JsonConvert.SerializeObject(clientProtectedMacModel);
            //組出HashMac
            string shareHashMacClientWithResr = MD5Hasher.Hash(shareMacClientWithResrJson);

            //檢核是否一致
            if (shareHashMacClientWithResr != reqModel.ClientProtectedMac)
            {
                throw new ShareHashMacClientWithProtectedNotEqualException("Client request mac in model is invalid. " +
                                                                           "More message: the share mac in client is not equal after protected server decrypted and compare " +
                                                                           "the mac message which client request");
            }
        }
Ejemplo n.º 2
0
        /// <summary>
        /// 確認 Auth Server 驗證回應值,且請求資源保護者驗證
        /// </summary>
        /// <param name="cypherText"></param>
        /// <param name="protectedId"></param>
        /// <returns></returns>
        public AuthorizeValueModel SendCypherTextToProtectedResourceForVerify(AuthClientCypherTextModel authClientCypherTextModel, string protectedId)
        {
            //check
            if (authClientCypherTextModel.ClientId != clientResource.ClientId)
            {
                throw new ClientNotEqualException("ClientId is not equal.");
            }
            if (authClientCypherTextModel.ProtectedId != protectedId)
            {
                throw new ProtectedServerNotEqualException("ProtectedId is not equal. ");
            }
            if (UnixTimeGenerator.GetUtcNowUnixTime() > authClientCypherTextModel.ExpiredTime)
            {
                throw new ClientAuthorizeTokenExpiredException("Client authorized token has expired, please re-authenticate and get new token");
            }

            //請求資源保護者驗證
            long   expiredTime = GetExpiredUtc0UnixTime();
            string hashValue   = HashMultipleTimes(authClientCypherTextModel.RandomValue, authClientCypherTextModel.AuthZTimes);
            ClientProtectedMacModel macModel = new ClientProtectedMacModel()
            {
                Salt         = "2",
                ClientTempId = authClientCypherTextModel.ClientTempId,
                ProtectedId  = authClientCypherTextModel.ProtectedId,
                AuthZTimes   = authClientCypherTextModel.AuthZTimes,
                HashValue    = hashValue,
                ExpiredTime  = expiredTime,
                ClientProtectedCryptoModel = authClientCypherTextModel.ClientProtectedCryptoModel,
            };

            string clientResrcMacStr     = JsonConvert.SerializeObject(macModel);
            string macValue              = MD5Hasher.Hash(clientResrcMacStr);
            CheckClientReqModel reqModel = new CheckClientReqModel()
            {
                ClientProtectedMac = macValue,
                ExpiredTime        = expiredTime,
                ClientTempId       = authClientCypherTextModel.ClientTempId
            };
            string           reqStr    = JsonConvert.SerializeObject(reqModel);
            ApiResult <bool> resrcResp = AuthenHttpHandler.SendRequestByPost <bool>(protectedAuthenApiUrl, reqStr);

            //Protected Server 驗證結果
            if (!resrcResp.Value)
            {
                throw new ProtectedServerAuthorizeException("The cypherText is not valid. Protected Server authorize fail.");
            }
            else
            {
                AuthorizeValueModel authorizeModel = new AuthorizeValueModel()
                {
                    AuthZTimes = authClientCypherTextModel.AuthZTimes,
                    ClientProtectedCryptoModel = authClientCypherTextModel.ClientProtectedCryptoModel,
                    ClientTempId = authClientCypherTextModel.ClientTempId,
                    CurrentTimes = 1,
                    RandomValue  = authClientCypherTextModel.RandomValue,
                    ProtectedId  = authClientCypherTextModel.ProtectedId,
                    ValidUrlList = authClientCypherTextModel.ValidUrlList,
                };
                return(authorizeModel);
            }
        }