/// <summary>
/// 验证安全信息数据完整性
/// </summary>
/// <param name="securityInfo">安全信息实体</param>
private static void ValidateSecurityInfo(SecurityRequestInfo securityInfo)
{
if (string.IsNullOrWhiteSpace(securityInfo.AppId))
{
throw new ArgumentException("AppId不可为空!");
}
if (string.IsNullOrWhiteSpace(securityInfo.Signature))
{
throw new ArgumentException("签名不可为空!");
}
if (string.IsNullOrWhiteSpace(securityInfo.TimeStamp))
{
throw new ArgumentException("时间戳不可为空!");
}
}
/// <summary>
/// 获取安全认证信息
/// </summary>
/// <param name="context">请求上下文</param>
/// <returns>安全认证信息实体</returns>
public SecurityRequestInfo GetSecurityInfo(HttpActionContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context), "请求上下文不可为空!");
}
var result = new SecurityRequestInfo
{
AppId = GetHeaderVaule(context.Request.Headers, "appId"),
TimeStamp = GetHeaderVaule(context.Request.Headers, "timestamp"),
Signature = GetHeaderVaule(context.Request.Headers, "signature"),
RequestContent = GetRequestData(context)
};
return(result);
}
/// <summary>
/// 验证安全信息是否合法
/// </summary>
/// <param name="securityInfo">安全信息实体</param>
/// <param name="registerInfo">注册信息实体</param>
public void Validate(SecurityRequestInfo securityInfo, RegisterInfo registerInfo)
{
if (securityInfo == null)
{
throw new ArgumentNullException(nameof(securityInfo), "安全信息实体不可为空!");
}
if (registerInfo == null)
{
throw new ArgumentNullException(nameof(registerInfo), "注册信息实体不可为空!");
}
ValidateSecurityInfo(securityInfo);
var sign = CreatSingData(securityInfo, registerInfo);
if (sign != securityInfo.Signature)
{
throw new ArgumentException("签名验证错误!");
}
}
/// <summary>
/// 根据请求内容及注册信息,生成签名数据
/// </summary>
/// <param name="securityInfo">安全信息实体</param>
/// <param name="registerInfo">注册信息实体</param>
/// <returns></returns>
private static string CreatSingData(SecurityRequestInfo securityInfo, RegisterInfo registerInfo)
{
var content = $"{securityInfo.AppId}{securityInfo.TimeStamp}{securityInfo.RequestContent}{registerInfo.AppSecret}";
return(GetMD5(content));
}
