/// <summary> /// 验证安全信息数据完整性 /// </summary> /// <param name="securityInfo">安全信息实体</param> private static void ValidateSecurityInfo(SecurityRequestInfo securityInfo) { if (string.IsNullOrWhiteSpace(securityInfo.AppId)) { throw new ArgumentException("AppId不可为空!"); } if (string.IsNullOrWhiteSpace(securityInfo.Signature)) { throw new ArgumentException("签名不可为空!"); } if (string.IsNullOrWhiteSpace(securityInfo.TimeStamp)) { throw new ArgumentException("时间戳不可为空!"); } }
/// <summary> /// 获取安全认证信息 /// </summary> /// <param name="context">请求上下文</param> /// <returns>安全认证信息实体</returns> public SecurityRequestInfo GetSecurityInfo(HttpActionContext context) { if (context == null) { throw new ArgumentNullException(nameof(context), "请求上下文不可为空!"); } var result = new SecurityRequestInfo { AppId = GetHeaderVaule(context.Request.Headers, "appId"), TimeStamp = GetHeaderVaule(context.Request.Headers, "timestamp"), Signature = GetHeaderVaule(context.Request.Headers, "signature"), RequestContent = GetRequestData(context) }; return(result); }
/// <summary> /// 验证安全信息是否合法 /// </summary> /// <param name="securityInfo">安全信息实体</param> /// <param name="registerInfo">注册信息实体</param> public void Validate(SecurityRequestInfo securityInfo, RegisterInfo registerInfo) { if (securityInfo == null) { throw new ArgumentNullException(nameof(securityInfo), "安全信息实体不可为空!"); } if (registerInfo == null) { throw new ArgumentNullException(nameof(registerInfo), "注册信息实体不可为空!"); } ValidateSecurityInfo(securityInfo); var sign = CreatSingData(securityInfo, registerInfo); if (sign != securityInfo.Signature) { throw new ArgumentException("签名验证错误!"); } }
/// <summary> /// 根据请求内容及注册信息,生成签名数据 /// </summary> /// <param name="securityInfo">安全信息实体</param> /// <param name="registerInfo">注册信息实体</param> /// <returns></returns> private static string CreatSingData(SecurityRequestInfo securityInfo, RegisterInfo registerInfo) { var content = $"{securityInfo.AppId}{securityInfo.TimeStamp}{securityInfo.RequestContent}{registerInfo.AppSecret}"; return(GetMD5(content)); }