public IDictionary <string, object> SaveGroup(IDictionary <string, object> parameters) { using (_dal) { long groupId = long.Parse(parameters["GroupId"].ToString()); string isModify = parameters["IsModify"].ToString(); if (isModify == "1") { string aesKey = parameters["AesKey"].ToString(); string aesIv = parameters["AesIv"].ToString(); string securityKey = parameters["SecurityKey"].ToString(); aesKey = RsaCryptoUtils.Decrypt(AesCryptoUtils.base64UrlDecode(aesKey), RsaCryptoUtils.GetPublicKey(), RsaCryptoUtils.GetPrivateKey(), 1024); aesIv = RsaCryptoUtils.Decrypt(AesCryptoUtils.base64UrlDecode(aesIv), RsaCryptoUtils.GetPublicKey(), RsaCryptoUtils.GetPrivateKey(), 1024); byte[] aesKeyByte = Encoding.UTF8.GetBytes(aesKey); byte[] aesIvByte = Encoding.UTF8.GetBytes(aesIv); securityKey = AesCryptoUtils.Decrypt(securityKey, aesKeyByte, aesIvByte); aesKeyByte = Encoding.UTF8.GetBytes(AppConfigurtaionHelper.Configuration.GetValue <string>("AesCrypto:Key")); aesIvByte = Encoding.UTF8.GetBytes(AppConfigurtaionHelper.Configuration.GetValue <string>("AesCrypto:Iv")); securityKey = AesCryptoUtils.Encrypt(securityKey, aesKeyByte, aesIvByte); parameters["SecurityKey"] = securityKey; } parameters.Remove("IsModify"); parameters.Remove("AesIv"); parameters.Remove("AesKey"); if (groupId == 0) { return(_dal.InsertGroup(parameters)); } else { return(_dal.UpdateGroup(parameters)); } } }
/// <summary> /// 验证token,并获取其中的信息 /// </summary> /// <param name="tokenStr"></param> /// <returns></returns> private ClaimsPrincipal ValidateToken(IDictionary <string, object> config, string tokenStr) { try { tokenStr = tokenStr.Substring(7); string securityKey = (string)config["SecurityKey"]; byte[] aesKeyByte = Encoding.UTF8.GetBytes(AppConfigurtaionHelper.Configuration.GetValue <string>("AesCrypto:Key")); byte[] aesIvByte = Encoding.UTF8.GetBytes(AppConfigurtaionHelper.Configuration.GetValue <string>("AesCrypto:Iv")); securityKey = AesCryptoUtils.Decrypt(securityKey, aesKeyByte, aesIvByte); var jwtTokenHandler = new JwtSecurityTokenHandler(); var tokenParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(securityKey)), // 加密解密Token的密钥 // 是否验证发布者 ValidateIssuer = true, // 发布者名称 ValidIssuer = (string)config["Issuer"], // 是否验证订阅者 ValidateAudience = true, // 订阅者名称 ValidAudience = (string)config["Audience"], // 是否验证令牌有效期 ValidateLifetime = true, //注意这是缓冲过期时间,总的有效时间等于这个时间加上jwt的过期时间,如果不配置,默认是5分钟 ClockSkew = TimeSpan.FromMinutes((int)config["ClockSkew"]) }; SecurityToken securityToken; return(jwtTokenHandler.ValidateToken(tokenStr, tokenParameters, out securityToken)); } catch (SecurityTokenExpiredException e) { RequestDataHelper.GetHttpContext().Response.Headers.Add("Token-Expired", "true"); throw new CustomException(2, "token已过期"); } catch (Exception e) { throw new CustomException(1, "无效token"); } }
public override void Before(IDbHelper db, IDictionary <string, object> config, IEnumerable <KeyValuePair <string, object> > parameters, IDictionary <string, IList <IFormFile> > files, object bodyJson) { try { IDictionary <string, object> paramDic = (IDictionary <string, object>)parameters; IDictionary <string, object> dic = this.GetOpenId(paramDic.GetValue <string>("code")); string sessionKey = dic.GetValue <string>("session_key"); string iv = paramDic.GetValue <string>("iv"); _logger.LogInformation($"sessionKey={sessionKey}\niv={iv}\nencryptedData={paramDic.GetValue<string>("encryptedData")}"); string res = AesCryptoUtils.Decrypt(paramDic.GetValue <string>("encryptedData"), Convert.FromBase64String(sessionKey), Convert.FromBase64String(iv)); IDictionary <string, object> userInfo = JsonConvert.DeserializeObject <IDictionary <string, object> >(res); //将用户信息合并到一个字典中 RequestDataHelper.MergeDictionary(ref paramDic, dic, userInfo); } catch (Exception e) { _logger.LogError(e, "登录验证扩展异常"); throw; } }
private IDictionary <string, object> CreateToken(IDictionary <string, object> config, IDictionary <string, object> user) { var claims = new Claim[] { new Claim(ClaimTypes.Sid, user.GetValue <string>("Id")), new Claim(ClaimTypes.Name, user.GetValue <string>("Nick")), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), new Claim(JwtRegisteredClaimNames.Sub, user.GetValue <string>("Nick")), new Claim(JwtRegisteredClaimNames.NameId, user.GetValue <string>("OpenId")), new Claim(JwtRegisteredClaimNames.Exp, $"{new DateTimeOffset(DateTime.Now.AddMinutes((int)config["Expires"])).ToUnixTimeSeconds()}"), new Claim(JwtRegisteredClaimNames.Nbf, $"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"), new Claim(JwtRegisteredClaimNames.Iat, $"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"), }; string securityKey = (string)config["SecurityKey"]; byte[] aesKeyByte = Encoding.UTF8.GetBytes(AppConfigurtaionHelper.Configuration.GetValue <string>("AesCrypto:Key")); byte[] aesIvByte = Encoding.UTF8.GetBytes(AppConfigurtaionHelper.Configuration.GetValue <string>("AesCrypto:Iv")); securityKey = AesCryptoUtils.Decrypt(securityKey, aesKeyByte, aesIvByte); // 和 Startup 中的配置一致 SymmetricSecurityKey key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(securityKey)); JwtSecurityToken token = new JwtSecurityToken( issuer: (string)config["Issuer"], audience: (string)config["Audience"], claims: claims, notBefore: DateTime.Now, expires: DateTime.Now.AddMinutes((int)config["Expires"]), signingCredentials: new SigningCredentials(key, SecurityAlgorithms.HmacSha256) ); string jwtToken = new JwtSecurityTokenHandler().WriteToken(token); IDictionary <string, object> result = new Dictionary <string, object>(); result["Token"] = jwtToken; result["Nick"] = user.GetValue <string>("Nick"); result["AvatarUrl"] = user.GetValue <string>("AvatarUrl"); result["Tel"] = user.GetValue <string>("Tel"); result["Gender"] = user.GetValue <string>("Gender"); return(result); }