/// <summary>
/// 用Client Key 、IV、Protected Server(s)相關資料 去AuthServer驗證 且取回對應的Token
/// </summary>
public ApiResult <AuthClientRespModel> Authenticate()
{
long expiredTime = GetExpiredUtc0UnixTime();
//客戶端初始化驗證資料
ClientAuthMacModel macModel = new ClientAuthMacModel()
{
AuthClientCryptoModel = new SymCryptoModel()
{
IV = clientResource.ClientIV,
Key = clientResource.ClientKey,
},
ClientId = clientResource.ClientId,
ExpiredTime = expiredTime,
Salt = "1",
ProtectedIdIdList = clientResource.ProtectedServers.Select(x => x.ServerId).ToList()
};
string clientModelStr = JsonConvert.SerializeObject(macModel);
string macValue = MD5Hasher.Hash(clientModelStr);
//組出
ClientAuthCypherTextModel cypherTextModel = new ClientAuthCypherTextModel()
{
ClientId = clientResource.ClientId,
ProtectedIdIdList = clientResource.ProtectedServers.Select(x => x.ServerId).ToList(),
ClientMac = macValue,
ExpiredTime = expiredTime,
MacHashAlg = "MD5",
};
string cypherTextModelStr = JsonConvert.SerializeObject(cypherTextModel);
aesCrypter.SetKey(clientResource.ClientKey);
aesCrypter.SetIV(clientResource.ClientIV);
string encryptCypherText = aesCrypter.Encrypt(cypherTextModelStr);
//請求 Auth Server 驗證
AuthClientReqModel authClientReqModel = new AuthClientReqModel()
{
ClientId = clientResource.ClientId,
CypherText = encryptCypherText,
};
string reqStr = JsonConvert.SerializeObject(authClientReqModel);
ApiResult <AuthClientRespModel> respones = AuthenHttpHandler.SendRequestByPost <AuthClientRespModel>(authServerAuthenApiUrl, reqStr);
return(respones);
}
public AuthorizeValueModel SendRequestAndAuthorizeByPost <TClass>(string protectedServerUrl, AuthorizeValueModel authorizeModel, TClass sendData)
{
//Hash(r)^(n-i)
int minusValue = authorizeModel.AuthZTimes - authorizeModel.CurrentTimes;
string hashNMinusI = HashMultipleTimes(authorizeModel.RandomValue, minusValue);
//初始化請求授權
string hashNMinusIAddOne = MD5Hasher.Hash(hashNMinusI);
string authZKey = GetResrcClientKeyAuthzTimesValue(authorizeModel.ClientProtectedCryptoModel.Key, authorizeModel.ClientTempId, authorizeModel.CurrentTimes);
string authZIv = GetResrcClientKeyAuthzTimesValue(authorizeModel.ClientProtectedCryptoModel.IV, authorizeModel.ClientTempId, authorizeModel.CurrentTimes);
string currentTimesCypherText = GetCurrentTimesCypherText(authorizeModel, hashNMinusI, authZKey, authZIv);
string token = GetTokenByAuthorizeDataAndCurrentTimesCypherText(authorizeModel, currentTimesCypherText);
Dictionary <string, string> headers = new Dictionary <string, string>
{
{ "ClientId", clientResource.ClientId },
{ "Token", token }
};
// 向資源保護者請求授權
string reqAuthZValueStr = JsonConvert.SerializeObject(sendData);
ApiResult <string> rescrAuthorizeRespOpt = AuthenHttpHandler.SendRequestByPost <string>(protectedServerUrl, reqAuthZValueStr, headers);
TimesCypherTextPrimeModel timesCypherTextPrimeModel = DecryptProtectedServerResult(authZKey, authZIv, rescrAuthorizeRespOpt);
bool checkAuthZValueResult = CheckProtectedServerRespAuthZValue(timesCypherTextPrimeModel);
if (checkAuthZValueResult == false)
{
throw new Exception("CheckProtectedServerRespAuthZValue is fail.");
}
authorizeModel.CurrentTimes = authorizeModel.CurrentTimes + 1;
authorizeModel.ClientTempId.HashValue = hashNMinusI;
return(authorizeModel);
}
/// <summary>
/// 確認 Auth Server 驗證回應值,且請求資源保護者驗證
/// </summary>
/// <param name="cypherText"></param>
/// <param name="protectedId"></param>
/// <returns></returns>
public AuthorizeValueModel SendCypherTextToProtectedResourceForVerify(AuthClientCypherTextModel authClientCypherTextModel, string protectedId)
{
//check
if (authClientCypherTextModel.ClientId != clientResource.ClientId)
{
throw new ClientNotEqualException("ClientId is not equal.");
}
if (authClientCypherTextModel.ProtectedId != protectedId)
{
throw new ProtectedServerNotEqualException("ProtectedId is not equal. ");
}
if (UnixTimeGenerator.GetUtcNowUnixTime() > authClientCypherTextModel.ExpiredTime)
{
throw new ClientAuthorizeTokenExpiredException("Client authorized token has expired, please re-authenticate and get new token");
}
//請求資源保護者驗證
long expiredTime = GetExpiredUtc0UnixTime();
string hashValue = HashMultipleTimes(authClientCypherTextModel.RandomValue, authClientCypherTextModel.AuthZTimes);
ClientProtectedMacModel macModel = new ClientProtectedMacModel()
{
Salt = "2",
ClientTempId = authClientCypherTextModel.ClientTempId,
ProtectedId = authClientCypherTextModel.ProtectedId,
AuthZTimes = authClientCypherTextModel.AuthZTimes,
HashValue = hashValue,
ExpiredTime = expiredTime,
ClientProtectedCryptoModel = authClientCypherTextModel.ClientProtectedCryptoModel,
};
string clientResrcMacStr = JsonConvert.SerializeObject(macModel);
string macValue = MD5Hasher.Hash(clientResrcMacStr);
CheckClientReqModel reqModel = new CheckClientReqModel()
{
ClientProtectedMac = macValue,
ExpiredTime = expiredTime,
ClientTempId = authClientCypherTextModel.ClientTempId
};
string reqStr = JsonConvert.SerializeObject(reqModel);
ApiResult <bool> resrcResp = AuthenHttpHandler.SendRequestByPost <bool>(protectedAuthenApiUrl, reqStr);
//Protected Server 驗證結果
if (!resrcResp.Value)
{
throw new ProtectedServerAuthorizeException("The cypherText is not valid. Protected Server authorize fail.");
}
else
{
AuthorizeValueModel authorizeModel = new AuthorizeValueModel()
{
AuthZTimes = authClientCypherTextModel.AuthZTimes,
ClientProtectedCryptoModel = authClientCypherTextModel.ClientProtectedCryptoModel,
ClientTempId = authClientCypherTextModel.ClientTempId,
CurrentTimes = 1,
RandomValue = authClientCypherTextModel.RandomValue,
ProtectedId = authClientCypherTextModel.ProtectedId,
ValidUrlList = authClientCypherTextModel.ValidUrlList,
};
return(authorizeModel);
}
}
