public ActionResult _LoadCert() { JsonSerializer serializer = new JsonSerializer(); ErrorLogger errorLogger = new ErrorLogger(); string baseURL = _configuration.GetSection("CSC_API").GetSection("BaseURL").Value; InputCredentialsList credentialsList = new InputCredentialsList() { }; MyHttpClient myHttpClient = new MyHttpClient(serializer, errorLogger, baseURL); var response = myHttpClient.GetCertificatesList(_accessToken.GetAccessToken().access_token, credentialsList); List <CredentialObject> userCertificates = new List <CredentialObject>(); if (!response.Contains("error")) { List <OutputCredentials> outputCredentials = serializer.Deserialize <List <OutputCredentials> >(response); foreach (var output in outputCredentials) { //trebuie sa adaug si credential id Cert certificate = new Cert(); byte[] certBytes = Convert.FromBase64String(output.cert.certificates.FirstOrDefault()); var certTest = new X509Certificate2(certBytes); certificate.issuerDN = certTest.IssuerName.Name.ToString(); certificate.serialNumber = certTest.SerialNumber.ToString(); certificate.subjectDN = certTest.SubjectName.Name.ToString(); certificate.status = certTest.FriendlyName.ToString(); certificate.validFrom = certTest.NotBefore.ToString(); certificate.validTo = certTest.NotAfter.ToString(); string credID = output.credentialID; CredentialObject userCredentialObject = new CredentialObject(); userCredentialObject.credentialID = credID; userCredentialObject.certificate = certificate; userCertificates.Add(userCredentialObject); } } return(PartialView("_LoadCert", userCertificates)); }
/// <summary> /// /// </summary> /// <param name="request"></param> /// <returns></returns> public ProcessResult Auth(HecpRequest request) { if (request == null) { return(new ProcessResult(false, Status.NoneCommand, "空请求")); } CredentialObject credential = request.Credential; if (credential == null) { return(new ProcessResult(false, Status.NoneCredential, "未传入证书对象")); } else if (credential.CredentialType == CredentialType.Undefined) { return(new ProcessResult(false, Status.InvalidCredentialType, "未定义的证书类型")); } else if (credential.Ticks < SystemTime.UtcNow().AddYears(-1).Ticks || credential.Ticks > SystemTime.UtcNow().AddYears(1).Ticks) { return(new ProcessResult(false, Status.InvalidTicks, "非法的时间戳:" + credential.Ticks)); } var t = new DateTime(credential.Ticks, DateTimeKind.Utc); if (t.AddSeconds(request.Host.Config.TicksTimeout) < SystemTime.UtcNow() || t.AddSeconds(-request.Host.Config.TicksTimeout) > SystemTime.UtcNow()) { return(new ProcessResult(false, Status.NotAuthorized, "时间戳超时:" + credential.Ticks)); } else { switch (credential.ClientType) { case ClientType.Undefined: return(new ProcessResult(false, Status.InvalidClientType, "非法的客户端类型")); case ClientType.Node: { // 向后兼容uia的实名认证在使用的token证书类型。如果ClientID为空则从UserName字段提取ClientID string clientId = credential.ClientId; NodeDescriptor node; if (!request.Host.NodeHost.Nodes.TryGetNodeByPublicKey(clientId, out node)) { return(new ProcessResult(false, Status.InvalidClientId, "未知的节点")); } else if (node.Node.IsEnabled != 1) { return(new ProcessResult(false, Status.NodeIsDisabled, "节点已被禁用")); } else if (!node.Node.IsReceiveEnabled) { return(new ProcessResult(false, Status.ReceiveIsDisabled, "来自本节点的请求被禁止接收")); } if (string.IsNullOrEmpty(credential.Password)) { return(new ProcessResult(false, Status.NotAuthorized, "签名不能为空")); } switch (credential.CredentialType) { case CredentialType.Undefined: return(new ProcessResult(false, Status.InvalidCredentialType, "未定义的证书类型")); case CredentialType.Token: // 证书类型是令牌 var token = TokenObject.Create(credential.Password, clientId, credential.Ticks); if (!token.IsValid(node.Node.SecretKey)) { return(new ProcessResult(false, Status.NotAuthorized, "节点身份未验证通过")); } break; case CredentialType.Signature: // 证书类型是签名 if (credential.SignatureMethod == SignatureMethod.Undefined) { return(new ProcessResult(false, Status.NotAuthorized, "未指定签名算法,签名算法如:" + SignatureMethod.HMAC_SHA1.ToName())); } if (!CredentialObject.Valid(request, node.Node.SecretKey, credential.SignatureMethod)) { return(new ProcessResult(false, Status.NotAuthorized, "签名可能被篡改,数据传输对象状态有变化时需重新签名。")); } break; case CredentialType.OAuth: if (credential.SignatureMethod == SignatureMethod.Undefined) { return(new ProcessResult(false, Status.NotAuthorized, "未指定签名算法,签名算法如:" + SignatureMethod.HMAC_SHA1.ToName())); } return(new ProcessResult(false, Status.NotAuthorized, "暂不支持开放授权")); default: return(new ProcessResult(false, Status.NotAuthorized, "暂不支持" + credential.CredentialType.ToName() + "证书类型")); } break; } case ClientType.App: return(new ProcessResult(false, Status.InvalidClientType, "暂不支持")); case ClientType.Monitor: return(new ProcessResult(false, Status.InvalidClientType, "暂不支持")); default: break; } } return(new ProcessResult(true, Status.Ok, "身份认证通过"));; }