public AuthClientCypherTextModel DecryptAuthServerResp(string cypherText) { aesCrypter.SetKey(clientResource.ClientKey); aesCrypter.SetIV(clientResource.ClientIV); string decryptResult = aesCrypter.Decrypt(cypherText); AuthClientCypherTextModel authClientCypherTextModel = JsonConvert.DeserializeObject <AuthClientCypherTextModel>(decryptResult); return(authClientCypherTextModel); }
/// <summary> /// OAuth Server呼叫Protected Server進行通知驗證 /// </summary> /// <param name="oauthToProtectedCypherText"></param> /// <returns></returns> public AuthResrcProtectorCypherTextModel Verify(string oauthToProtectedCypherText) { //解密OAuth Server帶過來的 CypherText string decryptCryptoStr = aesCrypter.Decrypt(oauthToProtectedCypherText); //進行反序列化,取得本次驗證需要的相關資訊 AuthResrcProtectorCypherTextModel authShareProtectedServerCypherTextModel = JsonConvert.DeserializeObject <AuthResrcProtectorCypherTextModel>(decryptCryptoStr); //將Protected Server 的 Key與IV 進行加密處理,準備進行檢核 SymCryptoModel shareSecretClientWithProtectedSymModel = GetShareSecretClientWithProtectedSymModel(this.protectedServer.ShareKeyOAuthWithProtectedServer, this.protectedServer.ShareIVOAuthWithProtectedServer, authShareProtectedServerCypherTextModel.ClientId); //檢核OAuth Server帶來的資料與 Protected Server處理後的資料 是否一致 if (authShareProtectedServerCypherTextModel.PortectedId != this.protectedServer.OAuthApplicatoinId) { throw new RequestProtectedServerNotEqualExceptoin("The protected server's application id is not equal with the ProtectedId which is send from OAuth server "); } if (GetUtcNowUnixTime() > authShareProtectedServerCypherTextModel.ExpiredTime) { throw new OAuthShareCypherWithProtectedServerExpiredException("OAuth Send Secret message like Cypher text is expired, can not use this secret"); } if (shareSecretClientWithProtectedSymModel.Key != authShareProtectedServerCypherTextModel.ClientProtectedCryptoModel.Key || shareSecretClientWithProtectedSymModel.IV != authShareProtectedServerCypherTextModel.ClientProtectedCryptoModel.IV) { throw new ShareSecretClientWithProtectedServerNotEqualException("Check the secret from OAuth Server, and found that the secret is not equal after decrypt by protected server"); } return(authShareProtectedServerCypherTextModel); }
public AuthResrcProtectedAuthorizeModel Verify(string token) { //解 Token string jwtDecodeValue = JWT.Decode(token, Encoding.Unicode.GetBytes(this.clientInProtectedMember.ShareKeyClientWithProtectedServer), JwsAlgorithm.HS256); ClientAuthorizedReqModel jwtObject = JsonConvert.DeserializeObject <ClientAuthorizedReqModel>(jwtDecodeValue); //加密後的合法 Url List List <string> encryptValueList = jwtObject.ValidUrlList; VerifyUrlIsInAuthorizedList(encryptValueList); ClientTempIdentityModel tempIdentityModel = new ClientTempIdentityModel(this.clientInProtectedMember.ClientId, this.clientInProtectedMember.HashValue); string shareKeyClientAndResrcDependsAuthorizedTimes = GetTempClientSecretByAuthorizedTimes(this.clientInProtectedMember.ShareKeyClientWithProtectedServer, tempIdentityModel, this.clientInProtectedMember.CurrentTimes); string shareIVClientAndResrcDependsAuthorizedTimes = GetTempClientSecretByAuthorizedTimes(this.clientInProtectedMember.ShareIVClientWithProtectedServer, tempIdentityModel, this.clientInProtectedMember.CurrentTimes); aesCrypter.SetKey(shareKeyClientAndResrcDependsAuthorizedTimes); aesCrypter.SetIV(shareIVClientAndResrcDependsAuthorizedTimes.Substring(0, 16)); string clientAuthorizeCTCryptoDecrypt = aesCrypter.Decrypt(jwtObject.CurrentTimesCypherText); ClientCTCypherTextModelForAuthorize clientAuthorizeCypherTextModel = JsonConvert.DeserializeObject <ClientCTCypherTextModelForAuthorize>(clientAuthorizeCTCryptoDecrypt); if (GetUtcNowUnixTime() > clientAuthorizeCypherTextModel.ExpiredTime) { throw new ClientAuthorizeTokenExpiredException("Client authorized token has expired, please re-authenticate and get new token"); } string protectedServerOriginalHash = this.clientInProtectedMember.HashValue; string doubleHashValue = MD5Hasher.Hash(clientAuthorizeCypherTextModel.HashValue); if (doubleHashValue != protectedServerOriginalHash) { throw new TokenTicketCerticateException("After checkt the token ticket, the token ticket is not right, the ticket you send has been used, please re-authenticate and get new token ticket"); } //確認是否能夠取得下一次授權 if (jwtObject.CurrentTimes + 1 >= clientInProtectedMember.AuthZTimes) { throw new AuthorizeTimesHasRunOutException("The token authorzie times has run out and expired, please re-authenticate and get new token ticket"); } TimesCypherTextPrimeModel clientPrimeModel = new TimesCypherTextPrimeModel() { ClientTempIdPrime = new ClientTempIdentityModel() { ClientId = clientInProtectedMember.ClientId, HashValue = clientAuthorizeCypherTextModel.HashValue }, CurrentTimes = clientInProtectedMember.CurrentTimes, ClientTempId = new ClientTempIdentityModel() { ClientId = clientInProtectedMember.ClientId, HashValue = clientInProtectedMember.HashValue, }, }; string newShareKeyClientAndProtected = GetTempClientSecretByAuthorizedTimes(clientInProtectedMember.ShareKeyClientWithProtectedServer, clientPrimeModel.ClientTempId, clientInProtectedMember.CurrentTimes); string newShareIVClientAndProtected = GetTempClientSecretByAuthorizedTimes(clientInProtectedMember.ShareIVClientWithProtectedServer, clientPrimeModel.ClientTempId, clientInProtectedMember.CurrentTimes).Substring(0, 16); aesCrypter.SetIV(newShareIVClientAndProtected); aesCrypter.SetKey(newShareKeyClientAndProtected); string cypherPrimeStr = JsonConvert.SerializeObject(clientPrimeModel); string newCypherTextRespClientForNextAuthZ = aesCrypter.Encrypt(cypherPrimeStr); AuthResrcProtectedAuthorizeModel result = new AuthResrcProtectedAuthorizeModel() { ClientId = clientInProtectedMember.ClientId, PortectedId = clientInProtectedMember.ProtectedId, ProcessScoreCurrentTimes = (clientInProtectedMember.CurrentTimes + 1), ProcessScoreHashValue = clientAuthorizeCypherTextModel.HashValue, ClientRespCypherText = newCypherTextRespClientForNextAuthZ }; return(result); }