public AuthClientCypherTextModel DecryptAuthServerResp(string cypherText)
{
aesCrypter.SetKey(clientResource.ClientKey);
aesCrypter.SetIV(clientResource.ClientIV);
string decryptResult = aesCrypter.Decrypt(cypherText);
AuthClientCypherTextModel authClientCypherTextModel = JsonConvert.DeserializeObject <AuthClientCypherTextModel>(decryptResult);
return(authClientCypherTextModel);
}
static void Main(string[] args)
{
Console.WriteLine("Hello World!");
ClientResource clientResource = new ClientResource()
{
ClientId = "6365724719934223450001",
ClientKey = "A25AD6A46FD945C7647AD34A993E01AF",
ClientIV = "5687EC92759818B5",
ClientName = "Sample",
ProtectedServers = new List <ClientToProtectedServerData>(),
};
RegisterInitialModel registerInitialModel = new RegisterInitialModel()
{
AddMinuteExpiredTime = 30,
AuthServerAuthenApiUrl = "http://localhost:21383/api/RegisterService/Authen/",
ProtectedAuthenApiUrl = "http://localhost:21383/api/RegisterService/CheckClientRequest",
};
Register register = new Register(clientResource, registerInitialModel, new LocalMachineAESCrypter());
var apiResult = register.Authenticate();
if (apiResult == false)
{
Console.WriteLine(apiResult.ResultMessage);
//Auth Server 驗證失敗
Environment.Exit(1);
}
List <string> cypherTextList = apiResult.Value.CypherTextList;
List <AuthClientCypherTextModel> authClientCyphersTextList = new List <AuthClientCypherTextModel>();
cypherTextList.ForEach(x => authClientCyphersTextList.Add(register.DecryptAuthServerResp(x)));
//當需要去Protected Server溝通時 取出相對應的 AuthClientCypherTextModel
AuthClientCypherTextModel authClient = authClientCyphersTextList.Where(x => x.ProtectedId == "目標Protected Server Id").Single();
//先去 Protected Server 取得驗證相關資料
AuthorizeValueModel authorizeValueModel = register.SendCypherTextToProtectedResourceForVerify(authClient, "目標Protected Server Id");
PostSampleData postSampleData = new PostSampleData()
{
Data = "Sample1",
Data2 = "Sample2"
};
//取得 afterPostAuthorizeValueModel 後,更新 AuthorizeValueModel 供下次呼叫此 Protected Server 使用
var afterPostAuthorizeValueModel = register.SendRequestAndAuthorizeByPost <PostSampleData>("目標Protected Server URL", authorizeValueModel, postSampleData);
}
/// <summary>
/// 確認 Auth Server 驗證回應值,且請求資源保護者驗證
/// </summary>
/// <param name="cypherText"></param>
/// <param name="protectedId"></param>
/// <returns></returns>
public AuthorizeValueModel SendCypherTextToProtectedResourceForVerify(AuthClientCypherTextModel authClientCypherTextModel, string protectedId)
{
//check
if (authClientCypherTextModel.ClientId != clientResource.ClientId)
{
throw new ClientNotEqualException("ClientId is not equal.");
}
if (authClientCypherTextModel.ProtectedId != protectedId)
{
throw new ProtectedServerNotEqualException("ProtectedId is not equal. ");
}
if (UnixTimeGenerator.GetUtcNowUnixTime() > authClientCypherTextModel.ExpiredTime)
{
throw new ClientAuthorizeTokenExpiredException("Client authorized token has expired, please re-authenticate and get new token");
}
//請求資源保護者驗證
long expiredTime = GetExpiredUtc0UnixTime();
string hashValue = HashMultipleTimes(authClientCypherTextModel.RandomValue, authClientCypherTextModel.AuthZTimes);
ClientProtectedMacModel macModel = new ClientProtectedMacModel()
{
Salt = "2",
ClientTempId = authClientCypherTextModel.ClientTempId,
ProtectedId = authClientCypherTextModel.ProtectedId,
AuthZTimes = authClientCypherTextModel.AuthZTimes,
HashValue = hashValue,
ExpiredTime = expiredTime,
ClientProtectedCryptoModel = authClientCypherTextModel.ClientProtectedCryptoModel,
};
string clientResrcMacStr = JsonConvert.SerializeObject(macModel);
string macValue = MD5Hasher.Hash(clientResrcMacStr);
CheckClientReqModel reqModel = new CheckClientReqModel()
{
ClientProtectedMac = macValue,
ExpiredTime = expiredTime,
ClientTempId = authClientCypherTextModel.ClientTempId
};
string reqStr = JsonConvert.SerializeObject(reqModel);
ApiResult <bool> resrcResp = AuthenHttpHandler.SendRequestByPost <bool>(protectedAuthenApiUrl, reqStr);
//Protected Server 驗證結果
if (!resrcResp.Value)
{
throw new ProtectedServerAuthorizeException("The cypherText is not valid. Protected Server authorize fail.");
}
else
{
AuthorizeValueModel authorizeModel = new AuthorizeValueModel()
{
AuthZTimes = authClientCypherTextModel.AuthZTimes,
ClientProtectedCryptoModel = authClientCypherTextModel.ClientProtectedCryptoModel,
ClientTempId = authClientCypherTextModel.ClientTempId,
CurrentTimes = 1,
RandomValue = authClientCypherTextModel.RandomValue,
ProtectedId = authClientCypherTextModel.ProtectedId,
ValidUrlList = authClientCypherTextModel.ValidUrlList,
};
return(authorizeModel);
}
}
