/// <summary>
/// 用Client Key 、IV、Protected Server(s)相關資料 去AuthServer驗證 且取回對應的Token
/// </summary>
public ApiResult <AuthClientRespModel> Authenticate()
{
long expiredTime = GetExpiredUtc0UnixTime();
//客戶端初始化驗證資料
ClientAuthMacModel macModel = new ClientAuthMacModel()
{
AuthClientCryptoModel = new SymCryptoModel()
{
IV = clientResource.ClientIV,
Key = clientResource.ClientKey,
},
ClientId = clientResource.ClientId,
ExpiredTime = expiredTime,
Salt = "1",
ProtectedIdIdList = clientResource.ProtectedServers.Select(x => x.ServerId).ToList()
};
string clientModelStr = JsonConvert.SerializeObject(macModel);
string macValue = MD5Hasher.Hash(clientModelStr);
//組出
ClientAuthCypherTextModel cypherTextModel = new ClientAuthCypherTextModel()
{
ClientId = clientResource.ClientId,
ProtectedIdIdList = clientResource.ProtectedServers.Select(x => x.ServerId).ToList(),
ClientMac = macValue,
ExpiredTime = expiredTime,
MacHashAlg = "MD5",
};
string cypherTextModelStr = JsonConvert.SerializeObject(cypherTextModel);
aesCrypter.SetKey(clientResource.ClientKey);
aesCrypter.SetIV(clientResource.ClientIV);
string encryptCypherText = aesCrypter.Encrypt(cypherTextModelStr);
//請求 Auth Server 驗證
AuthClientReqModel authClientReqModel = new AuthClientReqModel()
{
ClientId = clientResource.ClientId,
CypherText = encryptCypherText,
};
string reqStr = JsonConvert.SerializeObject(authClientReqModel);
ApiResult <AuthClientRespModel> respones = AuthenHttpHandler.SendRequestByPost <AuthClientRespModel>(authServerAuthenApiUrl, reqStr);
return(respones);
}
public AuthResrcProtectedAuthorizeModel Verify(string token)
{
//解 Token
string jwtDecodeValue = JWT.Decode(token,
Encoding.Unicode.GetBytes(this.clientInProtectedMember.ShareKeyClientWithProtectedServer),
JwsAlgorithm.HS256);
ClientAuthorizedReqModel jwtObject = JsonConvert.DeserializeObject <ClientAuthorizedReqModel>(jwtDecodeValue);
//加密後的合法 Url List
List <string> encryptValueList = jwtObject.ValidUrlList;
VerifyUrlIsInAuthorizedList(encryptValueList);
ClientTempIdentityModel tempIdentityModel = new ClientTempIdentityModel(this.clientInProtectedMember.ClientId, this.clientInProtectedMember.HashValue);
string shareKeyClientAndResrcDependsAuthorizedTimes = GetTempClientSecretByAuthorizedTimes(this.clientInProtectedMember.ShareKeyClientWithProtectedServer, tempIdentityModel, this.clientInProtectedMember.CurrentTimes);
string shareIVClientAndResrcDependsAuthorizedTimes = GetTempClientSecretByAuthorizedTimes(this.clientInProtectedMember.ShareIVClientWithProtectedServer, tempIdentityModel, this.clientInProtectedMember.CurrentTimes);
aesCrypter.SetKey(shareKeyClientAndResrcDependsAuthorizedTimes);
aesCrypter.SetIV(shareIVClientAndResrcDependsAuthorizedTimes.Substring(0, 16));
string clientAuthorizeCTCryptoDecrypt = aesCrypter.Decrypt(jwtObject.CurrentTimesCypherText);
ClientCTCypherTextModelForAuthorize clientAuthorizeCypherTextModel = JsonConvert.DeserializeObject <ClientCTCypherTextModelForAuthorize>(clientAuthorizeCTCryptoDecrypt);
if (GetUtcNowUnixTime() > clientAuthorizeCypherTextModel.ExpiredTime)
{
throw new ClientAuthorizeTokenExpiredException("Client authorized token has expired, please re-authenticate and get new token");
}
string protectedServerOriginalHash = this.clientInProtectedMember.HashValue;
string doubleHashValue = MD5Hasher.Hash(clientAuthorizeCypherTextModel.HashValue);
if (doubleHashValue != protectedServerOriginalHash)
{
throw new TokenTicketCerticateException("After checkt the token ticket, the token ticket is not right, the ticket you send has been used, please re-authenticate and get new token ticket");
}
//確認是否能夠取得下一次授權
if (jwtObject.CurrentTimes + 1 >= clientInProtectedMember.AuthZTimes)
{
throw new AuthorizeTimesHasRunOutException("The token authorzie times has run out and expired, please re-authenticate and get new token ticket");
}
TimesCypherTextPrimeModel clientPrimeModel = new TimesCypherTextPrimeModel()
{
ClientTempIdPrime = new ClientTempIdentityModel()
{
ClientId = clientInProtectedMember.ClientId,
HashValue = clientAuthorizeCypherTextModel.HashValue
},
CurrentTimes = clientInProtectedMember.CurrentTimes,
ClientTempId = new ClientTempIdentityModel()
{
ClientId = clientInProtectedMember.ClientId,
HashValue = clientInProtectedMember.HashValue,
},
};
string newShareKeyClientAndProtected = GetTempClientSecretByAuthorizedTimes(clientInProtectedMember.ShareKeyClientWithProtectedServer, clientPrimeModel.ClientTempId, clientInProtectedMember.CurrentTimes);
string newShareIVClientAndProtected = GetTempClientSecretByAuthorizedTimes(clientInProtectedMember.ShareIVClientWithProtectedServer, clientPrimeModel.ClientTempId, clientInProtectedMember.CurrentTimes).Substring(0, 16);
aesCrypter.SetIV(newShareIVClientAndProtected);
aesCrypter.SetKey(newShareKeyClientAndProtected);
string cypherPrimeStr = JsonConvert.SerializeObject(clientPrimeModel);
string newCypherTextRespClientForNextAuthZ = aesCrypter.Encrypt(cypherPrimeStr);
AuthResrcProtectedAuthorizeModel result = new AuthResrcProtectedAuthorizeModel()
{
ClientId = clientInProtectedMember.ClientId,
PortectedId = clientInProtectedMember.ProtectedId,
ProcessScoreCurrentTimes = (clientInProtectedMember.CurrentTimes + 1),
ProcessScoreHashValue = clientAuthorizeCypherTextModel.HashValue,
ClientRespCypherText = newCypherTextRespClientForNextAuthZ
};
return(result);
}