private string GetCurrentTimesCypherText(AuthorizeValueModel authorizeModel, string hashNMinusI, string authZKey, string authZIv) { AuthorizeCypherTextModel cypherTextModel = new AuthorizeCypherTextModel { ClientTempId = authorizeModel.ClientTempId, ExpiredTime = UnixTimeGenerator.GetExpiredUtc0UnixTime(addMinuteExpiredTime), HashValue = hashNMinusI, ProtectedId = authorizeModel.ProtectedId }; string authorizeCypherTextStr = JsonConvert.SerializeObject(cypherTextModel); aesCrypter.SetKey(authZKey); aesCrypter.SetIV(authZIv.Substring(0, 16)); string currentTimesCypherText = aesCrypter.Encrypt(authorizeCypherTextStr); return(currentTimesCypherText); }
/// <summary> /// 依照設定值計算後取得 ExpiredTime /// </summary> /// <returns></returns> public virtual long GetExpiredUtc0UnixTime() { return(UnixTimeGenerator.GetExpiredUtc0UnixTime(addMinuteExpiredTime)); }
/// <summary> /// 確認 Auth Server 驗證回應值,且請求資源保護者驗證 /// </summary> /// <param name="cypherText"></param> /// <param name="protectedId"></param> /// <returns></returns> public AuthorizeValueModel SendCypherTextToProtectedResourceForVerify(AuthClientCypherTextModel authClientCypherTextModel, string protectedId) { //check if (authClientCypherTextModel.ClientId != clientResource.ClientId) { throw new ClientNotEqualException("ClientId is not equal."); } if (authClientCypherTextModel.ProtectedId != protectedId) { throw new ProtectedServerNotEqualException("ProtectedId is not equal. "); } if (UnixTimeGenerator.GetUtcNowUnixTime() > authClientCypherTextModel.ExpiredTime) { throw new ClientAuthorizeTokenExpiredException("Client authorized token has expired, please re-authenticate and get new token"); } //請求資源保護者驗證 long expiredTime = GetExpiredUtc0UnixTime(); string hashValue = HashMultipleTimes(authClientCypherTextModel.RandomValue, authClientCypherTextModel.AuthZTimes); ClientProtectedMacModel macModel = new ClientProtectedMacModel() { Salt = "2", ClientTempId = authClientCypherTextModel.ClientTempId, ProtectedId = authClientCypherTextModel.ProtectedId, AuthZTimes = authClientCypherTextModel.AuthZTimes, HashValue = hashValue, ExpiredTime = expiredTime, ClientProtectedCryptoModel = authClientCypherTextModel.ClientProtectedCryptoModel, }; string clientResrcMacStr = JsonConvert.SerializeObject(macModel); string macValue = MD5Hasher.Hash(clientResrcMacStr); CheckClientReqModel reqModel = new CheckClientReqModel() { ClientProtectedMac = macValue, ExpiredTime = expiredTime, ClientTempId = authClientCypherTextModel.ClientTempId }; string reqStr = JsonConvert.SerializeObject(reqModel); ApiResult <bool> resrcResp = AuthenHttpHandler.SendRequestByPost <bool>(protectedAuthenApiUrl, reqStr); //Protected Server 驗證結果 if (!resrcResp.Value) { throw new ProtectedServerAuthorizeException("The cypherText is not valid. Protected Server authorize fail."); } else { AuthorizeValueModel authorizeModel = new AuthorizeValueModel() { AuthZTimes = authClientCypherTextModel.AuthZTimes, ClientProtectedCryptoModel = authClientCypherTextModel.ClientProtectedCryptoModel, ClientTempId = authClientCypherTextModel.ClientTempId, CurrentTimes = 1, RandomValue = authClientCypherTextModel.RandomValue, ProtectedId = authClientCypherTextModel.ProtectedId, ValidUrlList = authClientCypherTextModel.ValidUrlList, }; return(authorizeModel); } }
public virtual long GetUtcNowUnixTime() { return(UnixTimeGenerator.GetUtcNowUnixTime()); }