コード例 #1
0
        /// <summary>
        /// 用Client Key 、IV、Protected Server(s)相關資料 去AuthServer驗證 且取回對應的Token
        /// </summary>
        public ApiResult <AuthClientRespModel> Authenticate()
        {
            long expiredTime = GetExpiredUtc0UnixTime();

            //客戶端初始化驗證資料
            ClientAuthMacModel macModel = new ClientAuthMacModel()
            {
                AuthClientCryptoModel = new SymCryptoModel()
                {
                    IV  = clientResource.ClientIV,
                    Key = clientResource.ClientKey,
                },
                ClientId          = clientResource.ClientId,
                ExpiredTime       = expiredTime,
                Salt              = "1",
                ProtectedIdIdList = clientResource.ProtectedServers.Select(x => x.ServerId).ToList()
            };

            string clientModelStr = JsonConvert.SerializeObject(macModel);
            string macValue       = MD5Hasher.Hash(clientModelStr);

            //組出
            ClientAuthCypherTextModel cypherTextModel = new ClientAuthCypherTextModel()
            {
                ClientId          = clientResource.ClientId,
                ProtectedIdIdList = clientResource.ProtectedServers.Select(x => x.ServerId).ToList(),
                ClientMac         = macValue,
                ExpiredTime       = expiredTime,
                MacHashAlg        = "MD5",
            };

            string cypherTextModelStr = JsonConvert.SerializeObject(cypherTextModel);

            aesCrypter.SetKey(clientResource.ClientKey);
            aesCrypter.SetIV(clientResource.ClientIV);
            string encryptCypherText = aesCrypter.Encrypt(cypherTextModelStr);

            //請求 Auth Server 驗證
            AuthClientReqModel authClientReqModel = new AuthClientReqModel()
            {
                ClientId   = clientResource.ClientId,
                CypherText = encryptCypherText,
            };
            string reqStr = JsonConvert.SerializeObject(authClientReqModel);
            ApiResult <AuthClientRespModel> respones = AuthenHttpHandler.SendRequestByPost <AuthClientRespModel>(authServerAuthenApiUrl, reqStr);

            return(respones);
        }
コード例 #2
0
        public AuthResrcProtectedAuthorizeModel Verify(string token)
        {
            //解 Token
            string jwtDecodeValue = JWT.Decode(token,
                                               Encoding.Unicode.GetBytes(this.clientInProtectedMember.ShareKeyClientWithProtectedServer),
                                               JwsAlgorithm.HS256);
            ClientAuthorizedReqModel jwtObject = JsonConvert.DeserializeObject <ClientAuthorizedReqModel>(jwtDecodeValue);

            //加密後的合法 Url List
            List <string> encryptValueList = jwtObject.ValidUrlList;

            VerifyUrlIsInAuthorizedList(encryptValueList);


            ClientTempIdentityModel tempIdentityModel           = new ClientTempIdentityModel(this.clientInProtectedMember.ClientId, this.clientInProtectedMember.HashValue);
            string shareKeyClientAndResrcDependsAuthorizedTimes = GetTempClientSecretByAuthorizedTimes(this.clientInProtectedMember.ShareKeyClientWithProtectedServer, tempIdentityModel, this.clientInProtectedMember.CurrentTimes);
            string shareIVClientAndResrcDependsAuthorizedTimes  = GetTempClientSecretByAuthorizedTimes(this.clientInProtectedMember.ShareIVClientWithProtectedServer, tempIdentityModel, this.clientInProtectedMember.CurrentTimes);

            aesCrypter.SetKey(shareKeyClientAndResrcDependsAuthorizedTimes);
            aesCrypter.SetIV(shareIVClientAndResrcDependsAuthorizedTimes.Substring(0, 16));

            string clientAuthorizeCTCryptoDecrypt = aesCrypter.Decrypt(jwtObject.CurrentTimesCypherText);
            ClientCTCypherTextModelForAuthorize clientAuthorizeCypherTextModel = JsonConvert.DeserializeObject <ClientCTCypherTextModelForAuthorize>(clientAuthorizeCTCryptoDecrypt);


            if (GetUtcNowUnixTime() > clientAuthorizeCypherTextModel.ExpiredTime)
            {
                throw new ClientAuthorizeTokenExpiredException("Client authorized token has expired, please re-authenticate and get new token");
            }

            string protectedServerOriginalHash = this.clientInProtectedMember.HashValue;
            string doubleHashValue             = MD5Hasher.Hash(clientAuthorizeCypherTextModel.HashValue);

            if (doubleHashValue != protectedServerOriginalHash)
            {
                throw new TokenTicketCerticateException("After checkt the token ticket, the token ticket is not right, the ticket you send has been used, please re-authenticate and get new token ticket");
            }

            //確認是否能夠取得下一次授權
            if (jwtObject.CurrentTimes + 1 >= clientInProtectedMember.AuthZTimes)
            {
                throw new AuthorizeTimesHasRunOutException("The token authorzie times has run out and expired, please re-authenticate and get new token ticket");
            }

            TimesCypherTextPrimeModel clientPrimeModel = new TimesCypherTextPrimeModel()
            {
                ClientTempIdPrime = new ClientTempIdentityModel()
                {
                    ClientId  = clientInProtectedMember.ClientId,
                    HashValue = clientAuthorizeCypherTextModel.HashValue
                },
                CurrentTimes = clientInProtectedMember.CurrentTimes,
                ClientTempId = new ClientTempIdentityModel()
                {
                    ClientId  = clientInProtectedMember.ClientId,
                    HashValue = clientInProtectedMember.HashValue,
                },
            };

            string newShareKeyClientAndProtected = GetTempClientSecretByAuthorizedTimes(clientInProtectedMember.ShareKeyClientWithProtectedServer, clientPrimeModel.ClientTempId, clientInProtectedMember.CurrentTimes);
            string newShareIVClientAndProtected  = GetTempClientSecretByAuthorizedTimes(clientInProtectedMember.ShareIVClientWithProtectedServer, clientPrimeModel.ClientTempId, clientInProtectedMember.CurrentTimes).Substring(0, 16);


            aesCrypter.SetIV(newShareIVClientAndProtected);
            aesCrypter.SetKey(newShareKeyClientAndProtected);
            string cypherPrimeStr = JsonConvert.SerializeObject(clientPrimeModel);
            string newCypherTextRespClientForNextAuthZ = aesCrypter.Encrypt(cypherPrimeStr);

            AuthResrcProtectedAuthorizeModel result = new AuthResrcProtectedAuthorizeModel()
            {
                ClientId    = clientInProtectedMember.ClientId,
                PortectedId = clientInProtectedMember.ProtectedId,
                ProcessScoreCurrentTimes = (clientInProtectedMember.CurrentTimes + 1),
                ProcessScoreHashValue    = clientAuthorizeCypherTextModel.HashValue,
                ClientRespCypherText     = newCypherTextRespClientForNextAuthZ
            };

            return(result);
        }