public VerifySignAttribute() { _logger = IoC.Resolve <ILogger <VerifySignAttribute> >(); Order = 1; _configuration = IoC.Resolve <IConfiguration>(); _verifySignCommon = IoC.Resolve <IOperationFilter>(); _verifySignOption = IoC.Resolve <VerifySignOption>(); }
private bool CheckTime(long requestTime, VerifySignOption _verifySignOption) { long unixSeconds = DateTimeOffset.Now.ToUnixTimeSeconds(); if (requestTime + _verifySignOption.ExpireSeconds - unixSeconds < 0) { return(false); } return(true); }
private async Task <Tuple <bool, string> > GetSignValue(HttpContext request, ILogger <VerifySignAttribute> _logger, VerifySignOption _verifySignOption, IOperationFilter _verifySignCommon) { try { var convertedDictionatry = request.Request.Query.ToDictionary(s => s.Key, s => s.Value); var queryDic = new Dictionary <string, string>(); foreach (var item in convertedDictionatry) { queryDic.Add(item.Key.ToLower(), item.Value); } var encryptEnum = EncryptEnum.Default; var commonParameters = _verifySignOption.CommonParameters; if (!queryDic.ContainsKey(commonParameters.TimestampName) || !queryDic.ContainsKey(commonParameters.AppIdName) || !queryDic.ContainsKey(commonParameters.SignName)) { _logger.LogWarning("url参数中未找到签名所需参数[timestamp];[appid];[EncryptFlag]或[sign]"); return(Tuple.Create <bool, string>(false, "签名参数缺失")); } if (queryDic.ContainsKey(commonParameters.EncryptFlag) && int.TryParse(queryDic[commonParameters.EncryptFlag].ToString(), out int encryptint)) { encryptEnum = (EncryptEnum)encryptint; } var timestampStr = queryDic[commonParameters.TimestampName]; if (!long.TryParse(timestampStr, out long timestamp) || !CheckTime(timestamp, _verifySignOption)) { _logger.LogWarning($"{timestampStr}时间戳已过期"); return(Tuple.Create <bool, string>(false, "请校准客户端时间后再试")); } var appIdString = queryDic[commonParameters.AppIdName].ToString(); if (string.IsNullOrEmpty(appIdString)) { _logger.LogWarning(@"The request parameter is missing the Ak/Sk appID parameter VerifySign:{ AppSecret:{ [AppId]:[Secret] }}"); return(Tuple.Create <bool, string>(false, "服务异常,AppIdName未配置")); } var signvalue = queryDic[commonParameters.SignName].ToString(); queryDic.Remove(commonParameters.SignName); var bodyValue = await SignCommon.ReadAsStringAsync(request); if (!string.IsNullOrEmpty(bodyValue) && !"null".Equals(bodyValue)) { bodyValue = Regex.Replace(bodyValue, @"\s(?=([^""]*""[^""]*"")*[^""]*$)", string.Empty); bodyValue = bodyValue.Replace("\r\n", "").Replace(" : ", ":").Replace("\n ", "").Replace("\n", "").Replace(": ", ":").Replace(", ", ","); queryDic.Add("body", bodyValue); } var dicOrder = queryDic.OrderBy(s => s.Key, StringComparer.Ordinal).ToList(); StringBuilder requestStr = new StringBuilder(); for (int i = 0; i < dicOrder.Count(); i++) { if (i == dicOrder.Count() - 1) { requestStr.Append($"{dicOrder[i].Key}={dicOrder[i].Value}"); } else { requestStr.Append($"{dicOrder[i].Key}={dicOrder[i].Value}&"); } } var utf8Request = SignCommon.GetUtf8(requestStr.ToString()); var result = _verifySignCommon.GetSignhHash(utf8Request, _verifySignCommon.GetSignSecret(appIdString), encryptEnum); if (_verifySignOption.IsDebug) { _logger.LogInformation($"请求接口地址:{request.Request.Path}"); _logger.LogInformation($"拼装排序后的值{Convert.ToBase64String(Encoding.Default.GetBytes(utf8Request))}"); _logger.LogInformation($"摘要比对: {result}----{signvalue }"); } else if (signvalue != result) { _logger.LogWarning(@$ "摘要被篡改:[iphide]----{signvalue } 查看详情,请设置VerifySignOption节点的IsDebug为true"); } if (signvalue == result) { return(Tuple.Create <bool, string>(true, "签名通过")); } return(Tuple.Create <bool, string>(false, "签名异常,请求非法")); } catch (Exception ex) { _logger.LogError(ex, "签名异常"); return(Tuple.Create <bool, string>(false, "签名异常")); } }