private string GetResrcClientKeyAuthzTimesValue(string crypto, ClientTempIdentityModel clientTempIdModel, int currentTimes) { AuthorizeHashModel authorizeKeyHashModel = new AuthorizeHashModel() { ClientProtectedCryptoStr = crypto, ClientTempId = clientTempIdModel, CurrentTimes = currentTimes }; string resrcClientKeyAuthZTimes = JsonConvert.SerializeObject(authorizeKeyHashModel); string hashValue = MD5Hasher.Hash(resrcClientKeyAuthZTimes); AuthorizeKeyModel authorizeKeyModel = new AuthorizeKeyModel { HashKeyTIDCTimesValue = resrcClientKeyAuthZTimes, HashValue = hashValue }; string authorizeCryptoStr = JsonConvert.SerializeObject(authorizeKeyModel); string hashResult = MD5Hasher.Hash(authorizeCryptoStr); return(hashResult); }
private string GetTempClientSecretByAuthorizedTimes(string shareScretClientWithProtectedServer, ClientTempIdentityModel tempIdentityModel, int currentTimes) { AuthorizeHashModel authorizeKeyHashModel = new AuthorizeHashModel { ClientProtectedCryptoStr = shareScretClientWithProtectedServer, ClientTempId = tempIdentityModel, CurrentTimes = currentTimes }; string resrcClientKeyAuthZTimes = JsonConvert.SerializeObject(authorizeKeyHashModel); string hashValue = MD5Hasher.Hash(resrcClientKeyAuthZTimes); string authorizeCryptoStr = GetAuthorizeSecretModel(hashValue, resrcClientKeyAuthZTimes); string hashResult = MD5Hasher.Hash(authorizeCryptoStr); return(hashResult); }
/// <summary> /// Client 呼叫 Protected Server進行驗證 /// </summary> /// <param name="reqModel"></param> public void Verify(CheckClientReqModel reqModel) { //用 ProtectedServerMemberClient 組出 HashMac ClientTempIdentityModel clientTempId = new ClientTempIdentityModel() { ClientId = this.memberClientModel.ClientId, HashValue = this.memberClientModel.HashValue, }; SymCryptoModel clientProtectedCryptoModel = new SymCryptoModel() { Key = this.memberClientModel.ShareKeyClientWithProtectedServer, IV = this.memberClientModel.ShareIVClientWithProtectedServer, }; ClientProtectedMacModel clientProtectedMacModel = new ClientProtectedMacModel(); clientProtectedMacModel.Salt = "2"; clientProtectedMacModel.ClientTempId = clientTempId; clientProtectedMacModel.ProtectedId = this.memberClientModel.ProtectedId; clientProtectedMacModel.AuthZTimes = this.memberClientModel.AuthZTimes; clientProtectedMacModel.HashValue = clientTempId.HashValue; clientProtectedMacModel.ExpiredTime = reqModel.ExpiredTime; clientProtectedMacModel.ClientProtectedCryptoModel = clientProtectedCryptoModel; string shareMacClientWithResrJson = JsonConvert.SerializeObject(clientProtectedMacModel); //組出HashMac string shareHashMacClientWithResr = MD5Hasher.Hash(shareMacClientWithResrJson); //檢核是否一致 if (shareHashMacClientWithResr != reqModel.ClientProtectedMac) { throw new ShareHashMacClientWithProtectedNotEqualException("Client request mac in model is invalid. " + "More message: the share mac in client is not equal after protected server decrypted and compare " + "the mac message which client request"); } }
public AuthResrcProtectedAuthorizeModel Verify(string token) { //解 Token string jwtDecodeValue = JWT.Decode(token, Encoding.Unicode.GetBytes(this.clientInProtectedMember.ShareKeyClientWithProtectedServer), JwsAlgorithm.HS256); ClientAuthorizedReqModel jwtObject = JsonConvert.DeserializeObject <ClientAuthorizedReqModel>(jwtDecodeValue); //加密後的合法 Url List List <string> encryptValueList = jwtObject.ValidUrlList; VerifyUrlIsInAuthorizedList(encryptValueList); ClientTempIdentityModel tempIdentityModel = new ClientTempIdentityModel(this.clientInProtectedMember.ClientId, this.clientInProtectedMember.HashValue); string shareKeyClientAndResrcDependsAuthorizedTimes = GetTempClientSecretByAuthorizedTimes(this.clientInProtectedMember.ShareKeyClientWithProtectedServer, tempIdentityModel, this.clientInProtectedMember.CurrentTimes); string shareIVClientAndResrcDependsAuthorizedTimes = GetTempClientSecretByAuthorizedTimes(this.clientInProtectedMember.ShareIVClientWithProtectedServer, tempIdentityModel, this.clientInProtectedMember.CurrentTimes); aesCrypter.SetKey(shareKeyClientAndResrcDependsAuthorizedTimes); aesCrypter.SetIV(shareIVClientAndResrcDependsAuthorizedTimes.Substring(0, 16)); string clientAuthorizeCTCryptoDecrypt = aesCrypter.Decrypt(jwtObject.CurrentTimesCypherText); ClientCTCypherTextModelForAuthorize clientAuthorizeCypherTextModel = JsonConvert.DeserializeObject <ClientCTCypherTextModelForAuthorize>(clientAuthorizeCTCryptoDecrypt); if (GetUtcNowUnixTime() > clientAuthorizeCypherTextModel.ExpiredTime) { throw new ClientAuthorizeTokenExpiredException("Client authorized token has expired, please re-authenticate and get new token"); } string protectedServerOriginalHash = this.clientInProtectedMember.HashValue; string doubleHashValue = MD5Hasher.Hash(clientAuthorizeCypherTextModel.HashValue); if (doubleHashValue != protectedServerOriginalHash) { throw new TokenTicketCerticateException("After checkt the token ticket, the token ticket is not right, the ticket you send has been used, please re-authenticate and get new token ticket"); } //確認是否能夠取得下一次授權 if (jwtObject.CurrentTimes + 1 >= clientInProtectedMember.AuthZTimes) { throw new AuthorizeTimesHasRunOutException("The token authorzie times has run out and expired, please re-authenticate and get new token ticket"); } TimesCypherTextPrimeModel clientPrimeModel = new TimesCypherTextPrimeModel() { ClientTempIdPrime = new ClientTempIdentityModel() { ClientId = clientInProtectedMember.ClientId, HashValue = clientAuthorizeCypherTextModel.HashValue }, CurrentTimes = clientInProtectedMember.CurrentTimes, ClientTempId = new ClientTempIdentityModel() { ClientId = clientInProtectedMember.ClientId, HashValue = clientInProtectedMember.HashValue, }, }; string newShareKeyClientAndProtected = GetTempClientSecretByAuthorizedTimes(clientInProtectedMember.ShareKeyClientWithProtectedServer, clientPrimeModel.ClientTempId, clientInProtectedMember.CurrentTimes); string newShareIVClientAndProtected = GetTempClientSecretByAuthorizedTimes(clientInProtectedMember.ShareIVClientWithProtectedServer, clientPrimeModel.ClientTempId, clientInProtectedMember.CurrentTimes).Substring(0, 16); aesCrypter.SetIV(newShareIVClientAndProtected); aesCrypter.SetKey(newShareKeyClientAndProtected); string cypherPrimeStr = JsonConvert.SerializeObject(clientPrimeModel); string newCypherTextRespClientForNextAuthZ = aesCrypter.Encrypt(cypherPrimeStr); AuthResrcProtectedAuthorizeModel result = new AuthResrcProtectedAuthorizeModel() { ClientId = clientInProtectedMember.ClientId, PortectedId = clientInProtectedMember.ProtectedId, ProcessScoreCurrentTimes = (clientInProtectedMember.CurrentTimes + 1), ProcessScoreHashValue = clientAuthorizeCypherTextModel.HashValue, ClientRespCypherText = newCypherTextRespClientForNextAuthZ }; return(result); }