public AuthClientCypherTextModel DecryptAuthServerResp(string cypherText) { aesCrypter.SetKey(clientResource.ClientKey); aesCrypter.SetIV(clientResource.ClientIV); string decryptResult = aesCrypter.Decrypt(cypherText); AuthClientCypherTextModel authClientCypherTextModel = JsonConvert.DeserializeObject <AuthClientCypherTextModel>(decryptResult); return(authClientCypherTextModel); }
static void Main(string[] args) { Console.WriteLine("Hello World!"); ClientResource clientResource = new ClientResource() { ClientId = "6365724719934223450001", ClientKey = "A25AD6A46FD945C7647AD34A993E01AF", ClientIV = "5687EC92759818B5", ClientName = "Sample", ProtectedServers = new List <ClientToProtectedServerData>(), }; RegisterInitialModel registerInitialModel = new RegisterInitialModel() { AddMinuteExpiredTime = 30, AuthServerAuthenApiUrl = "http://localhost:21383/api/RegisterService/Authen/", ProtectedAuthenApiUrl = "http://localhost:21383/api/RegisterService/CheckClientRequest", }; Register register = new Register(clientResource, registerInitialModel, new LocalMachineAESCrypter()); var apiResult = register.Authenticate(); if (apiResult == false) { Console.WriteLine(apiResult.ResultMessage); //Auth Server 驗證失敗 Environment.Exit(1); } List <string> cypherTextList = apiResult.Value.CypherTextList; List <AuthClientCypherTextModel> authClientCyphersTextList = new List <AuthClientCypherTextModel>(); cypherTextList.ForEach(x => authClientCyphersTextList.Add(register.DecryptAuthServerResp(x))); //當需要去Protected Server溝通時 取出相對應的 AuthClientCypherTextModel AuthClientCypherTextModel authClient = authClientCyphersTextList.Where(x => x.ProtectedId == "目標Protected Server Id").Single(); //先去 Protected Server 取得驗證相關資料 AuthorizeValueModel authorizeValueModel = register.SendCypherTextToProtectedResourceForVerify(authClient, "目標Protected Server Id"); PostSampleData postSampleData = new PostSampleData() { Data = "Sample1", Data2 = "Sample2" }; //取得 afterPostAuthorizeValueModel 後,更新 AuthorizeValueModel 供下次呼叫此 Protected Server 使用 var afterPostAuthorizeValueModel = register.SendRequestAndAuthorizeByPost <PostSampleData>("目標Protected Server URL", authorizeValueModel, postSampleData); }
/// <summary> /// 確認 Auth Server 驗證回應值,且請求資源保護者驗證 /// </summary> /// <param name="cypherText"></param> /// <param name="protectedId"></param> /// <returns></returns> public AuthorizeValueModel SendCypherTextToProtectedResourceForVerify(AuthClientCypherTextModel authClientCypherTextModel, string protectedId) { //check if (authClientCypherTextModel.ClientId != clientResource.ClientId) { throw new ClientNotEqualException("ClientId is not equal."); } if (authClientCypherTextModel.ProtectedId != protectedId) { throw new ProtectedServerNotEqualException("ProtectedId is not equal. "); } if (UnixTimeGenerator.GetUtcNowUnixTime() > authClientCypherTextModel.ExpiredTime) { throw new ClientAuthorizeTokenExpiredException("Client authorized token has expired, please re-authenticate and get new token"); } //請求資源保護者驗證 long expiredTime = GetExpiredUtc0UnixTime(); string hashValue = HashMultipleTimes(authClientCypherTextModel.RandomValue, authClientCypherTextModel.AuthZTimes); ClientProtectedMacModel macModel = new ClientProtectedMacModel() { Salt = "2", ClientTempId = authClientCypherTextModel.ClientTempId, ProtectedId = authClientCypherTextModel.ProtectedId, AuthZTimes = authClientCypherTextModel.AuthZTimes, HashValue = hashValue, ExpiredTime = expiredTime, ClientProtectedCryptoModel = authClientCypherTextModel.ClientProtectedCryptoModel, }; string clientResrcMacStr = JsonConvert.SerializeObject(macModel); string macValue = MD5Hasher.Hash(clientResrcMacStr); CheckClientReqModel reqModel = new CheckClientReqModel() { ClientProtectedMac = macValue, ExpiredTime = expiredTime, ClientTempId = authClientCypherTextModel.ClientTempId }; string reqStr = JsonConvert.SerializeObject(reqModel); ApiResult <bool> resrcResp = AuthenHttpHandler.SendRequestByPost <bool>(protectedAuthenApiUrl, reqStr); //Protected Server 驗證結果 if (!resrcResp.Value) { throw new ProtectedServerAuthorizeException("The cypherText is not valid. Protected Server authorize fail."); } else { AuthorizeValueModel authorizeModel = new AuthorizeValueModel() { AuthZTimes = authClientCypherTextModel.AuthZTimes, ClientProtectedCryptoModel = authClientCypherTextModel.ClientProtectedCryptoModel, ClientTempId = authClientCypherTextModel.ClientTempId, CurrentTimes = 1, RandomValue = authClientCypherTextModel.RandomValue, ProtectedId = authClientCypherTextModel.ProtectedId, ValidUrlList = authClientCypherTextModel.ValidUrlList, }; return(authorizeModel); } }