private string GetCurrentTimesCypherText(AuthorizeValueModel authorizeModel, string hashNMinusI, string authZKey, string authZIv)
{
AuthorizeCypherTextModel cypherTextModel = new AuthorizeCypherTextModel
{
ClientTempId = authorizeModel.ClientTempId,
ExpiredTime = UnixTimeGenerator.GetExpiredUtc0UnixTime(addMinuteExpiredTime),
HashValue = hashNMinusI,
ProtectedId = authorizeModel.ProtectedId
};
string authorizeCypherTextStr = JsonConvert.SerializeObject(cypherTextModel);
aesCrypter.SetKey(authZKey);
aesCrypter.SetIV(authZIv.Substring(0, 16));
string currentTimesCypherText = aesCrypter.Encrypt(authorizeCypherTextStr);
return(currentTimesCypherText);
}
private static string GetTokenByAuthorizeDataAndCurrentTimesCypherText(AuthorizeValueModel authorizeModel, string currentTimesCypherText)
{
ClientReqAuthZModel clientReqAuthZModel = new ClientReqAuthZModel
{
ClientTempId = authorizeModel.ClientTempId,
CurrentTimes = authorizeModel.CurrentTimes,
CurrentTimesCypherText = currentTimesCypherText,
ProtectedId = authorizeModel.ProtectedId,
ValidUrlList = authorizeModel.ValidUrlList
};
string clientReqAuthZStr = JsonConvert.SerializeObject(clientReqAuthZModel);
//取得Token
string token = JWTHasher.GetJWTValue(clientReqAuthZStr, authorizeModel.ClientProtectedCryptoModel.Key);
return(token);
}
static void Main(string[] args)
{
Console.WriteLine("Hello World!");
ClientResource clientResource = new ClientResource()
{
ClientId = "6365724719934223450001",
ClientKey = "A25AD6A46FD945C7647AD34A993E01AF",
ClientIV = "5687EC92759818B5",
ClientName = "Sample",
ProtectedServers = new List <ClientToProtectedServerData>(),
};
RegisterInitialModel registerInitialModel = new RegisterInitialModel()
{
AddMinuteExpiredTime = 30,
AuthServerAuthenApiUrl = "http://localhost:21383/api/RegisterService/Authen/",
ProtectedAuthenApiUrl = "http://localhost:21383/api/RegisterService/CheckClientRequest",
};
Register register = new Register(clientResource, registerInitialModel, new LocalMachineAESCrypter());
var apiResult = register.Authenticate();
if (apiResult == false)
{
Console.WriteLine(apiResult.ResultMessage);
//Auth Server 驗證失敗
Environment.Exit(1);
}
List <string> cypherTextList = apiResult.Value.CypherTextList;
List <AuthClientCypherTextModel> authClientCyphersTextList = new List <AuthClientCypherTextModel>();
cypherTextList.ForEach(x => authClientCyphersTextList.Add(register.DecryptAuthServerResp(x)));
//當需要去Protected Server溝通時 取出相對應的 AuthClientCypherTextModel
AuthClientCypherTextModel authClient = authClientCyphersTextList.Where(x => x.ProtectedId == "目標Protected Server Id").Single();
//先去 Protected Server 取得驗證相關資料
AuthorizeValueModel authorizeValueModel = register.SendCypherTextToProtectedResourceForVerify(authClient, "目標Protected Server Id");
PostSampleData postSampleData = new PostSampleData()
{
Data = "Sample1",
Data2 = "Sample2"
};
//取得 afterPostAuthorizeValueModel 後,更新 AuthorizeValueModel 供下次呼叫此 Protected Server 使用
var afterPostAuthorizeValueModel = register.SendRequestAndAuthorizeByPost <PostSampleData>("目標Protected Server URL", authorizeValueModel, postSampleData);
}
public AuthorizeValueModel SendRequestAndAuthorizeByGet(string protectedServerUrl, AuthorizeValueModel authorizeModel)
{
//Hash(r)^(n-i)
int minusValue = authorizeModel.AuthZTimes - authorizeModel.CurrentTimes;
string hashNMinusI = HashMultipleTimes(authorizeModel.RandomValue, minusValue);
//初始化請求授權
string hashNMinusIAddOne = MD5Hasher.Hash(hashNMinusI);
string authZKey = GetResrcClientKeyAuthzTimesValue(authorizeModel.ClientProtectedCryptoModel.Key, authorizeModel.ClientTempId, authorizeModel.CurrentTimes);
string authZIv = GetResrcClientKeyAuthzTimesValue(authorizeModel.ClientProtectedCryptoModel.IV, authorizeModel.ClientTempId, authorizeModel.CurrentTimes);
string currentTimesCypherText = GetCurrentTimesCypherText(authorizeModel, hashNMinusI, authZKey, authZIv);
string token = GetTokenByAuthorizeDataAndCurrentTimesCypherText(authorizeModel, currentTimesCypherText);
Dictionary <string, string> headers = new Dictionary <string, string>
{
{ "ClientId", clientResource.ClientId },
{ "Token", token }
};
// 向資源保護者請求授權
ApiResult <string> rescrAuthorizeRespOpt = AuthenHttpHandler.SendRequestByGet <string>(protectedServerUrl, headers);
TimesCypherTextPrimeModel timesCypherTextPrimeModel = DecryptProtectedServerResult(authZKey, authZIv, rescrAuthorizeRespOpt);
bool checkAuthZValueResult = CheckProtectedServerRespAuthZValue(timesCypherTextPrimeModel);
if (checkAuthZValueResult == false)
{
throw new Exception("CheckProtectedServerRespAuthZValue is fail.");
}
authorizeModel.CurrentTimes = authorizeModel.CurrentTimes + 1;
authorizeModel.ClientTempId.HashValue = hashNMinusI;
return(authorizeModel);
}
/// <summary>
/// 確認 Auth Server 驗證回應值,且請求資源保護者驗證
/// </summary>
/// <param name="cypherText"></param>
/// <param name="protectedId"></param>
/// <returns></returns>
public AuthorizeValueModel SendCypherTextToProtectedResourceForVerify(AuthClientCypherTextModel authClientCypherTextModel, string protectedId)
{
//check
if (authClientCypherTextModel.ClientId != clientResource.ClientId)
{
throw new ClientNotEqualException("ClientId is not equal.");
}
if (authClientCypherTextModel.ProtectedId != protectedId)
{
throw new ProtectedServerNotEqualException("ProtectedId is not equal. ");
}
if (UnixTimeGenerator.GetUtcNowUnixTime() > authClientCypherTextModel.ExpiredTime)
{
throw new ClientAuthorizeTokenExpiredException("Client authorized token has expired, please re-authenticate and get new token");
}
//請求資源保護者驗證
long expiredTime = GetExpiredUtc0UnixTime();
string hashValue = HashMultipleTimes(authClientCypherTextModel.RandomValue, authClientCypherTextModel.AuthZTimes);
ClientProtectedMacModel macModel = new ClientProtectedMacModel()
{
Salt = "2",
ClientTempId = authClientCypherTextModel.ClientTempId,
ProtectedId = authClientCypherTextModel.ProtectedId,
AuthZTimes = authClientCypherTextModel.AuthZTimes,
HashValue = hashValue,
ExpiredTime = expiredTime,
ClientProtectedCryptoModel = authClientCypherTextModel.ClientProtectedCryptoModel,
};
string clientResrcMacStr = JsonConvert.SerializeObject(macModel);
string macValue = MD5Hasher.Hash(clientResrcMacStr);
CheckClientReqModel reqModel = new CheckClientReqModel()
{
ClientProtectedMac = macValue,
ExpiredTime = expiredTime,
ClientTempId = authClientCypherTextModel.ClientTempId
};
string reqStr = JsonConvert.SerializeObject(reqModel);
ApiResult <bool> resrcResp = AuthenHttpHandler.SendRequestByPost <bool>(protectedAuthenApiUrl, reqStr);
//Protected Server 驗證結果
if (!resrcResp.Value)
{
throw new ProtectedServerAuthorizeException("The cypherText is not valid. Protected Server authorize fail.");
}
else
{
AuthorizeValueModel authorizeModel = new AuthorizeValueModel()
{
AuthZTimes = authClientCypherTextModel.AuthZTimes,
ClientProtectedCryptoModel = authClientCypherTextModel.ClientProtectedCryptoModel,
ClientTempId = authClientCypherTextModel.ClientTempId,
CurrentTimes = 1,
RandomValue = authClientCypherTextModel.RandomValue,
ProtectedId = authClientCypherTextModel.ProtectedId,
ValidUrlList = authClientCypherTextModel.ValidUrlList,
};
return(authorizeModel);
}
}