/// <summary> /// 檢核 資源保護者回傳值 /// </summary> /// <param name="timesCypherTextPrimeModel"></param> /// <returns></returns> private bool CheckProtectedServerRespAuthZValue(TimesCypherTextPrimeModel timesCypherTextPrimeModel) { bool result = false; string hashNMinusIAddOne = timesCypherTextPrimeModel.ClientTempId.HashValue; string hashNMinusI = timesCypherTextPrimeModel.ClientTempIdPrime.HashValue; if (MD5Hasher.Hash(hashNMinusI) == hashNMinusIAddOne) { result = true; } return(result); }
private TimesCypherTextPrimeModel DecryptProtectedServerResult(string authZKey, string authZIv, ApiResult <string> rescrAuthorizeRespOpt) { if (rescrAuthorizeRespOpt.ResultCode != 0) { throw new Exception(rescrAuthorizeRespOpt.ResultMessage); } string cypherTextPrimeStr = rescrAuthorizeRespOpt.CypherCheckValue; aesCrypter.SetKey(authZKey); aesCrypter.SetIV(authZIv.Substring(0, 16)); string decryptStr = aesCrypter.Decrypt(cypherTextPrimeStr); TimesCypherTextPrimeModel timesCypherTextPrimeModel = JsonConvert.DeserializeObject <TimesCypherTextPrimeModel>(decryptStr); return(timesCypherTextPrimeModel); }
public AuthorizeValueModel SendRequestAndAuthorizeByPost <TClass>(string protectedServerUrl, AuthorizeValueModel authorizeModel, TClass sendData) { //Hash(r)^(n-i) int minusValue = authorizeModel.AuthZTimes - authorizeModel.CurrentTimes; string hashNMinusI = HashMultipleTimes(authorizeModel.RandomValue, minusValue); //初始化請求授權 string hashNMinusIAddOne = MD5Hasher.Hash(hashNMinusI); string authZKey = GetResrcClientKeyAuthzTimesValue(authorizeModel.ClientProtectedCryptoModel.Key, authorizeModel.ClientTempId, authorizeModel.CurrentTimes); string authZIv = GetResrcClientKeyAuthzTimesValue(authorizeModel.ClientProtectedCryptoModel.IV, authorizeModel.ClientTempId, authorizeModel.CurrentTimes); string currentTimesCypherText = GetCurrentTimesCypherText(authorizeModel, hashNMinusI, authZKey, authZIv); string token = GetTokenByAuthorizeDataAndCurrentTimesCypherText(authorizeModel, currentTimesCypherText); Dictionary <string, string> headers = new Dictionary <string, string> { { "ClientId", clientResource.ClientId }, { "Token", token } }; // 向資源保護者請求授權 string reqAuthZValueStr = JsonConvert.SerializeObject(sendData); ApiResult <string> rescrAuthorizeRespOpt = AuthenHttpHandler.SendRequestByPost <string>(protectedServerUrl, reqAuthZValueStr, headers); TimesCypherTextPrimeModel timesCypherTextPrimeModel = DecryptProtectedServerResult(authZKey, authZIv, rescrAuthorizeRespOpt); bool checkAuthZValueResult = CheckProtectedServerRespAuthZValue(timesCypherTextPrimeModel); if (checkAuthZValueResult == false) { throw new Exception("CheckProtectedServerRespAuthZValue is fail."); } authorizeModel.CurrentTimes = authorizeModel.CurrentTimes + 1; authorizeModel.ClientTempId.HashValue = hashNMinusI; return(authorizeModel); }
public AuthResrcProtectedAuthorizeModel Verify(string token) { //解 Token string jwtDecodeValue = JWT.Decode(token, Encoding.Unicode.GetBytes(this.clientInProtectedMember.ShareKeyClientWithProtectedServer), JwsAlgorithm.HS256); ClientAuthorizedReqModel jwtObject = JsonConvert.DeserializeObject <ClientAuthorizedReqModel>(jwtDecodeValue); //加密後的合法 Url List List <string> encryptValueList = jwtObject.ValidUrlList; VerifyUrlIsInAuthorizedList(encryptValueList); ClientTempIdentityModel tempIdentityModel = new ClientTempIdentityModel(this.clientInProtectedMember.ClientId, this.clientInProtectedMember.HashValue); string shareKeyClientAndResrcDependsAuthorizedTimes = GetTempClientSecretByAuthorizedTimes(this.clientInProtectedMember.ShareKeyClientWithProtectedServer, tempIdentityModel, this.clientInProtectedMember.CurrentTimes); string shareIVClientAndResrcDependsAuthorizedTimes = GetTempClientSecretByAuthorizedTimes(this.clientInProtectedMember.ShareIVClientWithProtectedServer, tempIdentityModel, this.clientInProtectedMember.CurrentTimes); aesCrypter.SetKey(shareKeyClientAndResrcDependsAuthorizedTimes); aesCrypter.SetIV(shareIVClientAndResrcDependsAuthorizedTimes.Substring(0, 16)); string clientAuthorizeCTCryptoDecrypt = aesCrypter.Decrypt(jwtObject.CurrentTimesCypherText); ClientCTCypherTextModelForAuthorize clientAuthorizeCypherTextModel = JsonConvert.DeserializeObject <ClientCTCypherTextModelForAuthorize>(clientAuthorizeCTCryptoDecrypt); if (GetUtcNowUnixTime() > clientAuthorizeCypherTextModel.ExpiredTime) { throw new ClientAuthorizeTokenExpiredException("Client authorized token has expired, please re-authenticate and get new token"); } string protectedServerOriginalHash = this.clientInProtectedMember.HashValue; string doubleHashValue = MD5Hasher.Hash(clientAuthorizeCypherTextModel.HashValue); if (doubleHashValue != protectedServerOriginalHash) { throw new TokenTicketCerticateException("After checkt the token ticket, the token ticket is not right, the ticket you send has been used, please re-authenticate and get new token ticket"); } //確認是否能夠取得下一次授權 if (jwtObject.CurrentTimes + 1 >= clientInProtectedMember.AuthZTimes) { throw new AuthorizeTimesHasRunOutException("The token authorzie times has run out and expired, please re-authenticate and get new token ticket"); } TimesCypherTextPrimeModel clientPrimeModel = new TimesCypherTextPrimeModel() { ClientTempIdPrime = new ClientTempIdentityModel() { ClientId = clientInProtectedMember.ClientId, HashValue = clientAuthorizeCypherTextModel.HashValue }, CurrentTimes = clientInProtectedMember.CurrentTimes, ClientTempId = new ClientTempIdentityModel() { ClientId = clientInProtectedMember.ClientId, HashValue = clientInProtectedMember.HashValue, }, }; string newShareKeyClientAndProtected = GetTempClientSecretByAuthorizedTimes(clientInProtectedMember.ShareKeyClientWithProtectedServer, clientPrimeModel.ClientTempId, clientInProtectedMember.CurrentTimes); string newShareIVClientAndProtected = GetTempClientSecretByAuthorizedTimes(clientInProtectedMember.ShareIVClientWithProtectedServer, clientPrimeModel.ClientTempId, clientInProtectedMember.CurrentTimes).Substring(0, 16); aesCrypter.SetIV(newShareIVClientAndProtected); aesCrypter.SetKey(newShareKeyClientAndProtected); string cypherPrimeStr = JsonConvert.SerializeObject(clientPrimeModel); string newCypherTextRespClientForNextAuthZ = aesCrypter.Encrypt(cypherPrimeStr); AuthResrcProtectedAuthorizeModel result = new AuthResrcProtectedAuthorizeModel() { ClientId = clientInProtectedMember.ClientId, PortectedId = clientInProtectedMember.ProtectedId, ProcessScoreCurrentTimes = (clientInProtectedMember.CurrentTimes + 1), ProcessScoreHashValue = clientAuthorizeCypherTextModel.HashValue, ClientRespCypherText = newCypherTextRespClientForNextAuthZ }; return(result); }