一. 場景介紹: 如題如何有效的,最少量的現有代碼侵入從而實現客戶端與伺服器之間的數據交換加密呢? 二. 探究: 1.需求分析 webapi服務端 有如下介面: public class ApiTestController : ApiController { // GET api/<controll ...
一. 場景介紹:
如題如何有效的,最少量的現有代碼侵入從而實現客戶端與伺服器之間的數據交換加密呢?
二. 探究:
1.需求分析
webapi服務端 有如下介面:
public class ApiTestController : ApiController { // GET api/<controller>/5 public object Get(int id) { return "value" + id; } }ApiTestController
無加密請求
GET /api/apitest?id=10
返回結果 response "value10" 我們想要達到的效果為: Get /api/apitest?aWQ9MTA= response InZhbHVlMTAi (解密所得 "value10") 或者更多其它方式加密2.功能分析
要想對現有代碼不做任何修改, 我們都知道所有api controller 初始化在router確定之後, 因此我們應在router之前將GET參數和POST的參數進行加密才行. 看下圖 webapi 生命周期:
我們看到在 路由routing 之前 有DelegationgHander 層進行消息處理.
因為我們要對每個請求進行參數解密處理,並且又將返回消息進行加密處理, 因此我們 瞄準 MessageProcessingHandler
// // 摘要: // A base type for handlers which only do some small processing of request and/or // response messages. public abstract class MessageProcessingHandler : DelegatingHandler { // // 摘要: // Creates an instance of a System.Net.Http.MessageProcessingHandler class. protected MessageProcessingHandler(); // // 摘要: // Creates an instance of a System.Net.Http.MessageProcessingHandler class with // a specific inner handler. // // 參數: // innerHandler: // The inner handler which is responsible for processing the HTTP response messages. protected MessageProcessingHandler(HttpMessageHandler innerHandler); // // 摘要: // Performs processing on each request sent to the server. // // 參數: // request: // The HTTP request message to process. // // cancellationToken: // A cancellation token that can be used by other objects or threads to receive // notice of cancellation. // // 返回結果: // Returns System.Net.Http.HttpRequestMessage.The HTTP request message that was // processed. protected abstract HttpRequestMessage ProcessRequest(HttpRequestMessage request, CancellationToken cancellationToken); // // 摘要: // Perform processing on each response from the server. // // 參數: // response: // The HTTP response message to process. // // cancellationToken: // A cancellation token that can be used by other objects or threads to receive // notice of cancellation. // // 返回結果: // Returns System.Net.Http.HttpResponseMessage.The HTTP response message that was // processed. protected abstract HttpResponseMessage ProcessResponse(HttpResponseMessage response, CancellationToken cancellationToken); // // 摘要: // Sends an HTTP request to the inner handler to send to the server as an asynchronous // operation. // // 參數: // request: // The HTTP request message to send to the server. // // cancellationToken: // A cancellation token that can be used by other objects or threads to receive // notice of cancellation. // // 返回結果: // Returns System.Threading.Tasks.Task`1.The task object representing the asynchronous // operation. // // 異常: // T:System.ArgumentNullException: // The request was null. protected internal sealed override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken); }MessageProcessingHandler
三. 實踐:
現在我們將來 先實現2個版本的通訊加密解密功能,定為 版本1.0 base64加密, 版本1.1 Des加密
1 /// <summary> 2 /// 加密解密介面 3 /// </summary> 4 public interface IMessageEnCryption 5 { 6 /// <summary> 7 /// 加密 8 /// </summary> 9 /// <param name="content"></param> 10 /// <returns></returns> 11 string Encode(string content); 12 /// <summary> 13 /// 解密 14 /// </summary> 15 /// <param name="content"></param> 16 /// <returns></returns> 17 string Decode(string content); 18 }IMessageEnCryption
編寫版本1.0 base64加密解密
1 /// <summary> 2 /// 加解密 只做 base64 3 /// </summary> 4 public class MessageEncryptionVersion1_0 : IMessageEnCryption 5 { 6 public string Decode(string content) 7 { 8 return content?.DecryptBase64(); 9 } 10 11 public string Encode(string content) 12 { 13 return content.EncryptBase64(); 14 } 15 }MessageEncryptionVersion1_0
編寫版本1.1 des加密解密
1 /// <summary> 2 /// 數據加解密 des 3 /// </summary> 4 public class MessageEncryptionVersion1_1 : IMessageEnCryption 5 { 6 public static readonly string KEY = "fHil/4]0"; 7 public string Decode(string content) 8 { 9 return content.DecryptDES(KEY); 10 } 11 12 public string Encode(string content) 13 { 14 return content.EncryptDES(KEY); 15 } 16 }MessageEncryptionVersion1_1
附上加密解密的基本的一個封裝類
1 public static class EncrypExtends 2 { 3 4 //預設密鑰向量 5 private static byte[] Keys = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF }; 6 internal static string Key = "*@&$(@#H"; 7 8 //// <summary> 9 /// DES加密字元串 10 /// </summary> 11 /// <param name="encryptString">待加密的字元串</param> 12 /// <param name="encryptKey">加密密鑰,要求為8位</param> 13 /// <returns>加密成功返回加密後的字元串,失敗返回源串</returns> 14 public static string EncryptDES(this string encryptString, string encryptKey) 15 { 16 try 17 { 18 byte[] rgbKey = Encoding.UTF8.GetBytes(encryptKey.Substring(0, 8)); 19 byte[] rgbIV = Keys; 20 byte[] inputByteArray = Encoding.UTF8.GetBytes(encryptString); 21 DESCryptoServiceProvider dCSP = new DESCryptoServiceProvider(); 22 MemoryStream mStream = new MemoryStream(); 23 CryptoStream cStream = new CryptoStream(mStream, dCSP.CreateEncryptor(rgbKey, rgbIV), CryptoStreamMode.Write); 24 cStream.Write(inputByteArray, 0, inputByteArray.Length); 25 cStream.FlushFinalBlock(); 26 return Convert.ToBase64String(mStream.ToArray()); 27 } 28 catch 29 { 30 return encryptString; 31 } 32 } 33 //// <summary> 34 /// DES解密字元串 35 /// </summary> 36 /// <param name="decryptString">待解密的字元串</param> 37 /// <param name="decryptKey">解密密鑰,要求為8位,和加密密鑰相同</param> 38 /// <returns>解密成功返回解密後的字元串,失敗返源串</returns> 39 public static string DecryptDES(this string decryptString, string key) 40 { 41 try 42 { 43 byte[] rgbKey = Encoding.UTF8.GetBytes(key.Substring(0, 8)); 44 byte[] rgbIV = Keys; 45 byte[] inputByteArray = Convert.FromBase64String(decryptString); 46 DESCryptoServiceProvider DCSP = new DESCryptoServiceProvider(); 47 MemoryStream mStream = new MemoryStream(); 48 CryptoStream cStream = new CryptoStream(mStream, DCSP.CreateDecryptor(rgbKey, rgbIV), CryptoStreamMode.Write); 49 cStream.Write(inputByteArray, 0, inputByteArray.Length); 50 cStream.FlushFinalBlock(); 51 return Encoding.UTF8.GetString(mStream.ToArray()); 52 } 53 catch 54 { 55 return decryptString; 56 } 57 } 58 public static string EncryptBase64(this string encryptString) 59 { 60 return Convert.ToBase64String(Encoding.UTF8.GetBytes(encryptString)); 61 } 62 public static string DecryptBase64(this string encryptString) 63 { 64 return Encoding.UTF8.GetString(Convert.FromBase64String(encryptString)); 65 } 66 public static string DecodeUrl(this string cryptString) 67 { 68 return System.Web.HttpUtility.UrlDecode(cryptString); 69 } 70 public static string EncodeUrl(this string cryptString) 71 { 72 return System.Web.HttpUtility.UrlEncode(cryptString); 73 } 74 }EncrypExtends
OK! 到此我們前題工作已經完成了80%,開始進行HTTP請求的 消息進和出的加密解密功能的實現.
我們暫時將加密的版本信息定義為 HTTP header頭中 以 api_version 的value 來判別分別是用何種方式加密解密
header例:
api_version: 1.0
api_version: 1.1
1 /// <summary> 2 /// API消息請求處理 3 /// </summary> 4 public class JoyMessageHandler : MessageProcessingHandler 5 { 6 7 /// <summary> 8 /// 接收到request時 處理 9 /// </summary> 10 /// <param name="request"></param> 11 /// <param name="cancellationToken"></param> 12 /// <returns></returns> 13 protected override HttpRequestMessage ProcessRequest(HttpRequestMessage request, CancellationToken cancellationToken) 14 { 15 if (request.Content.IsMimeMultipartContent()) 16 return request; 17 // 獲取請求頭中 api_version版本號 18 var ver = System.Web.HttpContext.Current.Request.Headers.GetValues("api_version")?.FirstOrDefault(); 19 // 根據api_version版本號獲取加密對象, 如果為null 則不需要加密 20 var encrypt = MessageEncryptionCreator.GetInstance(ver); 21 22 if (encrypt != null) 23 { 24 // 讀取請求body中的數據 25 string baseContent = request.Content.ReadAsStringAsync().Result; 26 // 獲取加密的信息 27 // 相容 body: 加密數據 和 body: code=加密數據 28 baseContent = baseContent.Match("(code=)*(?<code>[\\S]+)", 2); 29 // URL解碼數據 30 baseContent = baseContent.DecodeUrl(); 31 // 用加密對象解密數據 32 baseContent = encrypt.Decode(baseContent); 33 34 string baseQuery = string.Empty; 35 if (!request.RequestUri.Query.IsNullOrEmpty()) 36 { 37 // 同 body 38 // 讀取請求 url query數據 39 baseQuery = request.RequestUri.Query.Substring(1); 40 baseQuery = baseQuery.Match("(code=)*(?<code>[\\S]+)", 2); 41 baseQuery = baseQuery.DecodeUrl(); 42 baseQuery = encrypt.Decode(baseQuery); 43 } 44 // 將解密後的 URL 重置URL請求 45 request.RequestUri = new Uri($"{request.RequestUri.AbsoluteUri.Split('?')[0]}?{baseQuery}"); 46 // 將解密後的BODY數據 重置 47 request.Content = new StringContent(baseContent); 48 } 49 50 return request; 51 } 52 53 /// <summary> 54 /// 處理將要向客戶端response時 55 /// </summary> 56 /// <param name="response"></param> 57 /// <param name="cancellationToken"></param> 58 /// <returns></returns> 59 protected override HttpResponseMessage ProcessResponse(HttpResponseMessage response, CancellationToken cancellationToken) 60 { 61 //var isMediaType = response.Content.Headers.ContentType.MediaType.Equals(mediaTypeName, StringComparison.OrdinalIgnoreCase); 62 var ver = System.Web.HttpContext.Current.Request.Headers.GetValues("api_version")?.FirstOrDefault(); 63 var encrypt = MessageEncryptionCreator.GetInstance(ver); 64 if (encrypt != null) 65 { 66 if (response.StatusCode == HttpStatusCode.OK) 67 { 68 var result = response.Content.ReadAsStringAsync().Result; 69 // 返回消息 進行加密 70 var encodeResult = encrypt.Encode(result); 71 response.Content = new StringContent(encodeResult); 72 } 73 } 74 75 return response; 76 } 77 78 }JoyMessageHandler
最後在 webapiconfig 中將我們的消息處理添加到容器中
1 public static class WebApiConfig 2 { 3 public static void Register(HttpConfiguration config) 4 { 5 // Web API 配置和服務 6 // 將 Web API 配置為僅使用不記名令牌身份驗證。 7 config.SuppressDefaultHostAuthentication(); 8 config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType)); 9 10 // Web API 路由 11 config.MapHttpAttributeRoutes(); 12 13 config.Routes.MapHttpRoute( 14 name: "DefaultApi", 15 routeTemplate: "api/{controller}/{id}", 16 defaults: new { id = RouteParameter.Optional } 17 ); 18 19 // 添加自定義消息處理 20 config.MessageHandlers.Add(new JoyMessageHandler()); 21 22 } 23 }WebApiConfig
編寫單元測試:
1 [TestMethod()] 2 public void GetTest() 3 { 4 var id = 10; 5 var resultSuccess = $"\"value{id}\""; 6 //不加密 7 Trace.WriteLine($"without encryption."); 8 var url = $"api/ApiTest?id={id}"; 9 Trace.WriteLine($"get url : {url}"); 10 var response = http.GetAsync(url).Result; 11 var result = response.Content.ReadAsStringAsync().Result; 12 Assert.AreEqual(result, resultSuccess); 13 Trace.WriteLine($"result : {result}"); 14 15 //使用 方案1加密 16 Trace.WriteLine($"encryption case one."); 17 18 url = $"api/ApiTest?code=" + $"id={id}".EncryptBase64().EncodeUrl(); 19 20 Trace.WriteLine($"get url : {url}"); 21 22 http.DefaultRequestHeaders.Clear(); 23 http.DefaultRequestHeaders.Add("api_version", "1.0"); 24 response = http.GetAsync(url).Result; 25 26 result = response.Content.ReadAsStringAsync().Result; 27 28 Trace.WriteLine($"result : {result}"); 29 30 result = result.DecryptBase64(); 31 32 Trace.WriteLine($"DecryptBase64 : {result}"); 33 34 Assert.AreEqual(result, resultSuccess); 35 36 //使用 方案2 加密通訊 37 Trace.WriteLine($"encryption case one."); 38 39 url = $"api/ApiTest?code=" + $"id={id}".EncryptDES(MessageEncryptionVersion1_1.KEY).EncodeUrl(); 40 41 Trace.WriteLine($"get url : {url}"); 42 43 http.DefaultRequestHeaders.Clear(); 44 http.DefaultRequestHeaders.Add("api_version", "1.1"); 45 response = http.GetAsync(url).Result; 46 47 result = response.Content.ReadAsStringAsync().Result; 48 49 Trace.WriteLine($"result : {result}"); 50 51 result = result.DecryptDES(MessageEncryptionVersion1_1.KEY); 52 53 Trace.WriteLine($"DecryptBase64 : {result}"); 54 55 Assert.AreEqual(result, resultSuccess); 56 }ApiTestControllerTests
至此為止功能實現完畢..
