V2AS问路
WebApi实现通讯加密 (转)
阅读原文时间:2023年07月12日阅读:1

http://www.cnblogs.com/jonneydong/p/WebApi_Encryption.html

一. 场景介绍:

如题如何有效的,最少量的现有代码侵入从而实现客户端与服务器之间的数据交换加密呢?

二. 探究:

webapi服务端 有如下接口:

public class ApiTestController : ApiController
{

// GET api/<controller>/5  
public object Get(int id)  
{  
    return "value" + id;  
}

}

ApiTestController

无加密请求

GET /api/apitest?id=10

返回结果

 response "value10"

我们想要达到的效果为:

Get /api/apitest?aWQ9MTA=

response InZhbHVlMTAi  (解密所得 "value10")

或者更多其它方式加密

 要想对现有代码不做任何修改, 我们都知道所有api controller 初始化在router确定之后, 因此我们应在router之前将GET参数和POST的参数进行加密才行.

看下图 webapi 生命周期:

我们看到在 路由routing 之前 有DelegationgHander 层进行消息处理.

因为我们要对每个请求进行参数解密处理,并且又将返回消息进行加密处理, 因此我们 瞄准 MessageProcessingHandler

//  
// 摘要:  
//     A base type for handlers which only do some small processing of request and/or  
//     response messages.  
public abstract class MessageProcessingHandler : DelegatingHandler  
{  
    //  
    // 摘要:  
    //     Creates an instance of a System.Net.Http.MessageProcessingHandler class.  
    protected MessageProcessingHandler();  
    //  
    // 摘要:  
    //     Creates an instance of a System.Net.Http.MessageProcessingHandler class with  
    //     a specific inner handler.  
    //  
    // 参数:  
    //   innerHandler:  
    //     The inner handler which is responsible for processing the HTTP response messages.  
    protected MessageProcessingHandler(HttpMessageHandler innerHandler);

    //  
    // 摘要:  
    //     Performs processing on each request sent to the server.  
    //  
    // 参数:  
    //   request:  
    //     The HTTP request message to process.  
    //  
    //   cancellationToken:  
    //     A cancellation token that can be used by other objects or threads to receive  
    //     notice of cancellation.  
    //  
    // 返回结果:  
    //     Returns System.Net.Http.HttpRequestMessage.The HTTP request message that was  
    //     processed.  
    protected abstract HttpRequestMessage ProcessRequest(HttpRequestMessage request, CancellationToken cancellationToken);  
    //  
    // 摘要:  
    //     Perform processing on each response from the server.  
    //  
    // 参数:  
    //   response:  
    //     The HTTP response message to process.  
    //  
    //   cancellationToken:  
    //     A cancellation token that can be used by other objects or threads to receive  
    //     notice of cancellation.  
    //  
    // 返回结果:  
    //     Returns System.Net.Http.HttpResponseMessage.The HTTP response message that was  
    //     processed.  
    protected abstract HttpResponseMessage ProcessResponse(HttpResponseMessage response, CancellationToken cancellationToken);  
    //  
    // 摘要:  
    //     Sends an HTTP request to the inner handler to send to the server as an asynchronous  
    //     operation.  
    //  
    // 参数:  
    //   request:  
    //     The HTTP request message to send to the server.  
    //  
    //   cancellationToken:  
    //     A cancellation token that can be used by other objects or threads to receive  
    //     notice of cancellation.  
    //  
    // 返回结果:  
    //     Returns System.Threading.Tasks.Task\`1.The task object representing the asynchronous  
    //     operation.  
    //  
    // 异常:  
    //   T:System.ArgumentNullException:  
    //     The request was null.  
    protected internal sealed override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken);  
}

MessageProcessingHandler

三. 实践:

现在我们将来 先实现2个版本的通讯加密解密功能,定为 版本1.0 base64加密, 版本1.1 Des加密

1 ///

2 /// 加密解密接口 3 ///
4 public interface IMessageEnCryption
5 {
6 /// 7 /// 加密 8 ///
9 ///
10 ///
11 string Encode(string content);
12 /// 13 /// 解密 14 ///
15 ///
16 ///
17 string Decode(string content);
18 }

IMessageEnCryption

编写版本1.0 base64加密解密

1 ///

2 /// 加解密 只做 base64 3 ///
4 public class MessageEncryptionVersion1_0 : IMessageEnCryption
5 {
6 public string Decode(string content)
7 {
8 return content?.DecryptBase64();
9 }
10
11 public string Encode(string content)
12 {
13 return content.EncryptBase64();
14 }
15 }

MessageEncryptionVersion1_0

编写版本1.1 des加密解密

1 ///

2 /// 数据加解密 des 3 ///
4 public class MessageEncryptionVersion1_1 : IMessageEnCryption
5 {
6 public static readonly string KEY = "fHil/4]0";
7 public string Decode(string content)
8 {
9 return content.DecryptDES(KEY);
10 }
11
12 public string Encode(string content)
13 {
14 return content.EncryptDES(KEY);
15 }
16 }

MessageEncryptionVersion1_1

附上加密解密的基本的一个封装类

1 public static class EncrypExtends
2 {
3
4 //默认密钥向量
5 private static byte[] Keys = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF };
6 internal static string Key = "*@&$(@#H";
7
8 ////

9 /// DES加密字符串 10 ///
11 /// 待加密的字符串
12 /// 加密密钥,要求为8位
13 /// 加密成功返回加密后的字符串,失败返回源串
14 public static string EncryptDES(this string encryptString, string encryptKey)
15 {
16 try
17 {
18 byte[] rgbKey = Encoding.UTF8.GetBytes(encryptKey.Substring(0, 8));
19 byte[] rgbIV = Keys;
20 byte[] inputByteArray = Encoding.UTF8.GetBytes(encryptString);
21 DESCryptoServiceProvider dCSP = new DESCryptoServiceProvider();
22 MemoryStream mStream = new MemoryStream();
23 CryptoStream cStream = new CryptoStream(mStream, dCSP.CreateEncryptor(rgbKey, rgbIV), CryptoStreamMode.Write);
24 cStream.Write(inputByteArray, 0, inputByteArray.Length);
25 cStream.FlushFinalBlock();
26 return Convert.ToBase64String(mStream.ToArray());
27 }
28 catch
29 {
30 return encryptString;
31 }
32 }
33 //// 34 /// DES解密字符串 35 ///
36 /// 待解密的字符串
37 /// 解密密钥,要求为8位,和加密密钥相同
38 /// 解密成功返回解密后的字符串,失败返源串
39 public static string DecryptDES(this string decryptString, string key)
40 {
41 try
42 {
43 byte[] rgbKey = Encoding.UTF8.GetBytes(key.Substring(0, 8));
44 byte[] rgbIV = Keys;
45 byte[] inputByteArray = Convert.FromBase64String(decryptString);
46 DESCryptoServiceProvider DCSP = new DESCryptoServiceProvider();
47 MemoryStream mStream = new MemoryStream();
48 CryptoStream cStream = new CryptoStream(mStream, DCSP.CreateDecryptor(rgbKey, rgbIV), CryptoStreamMode.Write);
49 cStream.Write(inputByteArray, 0, inputByteArray.Length);
50 cStream.FlushFinalBlock();
51 return Encoding.UTF8.GetString(mStream.ToArray());
52 }
53 catch
54 {
55 return decryptString;
56 }
57 }
58 public static string EncryptBase64(this string encryptString)
59 {
60 return Convert.ToBase64String(Encoding.UTF8.GetBytes(encryptString));
61 }
62 public static string DecryptBase64(this string encryptString)
63 {
64 return Encoding.UTF8.GetString(Convert.FromBase64String(encryptString));
65 }
66 public static string DecodeUrl(this string cryptString)
67 {
68 return System.Web.HttpUtility.UrlDecode(cryptString);
69 }
70 public static string EncodeUrl(this string cryptString)
71 {
72 return System.Web.HttpUtility.UrlEncode(cryptString);
73 }
74 }

EncrypExtends

OK! 到此我们前题工作已经完成了80%,开始进行HTTP请求的 消息进和出的加密解密功能的实现.

我们暂时将加密的版本信息定义为 HTTP header头中 以 api_version 的value 来判别分别是用何种方式加密解密

header例:

  api_version: 1.0

  api_version: 1.1

1 ///

2 /// API消息请求处理 3 ///
4 public class JoyMessageHandler : MessageProcessingHandler
5 {
6
7 /// 8 /// 接收到request时 处理 9 ///
10 ///
11 ///
12 ///
13 protected override HttpRequestMessage ProcessRequest(HttpRequestMessage request, CancellationToken cancellationToken)
14 {
15 if (request.Content.IsMimeMultipartContent())
16 return request;
17 // 获取请求头中 api_version版本号
18 var ver = System.Web.HttpContext.Current.Request.Headers.GetValues("api_version")?.FirstOrDefault();
19 // 根据api_version版本号获取加密对象, 如果为null 则不需要加密
20 var encrypt = MessageEncryptionCreator.GetInstance(ver);
21
22 if (encrypt != null)
23 {
24 // 读取请求body中的数据
25 string baseContent = request.Content.ReadAsStringAsync().Result;
26 // 获取加密的信息
27 // 兼容 body: 加密数据 和 body: code=加密数据
28 baseContent = baseContent.Match("(code=)*(?[\\S]+)", 2);
29 // URL解码数据
30 baseContent = baseContent.DecodeUrl();
31 // 用加密对象解密数据
32 baseContent = encrypt.Decode(baseContent);
33
34 string baseQuery = string.Empty;
35 if (!request.RequestUri.Query.IsNullOrEmpty())
36 {
37 // 同 body
38 // 读取请求 url query数据
39 baseQuery = request.RequestUri.Query.Substring(1);
40 baseQuery = baseQuery.Match("(code=)*(?[\\S]+)", 2);
41 baseQuery = baseQuery.DecodeUrl();
42 baseQuery = encrypt.Decode(baseQuery);
43 }
44 // 将解密后的 URL 重置URL请求
45 request.RequestUri = new Uri($"{request.RequestUri.AbsoluteUri.Split('?')[0]}?{baseQuery}");
46 // 将解密后的BODY数据 重置
47 request.Content = new StringContent(baseContent);
48 }
49
50 return request;
51 }
52
53 /// 54 /// 处理将要向客户端response时 55 ///
56 ///
57 ///
58 ///
59 protected override HttpResponseMessage ProcessResponse(HttpResponseMessage response, CancellationToken cancellationToken)
60 {
61 //var isMediaType = response.Content.Headers.ContentType.MediaType.Equals(mediaTypeName, StringComparison.OrdinalIgnoreCase);
62 var ver = System.Web.HttpContext.Current.Request.Headers.GetValues("api_version")?.FirstOrDefault();
63 var encrypt = MessageEncryptionCreator.GetInstance(ver);
64 if (encrypt != null)
65 {
66 if (response.StatusCode == HttpStatusCode.OK)
67 {
68 var result = response.Content.ReadAsStringAsync().Result;
69 // 返回消息 进行加密
70 var encodeResult = encrypt.Encode(result);
71 response.Content = new StringContent(encodeResult);
72 }
73 }
74
75 return response;
76 }
77
78 }

JoyMessageHandler

最后在 webapiconfig 中将我们的消息处理添加到容器中

1 public static class WebApiConfig
2 {
3 public static void Register(HttpConfiguration config)
4 {
5 // Web API 配置和服务
6 // 将 Web API 配置为仅使用不记名令牌身份验证。
7 config.SuppressDefaultHostAuthentication();
8 config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
9
10 // Web API 路由
11 config.MapHttpAttributeRoutes();
12
13 config.Routes.MapHttpRoute(
14 name: "DefaultApi",
15 routeTemplate: "api/{controller}/{id}",
16 defaults: new { id = RouteParameter.Optional }
17 );
18
19 // 添加自定义消息处理
20 config.MessageHandlers.Add(new JoyMessageHandler());
21
22 }
23 }

WebApiConfig

编写单元测试:

1 [TestMethod()]
2 public void GetTest()
3 {
4 var id = 10;
5 var resultSuccess = $"\"value{id}\"";
6 //不加密
7 Trace.WriteLine($"without encryption.");
8 var url = $"api/ApiTest?id={id}";
9 Trace.WriteLine($"get url : {url}");
10 var response = http.GetAsync(url).Result;
11 var result = response.Content.ReadAsStringAsync().Result;
12 Assert.AreEqual(result, resultSuccess);
13 Trace.WriteLine($"result : {result}");
14
15 //使用 方案1加密
16 Trace.WriteLine($"encryption case one.");
17
18 url = $"api/ApiTest?code=" + $"id={id}".EncryptBase64().EncodeUrl();
19
20 Trace.WriteLine($"get url : {url}");
21
22 http.DefaultRequestHeaders.Clear();
23 http.DefaultRequestHeaders.Add("api_version", "1.0");
24 response = http.GetAsync(url).Result;
25
26 result = response.Content.ReadAsStringAsync().Result;
27
28 Trace.WriteLine($"result : {result}");
29
30 result = result.DecryptBase64();
31
32 Trace.WriteLine($"DecryptBase64 : {result}");
33
34 Assert.AreEqual(result, resultSuccess);
35
36 //使用 方案2 加密通讯
37 Trace.WriteLine($"encryption case one.");
38
39 url = $"api/ApiTest?code=" + $"id={id}".EncryptDES(MessageEncryptionVersion1_1.KEY).EncodeUrl();
40
41 Trace.WriteLine($"get url : {url}");
42
43 http.DefaultRequestHeaders.Clear();
44 http.DefaultRequestHeaders.Add("api_version", "1.1");
45 response = http.GetAsync(url).Result;
46
47 result = response.Content.ReadAsStringAsync().Result;
48
49 Trace.WriteLine($"result : {result}");
50
51 result = result.DecryptDES(MessageEncryptionVersion1_1.KEY);
52
53 Trace.WriteLine($"DecryptBase64 : {result}");
54
55 Assert.AreEqual(result, resultSuccess);
56 }

ApiTestControllerTests

至此为止功能实现完毕..

四.思想延伸

要想更加安全的方案,可以将给每位用户生成不同的 private key , 利用AES加密解密

本Demo开源地址:

oschina

https://git.oschina.net/jonneydong/Webapi_Encryption

github

https://github.com/JonneyDong/Webapi_Encryption

如须转载请说明出处

多抽出一分钟时间学习,让你的生命更加精彩,敢想敢做,努力做最好!

博客园: JonneyDong 地址:http://www.cnblogs.com/jonneydong/

分类: C#

标签: webapi, c#

好文要顶             关注我     收藏该文         

董侨 关注 - 0 粉丝 - 16        

+加关注    

2    

0    

« 上一篇:.NET 通用高扩展性的细粒度权限管理架构(webApi/Mvc)

手机扫一扫

移动阅读更方便

阿里云服务器
腾讯云服务器
七牛云服务器

你可能感兴趣的文章

使用Aes对称加密解密Web.Config数据库连接串
Istio1.1新特性之限制服务可见性
SpringBoot对接OpenAI

4

它让你1小时精通RabbitMQ消息队列、且能扛高并发

5

hadoop集群搭建及编程实践

6

AR技术的应用与未来

7

Hutool,一个超好用的 Java 工具类库

8

续《基于C# 开发的SOL SERVER 操作数据库类(SQLHelp》 ——第二弹

9

JWT(Json Wen Token)原理剖析

10

Jmeter压测实战:Jmeter二次开发之自定义函数