| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175 |
- using EVCB_OCPP.WEBAPI.Models.WebAPI;
- using EVCB_OCPP.WEBAPI.Services;
- using Newtonsoft.Json;
- using System;
- using System.Collections.Generic;
- using System.Linq;
- using System.Net;
- using System.Net.Http;
- using System.Security.Cryptography;
- using System.Text;
- using System.Threading;
- using System.Threading.Tasks;
- using System.Web;
- using System.Web.Http.Controllers;
- using System.Web.Http.Filters;
- namespace EVCB_OCPP.WEBAPI.Handlers
- {
- public class CPOAuthentication : FilterAttribute, IAuthorizationFilter
- {
- public Task<HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func<Task<HttpResponseMessage>> continuation)
- {
- HttpStatusCode _status = HttpStatusCode.Unauthorized;
- CPOOuterResponse _errorResponse = new CPOOuterResponse() { StatusMessage = CPO_StatusMessage.ERROR_MSG_INVALIDHEADER };
- try
- {
- string formatMsg = "";
- if (CheckHeaders(actionContext, out formatMsg))
- {
- string timestamp = actionContext.Request.Headers.GetValues(EVCBConfiguration.Header_Timestamp).FirstOrDefault();
- if (IsExpiryTime(timestamp))
- {
- _errorResponse.StatusMessage = CPO_StatusMessage.ERROR_MSG_INVALIDTIMESTAMP;
- }
- else
- {
- string partnerId = actionContext.Request.Headers.GetValues(EVCBConfiguration.Header_PartnerId).FirstOrDefault();
- string key = new CustomerService().GetAPIKey(new Guid(partnerId));
- if (IsPass(actionContext, key))
- {
- return continuation().ContinueWith<HttpResponseMessage>((tsk) =>
- {
- HttpResponseMessage response = tsk.Result;
- return response;
- }, cancellationToken);
- }
- else
- {
- _errorResponse.StatusMessage = CPO_StatusMessage.ERROR_MSG_INVALIDSIGNATURE;
- }
- }
- }
- else
- {
- _errorResponse.StatusMessage = formatMsg;
- }
- }
- catch (Exception ex)
- {
- _errorResponse.StatusMessage = CPO_StatusMessage.ERROR_MSG_UNEXPECTEDERROR;
- }
- return FromResult(new HttpResponseMessage(_status) { Content = new StringContent(JsonConvert.SerializeObject(_errorResponse), System.Text.Encoding.UTF8, "application/json") });
- }
- private Task<HttpResponseMessage> FromResult(HttpResponseMessage result)
- {
- var source = new TaskCompletionSource<HttpResponseMessage>();
- source.SetResult(result);
- return source.Task;
- }
- private bool IsPass(HttpActionContext actionContext, string key)
- {
- bool authenticated = false;
- string timestamp = actionContext.Request.Headers.GetValues(EVCBConfiguration.Header_Timestamp).FirstOrDefault();
- string partnerId = actionContext.Request.Headers.GetValues(EVCBConfiguration.Header_PartnerId).FirstOrDefault();
- string signature = actionContext.Request.Headers.GetValues(EVCBConfiguration.Header_Signature).FirstOrDefault();
- Task<string> content = actionContext.Request.Content.ReadAsStringAsync();
- string body = content.Result;
- string tempText = actionContext.Request.RequestUri.ToString().Substring(actionContext.Request.RequestUri.ToString().IndexOf('?') + 1).ToLower();
- tempText = tempText.StartsWith("http") ? string.Empty : tempText;
- body = tempText + body;
- string unencodeText = string.Format("{0}{1}{2}{3}", body, timestamp, partnerId, key).ToLower();
- string signVerification = GenerateSignature(unencodeText);
- if (signVerification == signature)
- {
- authenticated = true;
- }
- return authenticated;
- }
- private bool CheckHeaders(HttpActionContext actionContext, out string formatMessage)
- {
- formatMessage = string.Empty;
- if (actionContext.Request.Headers.Contains(EVCBConfiguration.Header_PartnerId)
- && actionContext.Request.Headers.Contains(EVCBConfiguration.Header_Signature)
- && actionContext.Request.Headers.Contains(EVCBConfiguration.Header_Timestamp))
- {
- string timestamp = actionContext.Request.Headers.GetValues(EVCBConfiguration.Header_Timestamp).FirstOrDefault();
- string PartnerId = actionContext.Request.Headers.GetValues(EVCBConfiguration.Header_PartnerId).FirstOrDefault();
- long _timestamp = 0;
- if (!long.TryParse(timestamp, out _timestamp))
- {
- formatMessage = string.Format("{0} ", "Timestamp's Format is incorrect.");
- return false;
- }
- Guid _PartnerId = Guid.Empty;
- if (!Guid.TryParse(PartnerId, out _PartnerId))
- {
- formatMessage = string.Format("{0} ", "PartnerId's Format is incorrect.it must be Guid type");
- return false;
- }
- return true;
- }
- else
- {
- return false;
- }
- }
- private static bool IsExpiryTime(string timestamp)
- {
- bool result = true;
- long minTime = DateTimeOffset.UtcNow.AddSeconds(-300).ToUnixTimeSeconds();
- long maxTime = DateTimeOffset.UtcNow.AddSeconds(300).ToUnixTimeSeconds();
- long requestTime = 0;
- if (long.TryParse(timestamp, out requestTime))
- {
- if (minTime < requestTime && maxTime > requestTime)
- {
- result = false;
- }
- }
- return result;
- }
- private static string GenerateSignature(string unencodeText)
- {
- if ((unencodeText == null) || (unencodeText.Length == 0))
- {
- return String.Empty;
- }
- unencodeText = unencodeText.ToLower();
- MD5 md5 = new MD5CryptoServiceProvider();
- byte[] textToHash = Encoding.UTF8.GetBytes(unencodeText);
- byte[] result = md5.ComputeHash(textToHash);
- return BitConverter.ToString(result).Replace("-", "").ToLower();
- }
- }
- }
|
