using Flurl.Http; using Insurance.Web.Models; using Microsoft.IdentityModel.Tokens; using System; using System.Security.Cryptography; using System.Text; using System.Threading.Tasks; using System.Web.Mvc; namespace Insurance.Web.Controllers { public class TestController : Controller { public async Task Index() { try { var aes = new AesCryptography(); var course = new InsuranceCourse(aes); //1 呼叫認證api,以確認使用者身份 ResponseResult loginResult = await course.Login("voxel", "000", "A123456789"); if (loginResult.Success == false) throw new Exception("認證失敗,錯誤訊息=>" + loginResult.Message); //2 認證成功後,呼叫完訓api執行完訓動作 ResponseResult finishResult = await course.Finish(loginResult.Token,"A123456789", "A012"); if (finishResult.Success==false) throw new Exception("完訓失敗,錯誤訊息=>" + finishResult.Message); return Content("完訓成功"); } catch(Exception ex) { return Content(ex.Message); } } } public class InsuranceCourse { private AesCryptography _Aes; public InsuranceCourse(AesCryptography aesCryptography) { this._Aes = aesCryptography; } /// /// 登入 /// /// 帳號 /// 密碼 /// 業務員登錄證字號 public async Task Login(string account, string password, string insuranceNo) { //1 產生認證資料 string user = $"{account}|{password}|{insuranceNo}"; //2 對認證資料進行Aes加密 byte[] userArray = this._Aes.Encrypt(user); //3 將Aes資料進行Base64Url編碼 string userBase64Url = Base64UrlEncoder.Encode(userArray); //4 呼叫登入api進行身份認證,同時將認證資料以查詢字串方式傳遞 string url = "https://localhost:44381/api/verify/login?user=" + userBase64Url; //5 傳回結果為json物件 ResponseResult response = await url.AllowHttpStatus("1XX-6XX").GetJsonAsync(); //6 判斷傳回結果 if (response == null) throw new Exception("API/Login 無回應"); if (response.Success == false) throw new Exception("認證失敗,錯誤訊息=" + response.Message); //7 認證成功 return response; } /// /// 完訓 /// /// 登入認證時取得的jwt token /// 業務員登錄證字號 /// 完訓碼 public async Task Finish(string token, string insuranceNo, string code) { //1 產生完訓資料 string info = $"{insuranceNo}|{code}"; //2 對完訓資料進行Aes加密 byte[] infoArray = this._Aes.Encrypt(info); //3 將Aes資料進行Base64Url編碼 string infoBase64Url = Base64UrlEncoder.Encode(infoArray); //4 呼叫完訓api進行,同時將完訓資料以查詢字串方式傳遞 string url = "https://localhost:44381/api/Verify/Finish?info=" + infoBase64Url; ResponseResult response = await url.AllowHttpStatus("1XX-6XX") .WithOAuthBearerToken(token) //header加上『Authorization』並指定jwt token .GetJsonAsync();//傳回結果為json物件 //5 判斷傳回結果 if (response == null) throw new Exception("API/Login 無回應"); if (response.Success == false) throw new Exception("認證失敗,錯誤訊息=" + response.Message); //6 認證成功 return response; } } public class AesCryptography { public string Key = "B04412AC311B413087B1DAF37B1B8562"; public string IV = "1234567812345679"; public byte[] Encrypt(string plain_text) { Aes aes = Aes.Create(); ICryptoTransform transform = aes.CreateEncryptor(Encoding.UTF8.GetBytes(this.Key), Encoding.UTF8.GetBytes(this.IV)); byte[] bPlainText = Encoding.UTF8.GetBytes(plain_text); return transform.TransformFinalBlock(bPlainText, 0, bPlainText.Length); } public string Decrypt(byte[] aesArray) { Aes aes = Aes.Create(); ICryptoTransform transform = aes.CreateDecryptor(Encoding.UTF8.GetBytes(this.Key), Encoding.UTF8.GetBytes(this.IV)); byte[] outputData = null; try { outputData = transform.TransformFinalBlock(aesArray, 0, aesArray.Length); return Encoding.UTF8.GetString(outputData); } catch (Exception ex) { throw new Exception($@"解密失敗:{ex.Message}"); } } } }