HslCertificate 类

public class HslCertificate

Public Class HslCertificate

public ref class HslCertificate

type HslCertificate =  class end

// 先使用hslcommunicationdemo，生成公私钥的密钥对，例如下面的
private string pubKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwAs1K7u" +
    "qRb89J0DJZ/rFz5dHHWC0vTiGDayy//cc8jvd3MHY3aUiH2l0Th69rbBY81C" +
    "I5dzaUKMml393VOf1qTzt+CLV0XrVOPnZ3I9SuTmBh8dyB2pX/9wm/X3JL/Jg9tE" +
    "OofqmD6ChLPn01Nf5xiaRpyG1fntxJO8jS3+ckJQIDAQAB";
private string priKey = "MIICXgIBAAKBgQCwAs1K7uqRb89J0DJZ/rFz5dHHWC0vTiGDayy//cc8jvd3" +
    "MHY3aUiH2l0Th69rbBY81CI5dzaUKMml393VOf1qTzt+CLV0XrVOPnZ3I9SuTmBh8dyB2pX/9wm/X3JL/Jg9t" +
    "EOofqmD6ChLPn01Nf5xiaRpyG1fntxJO8jS3+ckJQIDAQABAoGBAKJt84ZzdYVB6cn0mIL0yE5siGuutAQz1jmx" +
    "blq/mF4KkdUso+v+/TBiFAMx9HDuDpeULQFbQsL34R9yuQVNvs4U+Oo0vqAD8aXrS9bDZWuPvpKM4fCLof5gxVnLK" +
    "5c2MV/Nq060ztcNBnzEpLhGLbcPZbTOShlAVnml4UJxsesBAkEA19JXl2nEEjvSIEzzXjsl0cp18OXO7C4UNIE5sEpQ" +
    "eNbJbgfcHRavd82OvrLzYKy4aHRQZvCEQBo+1ja7EdrOtwJBANDHJ9/rs88+hb9oWs0zeedpnr+5weijefhtLzKFBr/b6MP" +
    "iSAvYIUGie7UD+MedC37MHpQmiyPFUR3wd1onCAMCQEIB5yA8DOe2vBF894H+fRao4WGIJ708apmUXFx6nhoXNwwcA0oyQgBWMi" +
    "5I9P7AVLY9vMl/DjO80zMZEiXn0gkCQQCNeyjuedA0VW5Vs+Y0wPmPdOf7jWp2uLHjRDqDxdo5ElG+zQ192U1QKUgj9zkULLyph" +
    "LIEO8p2xzSdUWPQWDr5AkEAp9FfsofKAYIa6+rb4EWn9zavWz+gfIX9J/Zz3d7Mi0JnVX8dgC5o6yOxhM1h6oDgeHxeqZPTvtRUtI4U5dAmHQ==";

// 假设下面的接口就是使用证书校验的，不是谁都可以访问的
// Assume that the following interface is authenticated using a certificate and cannot be accessed by anyone
[HslMqttApi]
public OperateResult<int> ApiAdd( string certificate, int a, int b )
{
    // 下面演示如何针对 certificate 校验对象
    if (!HslCommunication.Core.Security.HslCertificate.VerifyCer( Convert.FromBase64String( pubKey ), Convert.FromBase64String( certificate )))
    {
        // 调用失败
        return new OperateResult<int>( "Called api failed, check certificate failed" );
    }

    // 如果证书校验通过，则开始解析证书内容
    HslCommunication.Core.Security.HslCertificate cert = HslCommunication.Core.Security.HslCertificate.CreateFrom( Convert.FromBase64String( certificate ) );
    if (cert.NotBefore <= DateTime.Now && DateTime.Now <= cert.NotAfter)
    {
        // 一般证书都是有时间有效期的，所以这里可以根据有效期决定是否开放接口
        return new OperateResult<int>( "Called api failed, the current certificate validity period has expired." );
    }

    return OperateResult.CreateSuccessResult( a + b );
}

// 假设下面的接口就是使用证书校验的，不仅要校验时间是否符合，还要校验系统名称是否匹配，证书的权限是否包含当前的接口名称
// Assume that the following interface is verified using a certificate, not only to verify whether the time is in line,
// but also to verify whether the system name matches, and whether the certificate's authority contains the current interface name
[HslMqttApi]
public OperateResult<int> ApiMulti( string certificate, int a, int b )
{
    // 下面演示如何针对 certificate 校验对象
    if (!HslCommunication.Core.Security.HslCertificate.VerifyCer( Convert.FromBase64String( pubKey ), Convert.FromBase64String( certificate ) ))
    {
        // 调用失败
        return new OperateResult<int>( "Called api failed, check certificate failed" );
    }

    // 如果证书校验通过，则开始解析证书内容
    HslCommunication.Core.Security.HslCertificate cert = HslCommunication.Core.Security.HslCertificate.CreateFrom( Convert.FromBase64String( certificate ) );
    if (cert.NotBefore <= DateTime.Now && DateTime.Now <= cert.NotAfter)
    {
        // 一般证书都是有时间有效期的，所以这里可以根据有效期决定是否开放接口
        return new OperateResult<int>( "Called api failed, the current certificate validity period has expired." );
    }

    // 如果希望多个系统，接口，软件的证书都用同一套的公私钥，那么不同系统的证书校验，可以使用KeyWord来区分，例如下面的 HslCommunication 软件校验
    // 否则只能每一套系统，分配一个公私钥密钥对了
    if (cert.KeyWord != "HslCommunication") return new OperateResult<int>( "Certificate key word not correct!" );

    // 如果希望你得证书支持接口列表信息，可以使用证书里的集合数据功能
    if (cert.Descriptions != null && cert.Descriptions.ContainsKey( "ApiMulti" ))
    {
        // 证书当前的接口列表里，包含了当前的接口名称，有权限调用
        return OperateResult.CreateSuccessResult( a * b );
    }
    else
    {
        return new OperateResult<int>( "Called ApiMulti failed, the current certificate does not have access." );
    }
}

// 假设下面的接口就是使用证书校验的，不仅要校验时间是否符合，还希望对证书持有者限制调用接口的次数，总次数写入到证书里去，这样比较灵活，不需要修改代码，甚至配置文件，只要颁发不同的证书即可
// Assuming that the following interface is using certificate verification, not only to verify whether the time is met, but also to limit the number of times the interface is called to the certificate holder,
// the total number of times written to the certificate, which is more flexible, no need to modify the code, or even the configuration file, as long as different certificates are issued
[HslMqttApi]
public OperateResult<int> ApiDivision( string certificate, int a, int b )
{
    // 下面演示如何针对 certificate 校验对象
    if (!HslCommunication.Core.Security.HslCertificate.VerifyCer( Convert.FromBase64String( pubKey ), Convert.FromBase64String( certificate ) ))
    {
        // 调用失败
        return new OperateResult<int>( "Called api failed, check certificate failed" );
    }

    // 如果证书校验通过，则开始解析证书内容
    HslCommunication.Core.Security.HslCertificate cert = HslCommunication.Core.Security.HslCertificate.CreateFrom( Convert.FromBase64String( certificate ) );
    if (cert.NotBefore <= DateTime.Now && DateTime.Now <= cert.NotAfter)
    {
        // 一般证书都是有时间有效期的，所以这里可以根据有效期决定是否开放接口
        return new OperateResult<int>( "Called api failed, the current certificate validity period has expired." );
    }

    // 如果希望多个系统，接口，软件的证书都用同一套的公私钥，那么不同系统的证书校验，可以使用KeyWord来区分，例如下面的 HslCommunication 软件校验
    // 否则只能每一套系统，分配一个公私钥密钥对了
    if (cert.KeyWord != "HslCommunication") return new OperateResult<int>( "Certificate key word not correct!" );


    // cert.EffectiveHours 是个 int 数据，用来存放接口的调用次数，当然使用另一个字符串属性 cert.UniqueID 也可以。
    bool enable = false; // 检查是否通过
    lock (dictLock)
    {
        // 没有
        if (!apiCalledCount.ContainsKey( cert.To )) apiCalledCount.Add( cert.To, 0 );
        enable = apiCalledCount[cert.To] < cert.EffectiveHours;

        if (enable) apiCalledCount[cert.To]++;
    }

    if (!enable) return new OperateResult<int>( "Called ApiDivision failed, The number of calls has reached the maximum." );
    return OperateResult.CreateSuccessResult( a / b ); // 返回正常的调用信息
}

// 当前系统的所有API调用次数，初始化时，应该从本地或是数据库加载之前的次数，这次简略处理
private Dictionary<string, long> apiCalledCount = new Dictionary<string, long>( );
private object dictLock = new object( );

// 如果需要实现发证的话，就是下面的代码，当然也可以使用 hslcommunicationdemo 来颁发证书的
public void CreateCert( )
{
    // 还是用了上个方法创建的公私钥对
    HslCommunication.Core.Security.HslCertificate cert = new HslCommunication.Core.Security.HslCertificate( Convert.FromBase64String( pubKey ), Convert.FromBase64String( priKey ) );
    cert.From = "Company A";   // 发证方
    cert.To = "Company B";     // 使用方，持有者
    cert.CreateTime = DateTime.Today;  // 发证日期
    cert.NotBefore = new DateTime( 2023, 2, 16 ); // 起始日期
    cert.NotAfter = new DateTime( 2023, 3, 15 );  // 假设一个月有效期
    cert.KeyWord = "HslCommunication";    // 可以根据实际情况指定
    cert.Descriptions = new Dictionary<string, string>( )
    {
        { "ApiMulti", "1" }
    };

    // 获取证书的字节
    byte[] source = cert.GetSaveBytes( );

    // 证书写入到文件
    System.IO.File.WriteAllBytes( "C:\\cert.cert", source );

    // 变成字符串发给别人使用
    string str = Convert.ToBase64String( source );
    System.IO.File.WriteAllText( "C:\\cert.txt", str, Encoding.UTF8 );
}