欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

腾讯云通信UserSig生成.Net实现

程序员文章站 2022-04-28 13:41:15
腾讯云通信后台生成usersig只有java实现代码。以下是根据java代码转换为net实现,java版GitHub地址:https://github.com/TencentVideoCloudMLVBDev/usersig_server_source/blob/master/java/WebRTC ......

腾讯云通信后台生成usersig只有java实现代码。以下是根据java代码转换为net实现,java版github地址:https://github.com/tencentvideocloudmlvbdev/usersig_server_source/blob/master/java/webrtcsigapi.java。

需要使用类库:portable.bouncycastle,sharpziplib,直接从nuget下载安装即可。

另外我正在实现腾讯云im服务端sdk .netcore版本,github地址:https://github.com/yangxuilyx/qcloudim.aspnetcore

 public class tlssignature
    {
        /// <summary>
        /// 获取用户sign
        /// </summary>
        /// <param name="appid">appid</param>
        /// <param name="privatekey">私钥</param>
        /// <param name="userid">用户名</param>
        /// <param name="expire">usersig有效期,出于安全考虑建议为300秒,您可以根据您的业务场景设置其他值。</param>
        /// <returns>生成的usersig</returns>
        public static string genusersig(string appid, string privatekey, string userid, int expire)
        {
            var time = datetime.now.ticks / 1000;
            string serialstring =
                "tls.appid_at_3rd:" + 0 + "\n" +
                "tls.account_type:" + 0 + "\n" +
                "tls.identifier:" + userid + "\n" +
                "tls.sdk_appid:" + appid + "\n" +
                "tls.time:" + time + "\n" +
                "tls.expire_after:" + expire + "\n";

            var sign = convert.tobase64string(sign(privatekey, encoding.utf8.getbytes(serialstring)));

            string jsonstring = "{"
                                + "\"tls.account_type\":\"" + 0 + "\","
                                + "\"tls.identifier\":\"" + userid + "\","
                                + "\"tls.appid_at_3rd\":\"" + 0 + "\","
                                + "\"tls.sdk_appid\":\"" + appid + "\","
                                + "\"tls.expire_after\":\"" + expire + "\","
                                + "\"tls.sig\":\"" + sign + "\","
                                + "\"tls.time\":\"" + time + "\","
                                + "\"tls.version\": \"201512300000\""
                                + "}";

            var compressbytes = compress(encoding.utf8.getbytes(jsonstring));

            var usersign = base64urlencode(compressbytes);
            return usersign;
        }

        private static byte[] compress(byte[] data)
        {
            deflater mdeflater = new deflater();
            mdeflater.setinput(data);
            mdeflater.finish();
            byte[] compressbytes = new byte[512];
            int compressbyteslength = mdeflater.deflate(compressbytes);

            mdeflater.flush();

            return compressbytes.take(compressbyteslength).toarray();
        }

        /// <summary>
        /// ecdsa-sha256签名
        /// </summary>
        /// <param name="privatekey">私钥</param>
        /// <param name="data">需要签名的数据</param>
        /// <returns></returns>
        private static byte[] sign(string privatekey, byte[] data)
        {
            ecprivatekeyparameters privatekeyparam = (ecprivatekeyparameters)privatekeyfactory.createkey(convert.frombase64string(privatekey));

            var signer = signerutilities.getsigner("sha256withecdsa");
            signer.init(true, privatekeyparam);
            signer.blockupdate(data, 0, data.length);

            return signer.generatesignature();
        }

        /// <summary>
        /// 验证ecdsa-sha256签名
        /// </summary>
        /// <param name="publickey">公钥</param>
        /// <param name="data">需要验证的数据原文</param>
        /// <param name="sig">需要验证的签名</param>
        /// <returns>true:验证成功 false:验证失败</returns>
        public static bool verify(string publickey, byte[] data, byte[] sig)
        {
            ecpublickeyparameters publickeyparam = (ecpublickeyparameters)publickeyfactory.createkey(convert.frombase64string(publickey));

            var signer = signerutilities.getsigner("sha256withecdsa");
            signer.init(false, publickeyparam);
            signer.blockupdate(data, 0, data.length);

            return signer.verifysignature(sig);

        }

        private static string base64urlencode(byte[] data)
        {
            return convert.tobase64string(data).replace('+', '*').replace('/', '-')
                 .replace('=', '_');
        }

        private static string base64urldecode(byte[] data)
        {
            return convert.tobase64string(data).replace('*', '+').replace('-', '/')
                .replace('_', '=');
        }
    }