如题如何有效的,最少量的现有代码侵入从而实现客户端与服务器之间的数据交换加密呢?
二. 探究:
1.需求分析
webapi服务端 有如下接口:
public class ApiTestController : ApiController { // GET api/<controller>/5 public object Get(int id) { return "value" + id; } } ApiTestController
无加密请求
GET /api/apitest?id=10
返回结果
response "value10"
我们想要达到的效果为:
Get /api/apitest?aWQ9MTA=
response InZhbHVlMTAi (解密所得 "value10")
或者更多其它方式加密
2.功能分析
要想对现有代码不做任何修改, 我们都知道所有api controller 初始化在router确定之后, 因此我们应在router之前将GET参数和POST的参数进行加密才行.
看下图 webapi 生命周期:
我们看到在 路由routing 之前 有DelegationgHander 层进行消息处理.
因为我们要对每个请求进行参数解密处理,并且又将返回消息进行加密处理, 因此我们 瞄准 MessageProcessingHandler
// // 摘要: // A base type for handlers which only do some small processing of request and/or // response messages. public abstract class MessageProcessingHandler : DelegatingHandler { // // 摘要: // Creates an instance of a System.Net.Http.MessageProcessingHandler class. protected MessageProcessingHandler(); // // 摘要: // Creates an instance of a System.Net.Http.MessageProcessingHandler class with // a specific inner handler. // // 参数: // innerHandler: // The inner handler which is responsible for processing the HTTP response messages. protected MessageProcessingHandler(HttpMessageHandler innerHandler); // // 摘要: // Performs processing on each request sent to the server. // // 参数: // request: // The HTTP request message to process. // // cancellationToken: // A cancellation token that can be used by other objects or threads to receive // notice of cancellation. // // 返回结果: // Returns System.Net.Http.HttpRequestMessage.The HTTP request message that was // processed. protected abstract HttpRequestMessage ProcessRequest(HttpRequestMessage request, CancellationToken cancellationToken); // // 摘要: // Perform processing on each response from the server. // // 参数: // response: // The HTTP response message to process. // // cancellationToken: // A cancellation token that can be used by other objects or threads to receive // notice of cancellation. // // 返回结果: // Returns System.Net.Http.HttpResponseMessage.The HTTP response message that was // processed. protected abstract HttpResponseMessage ProcessResponse(HttpResponseMessage response, CancellationToken cancellationToken); // // 摘要: // Sends an HTTP request to the inner handler to send to the server as an asynchronous // operation. // // 参数: // request: // The HTTP request message to send to the server. // // cancellationToken: // A cancellation token that can be used by other objects or threads to receive // notice of cancellation. // // 返回结果: // Returns System.Threading.Tasks.Task`1.The task object representing the asynchronous // operation. // // 异常: // T:System.ArgumentNullException: // The request was null. protected internal sealed override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken); } MessageProcessingHandler
三. 实践:
现在我们将来 先实现2个版本的通讯加密解密功能,定为 版本1.0 base64加密, 版本1.1 Des加密
/// <summary> /// 加密解密接口 /// </summary> public interface IMessageEnCryption { /// <summary> /// 加密 /// </summary> /// <param></param> /// <returns></returns> string Encode(string content); /// <summary> /// 解密 /// </summary> /// <param></param> /// <returns></returns> string Decode(string content); } IMessageEnCryption
编写版本1.0 base64加密解密
/// <summary> /// 加解密 只做 base64 /// </summary> public class MessageEncryptionVersion1_0 : IMessageEnCryption { public string Decode(string content) { return content?.DecryptBase64(); } public string Encode(string content) { return content.EncryptBase64(); } } MessageEncryptionVersion1_0
编写版本1.1 des加密解密
/// <summary> /// 数据加解密 des /// </summary> public class MessageEncryptionVersion1_1 : IMessageEnCryption { public static readonly string KEY = "fHil/4]0"; public string Decode(string content) { return content.DecryptDES(KEY); } public string Encode(string content) { return content.EncryptDES(KEY); } } MessageEncryptionVersion1_1
附上加密解密的基本的一个封装类