zhoufan
/
DingTalkDemo


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263
							using System;
using System.Collections;
using System.Collections.Generic;
using System.Security.Cryptography;
using System.Text;

namespace DingDingDemo.Common
{
    public class DingTalkCrypt
    {
        private string m_sEncodingAESKey;
        private string m_sToken;
        private string m_sSuiteKey;
        /**ask getPaddingBytes key固定长度**/
        private static int AES_ENCODE_KEY_LENGTH = 43;
        /**加密随机字符串字节长度**/
        private static int RANDOM_LENGTH = 16;

        enum DingTalkCryptErrorCode
        {
            /**成功**/
            SUCCESS = 0,
            /**加密明文文本非法**/
            ENCRYPTION_PLAINTEXT_ILLEGAL = 900001,
            /**加密时间戳参数非法**/
            ENCRYPTION_TIMESTAMP_ILLEGAL = 900002,
            /**加密随机字符串参数非法**/
            ENCRYPTION_NONCE_ILLEGAL = 900003,
            /**不合法的aeskey**/
            AES_KEY_ILLEGAL = 900004,
            /**签名不匹配**/
            SIGNATURE_NOT_MATCH = 900005,
            /**计算签名错误**/
            COMPUTE_SIGNATURE_ERROR = 900006,
            /**计算加密文字错误**/
            COMPUTE_ENCRYPT_TEXT_ERROR = 900007,
            /**计算解密文字错误**/
            COMPUTE_DECRYPT_TEXT_ERROR = 900008,
            /**计算解密文字长度不匹配**/
            COMPUTE_DECRYPT_TEXT_LENGTH_ERROR = 900009,
            /**计算解密文字suiteKey不匹配**/
            COMPUTE_DECRYPT_TEXT_SuiteKey_ERROR = 900010,
        };

        /// <summary>
        /// 构造函数
        /// </summary>
        /// <param name="token">钉钉开放平台上，开发者设置的token</param>
        /// <param name="encodingAesKey">钉钉开放台上，开发者设置的EncodingAESKey</param>
        /// <param name="suiteKey">钉钉开放平台上，开发者设置的suiteKey</param>
        public DingTalkCrypt(string token, string encodingAesKey, string suiteKey)
        {
            m_sToken = token;
            m_sSuiteKey = suiteKey;
            m_sEncodingAESKey = encodingAesKey;
        }

        /// <summary>
        /// 将消息加密,返回加密后字符串
        /// </summary>
        /// <param name="sReplyMsg">传递的消息体明文</param>
        /// <param name="sTimeStamp">时间戳</param>
        /// <param name="sNonce">随机字符串</param>
        /// <param name="sEncryptMsg">加密后的消息信息</param>
        /// <param name="signature">解密用的签名串</param>
        /// <returns>成功0，失败返回对应的错误码</returns>
        public int EncryptMsg(string sReplyMsg, string sTimeStamp, string sNonce, ref string sEncryptMsg, ref string signature)
        {
            if (string.IsNullOrEmpty(sReplyMsg))
                return (int)DingTalkCryptErrorCode.ENCRYPTION_PLAINTEXT_ILLEGAL;
            if (string.IsNullOrEmpty(sTimeStamp))
                return (int)DingTalkCryptErrorCode.ENCRYPTION_TIMESTAMP_ILLEGAL;
            if (string.IsNullOrEmpty(sNonce))
                return (int)DingTalkCryptErrorCode.ENCRYPTION_NONCE_ILLEGAL;

            if (m_sEncodingAESKey.Length != AES_ENCODE_KEY_LENGTH)
                return (int)DingTalkCryptErrorCode.AES_KEY_ILLEGAL;

            string raw = "";
            try
            {
                raw = Cryptography.AES_encrypt(sReplyMsg, m_sEncodingAESKey, m_sSuiteKey);
            }
            catch (Exception)
            {
                return (int)DingTalkCryptErrorCode.AES_KEY_ILLEGAL;
            }

            string msgSigature = "";
            int ret = GenerateSignature(m_sToken, sTimeStamp, sNonce, raw, ref msgSigature);
            sEncryptMsg = raw;
            signature = msgSigature;
            return ret;
        }
        /// <summary>
        /// 密文解密
        /// </summary>
        /// <param name="sMsgSignature">签名串</param>
        /// <param name="sTimeStamp">时间戳</param>
        /// <param name="sNonce">随机串</param>
        /// <param name="sPostData">密文</param>
        /// <param name="sMsg">解密后的原文，当return返回0时有效</param>
        /// <returns>成功0，失败返回对应的错误码</returns>
        public int DecryptMsg(string sMsgSignature, string sTimeStamp, string sNonce, string sPostData, ref string sMsg)
        {
            if (m_sEncodingAESKey.Length != AES_ENCODE_KEY_LENGTH)
                return (int)DingTalkCryptErrorCode.AES_KEY_ILLEGAL;

            string sEncryptMsg = sPostData;

            int ret = VerifySignature(m_sToken, sTimeStamp, sNonce, sEncryptMsg, sMsgSignature);

            string cpid = "";
            try
            {
                sMsg = Cryptography.AES_decrypt(sEncryptMsg, m_sEncodingAESKey, ref cpid);
            }
            catch (FormatException)
            {
                sMsg = "";
                return (int)DingTalkCryptErrorCode.COMPUTE_DECRYPT_TEXT_SuiteKey_ERROR;

            }
            catch (Exception)
            {
                sMsg = "";
                return (int)DingTalkCryptErrorCode.COMPUTE_DECRYPT_TEXT_SuiteKey_ERROR;
            }

            if (cpid != m_sSuiteKey)
                return (int)DingTalkCryptErrorCode.COMPUTE_DECRYPT_TEXT_SuiteKey_ERROR;

            return ret;
        }

        /// <summary>
        /// 生成签名
        /// </summary>
        /// <param name="sToken"></param>
        /// <param name="sTimeStamp"></param>
        /// <param name="sNonce"></param>
        /// <param name="sMsgEncrypt"></param>
        /// <param name="sMsgSignature"></param>
        /// <returns></returns>
        public static int GenerateSignature(string sToken, string sTimeStamp, string sNonce, string sMsgEncrypt, ref string sMsgSignature)
        {
            ArrayList AL = new ArrayList();
            AL.Add(sToken);
            AL.Add(sTimeStamp);
            AL.Add(sNonce);
            AL.Add(sMsgEncrypt);
            AL.Sort(new DictionarySort());
            string raw = "";
            for (int i = 0; i < AL.Count; ++i)
            {
                raw += AL[i];
            }

            SHA1 sha;
            ASCIIEncoding enc;
            string hash = "";
            try
            {
                sha = new SHA1CryptoServiceProvider();
                enc = new ASCIIEncoding();
                byte[] dataToHash = enc.GetBytes(raw);
                byte[] dataHashed = sha.ComputeHash(dataToHash);
                hash = BitConverter.ToString(dataHashed).Replace("-", "");
                hash = hash.ToLower();
            }
            catch (Exception)
            {
                return (int)DingTalkCryptErrorCode.COMPUTE_SIGNATURE_ERROR;
            }
            sMsgSignature = hash;
            return 0;
        }
        /// <summary>
        /// 验证签名
        /// </summary>
        /// <param name="sToken"></param>
        /// <param name="sTimeStamp"></param>
        /// <param name="sNonce"></param>
        /// <param name="sMsgEncrypt"></param>
        /// <param name="sSigture"></param>
        /// <returns></returns>
        private static int VerifySignature(string sToken, string sTimeStamp, string sNonce, string sMsgEncrypt, string sSigture)
        {
            string hash = "";
            int ret = 0;
            ret = GenerateSignature(sToken, sTimeStamp, sNonce, sMsgEncrypt, ref hash);
            if (ret != 0)
                return ret;
            if (hash == sSigture)
                return 0;
            else
            {
                return (int)DingTalkCryptErrorCode.SIGNATURE_NOT_MATCH;
            }
        }

        /// <summary>
        /// 验证URL
        /// </summary>
        /// <param name="sMsgSignature">签名串，对应URL参数的msg_signature</param>
        /// <param name="sTimeStamp">时间戳，对应URL参数的timestamp</param>
        /// <param name="sNonce">随机串，对应URL参数的nonce</param>
        /// <param name="sEchoStr">经过加密的消息体，对应URL参数的encrypt</param>
        /// <param name="sReplyEchoStr"></param>
        /// <returns></returns>
        public int VerifyURL(string sMsgSignature, string sTimeStamp, string sNonce, string sEchoStr, ref string sReplyEchoStr)
        {
            int ret = 0;
            if (m_sEncodingAESKey.Length != 43)
            {
                return (int)DingTalkCryptErrorCode.AES_KEY_ILLEGAL;
            }
            ret = VerifySignature(m_sToken, sTimeStamp, sNonce, sEchoStr, sMsgSignature);
            sReplyEchoStr = "";
            string cpid = "";
            try
            {
                sReplyEchoStr = Cryptography.AES_decrypt(sEchoStr, m_sEncodingAESKey, ref cpid); //m_sCorpID);
            }
            catch (Exception)
            {
                sReplyEchoStr = "";
                return (int)DingTalkCryptErrorCode.COMPUTE_SIGNATURE_ERROR;
            }
            if (cpid != m_sSuiteKey)
            {
                sReplyEchoStr = "";
                return (int)DingTalkCryptErrorCode.COMPUTE_DECRYPT_TEXT_SuiteKey_ERROR;
            }
            return ret;
        }
        /// <summary>
        /// 字典排序
        /// </summary>
        public class DictionarySort : System.Collections.IComparer
        {
            public int Compare(object oLeft, object oRight)
            {
                string sLeft = oLeft as string;
                string sRight = oRight as string;
                int iLeftLength = sLeft.Length;
                int iRightLength = sRight.Length;
                int index = 0;
                while (index < iLeftLength && index < iRightLength)
                {
                    if (sLeft[index] < sRight[index])
                        return -1;
                    else if (sLeft[index] > sRight[index])
                        return 1;
                    else
                        index++;
                }
                return iLeftLength - iRightLength;

            }
        }
    }
}