騰訊雲通信後臺生成usersig只有java實現代碼。以下是根據java代碼轉換爲net實現,java版GitHub地址:https://github.com/TencentVideoCloudMLVBDev/usersig_server_source/blob/master/java/WebRTCSigApi.java。
需要使用類庫:Portable.BouncyCastle,SharpZipLib,直接從nuget下載安裝即可。
另外我正在實現騰訊雲IM服務端Sdk .NetCore版本,github地址:https://github.com/yangxuilyx/QCloudIM.AspNetCore
public class TlsSignature
{
/// <summary>
/// 獲取用戶sign
/// </summary>
/// <param name="appid">appid</param>
/// <param name="privateKey">私鑰</param>
/// <param name="userid">用戶名</param>
/// <param name="expire">userSig有效期,出於安全考慮建議爲300秒,您可以根據您的業務場景設置其他值。</param>
/// <returns>生成的userSig</returns>
public static string GenUserSig(string appid, string privateKey, string userid, int expire)
{
var time = (DateTime.Now.ToUniversalTime().Ticks - 621355968000000000) / 10000000;
String serialString =
"TLS.appid_at_3rd:" + 0 + "\n" +
"TLS.account_type:" + 0 + "\n" +
"TLS.identifier:" + userid + "\n" +
"TLS.sdk_appid:" + appid + "\n" +
"TLS.time:" + time + "\n" +
"TLS.expire_after:" + expire + "\n";
var sign = Convert.ToBase64String(Sign(privateKey, Encoding.UTF8.GetBytes(serialString)));
String jsonString = "{"
+ "\"TLS.account_type\":\"" + 0 + "\","
+ "\"TLS.identifier\":\"" + userid + "\","
+ "\"TLS.appid_at_3rd\":\"" + 0 + "\","
+ "\"TLS.sdk_appid\":\"" + appid + "\","
+ "\"TLS.expire_after\":\"" + expire + "\","
+ "\"TLS.sig\":\"" + sign + "\","
+ "\"TLS.time\":\"" + time + "\","
+ "\"TLS.version\": \"201512300000\""
+ "}";
var compressBytes = Compress(Encoding.UTF8.GetBytes(jsonString));
var userSign = Base64UrlEncode(compressBytes);
return userSign;
}
private static byte[] Compress(byte[] data)
{
Deflater mDeflater = new Deflater();
mDeflater.SetInput(data);
mDeflater.Finish();
byte[] compressBytes = new byte[512];
int compressBytesLength = mDeflater.Deflate(compressBytes);
mDeflater.Flush();
return compressBytes.Take(compressBytesLength).ToArray();
}
/// <summary>
/// ECDSA-SHA256簽名
/// </summary>
/// <param name="privateKey">私鑰</param>
/// <param name="data">需要簽名的數據</param>
/// <returns></returns>
private static byte[] Sign(string privateKey, byte[] data)
{
ECPrivateKeyParameters privateKeyParam = (ECPrivateKeyParameters)PrivateKeyFactory.CreateKey(Convert.FromBase64String(privateKey));
var signer = SignerUtilities.GetSigner("SHA256withECDSA");
signer.Init(true, privateKeyParam);
signer.BlockUpdate(data, 0, data.Length);
return signer.GenerateSignature();
}
/// <summary>
/// 驗證ECDSA-SHA256簽名
/// </summary>
/// <param name="publicKey">公鑰</param>
/// <param name="data">需要驗證的數據原文</param>
/// <param name="sig">需要驗證的簽名</param>
/// <returns>true:驗證成功 false:驗證失敗</returns>
public static bool Verify(string publicKey, byte[] data, byte[] sig)
{
ECPublicKeyParameters publicKeyParam = (ECPublicKeyParameters)PublicKeyFactory.CreateKey(Convert.FromBase64String(publicKey));
var signer = SignerUtilities.GetSigner("SHA256withECDSA");
signer.Init(false, publicKeyParam);
signer.BlockUpdate(data, 0, data.Length);
return signer.VerifySignature(sig);
}
private static string Base64UrlEncode(byte[] data)
{
return Convert.ToBase64String(data).Replace('+', '*').Replace('/', '-')
.Replace('=', '_');
}
private static string Base64UrlDecode(byte[] data)
{
return Convert.ToBase64String(data).Replace('*', '+').Replace('-', '/')
.Replace('_', '=');
}
}