我需要从C#控制台应用程序进行一些Web报废。该网站正在使用typo3。我需要一些帮助来登录,特别是在typo3扩展使用的RSA加密(/typo3/sysext/rsaauth/resources/jsbn/rsa.js)。任何线索都值得赞赏。这是代码:
公共类TestTypo3Login {
public CookieAwareWebClient MyWebClient;
public string TestLogin(String typo3Url, String userName, String password)
{
MyWebClient = new CookieAwareWebClient();
var mozilaAgent = "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)";
MyWebClient.Headers.Add("User-Agent", mozilaAgent);
// GET public key
var rsaKey = MyWebClient.DownloadString(String.Format("{0}?eID=FrontendLoginRsaPublicKey", typo3Url));
// sample public_key and exponent received from server
// B712B54CCB46DB7DAB3564195CD387B0D054A680756EB434CF03A435C281A43746390CD82D57188F96B20F8BBCC60F6A6F89BE33856EDDB8F832E7CD412F96EF3651594EE84379FCE1D32E93732648A7B4218E411A0ADC8365204AAF0F71BD84FD47959381A95BBC51FD0FB44693CD8207C7D27DDA0CEF346126FBD5EC9238D9:10001
var rsaParts = rsaKey.Split(new string[] { ":" }, StringSplitOptions.RemoveEmptyEntries);
string public_key = rsaParts[0];
string exponent = rsaParts[1];
//try to encrypt password in a similar way with javascript in /typo3/sysext/rsaauth/resources/jsbn/rsa.js
var encryptedPassword = Encrypt(public_key, exponent, password);
return encryptedPassword;
}
public static string Encrypt(string public_key, string exponent, string data)
{
var rsap = new System.Security.Cryptography.RSAParameters();
rsap.Modulus = GetBytesFromHexString(public_key);
rsap.Exponent = GetBytesFromHexString(exponent);
var rsa = new RSACryptoServiceProvider(); ;
rsa.ImportParameters(rsap);
var res = rsa.Encrypt(Encoding.ASCII.GetBytes(data), true);
return Convert.ToBase64String(res);
}
public static byte[] GetBytesFromHexString(string hexString)
{
if (hexString.Length % 2 == 1) { hexString = "0" + hexString; }
byte[] bytes = new byte[hexString.Length / 2];
for (int i = 0; i < hexString.Length - 1; i += 2)
{
bytes[i / 2] = byte.Parse(hexString.Substring(i, 2), System.Globalization.NumberStyles.HexNumber);
}
return bytes;
}
}
我通过javascript引擎使用原始的javascript typo3 fe_login代码解决了这个问题。
脚步:
public string RsaEncryptPwJavaScript(string pw, string rsaPublicKey)
{
var assembly = Assembly.GetExecutingAssembly();
string resourcePrefix = "MyNamespace.Typo3Js";
var keyParts = rsaPublicKey.Split(':');
using (var engine = new V8ScriptEngine())
{
engine.Execute("var navigator = { 'appName': 'Chrome' };");
engine.Execute(GetResource(assembly, resourcePrefix + ".base64.js"));
engine.Execute(GetResource(assembly, resourcePrefix + ".prng4.js"));
engine.Execute(GetResource(assembly, resourcePrefix + ".rng.js"));
engine.Execute(GetResource(assembly, resourcePrefix + ".jsbn.js"));
engine.Execute(GetResource(assembly, resourcePrefix + ".rsa.js"));
engine.Execute(GetEncryptJsCode());
return engine.Script.encryptPw(pw, keyParts[0], keyParts[1]);
}
}
private string GetEncryptJsCode()
{
//Code from Typo3 / fe_login.js - this.encryptPasswordAndSubmitForm
return @"function encryptPw(pw, publicKeyModulus, exponent) {
var rsa, encryptedPassword;
rsa = new RSAKey();
rsa.setPublic(publicKeyModulus, exponent);
encryptedPassword = rsa.encrypt(pw);
return 'rsa:' + hex2b64(encryptedPassword);
}";
}
private string GetResource(Assembly assembly, string resourceName)
{
using (Stream stream = assembly.GetManifestResourceStream(resourceName))
using (StreamReader reader = new StreamReader(stream))
{
return reader.ReadToEnd();
}
}
rsaPublicKey应该是通过此调用var rsaKey = MyWebClient.DownloadString(String.Format("{0}?eID=FrontendLoginRsaPublicKey", typo3Url));解析的字符串