/// <summary>
/// 验证签名
/// </summary>
/// <param name="rspData">数据源</param>
/// <param name="encoding">编码格式</param>
/// <param name="rootCertRawData">根证书的数据</param>
/// <param name="middleCertRawData">中级证书数据</param>
/// <returns></returns>
public static bool Validate(Dictionary <string, string> rspData, Encoding encoding, byte[] rootCertRawData, byte[] middleCertRawData)
{
if (!ValidateBaseData(rspData))
{
return(false);
}
byte[] signByte = Convert.FromBase64String(rspData["signature"]);
rspData.Remove("signature");
string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding);
byte[] signDigest = System.Security.Cryptography.SHA256.Create().ComputeHash(encoding.GetBytes(stringData));
string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest);
string signPubKeyCert = rspData["signPubKeyCert"];
signPubKeyCert = signPubKeyCert.Replace("-----END CERTIFICATE-----", "").Replace("-----BEGIN CERTIFICATE-----", "");
var signCert = new X509Certificate2(Convert.FromBase64String(signPubKeyCert));
var rootCert = new X509Certificate2(rootCertRawData);
var middleCert = new X509Certificate2(middleCertRawData);
var chain = new X509Chain();
chain.ChainPolicy.ExtraStore.Add(rootCert);
chain.ChainPolicy.ExtraStore.Add(middleCert);
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
chain.Build(signCert);
if (chain.ChainElements.Count != chain.ChainPolicy.ExtraStore.Count + 1)
{
return(false);
}
//bug 修复,类型对不上, 直接继承公共的基类,避免类型错误。
var rsa = signCert.PublicKey.Key as System.Security.Cryptography.RSA;
return(rsa.VerifyData(encoding.GetBytes(stringSignDigest), signByte, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1));
}
