/// <summary>
/// 敏感信息解密,多证书
/// </summary>
/// <param name="encoder"></param>
/// <returns></returns>
public static string DecryptData(string data, Encoding encoding, string certPath, string certPwd)
{
return(SecurityUtil.DecryptData(data, encoding, certPath, certPwd));
}
/// <summary>
/// 敏感信息解密
/// </summary>
/// <param name="encoder"></param>
/// <returns></returns>
public static string DecryptData(string data, Encoding encoding)
{
return(SecurityUtil.DecryptData(data, encoding));
}
/// <summary>
/// 验证签名
/// </summary>
/// <param name="rspData"></param>
/// <param name="encoder"></param>
/// <returns></returns>
public static bool Validate(Dictionary <string, string> rspData, Encoding encoding)
{
if (!rspData.ContainsKey("signMethod") || !rspData.ContainsKey("signature") || !rspData.ContainsKey("version"))
{
log.Error("signMethod或signature或version为空,无法验证签名。");
return(false);
}
string signMethod = rspData["signMethod"];
string version = rspData["version"];
bool result = false;
if ("01".Equals(signMethod))
{
log.Info("验签处理开始");
if ("5.0.0".Equals(version))
{
string signValue = rspData["signature"];
log.Info("签名原文:[" + signValue + "]");
byte[] signByte = Convert.FromBase64String(signValue);
rspData.Remove("signature");
string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding);
log.Info("排序串:[" + stringData + "]");
byte[] signDigest = SecurityUtil.Sha1(stringData, encoding);
string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest);
log.Debug("sha1结果:[" + stringSignDigest + "]");
AsymmetricKeyParameter key = CertUtil.GetValidateKeyFromPath(rspData["certId"]);
if (null == key)
{
log.Error("未找到证书,无法验签,验签失败。");
return(false);
}
result = SecurityUtil.ValidateSha1WithRsa(key, signByte, encoding.GetBytes(stringSignDigest));
}
else
{
string signValue = rspData["signature"];
log.Info("签名原文:[" + signValue + "]");
byte[] signByte = Convert.FromBase64String(signValue);
rspData.Remove("signature");
string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding);
log.Info("排序串:[" + stringData + "]");
byte[] signDigest = SecurityUtil.Sha256(stringData, encoding);
string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest);
log.Debug("sha256结果:[" + stringSignDigest + "]");
//string signPubKeyCert = rspData["signPubKeyCert"];
//X509Certificate x509Cert = CertUtil.VerifyAndGetPubKey(signPubKeyCert);//从数据中获取
X509Certificate x509Cert = null;
if (x509Cert == null)
{
log.Error("获取验签证书失败,无法验签,验签失败。");
return(false);
}
result = SecurityUtil.ValidateSha256WithRsa(x509Cert.GetPublicKey(), signByte, encoding.GetBytes(stringSignDigest));
}
}
else if ("11".Equals(signMethod) || "12".Equals(signMethod))
{
return(ValidateBySecureKey(rspData, SDKConfig.SecureKey, encoding));
}
else
{
log.Error("Error signMethod [" + signMethod + "] in Validate. ");
return(false);
}
if (result)
{
log.Info("验签成功");
}
else
{
log.Info("验签失败");
}
return(result);
}
/// <summary>
/// 验证签名(多密钥方式)
/// </summary>
/// <param name="rspData"></param>
/// <param name="secureKey"></param>
/// <param name="encoder"></param>
/// <returns></returns>
public static bool ValidateBySecureKey(Dictionary <string, string> rspData, string secureKey, Encoding encoding)
{
log.Info("验签处理开始");
if (!rspData.ContainsKey("signMethod") || !rspData.ContainsKey("signature"))
{
log.Error("signMethod或signature为空,无法验证签名。");
return(false);
}
string signMethod = rspData["signMethod"];
bool result = false;
if ("11".Equals(signMethod))
{
string stringSign = rspData["signature"];
log.Info("签名原文:[" + stringSign + "]");
rspData.Remove("signature");
string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding);
log.Info("待验签返回报文串:[" + stringData + "]");
string strBeforeSha256 = stringData + "&" + SDKUtil.ByteArray2HexString(SecurityUtil.Sha256(secureKey, encoding));
log.Debug("before final sha256: [" + strBeforeSha256 + "]");
string strAfterSha256 = SDKUtil.ByteArray2HexString(SecurityUtil.Sha256(strBeforeSha256, encoding));
result = stringSign.Equals(strAfterSha256);
if (!result)
{
log.Debug("after final sha256: [" + strAfterSha256 + "]");
}
}
else if ("12".Equals(signMethod))
{
string stringSign = rspData["signature"];
log.Info("签名原文:[" + stringSign + "]");
rspData.Remove("signature");
string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding);
log.Info("待验签返回报文串:[" + stringData + "]");
string strBeforeSm3 = stringData + "&" + SDKUtil.ByteArray2HexString(SecurityUtil.Sm3(secureKey, encoding));
log.Debug("before final sm3: [" + strBeforeSm3 + "]");
string strAfterSm3 = SDKUtil.ByteArray2HexString(SecurityUtil.Sm3(strBeforeSm3, encoding));
result = stringSign.Equals(strAfterSm3);
if (!result)
{
log.Debug("after final sm3: [" + strAfterSm3 + "]");
}
}
else
{
log.Error("Error signMethod [" + signMethod + "] in ValidateBySecureKey. ");
return(false);
}
if (result)
{
log.Info("验签成功");
}
else
{
log.Info("验签失败");
}
return(result);
}
/// <summary>
/// 用密钥签名(多密钥时使用)。
/// </summary>
/// <param name="reqData"></param>
/// <param name="encoding">编码</param>
/// <param name="certPath">证书路径</param>
/// <param name="certPwd">证书密码</param>
/// <returns></returns>
public static void SignBySecureKey(Dictionary <string, string> reqData, string secureKey, Encoding encoding)
{
if (!reqData.ContainsKey("signMethod"))
{
log.Error("signMethod must Not null");
return;
}
string signMethod = reqData["signMethod"];
//将Dictionary信息转换成key1=value1&key2=value2的形式
string stringData = SDKUtil.CreateLinkString(reqData, true, false, encoding);
log.Info("待签名排序串:[" + stringData + "]");
if ("11".Equals(signMethod))
{
String strBeforeSha256 = stringData + "&" + SDKUtil.ByteArray2HexString(SecurityUtil.Sha256(secureKey, encoding));
String strAfterSha256 = SDKUtil.ByteArray2HexString(SecurityUtil.Sha256(strBeforeSha256, encoding));
log.Info("5.1.0 sha256 密钥方式签名结果:[" + strAfterSha256 + "]");
//设置签名域值
reqData["signature"] = strAfterSha256;
}
else if ("12".Equals(signMethod))
{
String strBeforeSm3 = stringData + "&" + SDKUtil.ByteArray2HexString(SecurityUtil.Sm3(secureKey, encoding));
String strAfterSm3 = SDKUtil.ByteArray2HexString(SecurityUtil.Sm3(strBeforeSm3, encoding));
log.Info("5.1.0 sm3 密钥方式签名结果:[" + strAfterSm3 + "]");
//设置签名域值
reqData["signature"] = strAfterSm3;
}
else
{
log.Error("Error signMethod [" + signMethod + "] in SignBySecureKey. ");
}
}
