public static void VerifySignature_SHA256() { using (RSA rsa = RSAFactory.Create()) { var formatter = new RSAPKCS1SignatureFormatter(rsa); var deformatter = new RSAPKCS1SignatureDeformatter(rsa); using (SHA256 alg = SHA256.Create()) { VerifySignature(formatter, deformatter, alg, "SHA256"); VerifySignature(formatter, deformatter, alg, "sha256"); } } }
public static void InvalidHashAlgorithm() { using (RSA rsa = RSAFactory.Create()) { var formatter = new RSAPKCS1SignatureFormatter(rsa); var deformatter = new RSAPKCS1SignatureDeformatter(rsa); // Exception is deferred until VerifySignature formatter.SetHashAlgorithm("INVALIDVALUE"); deformatter.SetHashAlgorithm("INVALIDVALUE"); using (SHA1 alg = SHA1.Create()) { Assert.Throws<CryptographicUnexpectedOperationException>(() => VerifySignature(formatter, deformatter, alg, "INVALIDVALUE")); } } }
/// <summary> /// Verifies a PKS1 signature of SHA1 digest /// </summary> /// <param name="xParam">Keys</param> /// <param name="xHash">Hash to sign</param> /// <param name="xSignature">Outputs the signature</param> /// <returns></returns> public static bool SignatureVerify(RSAParameters xParam, byte[] xHash, byte[] xSignature) { RSACryptoServiceProvider xRSACrypto = new RSACryptoServiceProvider(); RSAPKCS1SignatureDeformatter xRSASigDeformat = new RSAPKCS1SignatureDeformatter(); try { xRSACrypto.ImportParameters(xParam); } catch (Exception xerror) { throw xerror; } xRSASigDeformat.SetHashAlgorithm("SHA1"); xRSASigDeformat.SetKey(xRSACrypto); try { return xRSASigDeformat.VerifySignature(xHash, xSignature); } catch { throw CryptoExcepts.CryptoVeri; } }
public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key) { if (key == null) { throw new ArgumentNullException("key"); } RSAPKCS1SignatureDeformatter deformatter = new RSAPKCS1SignatureDeformatter(key); deformatter.SetHashAlgorithm("SHA256"); return deformatter; }
public static void VerifyKnownSignature() { byte[] hash = "012d161304fa0c6321221516415813022320620c".HexToByteArray(); byte[] sig; using (RSA key = RSAFactory.Create()) { key.ImportParameters(TestData.RSA1024Params); RSAPKCS1SignatureFormatter formatter = new RSAPKCS1SignatureFormatter(key); formatter.SetHashAlgorithm("SHA1"); sig = formatter.CreateSignature(hash); byte[] expectedSig = ("566390012605b1c4c01c3c2f91ce27d19476ab7131d9ee9cd1b811afb2be02ab6b498b862f0b2368ed6b09ccc9e0ec0d4f97a4f318f4f11" + "ae882a1131012dc35d2e0b810a38e05da71d291e88b306605c9d34815091641370bd7db7a87b115bd427fcb9993bc5ba2bd518745aef80c" + "a4557cfa1d827ff1610595d8eeb4c15073").HexToByteArray(); Assert.Equal(expectedSig, sig); } using (RSA key = RSAFactory.Create()) // Test against a different instance { key.ImportParameters(TestData.RSA1024Params); RSAPKCS1SignatureDeformatter deformatter = new RSAPKCS1SignatureDeformatter(key); deformatter.SetHashAlgorithm("SHA1"); bool verified = deformatter.VerifySignature(hash, sig); Assert.True(verified); sig[3] ^= 0xff; verified = deformatter.VerifySignature(hash, sig); Assert.False(verified); } }
/// <summary> /// Validates ID token /// </summary> /// <param name="idToken"></param> /// <returns></returns> public Task <bool> ValidateIDTokenAsync(String idToken) { IList <JsonWebKey> keys = DiscoveryDoc.KeySet.Keys; string mod = ""; string exponent = ""; if (keys != null) { foreach (var key in keys) { if (key.N != null) { mod = key.N; } if (key.N != null) { exponent = key.E; } } if (idToken != null) { string[] splitValues = idToken.Split('.'); if (splitValues[0] != null) { var headerJson = Encoding.UTF8.GetString(Base64Url.Decode(splitValues[0].ToString())); IdTokenHeader headerData = JsonConvert.DeserializeObject <IdTokenHeader>(headerJson); if (headerData.Kid == null) { return(Task.FromResult(false)); } if (headerData.Alg == null) { return(Task.FromResult(false)); } } if (splitValues[1] != null) { var payloadJson = Encoding.UTF8.GetString(Base64Url.Decode(splitValues[1].ToString())); IdTokenJWTClaimTypes payloadData = JsonConvert.DeserializeObject <IdTokenJWTClaimTypes>(payloadJson); if (payloadData.Aud != null) { if (payloadData.Aud[0].ToString() != ClientID) { return(Task.FromResult(false)); } } else { return(Task.FromResult(false)); } if (payloadData.Auth_time == null) { return(Task.FromResult(false)); } if (payloadData.Exp != null) { long expiration = Convert.ToInt64(payloadData.Exp); long currentEpochTime = EpochTimeExtensions.ToEpochTime(DateTime.UtcNow); if ((expiration - currentEpochTime) <= 0) { return(Task.FromResult(false)); } } if (payloadData.Iat == null) { return(Task.FromResult(false)); } if (payloadData.Iss != null) { if (payloadData.Iss.ToString() != DiscoveryDoc.Issuer) { return(Task.FromResult(false)); } } else { return(Task.FromResult(false)); } if (payloadData.Sub == null) { return(Task.FromResult(false)); } } RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.ImportParameters( new RSAParameters() { Modulus = Base64Url.Decode(mod), Exponent = Base64Url.Decode(exponent) }); SHA256 sha256 = SHA256.Create(); byte[] hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(splitValues[0] + '.' + splitValues[1])); RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa); rsaDeformatter.SetHashAlgorithm("SHA256"); if (rsaDeformatter.VerifySignature(hash, Base64Url.Decode(splitValues[2]))) { return(Task.FromResult(true)); } } } return(Task.FromResult(false)); }
public static bool TryValidateToken(string jwt, dynamic keys, out string errorMessage) { // works for AAD v1 and v2, but not for tokens generated for Graph. (DUH) // See: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/812 // See: https://stackoverflow.com/questions/45317152/invalid-signature-while-validating-azure-ad-access-token-but-id-token-works // possible fix? https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/815 // it uses HMACSHA256, not RSA256. if (string.IsNullOrEmpty(jwt)) { errorMessage = "Token is null or empty."; return(false); } var parts = jwt.Split(new char[] { '.' }); if (parts.Count() != 3) { errorMessage = "Token does not contain 3 parts."; return(false); } string header; string payload; byte[] crypto; try { header = parts[0]; payload = parts[1]; crypto = Base64Dec(parts[2]); } catch { errorMessage = "Invalid token."; return(false); } var bytesToSign = Encoding.UTF8.GetBytes($"{header}.{payload}"); dynamic deserializedHeader = JsonConvert.DeserializeObject(Base64Decode(header)); dynamic deserializedPayload = JsonConvert.DeserializeObject(Base64Decode(payload)); if (!string.IsNullOrEmpty((string)deserializedHeader.nonce)) { errorMessage = "Not supported for token issued for GRAPH (with a 'nonce' in the header)."; return(false); } // check iss: issuer if (UnixTimestampToUTC((int)deserializedPayload.nbf) > DateTime.UtcNow) { errorMessage = "Token is not yet valid."; return(false); } if (UnixTimestampToUTC((int)deserializedPayload.exp) < DateTime.UtcNow) { errorMessage = "Token has expired."; return(false); } var algorithm = (string)deserializedHeader.alg; var key = string.Empty; var exponent = string.Empty; var issuer = string.Empty; var kid = (string)deserializedHeader.kid; var x5t = (string)deserializedHeader.x5t; foreach (dynamic k in keys.keys) { if ((((string)k.kid == kid) || ((string)k.x5t == x5t)) && (string)k.use == "sig") { //key = (string)k.x5c[0]; key = (string)k.n; exponent = (string)k.e; issuer = (string)k.issuer; // quick fix for aad v1 endpoints; it doesnt expose issuer! if (string.IsNullOrEmpty(issuer)) { issuer = (string)deserializedPayload.iss; } //break; } } if (string.IsNullOrEmpty(key)) { errorMessage = "Could not find encryption key. (Not using x5c, using n.)"; return(false); } string issuerToCompare = (string)deserializedPayload.iss; // Quick fix for Azure AD issues! The issuer will not match the issuer from the metadata! if (issuerToCompare.StartsWith("https://sts.windows.net/") && issuer.StartsWith("https://login.microsoftonline.com/")) { issuerToCompare = issuerToCompare.Replace("https://sts.windows.net/", "https://login.microsoftonline.com/"); if (issuer.EndsWith("/v2.0")) { issuerToCompare += "v2.0"; } } if (issuer != issuerToCompare) { errorMessage = $"Issuer {issuerToCompare} does not match expected issuer {issuer}."; return(false); } var rsa = new RSACryptoServiceProvider(); rsa.ImportParameters( new RSAParameters() { Modulus = Base64Dec(key), Exponent = Base64Dec(exponent) }); RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa); HashAlgorithm sha; switch (algorithm.ToUpper()) { case "RS256": sha = SHA256.Create(); rsaDeformatter.SetHashAlgorithm("SHA256"); break; case "HS384": sha = SHA384.Create(); rsaDeformatter.SetHashAlgorithm("SHA348"); break; case "HS512": sha = SHA512.Create(); rsaDeformatter.SetHashAlgorithm("SHA512"); break; default: errorMessage = $"Unsupported encryption type '{algorithm}'."; return(false); } byte[] signature = sha.ComputeHash(bytesToSign); if (rsaDeformatter.VerifySignature(signature, crypto)) { errorMessage = string.Empty; return(true); } { errorMessage = "Invalid signature."; return(false); } }
public void SetNullKey() { RSAPKCS1SignatureDeformatter fmt = new RSAPKCS1SignatureDeformatter(); fmt.SetKey(null); }
/// <summary> /// Validate Id token obetained for OpenId flow /// </summary> /// <param name="id_token"></param> /// <returns></returns> private System.Threading.Tasks.Task <bool> isIdTokenValid(string id_token) { output("Making IsIdToken Valid Call."); string idToken = id_token; if (keys != null) { //Get mod and exponent value foreach (var key in keys) { if (key.N != null) { //Mod mod = key.N; } if (key.N != null) { //Exponent expo = key.E; } } //IdentityToken if (idToken != null) { //Split the identityToken to get Header and Payload string[] splitValues = idToken.Split('.'); if (splitValues[0] != null) { //Decode header var headerJson = Encoding.UTF8.GetString(Base64Url.Decode(splitValues[0].ToString())); //Deserilaize headerData IdTokenHeader headerData = JsonConvert.DeserializeObject <IdTokenHeader>(headerJson); //Verify if the key id of the key used to sign the payload is not null if (headerData.Kid == null) { return(System.Threading.Tasks.Task.FromResult(false)); } //Verify if the hashing alg used to sign the payload is not null if (headerData.Alg == null) { return(System.Threading.Tasks.Task.FromResult(false)); } } if (splitValues[1] != null) { //Decode payload var payloadJson = Encoding.UTF8.GetString(Base64Url.Decode(splitValues[1].ToString())); IdTokenJWTClaimTypes payloadData = JsonConvert.DeserializeObject <IdTokenJWTClaimTypes>(payloadJson); //Verify Aud matches ClientId if (payloadData.Aud != null) { if (payloadData.Aud[0].ToString() != clientID) { return(System.Threading.Tasks.Task.FromResult(false)); } } else { return(System.Threading.Tasks.Task.FromResult(false)); } //Verify Authtime matches the time the ID token was authorized. if (payloadData.Auth_time == null) { return(System.Threading.Tasks.Task.FromResult(false)); } //Verify exp matches the time the ID token expires, represented in Unix time (integer seconds). if (payloadData.Exp != null) { long expiration = Convert.ToInt64(payloadData.Exp); long currentEpochTime = EpochTimeExtensions.ToEpochTime(DateTime.UtcNow); //Verify the ID expiration time with what expiry time you have calculated and saved in your application //If they are equal then it means IdToken has expired if ((expiration - currentEpochTime) <= 0) { return(System.Threading.Tasks.Task.FromResult(false)); } } //Verify Iat matches the time the ID token was issued, represented in Unix time (integer seconds). if (payloadData.Iat == null) { return(System.Threading.Tasks.Task.FromResult(false)); } //verify Iss matches the issuer identifier for the issuer of the response. if (payloadData.Iss != null) { if (payloadData.Iss.ToString() != issuerUrl) { return(System.Threading.Tasks.Task.FromResult(false)); } } else { return(System.Threading.Tasks.Task.FromResult(false)); } //Verify sub. Sub is an identifier for the user, unique among all Intuit accounts and never reused. //An Intuit account can have multiple emails at different points in time, but the sub value is never changed. //Use sub within your application as the unique-identifier key for the user. if (payloadData.Sub == null) { return(System.Threading.Tasks.Task.FromResult(false)); } } //Use external lib to decode mod and expo value and generte hashes RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); //Read values of n and e from discovery document. rsa.ImportParameters( new RSAParameters() { //Read values from discovery document Modulus = Base64Url.Decode(mod), Exponent = Base64Url.Decode(expo) }); //Verify Siganture hash matches the signed concatenation of the encoded header and the encoded payload with the specified algorithm SHA256 sha256 = SHA256.Create(); byte[] hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(splitValues[0] + '.' + splitValues[1])); RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa); rsaDeformatter.SetHashAlgorithm("SHA256"); if (rsaDeformatter.VerifySignature(hash, Base64Url.Decode(splitValues[2]))) { //identityToken is valid return(System.Threading.Tasks.Task.FromResult(true)); } else { //identityToken is not valid return(System.Threading.Tasks.Task.FromResult(false)); } } else { //identityToken is not valid return(System.Threading.Tasks.Task.FromResult(false)); } } else { //Missing mod and expo values return(System.Threading.Tasks.Task.FromResult(false)); } }
public void DSAConstructor() { RSAPKCS1SignatureDeformatter fmt = new RSAPKCS1SignatureDeformatter(dsa); }
public void SetDSAKey() { RSAPKCS1SignatureDeformatter fmt = new RSAPKCS1SignatureDeformatter(); fmt.SetKey(dsa); }
public void RSAConstructor_Null() { RSAPKCS1SignatureDeformatter fmt = new RSAPKCS1SignatureDeformatter(null); }
//funksioni i VerifikoTokenin i cili merr ne hyrje tokenin dhe permes celesit publik e verifikon public bool VerifikoTokenin(string jwt, string publik, out string errorMessage) { string key = ""; string exponent = ""; XmlDocument document = new XmlDocument(); document.Load("C://keys/" + publik + ".pub.xml"); XmlNodeList list = document.GetElementsByTagName("Modulus"); for (int i = 0; i < list.Count; i++) { key = list[i].InnerXml; } XmlNodeList lista = document.GetElementsByTagName("Exponent"); for (int i = 0; i < list.Count; i++) { exponent = lista[i].InnerXml; } if (string.IsNullOrEmpty(jwt)) { errorMessage = " Token eshte empty apo null ."; return(false); } var jwtArray = jwt.Split('.'); if (string.IsNullOrEmpty(key)) { errorMessage = " Public Key eshte empty ose jovalid ."; return(false); } if (string.IsNullOrEmpty(exponent)) { errorMessage = " Public Key eshte empty ose jovalid ."; return(false); } try { string publicKey = (key.Length % 4 == 0 ? key : key + "====".Substring(key.Length % 4)) .Replace("_", "/").Replace("-", "+"); var publicKeyBytes = Convert.FromBase64String(publicKey); var jwtSignatureFixed = (jwtArray[2].Length % 4 == 0 ? jwtArray[2] : jwtArray[2] + "====".Substring(jwtArray[2].Length % 4)) .Replace("_", "/").Replace("-", "+"); var jwtSignatureBytes = Convert.FromBase64String(jwtSignatureFixed); RSACryptoServiceProvider ObjRSA = new RSACryptoServiceProvider(); ObjRSA.ImportParameters( new RSAParameters() { Modulus = publicKeyBytes, Exponent = Convert.FromBase64String(exponent) } ); SHA256 sha256 = SHA256.Create(); byte[] hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(jwtArray[0] + '.' + jwtArray[1])); RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(ObjRSA); rsaDeformatter.SetHashAlgorithm("SHA256"); if (!rsaDeformatter.VerifySignature(hash, jwtSignatureBytes)) { errorMessage = "Ka deshtuar verfikimi ."; return(false); } } catch (Exception ex) { errorMessage = "Error verifying JWT token signature: " + ex.Message; return(false); } errorMessage = string.Empty; return(true); }
protected void Page_Load(object sender, EventArgs e) { //人民币网关账号,该账号为11位人民币网关商户编号+01,该值与提交时相同。 string merchantAcctId = Request.QueryString["merchantAcctId"].ToString(); //网关版本,固定值:v2.0,该值与提交时相同。 string version = Request.QueryString["version"].ToString(); //语言种类,1代表中文显示,2代表英文显示。默认为1,该值与提交时相同。 string language = Request.QueryString["language"].ToString(); //签名类型,该值为4,代表PKI加密方式,该值与提交时相同。 string signType = Request.QueryString["signType"].ToString(); //支付方式,一般为00,代表所有的支付方式。如果是银行直连商户,该值为10,该值与提交时相同。 string payType = Request.QueryString["payType"].ToString(); //银行代码,如果payType为00,该值为空;如果payType为10,该值与提交时相同。 string bankId = Request.QueryString["bankId"].ToString(); //商户订单号,,该值与提交时相同。 string orderId = Request.QueryString["orderId"].ToString(); //订单提交时间,格式:yyyyMMddHHmmss,如:20071117020101,该值与提交时相同。 string orderTime = Request.QueryString["orderTime"].ToString(); //订单金额,金额以“分”为单位,商户测试以1分测试即可,切勿以大金额测试,该值与支付时相同。 string orderAmount = Request.QueryString["orderAmount"].ToString(); // 快钱交易号,商户每一笔交易都会在快钱生成一个交易号。 string dealId = Request.QueryString["dealId"].ToString(); //银行交易号 ,快钱交易在银行支付时对应的交易号,如果不是通过银行卡支付,则为空 string bankDealId = Request.QueryString["bankDealId"].ToString(); //快钱交易时间,快钱对交易进行处理的时间,格式:yyyyMMddHHmmss,如:20071117020101 string dealTime = Request.QueryString["dealTime"].ToString(); //商户实际支付金额 以分为单位。比方10元,提交时金额应为1000。该金额代表商户快钱账户最终收到的金额。 string payAmount = Request.QueryString["payAmount"].ToString(); //费用,快钱收取商户的手续费,单位为分。 string fee = Request.QueryString["fee"].ToString(); //扩展字段1,该值与提交时相同。 string ext1 = Request.QueryString["ext1"].ToString(); //扩展字段2,该值与提交时相同。 string ext2 = Request.QueryString["ext2"].ToString(); //处理结果, 10支付成功,11 支付失败,00订单申请成功,01 订单申请失败 string payResult = Request.QueryString["payResult"].ToString(); //错误代码 ,请参照《人民币网关接口文档》最后部分的详细解释。 string errCode = Request.QueryString["errCode"].ToString(); //签名字符串 string signMsg = Request.QueryString["signMsg"].ToString(); string signMsgVal = ""; signMsgVal = appendParam(signMsgVal, "merchantAcctId", merchantAcctId); signMsgVal = appendParam(signMsgVal, "version", version); signMsgVal = appendParam(signMsgVal, "language", language); signMsgVal = appendParam(signMsgVal, "signType", signType); signMsgVal = appendParam(signMsgVal, "payType", payType); signMsgVal = appendParam(signMsgVal, "bankId", bankId); signMsgVal = appendParam(signMsgVal, "orderId", orderId); signMsgVal = appendParam(signMsgVal, "orderTime", orderTime); signMsgVal = appendParam(signMsgVal, "orderAmount", orderAmount); signMsgVal = appendParam(signMsgVal, "dealId", dealId); signMsgVal = appendParam(signMsgVal, "bankDealId", bankDealId); signMsgVal = appendParam(signMsgVal, "dealTime", dealTime); signMsgVal = appendParam(signMsgVal, "payAmount", payAmount); signMsgVal = appendParam(signMsgVal, "fee", fee); signMsgVal = appendParam(signMsgVal, "ext1", ext1); signMsgVal = appendParam(signMsgVal, "ext2", ext2); signMsgVal = appendParam(signMsgVal, "payResult", payResult); signMsgVal = appendParam(signMsgVal, "errCode", errCode); ///UTF-8编码 GB2312编码 用户可以根据自己网站的编码格式来选择加密的编码方式 ///byte[] bytes = Encoding.GetEncoding("GB2312").GetBytes(signMsgVal); byte[] bytes = System.Text.Encoding.UTF8.GetBytes(signMsgVal); byte[] SignatureByte = Convert.FromBase64String(signMsg); X509Certificate2 cert = new X509Certificate2(Server.MapPath("99bill[1].cert.rsa.20140803.cer"), ""); RSACryptoServiceProvider rsapri = (RSACryptoServiceProvider)cert.PublicKey.Key; rsapri.ImportCspBlob(rsapri.ExportCspBlob(false)); RSAPKCS1SignatureDeformatter f = new RSAPKCS1SignatureDeformatter(rsapri); byte[] result; f.SetHashAlgorithm("SHA1"); SHA1CryptoServiceProvider sha = new SHA1CryptoServiceProvider(); result = sha.ComputeHash(bytes); if (f.VerifySignature(result, SignatureByte)) { //逻辑处理 写入数据库 if (payResult == "10") { //此处做商户逻辑处理 //以下是我们快钱设置的show页面,商户需要自己定义该页面。 Response.Write("<result>1</result>" + "<redirecturl>http://219.233.173.50:8804/dongjian/rmb/show.aspx?msg=success</redirecturl>"); } else { //以下是我们快钱设置的show页面,商户需要自己定义该页面。 Response.Write("<result>0</result>" + "<redirecturl>http://219.233.173.50:8804/dongjian/rmb/show.aspx?msg=false</redirecturl>"); } } else { Response.Write("signMsgVal=" + "(" + signMsgVal + ")"); Response.Write("</br>" + "signMsg =" + signMsg); Response.Write("</br>" + "错误"); Response.Write("<result>0</result>" + "<redirecturl>http://219.233.173.50:8804/dongjian/rmb/show.aspx?msg=error</redirecturl>"); } }
public static bool Validation(string idToken, string jwksJsonString) { // IDトークンはJWTなのでまず分解する。 JWTProperty jwtProperty = JWTDecode(idToken); var idtokenHeader = JObject.Parse(jwtProperty._header); var idtokenPayload = JObject.Parse(jwtProperty._payload); // jwksのJSONをパースする var json_jwks = JObject.Parse(jwksJsonString); var keys = json_jwks["keys"]; string modulus = string.Empty; string exponent = string.Empty; string alg = string.Empty; JArray a = JArray.Parse(keys.ToString()); foreach (JObject k in a.Children <JObject>()) { if (idtokenHeader["kid"].ToString() == k["kid"].ToString()) { modulus = k["n"].ToString(); exponent = k["e"].ToString(); alg = k["alg"].ToString(); } } bool b = false; RSAParameters publicKeyParams = new RSAParameters(); publicKeyParams.Modulus = DecodeBytes(modulus); publicKeyParams.Exponent = DecodeBytes(exponent); RSACryptoServiceProvider publicKey = new RSACryptoServiceProvider(); publicKey.ImportParameters(publicKeyParams); RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(publicKey); //署名の検証に使用するハッシュアルゴリズムを指定 string hashAlgorithm = string.Empty; string signstring = jwtProperty._toSignatureString; byte[] hashData = null; switch (alg) { case "RS256": hashAlgorithm = "SHA256"; SHA256 signer_sha256 = SHA256.Create(); hashData = signer_sha256.ComputeHash(Encoding.UTF8.GetBytes(signstring)); break; case "HS256": hashAlgorithm = "HMACSHA256"; HMAC signer_hsha256 = HMACSHA256.Create(); hashData = signer_hsha256.ComputeHash(Encoding.UTF8.GetBytes(signstring)); break; case "RS512": hashAlgorithm = "SHA512"; SHA512 signer_sha512 = SHA512.Create(); hashData = signer_sha512.ComputeHash(Encoding.UTF8.GetBytes(signstring)); break; } rsaDeformatter.SetHashAlgorithm(hashAlgorithm); //署名を検証し、結果を返す b = rsaDeformatter.VerifySignature(hashData, DecodeBytes(jwtProperty._signature)); return(b); }
protected void Page_Load(object sender, EventArgs e) { //人民币网关账号,该账号为11位人民币网关商户编号+01,该值与提交时相同。 string merchantAcctId = Request.QueryString["merchantAcctId"].ToString(); //网关版本,固定值:v2.0,该值与提交时相同。 string version = Request.QueryString["version"].ToString(); //语言种类,1代表中文显示,2代表英文显示。默认为1,该值与提交时相同。 string language = Request.QueryString["language"].ToString(); //签名类型,该值为4,代表PKI加密方式,该值与提交时相同。 string signType = Request.QueryString["signType"].ToString(); //支付方式,一般为00,代表所有的支付方式。如果是银行直连商户,该值为10,该值与提交时相同。 string payType = Request.QueryString["payType"].ToString(); //银行代码,如果payType为00,该值为空;如果payType为10,该值与提交时相同。 string bankId = Request.QueryString["bankId"].ToString(); //商户订单号,,该值与提交时相同。 string orderId = Request.QueryString["orderId"].ToString(); //订单提交时间,格式:yyyyMMddHHmmss,如:20071117020101,该值与提交时相同。 string orderTime = Request.QueryString["orderTime"].ToString(); //订单金额,金额以“分”为单位,商户测试以1分测试即可,切勿以大金额测试,该值与支付时相同。 string orderAmount = Request.QueryString["orderAmount"].ToString(); // 快钱交易号,商户每一笔交易都会在快钱生成一个交易号。 string dealId = Request.QueryString["dealId"].ToString(); //银行交易号 ,快钱交易在银行支付时对应的交易号,如果不是通过银行卡支付,则为空 string bankDealId = Request.QueryString["bankDealId"].ToString(); //快钱交易时间,快钱对交易进行处理的时间,格式:yyyyMMddHHmmss,如:20071117020101 string dealTime = Request.QueryString["dealTime"].ToString(); //商户实际支付金额 以分为单位。比方10元,提交时金额应为1000。该金额代表商户快钱账户最终收到的金额。 string payAmount = Request.QueryString["payAmount"].ToString(); //费用,快钱收取商户的手续费,单位为分。 string fee = Request.QueryString["fee"].ToString(); //扩展字段1,该值与提交时相同。 string ext1 = Request.QueryString["ext1"].ToString(); //扩展字段2,该值与提交时相同。 string ext2 = Request.QueryString["ext2"].ToString(); //处理结果, 10支付成功,11 支付失败,00订单申请成功,01 订单申请失败 string payResult = Request.QueryString["payResult"].ToString(); //错误代码 ,请参照《人民币网关接口文档》最后部分的详细解释。 string errCode = Request.QueryString["errCode"].ToString(); //签名字符串 string signMsg = Request.QueryString["signMsg"].ToString(); string signMsgVal = ""; signMsgVal = appendParam(signMsgVal, "merchantAcctId", merchantAcctId); signMsgVal = appendParam(signMsgVal, "version", version); signMsgVal = appendParam(signMsgVal, "language", language); signMsgVal = appendParam(signMsgVal, "signType", signType); signMsgVal = appendParam(signMsgVal, "payType", payType); signMsgVal = appendParam(signMsgVal, "bankId", bankId); signMsgVal = appendParam(signMsgVal, "orderId", orderId); signMsgVal = appendParam(signMsgVal, "orderTime", orderTime); signMsgVal = appendParam(signMsgVal, "orderAmount", orderAmount); signMsgVal = appendParam(signMsgVal, "dealId", dealId); signMsgVal = appendParam(signMsgVal, "bankDealId", bankDealId); signMsgVal = appendParam(signMsgVal, "dealTime", dealTime); signMsgVal = appendParam(signMsgVal, "payAmount", payAmount); signMsgVal = appendParam(signMsgVal, "fee", fee); signMsgVal = appendParam(signMsgVal, "ext1", ext1); signMsgVal = appendParam(signMsgVal, "ext2", ext2); signMsgVal = appendParam(signMsgVal, "payResult", payResult); signMsgVal = appendParam(signMsgVal, "errCode", errCode); ///UTF-8编码 GB2312编码 用户可以根据自己网站的编码格式来选择加密的编码方式 ///byte[] bytes = Encoding.GetEncoding("GB2312").GetBytes(signMsgVal); byte[] bytes = System.Text.Encoding.UTF8.GetBytes(signMsgVal); byte[] SignatureByte = Convert.FromBase64String(signMsg); X509Certificate2 cert = new X509Certificate2(Server.MapPath("99bill.cert.rsa.20140728.cer"), ""); //X509Certificate2 cert = new X509Certificate2(Server.MapPath("99bill[1].cert.rsa.20140803.cer"), ""); //X509Certificate2 cert = new X509Certificate2(Server.MapPath("99bill.cert.rsa.20340630.cer"), ""); RSACryptoServiceProvider rsapri = (RSACryptoServiceProvider)cert.PublicKey.Key; rsapri.ImportCspBlob(rsapri.ExportCspBlob(false)); RSAPKCS1SignatureDeformatter f = new RSAPKCS1SignatureDeformatter(rsapri); byte[] result; f.SetHashAlgorithm("SHA1"); SHA1CryptoServiceProvider sha = new SHA1CryptoServiceProvider(); result = sha.ComputeHash(bytes); if (f.VerifySignature(result, SignatureByte)) { string rurl = string.Empty; var YuMingInfo = EyouSoft.Security.Membership.YlHuiYuanProvider.GetYuMingInfo(); rurl = "http://" + YuMingInfo.YuMing; //逻辑处理 写入数据库 if (payResult == "10") { //此处做商户逻辑处理 var info = new EyouSoft.Model.YlStructure.MZaiXianZhiFuInfo(); //在线支付实体 var onlinepay = new EyouSoft.BLL.YlStructure.BZaiXianZhiFu(); //在线支付BLL info.DingDanId = ext1; //订单ID info.DingDanLeiXing = (EyouSoft.Model.EnumType.YlStructure.DingDanLeiXing)Convert.ToInt32(ext2); //订单类型 bool ispay = onlinepay.IsZhiFu(info.DingDanId, info.DingDanLeiXing); //获取订单支付状态(成功/失败) if (info.DingDanLeiXing == EyouSoft.Model.EnumType.YlStructure.DingDanLeiXing.航期订单) { var dingdaninfo = new EyouSoft.BLL.YlStructure.BHangQiDingDan().GetDingDanInfo(info.DingDanId); if (dingdaninfo != null) { rurl += "/hangqi/dingdanxx.aspx?dingdanid=" + info.DingDanId + "&dingdanleixing=" + (int)info.DingDanLeiXing + "&token=" + dingdaninfo.XiaDanRenId; } } else if (info.DingDanLeiXing == EyouSoft.Model.EnumType.YlStructure.DingDanLeiXing.兑换订单) { var dingdaninfo = new EyouSoft.BLL.YlStructure.BDuiHuan().GetJiFenDingDanInfo(info.DingDanId); rurl += "/hangqi/JiFenDingDanXX.aspx?dingdanid=" + info.DingDanId + "&dingdanleixing=" + (int)info.DingDanLeiXing + "&token=" + dingdaninfo.XiaDanRenId; } if (!ispay) { info.JiaoYiHao = orderId; //流水号 info.ApiJiaoYiHao = dealId; //支付流水号 info.JinE = Utils.GetDecimal(orderAmount) / 100M; //支付金额 info.ZhiFuFangShi = EyouSoft.Model.EnumType.YlStructure.ZaiXianZhiFuFangShi.Bill99; //支付方式 info.IsZhiFu = true; //是否已支付 info.ZhiFuTime = DateTime.Now; //支付时间 int bllRetCode = onlinepay.Insert(info); //添加支付记录 if (bllRetCode == 1) { //实现其它操作处理 switch (info.DingDanLeiXing) { case EyouSoft.Model.EnumType.YlStructure.DingDanLeiXing.兑换订单: HandlerJiFenDingDan(info.DingDanId); break; case EyouSoft.Model.EnumType.YlStructure.DingDanLeiXing.航期订单: HandlerHangQiDingDan(info.DingDanId); break; } } } //以下是我们快钱设置的show页面,商户需要自己定义该页面。 Response.Write("<result>1</result>" + "<redirecturl>" + rurl + "</redirecturl>"); } else { //以下是我们快钱设置的show页面,商户需要自己定义该页面。 Response.Write("<result>1</result>" + "<redirecturl>" + rurl + "</redirecturl>"); //Response.Write("signMsgVal=" + "(" + signMsgVal + ")"); //Response.Write("</br>" + "signMsg =" + signMsg); //Response.Write("</br>" + "错误"); } } else { Response.Write("signMsgVal=" + "(" + signMsgVal + ")"); Response.Write("</br>" + "signMsg =" + signMsg); Response.Write("</br>" + "错误"); } }