public static void VerifySignature_SHA256()
{
using (RSA rsa = RSAFactory.Create())
{
var formatter = new RSAPKCS1SignatureFormatter(rsa);
var deformatter = new RSAPKCS1SignatureDeformatter(rsa);
using (SHA256 alg = SHA256.Create())
{
VerifySignature(formatter, deformatter, alg, "SHA256");
VerifySignature(formatter, deformatter, alg, "sha256");
}
}
}
public static void InvalidHashAlgorithm()
{
using (RSA rsa = RSAFactory.Create())
{
var formatter = new RSAPKCS1SignatureFormatter(rsa);
var deformatter = new RSAPKCS1SignatureDeformatter(rsa);
// Exception is deferred until VerifySignature
formatter.SetHashAlgorithm("INVALIDVALUE");
deformatter.SetHashAlgorithm("INVALIDVALUE");
using (SHA1 alg = SHA1.Create())
{
Assert.Throws<CryptographicUnexpectedOperationException>(() =>
VerifySignature(formatter, deformatter, alg, "INVALIDVALUE"));
}
}
}
/// <summary>
/// Verifies a PKS1 signature of SHA1 digest
/// </summary>
/// <param name="xParam">Keys</param>
/// <param name="xHash">Hash to sign</param>
/// <param name="xSignature">Outputs the signature</param>
/// <returns></returns>
public static bool SignatureVerify(RSAParameters xParam, byte[] xHash, byte[] xSignature)
{
RSACryptoServiceProvider xRSACrypto = new RSACryptoServiceProvider();
RSAPKCS1SignatureDeformatter xRSASigDeformat = new RSAPKCS1SignatureDeformatter();
try { xRSACrypto.ImportParameters(xParam); }
catch (Exception xerror) { throw xerror; }
xRSASigDeformat.SetHashAlgorithm("SHA1");
xRSASigDeformat.SetKey(xRSACrypto);
try { return xRSASigDeformat.VerifySignature(xHash, xSignature); }
catch { throw CryptoExcepts.CryptoVeri; }
}
public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
{
if (key == null)
{
throw new ArgumentNullException("key");
}
RSAPKCS1SignatureDeformatter deformatter = new RSAPKCS1SignatureDeformatter(key);
deformatter.SetHashAlgorithm("SHA256");
return deformatter;
}
public static void VerifyKnownSignature()
{
byte[] hash = "012d161304fa0c6321221516415813022320620c".HexToByteArray();
byte[] sig;
using (RSA key = RSAFactory.Create())
{
key.ImportParameters(TestData.RSA1024Params);
RSAPKCS1SignatureFormatter formatter = new RSAPKCS1SignatureFormatter(key);
formatter.SetHashAlgorithm("SHA1");
sig = formatter.CreateSignature(hash);
byte[] expectedSig =
("566390012605b1c4c01c3c2f91ce27d19476ab7131d9ee9cd1b811afb2be02ab6b498b862f0b2368ed6b09ccc9e0ec0d4f97a4f318f4f11" +
"ae882a1131012dc35d2e0b810a38e05da71d291e88b306605c9d34815091641370bd7db7a87b115bd427fcb9993bc5ba2bd518745aef80c" +
"a4557cfa1d827ff1610595d8eeb4c15073").HexToByteArray();
Assert.Equal(expectedSig, sig);
}
using (RSA key = RSAFactory.Create()) // Test against a different instance
{
key.ImportParameters(TestData.RSA1024Params);
RSAPKCS1SignatureDeformatter deformatter = new RSAPKCS1SignatureDeformatter(key);
deformatter.SetHashAlgorithm("SHA1");
bool verified = deformatter.VerifySignature(hash, sig);
Assert.True(verified);
sig[3] ^= 0xff;
verified = deformatter.VerifySignature(hash, sig);
Assert.False(verified);
}
}
/// <summary>
/// Validates ID token
/// </summary>
/// <param name="idToken"></param>
/// <returns></returns>
public Task <bool> ValidateIDTokenAsync(String idToken)
{
IList <JsonWebKey> keys = DiscoveryDoc.KeySet.Keys;
string mod = "";
string exponent = "";
if (keys != null)
{
foreach (var key in keys)
{
if (key.N != null)
{
mod = key.N;
}
if (key.N != null)
{
exponent = key.E;
}
}
if (idToken != null)
{
string[] splitValues = idToken.Split('.');
if (splitValues[0] != null)
{
var headerJson = Encoding.UTF8.GetString(Base64Url.Decode(splitValues[0].ToString()));
IdTokenHeader headerData = JsonConvert.DeserializeObject <IdTokenHeader>(headerJson);
if (headerData.Kid == null)
{
return(Task.FromResult(false));
}
if (headerData.Alg == null)
{
return(Task.FromResult(false));
}
}
if (splitValues[1] != null)
{
var payloadJson = Encoding.UTF8.GetString(Base64Url.Decode(splitValues[1].ToString()));
IdTokenJWTClaimTypes payloadData = JsonConvert.DeserializeObject <IdTokenJWTClaimTypes>(payloadJson);
if (payloadData.Aud != null)
{
if (payloadData.Aud[0].ToString() != ClientID)
{
return(Task.FromResult(false));
}
}
else
{
return(Task.FromResult(false));
}
if (payloadData.Auth_time == null)
{
return(Task.FromResult(false));
}
if (payloadData.Exp != null)
{
long expiration = Convert.ToInt64(payloadData.Exp);
long currentEpochTime = EpochTimeExtensions.ToEpochTime(DateTime.UtcNow);
if ((expiration - currentEpochTime) <= 0)
{
return(Task.FromResult(false));
}
}
if (payloadData.Iat == null)
{
return(Task.FromResult(false));
}
if (payloadData.Iss != null)
{
if (payloadData.Iss.ToString() != DiscoveryDoc.Issuer)
{
return(Task.FromResult(false));
}
}
else
{
return(Task.FromResult(false));
}
if (payloadData.Sub == null)
{
return(Task.FromResult(false));
}
}
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(
new RSAParameters()
{
Modulus = Base64Url.Decode(mod),
Exponent = Base64Url.Decode(exponent)
});
SHA256 sha256 = SHA256.Create();
byte[] hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(splitValues[0] + '.' + splitValues[1]));
RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
rsaDeformatter.SetHashAlgorithm("SHA256");
if (rsaDeformatter.VerifySignature(hash, Base64Url.Decode(splitValues[2])))
{
return(Task.FromResult(true));
}
}
}
return(Task.FromResult(false));
}
public static bool TryValidateToken(string jwt, dynamic keys, out string errorMessage)
{
// works for AAD v1 and v2, but not for tokens generated for Graph. (DUH)
// See: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/812
// See: https://stackoverflow.com/questions/45317152/invalid-signature-while-validating-azure-ad-access-token-but-id-token-works
// possible fix? https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/815
// it uses HMACSHA256, not RSA256.
if (string.IsNullOrEmpty(jwt))
{
errorMessage = "Token is null or empty.";
return(false);
}
var parts = jwt.Split(new char[] { '.' });
if (parts.Count() != 3)
{
errorMessage = "Token does not contain 3 parts.";
return(false);
}
string header;
string payload;
byte[] crypto;
try
{
header = parts[0];
payload = parts[1];
crypto = Base64Dec(parts[2]);
}
catch
{
errorMessage = "Invalid token.";
return(false);
}
var bytesToSign = Encoding.UTF8.GetBytes($"{header}.{payload}");
dynamic deserializedHeader = JsonConvert.DeserializeObject(Base64Decode(header));
dynamic deserializedPayload = JsonConvert.DeserializeObject(Base64Decode(payload));
if (!string.IsNullOrEmpty((string)deserializedHeader.nonce))
{
errorMessage = "Not supported for token issued for GRAPH (with a 'nonce' in the header).";
return(false);
}
// check iss: issuer
if (UnixTimestampToUTC((int)deserializedPayload.nbf) > DateTime.UtcNow)
{
errorMessage = "Token is not yet valid.";
return(false);
}
if (UnixTimestampToUTC((int)deserializedPayload.exp) < DateTime.UtcNow)
{
errorMessage = "Token has expired.";
return(false);
}
var algorithm = (string)deserializedHeader.alg;
var key = string.Empty;
var exponent = string.Empty;
var issuer = string.Empty;
var kid = (string)deserializedHeader.kid;
var x5t = (string)deserializedHeader.x5t;
foreach (dynamic k in keys.keys)
{
if ((((string)k.kid == kid) || ((string)k.x5t == x5t)) && (string)k.use == "sig")
{
//key = (string)k.x5c[0];
key = (string)k.n;
exponent = (string)k.e;
issuer = (string)k.issuer;
// quick fix for aad v1 endpoints; it doesnt expose issuer!
if (string.IsNullOrEmpty(issuer))
{
issuer = (string)deserializedPayload.iss;
}
//break;
}
}
if (string.IsNullOrEmpty(key))
{
errorMessage = "Could not find encryption key. (Not using x5c, using n.)";
return(false);
}
string issuerToCompare = (string)deserializedPayload.iss;
// Quick fix for Azure AD issues! The issuer will not match the issuer from the metadata!
if (issuerToCompare.StartsWith("https://sts.windows.net/") && issuer.StartsWith("https://login.microsoftonline.com/"))
{
issuerToCompare = issuerToCompare.Replace("https://sts.windows.net/", "https://login.microsoftonline.com/");
if (issuer.EndsWith("/v2.0"))
{
issuerToCompare += "v2.0";
}
}
if (issuer != issuerToCompare)
{
errorMessage = $"Issuer {issuerToCompare} does not match expected issuer {issuer}.";
return(false);
}
var rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(
new RSAParameters()
{
Modulus = Base64Dec(key),
Exponent = Base64Dec(exponent)
});
RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
HashAlgorithm sha;
switch (algorithm.ToUpper())
{
case "RS256":
sha = SHA256.Create();
rsaDeformatter.SetHashAlgorithm("SHA256");
break;
case "HS384":
sha = SHA384.Create();
rsaDeformatter.SetHashAlgorithm("SHA348");
break;
case "HS512":
sha = SHA512.Create();
rsaDeformatter.SetHashAlgorithm("SHA512");
break;
default:
errorMessage = $"Unsupported encryption type '{algorithm}'.";
return(false);
}
byte[] signature = sha.ComputeHash(bytesToSign);
if (rsaDeformatter.VerifySignature(signature, crypto))
{
errorMessage = string.Empty;
return(true);
}
{
errorMessage = "Invalid signature.";
return(false);
}
}
public void SetNullKey()
{
RSAPKCS1SignatureDeformatter fmt = new RSAPKCS1SignatureDeformatter();
fmt.SetKey(null);
}
/// <summary>
/// Validate Id token obetained for OpenId flow
/// </summary>
/// <param name="id_token"></param>
/// <returns></returns>
private System.Threading.Tasks.Task <bool> isIdTokenValid(string id_token)
{
output("Making IsIdToken Valid Call.");
string idToken = id_token;
if (keys != null)
{
//Get mod and exponent value
foreach (var key in keys)
{
if (key.N != null)
{
//Mod
mod = key.N;
}
if (key.N != null)
{
//Exponent
expo = key.E;
}
}
//IdentityToken
if (idToken != null)
{
//Split the identityToken to get Header and Payload
string[] splitValues = idToken.Split('.');
if (splitValues[0] != null)
{
//Decode header
var headerJson = Encoding.UTF8.GetString(Base64Url.Decode(splitValues[0].ToString()));
//Deserilaize headerData
IdTokenHeader headerData = JsonConvert.DeserializeObject <IdTokenHeader>(headerJson);
//Verify if the key id of the key used to sign the payload is not null
if (headerData.Kid == null)
{
return(System.Threading.Tasks.Task.FromResult(false));
}
//Verify if the hashing alg used to sign the payload is not null
if (headerData.Alg == null)
{
return(System.Threading.Tasks.Task.FromResult(false));
}
}
if (splitValues[1] != null)
{
//Decode payload
var payloadJson = Encoding.UTF8.GetString(Base64Url.Decode(splitValues[1].ToString()));
IdTokenJWTClaimTypes payloadData = JsonConvert.DeserializeObject <IdTokenJWTClaimTypes>(payloadJson);
//Verify Aud matches ClientId
if (payloadData.Aud != null)
{
if (payloadData.Aud[0].ToString() != clientID)
{
return(System.Threading.Tasks.Task.FromResult(false));
}
}
else
{
return(System.Threading.Tasks.Task.FromResult(false));
}
//Verify Authtime matches the time the ID token was authorized.
if (payloadData.Auth_time == null)
{
return(System.Threading.Tasks.Task.FromResult(false));
}
//Verify exp matches the time the ID token expires, represented in Unix time (integer seconds).
if (payloadData.Exp != null)
{
long expiration = Convert.ToInt64(payloadData.Exp);
long currentEpochTime = EpochTimeExtensions.ToEpochTime(DateTime.UtcNow);
//Verify the ID expiration time with what expiry time you have calculated and saved in your application
//If they are equal then it means IdToken has expired
if ((expiration - currentEpochTime) <= 0)
{
return(System.Threading.Tasks.Task.FromResult(false));
}
}
//Verify Iat matches the time the ID token was issued, represented in Unix time (integer seconds).
if (payloadData.Iat == null)
{
return(System.Threading.Tasks.Task.FromResult(false));
}
//verify Iss matches the issuer identifier for the issuer of the response.
if (payloadData.Iss != null)
{
if (payloadData.Iss.ToString() != issuerUrl)
{
return(System.Threading.Tasks.Task.FromResult(false));
}
}
else
{
return(System.Threading.Tasks.Task.FromResult(false));
}
//Verify sub. Sub is an identifier for the user, unique among all Intuit accounts and never reused.
//An Intuit account can have multiple emails at different points in time, but the sub value is never changed.
//Use sub within your application as the unique-identifier key for the user.
if (payloadData.Sub == null)
{
return(System.Threading.Tasks.Task.FromResult(false));
}
}
//Use external lib to decode mod and expo value and generte hashes
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
//Read values of n and e from discovery document.
rsa.ImportParameters(
new RSAParameters()
{
//Read values from discovery document
Modulus = Base64Url.Decode(mod),
Exponent = Base64Url.Decode(expo)
});
//Verify Siganture hash matches the signed concatenation of the encoded header and the encoded payload with the specified algorithm
SHA256 sha256 = SHA256.Create();
byte[] hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(splitValues[0] + '.' + splitValues[1]));
RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
rsaDeformatter.SetHashAlgorithm("SHA256");
if (rsaDeformatter.VerifySignature(hash, Base64Url.Decode(splitValues[2])))
{
//identityToken is valid
return(System.Threading.Tasks.Task.FromResult(true));
}
else
{
//identityToken is not valid
return(System.Threading.Tasks.Task.FromResult(false));
}
}
else
{
//identityToken is not valid
return(System.Threading.Tasks.Task.FromResult(false));
}
}
else
{
//Missing mod and expo values
return(System.Threading.Tasks.Task.FromResult(false));
}
}
public void DSAConstructor()
{
RSAPKCS1SignatureDeformatter fmt = new RSAPKCS1SignatureDeformatter(dsa);
}
public void SetDSAKey()
{
RSAPKCS1SignatureDeformatter fmt = new RSAPKCS1SignatureDeformatter();
fmt.SetKey(dsa);
}
public void RSAConstructor_Null()
{
RSAPKCS1SignatureDeformatter fmt = new RSAPKCS1SignatureDeformatter(null);
}
//funksioni i VerifikoTokenin i cili merr ne hyrje tokenin dhe permes celesit publik e verifikon
public bool VerifikoTokenin(string jwt, string publik, out string errorMessage)
{
string key = "";
string exponent = "";
XmlDocument document = new XmlDocument();
document.Load("C://keys/" + publik + ".pub.xml");
XmlNodeList list = document.GetElementsByTagName("Modulus");
for (int i = 0; i < list.Count; i++)
{
key = list[i].InnerXml;
}
XmlNodeList lista = document.GetElementsByTagName("Exponent");
for (int i = 0; i < list.Count; i++)
{
exponent = lista[i].InnerXml;
}
if (string.IsNullOrEmpty(jwt))
{
errorMessage = " Token eshte empty apo null .";
return(false);
}
var jwtArray = jwt.Split('.');
if (string.IsNullOrEmpty(key))
{
errorMessage = " Public Key eshte empty ose jovalid .";
return(false);
}
if (string.IsNullOrEmpty(exponent))
{
errorMessage = " Public Key eshte empty ose jovalid .";
return(false);
}
try
{
string publicKey =
(key.Length % 4 == 0 ? key : key + "====".Substring(key.Length % 4))
.Replace("_", "/").Replace("-", "+");
var publicKeyBytes = Convert.FromBase64String(publicKey);
var jwtSignatureFixed =
(jwtArray[2].Length % 4 == 0 ? jwtArray[2] : jwtArray[2] + "====".Substring(jwtArray[2].Length % 4))
.Replace("_", "/").Replace("-", "+");
var jwtSignatureBytes = Convert.FromBase64String(jwtSignatureFixed);
RSACryptoServiceProvider ObjRSA = new RSACryptoServiceProvider();
ObjRSA.ImportParameters(
new RSAParameters()
{
Modulus = publicKeyBytes,
Exponent = Convert.FromBase64String(exponent)
}
);
SHA256 sha256 = SHA256.Create();
byte[] hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(jwtArray[0] + '.' + jwtArray[1]));
RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(ObjRSA);
rsaDeformatter.SetHashAlgorithm("SHA256");
if (!rsaDeformatter.VerifySignature(hash, jwtSignatureBytes))
{
errorMessage = "Ka deshtuar verfikimi .";
return(false);
}
}
catch (Exception ex)
{
errorMessage = "Error verifying JWT token signature: " + ex.Message;
return(false);
}
errorMessage = string.Empty;
return(true);
}
protected void Page_Load(object sender, EventArgs e)
{
//人民币网关账号,该账号为11位人民币网关商户编号+01,该值与提交时相同。
string merchantAcctId = Request.QueryString["merchantAcctId"].ToString();
//网关版本,固定值:v2.0,该值与提交时相同。
string version = Request.QueryString["version"].ToString();
//语言种类,1代表中文显示,2代表英文显示。默认为1,该值与提交时相同。
string language = Request.QueryString["language"].ToString();
//签名类型,该值为4,代表PKI加密方式,该值与提交时相同。
string signType = Request.QueryString["signType"].ToString();
//支付方式,一般为00,代表所有的支付方式。如果是银行直连商户,该值为10,该值与提交时相同。
string payType = Request.QueryString["payType"].ToString();
//银行代码,如果payType为00,该值为空;如果payType为10,该值与提交时相同。
string bankId = Request.QueryString["bankId"].ToString();
//商户订单号,,该值与提交时相同。
string orderId = Request.QueryString["orderId"].ToString();
//订单提交时间,格式:yyyyMMddHHmmss,如:20071117020101,该值与提交时相同。
string orderTime = Request.QueryString["orderTime"].ToString();
//订单金额,金额以“分”为单位,商户测试以1分测试即可,切勿以大金额测试,该值与支付时相同。
string orderAmount = Request.QueryString["orderAmount"].ToString();
// 快钱交易号,商户每一笔交易都会在快钱生成一个交易号。
string dealId = Request.QueryString["dealId"].ToString();
//银行交易号 ,快钱交易在银行支付时对应的交易号,如果不是通过银行卡支付,则为空
string bankDealId = Request.QueryString["bankDealId"].ToString();
//快钱交易时间,快钱对交易进行处理的时间,格式:yyyyMMddHHmmss,如:20071117020101
string dealTime = Request.QueryString["dealTime"].ToString();
//商户实际支付金额 以分为单位。比方10元,提交时金额应为1000。该金额代表商户快钱账户最终收到的金额。
string payAmount = Request.QueryString["payAmount"].ToString();
//费用,快钱收取商户的手续费,单位为分。
string fee = Request.QueryString["fee"].ToString();
//扩展字段1,该值与提交时相同。
string ext1 = Request.QueryString["ext1"].ToString();
//扩展字段2,该值与提交时相同。
string ext2 = Request.QueryString["ext2"].ToString();
//处理结果, 10支付成功,11 支付失败,00订单申请成功,01 订单申请失败
string payResult = Request.QueryString["payResult"].ToString();
//错误代码 ,请参照《人民币网关接口文档》最后部分的详细解释。
string errCode = Request.QueryString["errCode"].ToString();
//签名字符串
string signMsg = Request.QueryString["signMsg"].ToString();
string signMsgVal = "";
signMsgVal = appendParam(signMsgVal, "merchantAcctId", merchantAcctId);
signMsgVal = appendParam(signMsgVal, "version", version);
signMsgVal = appendParam(signMsgVal, "language", language);
signMsgVal = appendParam(signMsgVal, "signType", signType);
signMsgVal = appendParam(signMsgVal, "payType", payType);
signMsgVal = appendParam(signMsgVal, "bankId", bankId);
signMsgVal = appendParam(signMsgVal, "orderId", orderId);
signMsgVal = appendParam(signMsgVal, "orderTime", orderTime);
signMsgVal = appendParam(signMsgVal, "orderAmount", orderAmount);
signMsgVal = appendParam(signMsgVal, "dealId", dealId);
signMsgVal = appendParam(signMsgVal, "bankDealId", bankDealId);
signMsgVal = appendParam(signMsgVal, "dealTime", dealTime);
signMsgVal = appendParam(signMsgVal, "payAmount", payAmount);
signMsgVal = appendParam(signMsgVal, "fee", fee);
signMsgVal = appendParam(signMsgVal, "ext1", ext1);
signMsgVal = appendParam(signMsgVal, "ext2", ext2);
signMsgVal = appendParam(signMsgVal, "payResult", payResult);
signMsgVal = appendParam(signMsgVal, "errCode", errCode);
///UTF-8编码 GB2312编码 用户可以根据自己网站的编码格式来选择加密的编码方式
///byte[] bytes = Encoding.GetEncoding("GB2312").GetBytes(signMsgVal);
byte[] bytes = System.Text.Encoding.UTF8.GetBytes(signMsgVal);
byte[] SignatureByte = Convert.FromBase64String(signMsg);
X509Certificate2 cert = new X509Certificate2(Server.MapPath("99bill[1].cert.rsa.20140803.cer"), "");
RSACryptoServiceProvider rsapri = (RSACryptoServiceProvider)cert.PublicKey.Key;
rsapri.ImportCspBlob(rsapri.ExportCspBlob(false));
RSAPKCS1SignatureDeformatter f = new RSAPKCS1SignatureDeformatter(rsapri);
byte[] result;
f.SetHashAlgorithm("SHA1");
SHA1CryptoServiceProvider sha = new SHA1CryptoServiceProvider();
result = sha.ComputeHash(bytes);
if (f.VerifySignature(result, SignatureByte))
{
//逻辑处理 写入数据库
if (payResult == "10")
{
//此处做商户逻辑处理
//以下是我们快钱设置的show页面,商户需要自己定义该页面。
Response.Write("<result>1</result>" + "<redirecturl>http://219.233.173.50:8804/dongjian/rmb/show.aspx?msg=success</redirecturl>");
}
else
{
//以下是我们快钱设置的show页面,商户需要自己定义该页面。
Response.Write("<result>0</result>" + "<redirecturl>http://219.233.173.50:8804/dongjian/rmb/show.aspx?msg=false</redirecturl>");
}
}
else
{
Response.Write("signMsgVal=" + "(" + signMsgVal + ")");
Response.Write("</br>" + "signMsg =" + signMsg);
Response.Write("</br>" + "错误");
Response.Write("<result>0</result>" + "<redirecturl>http://219.233.173.50:8804/dongjian/rmb/show.aspx?msg=error</redirecturl>");
}
}
public static bool Validation(string idToken, string jwksJsonString)
{
// IDトークンはJWTなのでまず分解する。
JWTProperty jwtProperty = JWTDecode(idToken);
var idtokenHeader = JObject.Parse(jwtProperty._header);
var idtokenPayload = JObject.Parse(jwtProperty._payload);
// jwksのJSONをパースする
var json_jwks = JObject.Parse(jwksJsonString);
var keys = json_jwks["keys"];
string modulus = string.Empty;
string exponent = string.Empty;
string alg = string.Empty;
JArray a = JArray.Parse(keys.ToString());
foreach (JObject k in a.Children <JObject>())
{
if (idtokenHeader["kid"].ToString() == k["kid"].ToString())
{
modulus = k["n"].ToString();
exponent = k["e"].ToString();
alg = k["alg"].ToString();
}
}
bool b = false;
RSAParameters publicKeyParams = new RSAParameters();
publicKeyParams.Modulus = DecodeBytes(modulus);
publicKeyParams.Exponent = DecodeBytes(exponent);
RSACryptoServiceProvider publicKey = new RSACryptoServiceProvider();
publicKey.ImportParameters(publicKeyParams);
RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(publicKey);
//署名の検証に使用するハッシュアルゴリズムを指定
string hashAlgorithm = string.Empty;
string signstring = jwtProperty._toSignatureString;
byte[] hashData = null;
switch (alg)
{
case "RS256":
hashAlgorithm = "SHA256";
SHA256 signer_sha256 = SHA256.Create();
hashData = signer_sha256.ComputeHash(Encoding.UTF8.GetBytes(signstring));
break;
case "HS256":
hashAlgorithm = "HMACSHA256";
HMAC signer_hsha256 = HMACSHA256.Create();
hashData = signer_hsha256.ComputeHash(Encoding.UTF8.GetBytes(signstring));
break;
case "RS512":
hashAlgorithm = "SHA512";
SHA512 signer_sha512 = SHA512.Create();
hashData = signer_sha512.ComputeHash(Encoding.UTF8.GetBytes(signstring));
break;
}
rsaDeformatter.SetHashAlgorithm(hashAlgorithm);
//署名を検証し、結果を返す
b = rsaDeformatter.VerifySignature(hashData, DecodeBytes(jwtProperty._signature));
return(b);
}
protected void Page_Load(object sender, EventArgs e)
{
//人民币网关账号,该账号为11位人民币网关商户编号+01,该值与提交时相同。
string merchantAcctId = Request.QueryString["merchantAcctId"].ToString();
//网关版本,固定值:v2.0,该值与提交时相同。
string version = Request.QueryString["version"].ToString();
//语言种类,1代表中文显示,2代表英文显示。默认为1,该值与提交时相同。
string language = Request.QueryString["language"].ToString();
//签名类型,该值为4,代表PKI加密方式,该值与提交时相同。
string signType = Request.QueryString["signType"].ToString();
//支付方式,一般为00,代表所有的支付方式。如果是银行直连商户,该值为10,该值与提交时相同。
string payType = Request.QueryString["payType"].ToString();
//银行代码,如果payType为00,该值为空;如果payType为10,该值与提交时相同。
string bankId = Request.QueryString["bankId"].ToString();
//商户订单号,,该值与提交时相同。
string orderId = Request.QueryString["orderId"].ToString();
//订单提交时间,格式:yyyyMMddHHmmss,如:20071117020101,该值与提交时相同。
string orderTime = Request.QueryString["orderTime"].ToString();
//订单金额,金额以“分”为单位,商户测试以1分测试即可,切勿以大金额测试,该值与支付时相同。
string orderAmount = Request.QueryString["orderAmount"].ToString();
// 快钱交易号,商户每一笔交易都会在快钱生成一个交易号。
string dealId = Request.QueryString["dealId"].ToString();
//银行交易号 ,快钱交易在银行支付时对应的交易号,如果不是通过银行卡支付,则为空
string bankDealId = Request.QueryString["bankDealId"].ToString();
//快钱交易时间,快钱对交易进行处理的时间,格式:yyyyMMddHHmmss,如:20071117020101
string dealTime = Request.QueryString["dealTime"].ToString();
//商户实际支付金额 以分为单位。比方10元,提交时金额应为1000。该金额代表商户快钱账户最终收到的金额。
string payAmount = Request.QueryString["payAmount"].ToString();
//费用,快钱收取商户的手续费,单位为分。
string fee = Request.QueryString["fee"].ToString();
//扩展字段1,该值与提交时相同。
string ext1 = Request.QueryString["ext1"].ToString();
//扩展字段2,该值与提交时相同。
string ext2 = Request.QueryString["ext2"].ToString();
//处理结果, 10支付成功,11 支付失败,00订单申请成功,01 订单申请失败
string payResult = Request.QueryString["payResult"].ToString();
//错误代码 ,请参照《人民币网关接口文档》最后部分的详细解释。
string errCode = Request.QueryString["errCode"].ToString();
//签名字符串
string signMsg = Request.QueryString["signMsg"].ToString();
string signMsgVal = "";
signMsgVal = appendParam(signMsgVal, "merchantAcctId", merchantAcctId);
signMsgVal = appendParam(signMsgVal, "version", version);
signMsgVal = appendParam(signMsgVal, "language", language);
signMsgVal = appendParam(signMsgVal, "signType", signType);
signMsgVal = appendParam(signMsgVal, "payType", payType);
signMsgVal = appendParam(signMsgVal, "bankId", bankId);
signMsgVal = appendParam(signMsgVal, "orderId", orderId);
signMsgVal = appendParam(signMsgVal, "orderTime", orderTime);
signMsgVal = appendParam(signMsgVal, "orderAmount", orderAmount);
signMsgVal = appendParam(signMsgVal, "dealId", dealId);
signMsgVal = appendParam(signMsgVal, "bankDealId", bankDealId);
signMsgVal = appendParam(signMsgVal, "dealTime", dealTime);
signMsgVal = appendParam(signMsgVal, "payAmount", payAmount);
signMsgVal = appendParam(signMsgVal, "fee", fee);
signMsgVal = appendParam(signMsgVal, "ext1", ext1);
signMsgVal = appendParam(signMsgVal, "ext2", ext2);
signMsgVal = appendParam(signMsgVal, "payResult", payResult);
signMsgVal = appendParam(signMsgVal, "errCode", errCode);
///UTF-8编码 GB2312编码 用户可以根据自己网站的编码格式来选择加密的编码方式
///byte[] bytes = Encoding.GetEncoding("GB2312").GetBytes(signMsgVal);
byte[] bytes = System.Text.Encoding.UTF8.GetBytes(signMsgVal);
byte[] SignatureByte = Convert.FromBase64String(signMsg);
X509Certificate2 cert = new X509Certificate2(Server.MapPath("99bill.cert.rsa.20140728.cer"), "");
//X509Certificate2 cert = new X509Certificate2(Server.MapPath("99bill[1].cert.rsa.20140803.cer"), "");
//X509Certificate2 cert = new X509Certificate2(Server.MapPath("99bill.cert.rsa.20340630.cer"), "");
RSACryptoServiceProvider rsapri = (RSACryptoServiceProvider)cert.PublicKey.Key;
rsapri.ImportCspBlob(rsapri.ExportCspBlob(false));
RSAPKCS1SignatureDeformatter f = new RSAPKCS1SignatureDeformatter(rsapri);
byte[] result;
f.SetHashAlgorithm("SHA1");
SHA1CryptoServiceProvider sha = new SHA1CryptoServiceProvider();
result = sha.ComputeHash(bytes);
if (f.VerifySignature(result, SignatureByte))
{
string rurl = string.Empty;
var YuMingInfo = EyouSoft.Security.Membership.YlHuiYuanProvider.GetYuMingInfo();
rurl = "http://" + YuMingInfo.YuMing;
//逻辑处理 写入数据库
if (payResult == "10")
{
//此处做商户逻辑处理
var info = new EyouSoft.Model.YlStructure.MZaiXianZhiFuInfo(); //在线支付实体
var onlinepay = new EyouSoft.BLL.YlStructure.BZaiXianZhiFu(); //在线支付BLL
info.DingDanId = ext1; //订单ID
info.DingDanLeiXing = (EyouSoft.Model.EnumType.YlStructure.DingDanLeiXing)Convert.ToInt32(ext2); //订单类型
bool ispay = onlinepay.IsZhiFu(info.DingDanId, info.DingDanLeiXing); //获取订单支付状态(成功/失败)
if (info.DingDanLeiXing == EyouSoft.Model.EnumType.YlStructure.DingDanLeiXing.航期订单)
{
var dingdaninfo = new EyouSoft.BLL.YlStructure.BHangQiDingDan().GetDingDanInfo(info.DingDanId);
if (dingdaninfo != null)
{
rurl += "/hangqi/dingdanxx.aspx?dingdanid=" + info.DingDanId + "&dingdanleixing=" + (int)info.DingDanLeiXing + "&token=" + dingdaninfo.XiaDanRenId;
}
}
else if (info.DingDanLeiXing == EyouSoft.Model.EnumType.YlStructure.DingDanLeiXing.兑换订单)
{
var dingdaninfo = new EyouSoft.BLL.YlStructure.BDuiHuan().GetJiFenDingDanInfo(info.DingDanId);
rurl += "/hangqi/JiFenDingDanXX.aspx?dingdanid=" + info.DingDanId + "&dingdanleixing=" + (int)info.DingDanLeiXing + "&token=" + dingdaninfo.XiaDanRenId;
}
if (!ispay)
{
info.JiaoYiHao = orderId; //流水号
info.ApiJiaoYiHao = dealId; //支付流水号
info.JinE = Utils.GetDecimal(orderAmount) / 100M; //支付金额
info.ZhiFuFangShi = EyouSoft.Model.EnumType.YlStructure.ZaiXianZhiFuFangShi.Bill99; //支付方式
info.IsZhiFu = true; //是否已支付
info.ZhiFuTime = DateTime.Now; //支付时间
int bllRetCode = onlinepay.Insert(info); //添加支付记录
if (bllRetCode == 1)
{
//实现其它操作处理
switch (info.DingDanLeiXing)
{
case EyouSoft.Model.EnumType.YlStructure.DingDanLeiXing.兑换订单:
HandlerJiFenDingDan(info.DingDanId);
break;
case EyouSoft.Model.EnumType.YlStructure.DingDanLeiXing.航期订单:
HandlerHangQiDingDan(info.DingDanId);
break;
}
}
}
//以下是我们快钱设置的show页面,商户需要自己定义该页面。
Response.Write("<result>1</result>" + "<redirecturl>" + rurl + "</redirecturl>");
}
else
{
//以下是我们快钱设置的show页面,商户需要自己定义该页面。
Response.Write("<result>1</result>" + "<redirecturl>" + rurl + "</redirecturl>");
//Response.Write("signMsgVal=" + "(" + signMsgVal + ")");
//Response.Write("</br>" + "signMsg =" + signMsg);
//Response.Write("</br>" + "错误");
}
}
else
{
Response.Write("signMsgVal=" + "(" + signMsgVal + ")");
Response.Write("</br>" + "signMsg =" + signMsg);
Response.Write("</br>" + "错误");
}
}
