public static bool ValidateAppResponse(string jsonData, Encoding encoding)
{
Log.Info("控件返回报文验签:[" + jsonData + "]");
//获取签名
Dictionary <string, object> data = SDKUtil.JsonToDictionary(jsonData);
string stringData = (string)data["data"];
string signValue = (string)data["sign"];
Dictionary <string, string> dataMap = SDKUtil.ParseQString(stringData, encoding);
byte[] signByte = Convert.FromBase64String(signValue);
byte[] signDigest = SecurityUtil.Sha1(stringData, encoding);
string stringSignDigest = BitConverter.ToString(signDigest).Replace("-", "").ToLower();
Log.Debug("sha1结果:[" + stringSignDigest + "]");
AsymmetricKeyParameter key = CertUtil.GetValidateKeyFromPath(dataMap["cert_id"]);
if (null == key)
{
Log.Error("未找到证书,无法验签,验签失败。");
return(false);
}
bool result = SecurityUtil.ValidateSha1WithRsa(key, signByte, encoding.GetBytes(stringSignDigest));
if (result)
{
Log.Info("验签成功");
}
else
{
Log.Info("验签失败");
}
return(result);
}
/// <summary>
/// 验证签名
/// </summary>
/// <param name="rspData"></param>
/// <param name="encoder"></param>
/// <returns></returns>
public static bool Validate(Dictionary <string, string> rspData, Encoding encoding)
{
if (!rspData.ContainsKey("signMethod") || !rspData.ContainsKey("signature") || !rspData.ContainsKey("version"))
{
Log.Error("signMethod或signature或version为空,无法验证签名。");
return(false);
}
string signMethod = rspData["signMethod"];
string version = rspData["version"];
bool result = false;
if ("01".Equals(signMethod))
{
Log.Info("验签处理开始");
if ("5.0.0".Equals(version))
{
string signValue = rspData["signature"];
Log.Info("签名原文:[" + signValue + "]");
byte[] signByte = Convert.FromBase64String(signValue);
rspData.Remove("signature");
string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding);
Log.Info("排序串:[" + stringData + "]");
byte[] signDigest = SecurityUtil.Sha1(stringData, encoding);
string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest);
Log.Debug("sha1结果:[" + stringSignDigest + "]");
AsymmetricKeyParameter key = CertUtil.GetValidateKeyFromPath(rspData["certId"]);
if (null == key)
{
Log.Error("未找到证书,无法验签,验签失败。");
return(false);
}
result = SecurityUtil.ValidateSha1WithRsa(key, signByte, encoding.GetBytes(stringSignDigest));
}
else
{
string signValue = rspData["signature"];
Log.Info("签名原文:[" + signValue + "]");
byte[] signByte = Convert.FromBase64String(signValue);
rspData.Remove("signature");
string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding);
Log.Info("排序串:[" + stringData + "]");
byte[] signDigest = SecurityUtil.Sha256(stringData, encoding);
string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest);
Log.Debug("sha256结果:[" + stringSignDigest + "]");
string signPubKeyCert = rspData["signPubKeyCert"];
X509Certificate x509Cert = CertUtil.VerifyAndGetPubKey(signPubKeyCert);
if (x509Cert == null)
{
Log.Error("获取验签证书失败,无法验签,验签失败。");
return(false);
}
result = SecurityUtil.ValidateSha256WithRsa(x509Cert.GetPublicKey(), signByte, encoding.GetBytes(stringSignDigest));
}
}
else if ("11".Equals(signMethod) || "12".Equals(signMethod))
{
return(ValidateBySecureKey(rspData, SdkConfig.SecureKey, encoding));
}
else
{
Log.Error("Error signMethod [" + signMethod + "] in Validate. ");
return(false);
}
if (result)
{
Log.Info("验签成功");
}
else
{
Log.Info("验签失败");
}
return(result);
}