public PKIHelper(CertType type, byte[] rawCert, string password = "")
{
this.RawCert = rawCert;
this.Password = password;
this.CertType = type;
_pkiResul = new PKIResult();
}
public PKIResult Verify()
{
PKIResult result = new PKIResult();
result.Success = true;
try
{
if (CertType == CertType.PublicKey)
{
if (this.RawCert != null)
{
var json = this.VerifyCertificate();
Dictionary <string, object> jsonObj = Newtonsoft.Json.JsonConvert.DeserializeObject <Dictionary <string, object> >(json);
if ((DateTime)jsonObj["EXPIRY"] <= DateTime.Now.Date)
{
result.ErrorType = PKIErrorType.Certificate;
result.ErrorMessage = " : ใบรับรองหมดอายุ. ";
result.Success = false;
}
else if ((Boolean)jsonObj["REVOKED"])
{
result.ErrorType = PKIErrorType.Certificate;
result.ErrorMessage = " : ใบรับรองถูกยกเลิก. ";
result.Success = false;
}
else if ((Boolean)jsonObj["UNTRUSTED"])
{
result.ErrorType = PKIErrorType.Certificate;
result.ErrorMessage = " : ใบรับรองความปลอดภัยไม่น่าเชื่อถือ. ";
result.Success = false;
}
else
{
foreach (var file in FileData)
{
if (file.Value.GetType() == typeof(FileUpload))
{
var dataFile = (FileUpload)file.Value;
if (dataFile.BLOB_FILE != null && !dataFile.SIGNATURE_SIGN.IsNullOrEmpty())
{
dataFile.Success = this.VerifyFile(dataFile.BLOB_FILE, dataFile.SIGNATURE_SIGN.Trim());
if (!dataFile.Success)
{
dataFile.ErrorMSG = "ใบรับรองหรือข้อมูลไม่ถูกต้อง";
result.ErrorType = PKIErrorType.DataFile;
result.Success = false;
result.ErrorMessage = "ใบรับรองหรือข้อมูลไม่ถูกต้อง";
}
}
else
{
dataFile.ErrorMSG = "ไม่มีไฟล์";
result.ErrorType = PKIErrorType.DataFile;
result.Success = false;
result.ErrorMessage = "ไม่มีไฟล์";
}
result.FileData.Add(file.Key, dataFile);
}
else if (file.Value.GetType() == typeof(List <FileUpload>))
{
var dataFile = (List <FileUpload>)file.Value;
foreach (var item in dataFile)
{
if (item.BLOB_FILE != null && !item.SIGNATURE_SIGN.IsNullOrEmpty())
{
item.Success = this.VerifyFile(item.BLOB_FILE, item.SIGNATURE_SIGN.Trim());
if (!item.Success)
{
item.ErrorMSG = item.FILE_NAME + " : ใบรับรอง หรือ ข้อมูล ไม่ถูกต้อง.";
result.ErrorType = PKIErrorType.DataFile;
result.Success = false;
result.ErrorMessage = "ใบรับรอง หรือ ข้อมูล ไม่ถูกต้อง.";
}
}
else
{
item.ErrorMSG = item.FILE_NAME + " : ไม่มีไฟล์";
result.ErrorType = PKIErrorType.DataFile;
result.Success = false;
result.ErrorMessage = "ไม่มีไฟล์";
}
}
result.FileData.Add(file.Key, dataFile);
}
}
}
}
else
{
result.ErrorMessage = "ไม่มีใบรับรอง";
result.Success = false;
}
}
else if (CertType == CertType.TokenKey)
{
foreach (var file in FileData)
{
if (file.Value.GetType() == typeof(FileUpload))
{
var dataFile = (FileUpload)file.Value;
if (dataFile.File != null)
{
dataFile.FILE_NAME = dataFile.File.FileName;
dataFile.FILE_SIZE = ((decimal)dataFile.File.ContentLength) / ret;
dataFile.BLOB_FILE = dataFile.File.ToArrayByte();
dataFile.BLOB_FILE_HASH = GetFileHash(dataFile.BLOB_FILE);
//fileData.Signature = dataFile.Signature;
//fileData.CertNumber = jsonObj["CERT_NUMBER"].AsString();
dataFile.Success = true;
var ext = Path.GetExtension(dataFile.FILE_NAME);
var config = FileConfigDT.Where(m => m.FILE_TYPE.Replace(".", "") == ext.Replace(".", "")).FirstOrDefault();
if (config == null)
{
dataFile.Success = false;
dataFile.ErrorMSG = "ไฟล์ไม่ถูกประเภท";
result.ErrorType = PKIErrorType.DataFile;
result.Success = false;
}
else if (dataFile.FILE_SIZE > config.FILE_SIZE)
{
dataFile.Success = false;
dataFile.ErrorMSG = "ขนาดไฟล์เกิน " + config.FILE_SIZE + "MB";
result.ErrorType = PKIErrorType.DataFile;
result.Success = false;
}
}
//if (fileData.Success)
//{
// fileData.Success = this.VerifyFile(fileData.DataBytes, fileData.Signature.Trim());
// if (!fileData.Success)
// {
// fileData.ErrorMSG = " : ใบรับรอง หรือ ข้อมูล ไม่ถูกต้อง.";
// result.ErrorType = PKIErrorType.DataFile;
// result.Success = false;
// result.ErrorMessage = " : ใบรับรอง หรือ ข้อมูล ไม่ถูกต้อง.";
// }
//}
}
else if (file.Value.GetType() == typeof(List <FileUpload>))
{
var dataFile = (List <FileUpload>)file.Value;
foreach (var item in dataFile.Where(m => m.File != null))
{
item.FILE_NAME = item.File.FileName;
item.FILE_SIZE = ((decimal)item.File.ContentLength) / ret;
item.BLOB_FILE = item.File.ToArrayByte();
item.BLOB_FILE_HASH = GetFileHash(item.BLOB_FILE);
//fileData.Signature = item.Signature;
//fileData.CertNumber = jsonObj["CERT_NUMBER"].AsString();
item.Success = true;
var ext = Path.GetExtension(item.FILE_NAME);
var config = FileConfigDT.Where(m => m.FILE_TYPE == ext.Replace(".", "")).FirstOrDefault();
if (config == null)
{
item.Success = false;
item.ErrorMSG = "ไฟล์ไม่ถูกประเภท";
}
else if (item.FILE_SIZE > config.FILE_SIZE)
{
item.Success = false;
item.ErrorMSG = "ขนาดไฟล์เกิน " + config.FILE_SIZE + "MB";
}
//if (item.Success)
//{
// item.Success = this.VerifyFile(item.DATA_BYTES, item.Signature.Trim());
// if (!item.Success)
// {
// item.ErrorMSG = " : ใบรับรอง หรือ ข้อมูล ไม่ถูกต้อง.";
// result.ErrorType = PKIErrorType.DataFile;
// result.Success = false;
// result.ErrorMessage = " : ใบรับรอง หรือ ข้อมูล ไม่ถูกต้อง.";
// }
//}
}
result.FileData.Add(file.Key, dataFile);
}
}
}
}
catch (Exception ex)
{
result.ErrorMessage = ex.Message;
result.Success = false;
}
return(result);
}
public PKIResult Verify(byte[] dataBytes, byte[] signatureBytes)
{
var result = new PKIResult();
try
{
var signature = Encoding.UTF8.GetString(signatureBytes);
// Load the certificate we'll use to verify the signature from a file
X509Certificate2 uidCert = new X509Certificate2(RawCert);
// Note:
// If we want to use the client cert in an ASP.NET app, we may use something like this instead:
// X509Certificate2 cert = new X509Certificate2(Request.ClientCertificate.Certificate);
// Get its associated CSP and public key
RSACryptoServiceProvider csp = (RSACryptoServiceProvider)uidCert.PublicKey.Key;
if (csp != null)
{
byte[] bsignature = signature.StringToByteArray();
// csp.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA256"), bsignature);
if (uidCert.SignatureAlgorithm.FriendlyName.ToLower() == "sha1rsa")
{
var sha = new SHA1Managed();
byte[] hash = sha.ComputeHash(dataBytes);
// Sign the hash
result.Success = csp.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA1"), bsignature);
}
//Fix SHA512RSA with SHA1
else if ((uidCert.PublicKey.Key).SignatureAlgorithm.ToString().Split('#')[1] == "rsa-sha1")
{
var sha = new SHA1Managed();
byte[] hash = sha.ComputeHash(dataBytes);
// Sign the hash
string alg = CryptoConfig.MapNameToOID("SHA1");
result.Success = csp.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA1"), bsignature);
}
else if (uidCert.SignatureAlgorithm.FriendlyName.ToLower() == "sha256rsa")
{ //SignatureAlgorithm SHA256RSA
var sha = new SHA256Managed();
byte[] hash = sha.ComputeHash(dataBytes);
// Sign the hash
result.Success = csp.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA256"), bsignature);
}
else if (uidCert.SignatureAlgorithm.FriendlyName.ToLower() == "sha512rsa")
{ //SignatureAlgorithm SHA512RSA
var sha = new SHA512Managed();
byte[] hash = sha.ComputeHash(dataBytes);
result.Success = csp.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA512"), bsignature);
}
}
}
catch (Exception ex)
{
result.ErrorMessage = ex.Message;
result.Success = false;
}
return(result);
}