/// <summary> /// 获取应答报文中的加密公钥证书,并存储到本地,并备份原始证书。 /// 更新成功则返回1,无更新返回0,失败异常返回-1。 /// </summary> /// <param name="dic">Dictionary数据</param> /// <param name="encoding">编码</param> /// <returns>成功返回1,无更新返回0,失败异常返回-1</returns> public static int UpdateEncryptCert(Dictionary <string, string> dic, Encoding encoding) { if (!dic.ContainsKey("encryptPubKeyCert") || !dic.ContainsKey("certType")) { Log.Error("encryptPubKeyCert or certType is null."); return(-1); } string strCert = dic["encryptPubKeyCert"]; string certType = dic["certType"]; X509Certificate x509Cert = CertUtil.GetPubKeyCert(strCert); if (x509Cert == null) { Log.Error("从encryptPubKeyCert获取证书内容失败。"); return(-1); } if ("01".Equals(certType)) { if (!CertUtil.GetEncryptCertId().Equals(x509Cert.SerialNumber.ToString())) { // ID不同时进行本地证书更新操作 string localCertPath = SdkConfig.EncryptCert; string newLocalCertPath = SDKUtil.GenBackupName(localCertPath); // 1.将本地证书进行备份存储 try { System.IO.File.Copy(localCertPath, newLocalCertPath, true); } catch (Exception e) { Log.Error("备份旧加密证书失败:", e); return(-1); } // 2.备份成功,进行新证书的存储 FileStream fs = null; try { fs = File.OpenWrite(localCertPath); Byte[] info = encoding.GetBytes(strCert); fs.Write(info, 0, info.Length); } catch (Exception e) { Log.Error("写入新加密证书失败:", e); return(-1); } finally { if (fs != null) { fs.Close(); } } Log.Info("save new encryptPubKeyCert success"); CertUtil.ResetEncryptCertPublicKey(); return(1); } else { Log.Info("加密公钥无更新。"); return(0); } } else if ("02".Equals(certType)) { Log.Info("加密公钥无更新。"); return(0); } else { Log.Error("unknown cerType:" + certType); return(-1); } }
/// <summary> /// 验证签名 /// </summary> /// <param name="rspData"></param> /// <param name="encoder"></param> /// <returns></returns> public static bool Validate(Dictionary <string, string> rspData, Encoding encoding) { if (!rspData.ContainsKey("signMethod") || !rspData.ContainsKey("signature") || !rspData.ContainsKey("version")) { Log.Error("signMethod或signature或version为空,无法验证签名。"); return(false); } string signMethod = rspData["signMethod"]; string version = rspData["version"]; bool result = false; if ("01".Equals(signMethod)) { Log.Info("验签处理开始"); if ("5.0.0".Equals(version)) { string signValue = rspData["signature"]; Log.Info("签名原文:[" + signValue + "]"); byte[] signByte = Convert.FromBase64String(signValue); rspData.Remove("signature"); string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding); Log.Info("排序串:[" + stringData + "]"); byte[] signDigest = SecurityUtil.Sha1(stringData, encoding); string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest); Log.Debug("sha1结果:[" + stringSignDigest + "]"); AsymmetricKeyParameter key = CertUtil.GetValidateKeyFromPath(rspData["certId"]); if (null == key) { Log.Error("未找到证书,无法验签,验签失败。"); return(false); } result = SecurityUtil.ValidateSha1WithRsa(key, signByte, encoding.GetBytes(stringSignDigest)); } else { string signValue = rspData["signature"]; Log.Info("签名原文:[" + signValue + "]"); byte[] signByte = Convert.FromBase64String(signValue); rspData.Remove("signature"); string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding); Log.Info("排序串:[" + stringData + "]"); byte[] signDigest = SecurityUtil.Sha256(stringData, encoding); string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest); Log.Debug("sha256结果:[" + stringSignDigest + "]"); string signPubKeyCert = rspData["signPubKeyCert"]; X509Certificate x509Cert = CertUtil.VerifyAndGetPubKey(signPubKeyCert); if (x509Cert == null) { Log.Error("获取验签证书失败,无法验签,验签失败。"); return(false); } result = SecurityUtil.ValidateSha256WithRsa(x509Cert.GetPublicKey(), signByte, encoding.GetBytes(stringSignDigest)); } } else if ("11".Equals(signMethod) || "12".Equals(signMethod)) { return(ValidateBySecureKey(rspData, SdkConfig.SecureKey, encoding)); } else { Log.Error("Error signMethod [" + signMethod + "] in Validate. "); return(false); } if (result) { Log.Info("验签成功"); } else { Log.Info("验签失败"); } return(result); }