Esempio n. 1
0
 /// <summary>
 /// 敏感信息解密
 /// </summary>
 /// <param name="encoder"></param>
 /// <returns></returns>
 public static string DecryptData(string data, Encoding encoding)
 {
     return(SecurityUtil.DecryptData(data, encoding));
 }
Esempio n. 2
0
 /// <summary>
 /// 敏感信息解密,多证书,参数列表改成和java开发包以及sign方法一致
 /// </summary>
 /// <param name="encoder"></param>
 /// <returns></returns>
 public static string DecryptData(string data, string certPath, string certPwd, Encoding encoding)
 {
     return(SecurityUtil.DecryptData(data, encoding, certPath, certPwd));
 }
Esempio n. 3
0
        /// <summary>
        /// 证书方式签名(多证书时使用),指定证书路径。
        /// </summary>
        /// <param name="reqData"></param>
        /// <param name="encoding">编码</param>
        /// <param name="certPath">证书路径</param>
        /// <param name="certPwd">证书密码</param>
        /// <returns></returns>
        public static void SignByCertInfo(Dictionary <string, string> reqData, string certPath, string certPwd, Encoding encoding)
        {
            if (!reqData.ContainsKey("version"))
            {
                log.Error("version cannot by null.");
                return;
            }
            string version = reqData["version"];

            string signMethod = null;

            if (reqData.ContainsKey("signMethod"))
            {
                signMethod = reqData["signMethod"];
            }
            else if (!VERSION_1_0_0.Equals(version))
            {
                log.Error("signMethod cannot be null.");
                return;
            }

            if ("01".Equals(signMethod) || VERSION_1_0_0.Equals(version))
            {
                reqData["certId"] = CertUtil.GetSignCertId(certPath, certPwd);

                //将Dictionary信息转换成key1=value1&key2=value2的形式
                string stringData = SDKUtil.CreateLinkString(reqData, true, false, encoding);
                log.Info("待签名排序串:[" + stringData + "]");

                if (VERSION_5_0_0.Equals(version) || VERSION_1_0_0.Equals(version))
                {
                    byte[] signDigest = SecurityUtil.Sha1(stringData, encoding);

                    string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest);
                    log.Info("sha1结果:[" + stringSignDigest + "]");

                    byte[] byteSign = SecurityUtil.SignSha1WithRsa(CertUtil.GetSignKeyFromPfx(certPath, certPwd), encoding.GetBytes(stringSignDigest));

                    string stringSign = Convert.ToBase64String(byteSign);
                    log.Info("5.0.0报文sha1RSA签名结果:[" + stringSign + "]");

                    //设置签名域值
                    reqData["signature"] = stringSign;
                }
                else
                {
                    byte[] signDigest = SecurityUtil.Sha256(stringData, encoding);

                    string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest);
                    log.Info("sha256结果:[" + stringSignDigest + "]");

                    byte[] byteSign = SecurityUtil.SignSha256WithRsa(CertUtil.GetSignKeyFromPfx(certPath, certPwd), encoding.GetBytes(stringSignDigest));

                    string stringSign = Convert.ToBase64String(byteSign);
                    log.Info("5.1.0报文sha256RSA签名结果:[" + stringSign + "]");

                    //设置签名域值
                    reqData["signature"] = stringSign;
                }
            }
            else
            {
                log.Error("Error signMethod [" + signMethod + "] in SignByCertInfo. ");
            }
        }
Esempio n. 4
0
 /// <summary>
 /// 密码加密并做base64
 /// </summary>
 /// <param name="accNo">卡号</param>
 /// <param name="pin">密码</param>
 /// <param name="encoding"></param>
 /// <returns>加密的内容</returns>
 public static String EncryptPin(String accNo, String pin, Encoding encoding)
 {
     return(SecurityUtil.EncryptPin(pin, accNo, encoding));
 }
Esempio n. 5
0
        /// <summary>
        /// 验证签名(多密钥方式)
        /// </summary>
        /// <param name="rspData"></param>
        /// <param name="secureKey"></param>
        /// <param name="encoder"></param>
        /// <returns></returns>
        public static bool ValidateBySecureKey(Dictionary <string, string> rspData, string secureKey, Encoding encoding)
        {
            log.Info("验签处理开始");
            if (!rspData.ContainsKey("signMethod") || !rspData.ContainsKey("signature"))
            {
                log.Error("signMethod或signature为空,无法验证签名。");
                return(false);
            }
            string signMethod = rspData["signMethod"];

            bool result = false;

            if ("11".Equals(signMethod))
            {
                string stringSign = rspData["signature"];
                log.Info("签名原文:[" + stringSign + "]");
                rspData.Remove("signature");
                string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding);
                log.Info("待验签返回报文串:[" + stringData + "]");
                string strBeforeSha256 = stringData + "&" + SDKUtil.ByteArray2HexString(SecurityUtil.Sha256(secureKey, encoding));
                log.Debug("before final sha256: [" + strBeforeSha256 + "]");
                string strAfterSha256 = SDKUtil.ByteArray2HexString(SecurityUtil.Sha256(strBeforeSha256, encoding));
                result = stringSign.Equals(strAfterSha256);
                if (!result)
                {
                    log.Debug("after final sha256: [" + strAfterSha256 + "]");
                }
            }
            else if ("12".Equals(signMethod))
            {
                string stringSign = rspData["signature"];
                log.Info("签名原文:[" + stringSign + "]");
                rspData.Remove("signature");
                string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding);
                log.Info("待验签返回报文串:[" + stringData + "]");
                string strBeforeSm3 = stringData + "&" + SDKUtil.ByteArray2HexString(SecurityUtil.Sm3(secureKey, encoding));
                log.Debug("before final sm3: [" + strBeforeSm3 + "]");
                string strAfterSm3 = SDKUtil.ByteArray2HexString(SecurityUtil.Sm3(strBeforeSm3, encoding));
                result = stringSign.Equals(strAfterSm3);
                if (!result)
                {
                    log.Debug("after final sm3: [" + strAfterSm3 + "]");
                }
            }
            else
            {
                log.Error("Error signMethod [" + signMethod + "] in ValidateBySecureKey. ");
                return(false);
            }
            if (result)
            {
                log.Info("验签成功");
            }
            else
            {
                log.Info("验签失败");
            }
            return(result);
        }
Esempio n. 6
0
        /// <summary>
        /// 验证签名
        /// </summary>
        /// <param name="rspData"></param>
        /// <param name="encoder"></param>
        /// <returns></returns>
        public static bool Validate(Dictionary <string, string> rspData, Encoding encoding)
        {
            if (!rspData.ContainsKey("version"))
            {
                log.Error("version is null, cannot validate signature.");
                return(false);
            }
            string version = rspData["version"];

            if (!rspData.ContainsKey("signature"))
            {
                log.Error("signature is null, cannot validate signature.");
                return(false);
            }
            string signature = rspData["signature"];

            string signMethod = null;

            if (rspData.ContainsKey("signMethod"))
            {
                signMethod = rspData["signMethod"];
            }
            else if (!VERSION_1_0_0.Equals(version))
            {
                log.Error("signMethod is null, cannot validate signature.");
                return(false);
            }

            bool result = false;

            if ("01".Equals(signMethod) || VERSION_1_0_0.Equals(version))
            {
                log.Info("验签处理开始");
                if (VERSION_5_0_0.Equals(version) || VERSION_1_0_0.Equals(version))
                {
                    string signValue = rspData["signature"];
                    log.Info("签名原文:[" + signValue + "]");
                    byte[] signByte = Convert.FromBase64String(signValue);
                    rspData.Remove("signature");
                    string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding);
                    log.Info("排序串:[" + stringData + "]");
                    byte[] signDigest       = SecurityUtil.Sha1(stringData, encoding);
                    string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest);
                    log.Debug("sha1结果:[" + stringSignDigest + "]");
                    AsymmetricKeyParameter key = CertUtil.GetValidateKeyFromPath(rspData["certId"]);
                    if (null == key)
                    {
                        log.Error("未找到证书,无法验签,验签失败。");
                        return(false);
                    }
                    result = SecurityUtil.ValidateSha1WithRsa(key, signByte, encoding.GetBytes(stringSignDigest));
                }
                else
                {
                    string signValue = rspData["signature"];
                    log.Info("签名原文:[" + signValue + "]");
                    byte[] signByte = Convert.FromBase64String(signValue);
                    rspData.Remove("signature");
                    string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding);
                    log.Info("排序串:[" + stringData + "]");
                    byte[] signDigest       = SecurityUtil.Sha256(stringData, encoding);
                    string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest);
                    log.Debug("sha256结果:[" + stringSignDigest + "]");

                    string          signPubKeyCert = rspData["signPubKeyCert"];
                    X509Certificate x509Cert       = CertUtil.VerifyAndGetPubKey(signPubKeyCert);
                    if (x509Cert == null)
                    {
                        log.Error("获取验签证书失败,无法验签,验签失败。");
                        return(false);
                    }
                    result = SecurityUtil.ValidateSha256WithRsa(x509Cert.GetPublicKey(), signByte, encoding.GetBytes(stringSignDigest));
                }
            }
            else if ("11".Equals(signMethod) || "12".Equals(signMethod))
            {
                return(ValidateBySecureKey(rspData, SDKConfig.SecureKey, encoding));
            }
            else
            {
                log.Error("Error signMethod [" + signMethod + "], version [" + version + "] in Validate. ");
                return(false);
            }
            if (result)
            {
                log.Info("验签成功");
            }
            else
            {
                log.Info("验签失败");
            }
            return(result);
        }
Esempio n. 7
0
        /// <summary>
        /// 用密钥签名(多密钥时使用)。
        /// </summary>
        /// <param name="reqData"></param>
        /// <param name="encoding">编码</param>
        /// <param name="certPath">证书路径</param>
        /// <param name="certPwd">证书密码</param>
        /// <returns></returns>
        public static void SignBySecureKey(Dictionary <string, string> reqData, string secureKey, Encoding encoding)
        {
            if (!reqData.ContainsKey("signMethod"))
            {
                log.Error("signMethod must Not null");
                return;
            }
            string signMethod = reqData["signMethod"];

            //将Dictionary信息转换成key1=value1&key2=value2的形式
            string stringData = SDKUtil.CreateLinkString(reqData, true, false, encoding);

            log.Info("待签名排序串:[" + stringData + "]");

            if ("11".Equals(signMethod))
            {
                String strBeforeSha256 = stringData + "&" + SDKUtil.ByteArray2HexString(SecurityUtil.Sha256(secureKey, encoding));
                String strAfterSha256  = SDKUtil.ByteArray2HexString(SecurityUtil.Sha256(strBeforeSha256, encoding));
                log.Info("5.1.0 sha256 密钥方式签名结果:[" + strAfterSha256 + "]");
                //设置签名域值
                reqData["signature"] = strAfterSha256;
            }
            else if ("12".Equals(signMethod))
            {
                String strBeforeSm3 = stringData + "&" + SDKUtil.ByteArray2HexString(SecurityUtil.Sm3(secureKey, encoding));
                String strAfterSm3  = SDKUtil.ByteArray2HexString(SecurityUtil.Sm3(strBeforeSm3, encoding));
                log.Info("5.1.0 sm3 密钥方式签名结果:[" + strAfterSm3 + "]");
                //设置签名域值
                reqData["signature"] = strAfterSm3;
            }
            else
            {
                log.Error("Error signMethod [" + signMethod + "] in SignBySecureKey. ");
            }
        }
Esempio n. 8
0
 /// <summary>
 /// 敏感信息解密
 /// </summary>
 /// <param name="encoder"></param>
 /// <returns></returns>
 public static string DecryptData(string data, Encoding encoding, SDKConfig con)
 {
     return(SecurityUtil.DecryptData(data, encoding, con));
 }