/// <summary> /// 证书方式签名(多证书时使用),指定证书路径。 /// </summary> /// <param name="reqData">请求的数据源</param> /// <param name="certRawData">证书数据</param> /// <param name="certPwd">证书密码</param> /// <param name="encoding">编码方式</param> public static void SignByCertInfo(Dictionary <string, string> reqData, byte[] certRawData, string certPwd, Encoding encoding) { var cert = new X509Certificate2(certRawData, certPwd, X509KeyStorageFlags.Exportable); reqData["certId"] = new System.Numerics.BigInteger(cert.GetSerialNumber()).ToString(); //将Dictionary信息转换成key1=value1&key2=value2的形式 string stringData = SDKUtil.CreateLinkString(reqData, true, false, encoding); byte[] signDigest = System.Security.Cryptography.SHA256.Create().ComputeHash(encoding.GetBytes(stringData)); string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest); var rsa = cert.PrivateKey as System.Security.Cryptography.RSACryptoServiceProvider; // Create a new RSACryptoServiceProvider var rsaClear = new System.Security.Cryptography.RSACryptoServiceProvider(); // Export RSA parameters from 'rsa' and import them into 'rsaClear' rsaClear.ImportParameters(rsa.ExportParameters(true)); byte[] byteSign = rsaClear.SignData(encoding.GetBytes(stringSignDigest), System.Security.Cryptography.SHA256.Create()); string stringSign = Convert.ToBase64String(byteSign); //设置签名域值 reqData["signature"] = stringSign; }
/// <summary> /// 验证签名 /// </summary> /// <param name="rspData">数据源</param> /// <param name="encoding">编码格式</param> /// <param name="rootCertRawData">根证书的数据</param> /// <param name="middleCertRawData">中级证书数据</param> /// <returns></returns> public static bool Validate(Dictionary <string, string> rspData, Encoding encoding, byte[] rootCertRawData, byte[] middleCertRawData) { if (!ValidateBaseData(rspData)) { return(false); } byte[] signByte = Convert.FromBase64String(rspData["signature"]); rspData.Remove("signature"); string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding); byte[] signDigest = System.Security.Cryptography.SHA256.Create().ComputeHash(encoding.GetBytes(stringData)); string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest); string signPubKeyCert = rspData["signPubKeyCert"]; signPubKeyCert = signPubKeyCert.Replace("-----END CERTIFICATE-----", "").Replace("-----BEGIN CERTIFICATE-----", ""); var signCert = new X509Certificate2(Convert.FromBase64String(signPubKeyCert)); var rootCert = new X509Certificate2(rootCertRawData); var middleCert = new X509Certificate2(middleCertRawData); var chain = new X509Chain(); chain.ChainPolicy.ExtraStore.Add(rootCert); chain.ChainPolicy.ExtraStore.Add(middleCert); chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck; chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority; chain.Build(signCert); if (chain.ChainElements.Count != chain.ChainPolicy.ExtraStore.Count + 1) { return(false); } //bug 修复,类型对不上, 直接继承公共的基类,避免类型错误。 var rsa = signCert.PublicKey.Key as System.Security.Cryptography.RSA; return(rsa.VerifyData(encoding.GetBytes(stringSignDigest), signByte, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); }