public static bool ValidateAppResponse(string jsonData, Encoding encoding) { log.Info("二维码返回报文验签:[" + jsonData + "]"); //获取签名 Dictionary <string, object> data = SDKUtil.JsonToDictionary(jsonData); string stringData = (string)data["data"]; string signValue = (string)data["sign"]; Dictionary <string, string> dataMap = SDKUtil.parseQString(stringData, encoding); byte[] signByte = Convert.FromBase64String(signValue); byte[] signDigest = SecurityUtil.Sha1(stringData, encoding); string stringSignDigest = BitConverter.ToString(signDigest).Replace("-", "").ToLower(); log.Debug("sha1结果:[" + stringSignDigest + "]"); AsymmetricKeyParameter key = CertUtil.GetValidateKeyFromPath(dataMap["cert_id"]); if (null == key) { log.Error("未找到证书,无法验签,验签失败。"); return(false); } bool result = SecurityUtil.ValidateSha1WithRsa(key, signByte, encoding.GetBytes(stringSignDigest)); if (result) { log.Info("验签成功"); } else { log.Info("验签失败"); } return(result); }
/// <summary> /// 验证签名 /// </summary> /// <param name="rspData"></param> /// <param name="encoder"></param> /// <returns></returns> public static bool Validate(Dictionary <string, string> rspData, Encoding encoding) { if (!rspData.ContainsKey("signMethod") || !rspData.ContainsKey("signature") || !rspData.ContainsKey("version")) { log.Error("signMethod或signature或version为空,无法验证签名。"); return(false); } string signMethod = rspData["signMethod"]; string version = rspData["version"]; bool result = false; if ("01".Equals(signMethod)) { log.Info("验签处理开始"); if ("5.0.0".Equals(version)) { string signValue = rspData["signature"]; log.Info("签名原文:[" + signValue + "]"); byte[] signByte = Convert.FromBase64String(signValue); rspData.Remove("signature"); string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding); log.Info("排序串:[" + stringData + "]"); byte[] signDigest = SecurityUtil.Sha1(stringData, encoding); string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest); log.Debug("sha1结果:[" + stringSignDigest + "]"); AsymmetricKeyParameter key = CertUtil.GetValidateKeyFromPath(rspData["certId"]); if (null == key) { log.Error("未找到证书,无法验签,验签失败。"); return(false); } result = SecurityUtil.ValidateSha1WithRsa(key, signByte, encoding.GetBytes(stringSignDigest)); } else { string signValue = rspData["signature"]; log.Info("签名原文:[" + signValue + "]"); byte[] signByte = Convert.FromBase64String(signValue); rspData.Remove("signature"); string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding); log.Info("排序串:[" + stringData + "]"); byte[] signDigest = SecurityUtil.Sha256(stringData, encoding); string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest); log.Debug("sha256结果:[" + stringSignDigest + "]"); //string signPubKeyCert = rspData["signPubKeyCert"]; //X509Certificate x509Cert = CertUtil.VerifyAndGetPubKey(signPubKeyCert);//从数据中获取 X509Certificate x509Cert = null; if (x509Cert == null) { log.Error("获取验签证书失败,无法验签,验签失败。"); return(false); } result = SecurityUtil.ValidateSha256WithRsa(x509Cert.GetPublicKey(), signByte, encoding.GetBytes(stringSignDigest)); } } else if ("11".Equals(signMethod) || "12".Equals(signMethod)) { return(ValidateBySecureKey(rspData, SDKConfig.SecureKey, encoding)); } else { log.Error("Error signMethod [" + signMethod + "] in Validate. "); return(false); } if (result) { log.Info("验签成功"); } else { log.Info("验签失败"); } return(result); }