/// <summary>
/// 验证签名
/// </summary>
/// <param name="rspData"></param>
/// <param name="encoder"></param>
/// <returns></returns>
public static bool Validate(Dictionary <string, string> rspData, Encoding encoding)
{
//获取签名
string signValue = rspData["signature"];
log.Info("签名原文:[" + signValue + "]");
byte[] signByte = Convert.FromBase64String(signValue);
rspData.Remove("signature");
string stringData = SDKUtil.CreateLinkString(rspData, true, false);
log.Info("排序串:[" + stringData + "]");
byte[] signDigest = SecurityUtil.Sha1X16(stringData, encoding);
string stringSignDigest = BitConverter.ToString(signDigest).Replace("-", "").ToLower();
log.Debug("sha1结果:[" + stringSignDigest + "]");
RSACryptoServiceProvider provider = CertUtil.GetValidateProviderFromPath(rspData["certId"]);
if (null == provider)
{
log.Error("未找到证书,无法验签,验签失败。");
return(false);
}
bool result = SecurityUtil.ValidateBySoft(provider, signByte, encoding.GetBytes(stringSignDigest));
if (result)
{
log.Info("验签成功");
}
else
{
log.Info("验签失败");
}
return(result);
}
/// <summary>
/// 对待签名数据计算签名并赋值certid,signature字段返回签名后的报文
/// </summary>
/// <param name="reqData"></param>
/// <param name="encoding">编码</param>
/// <param name="certPath">证书路径</param>
/// <param name="certPwd">证书密码</param>
/// <returns></returns>
public static void Sign(Dictionary <string, string> reqData, Encoding encoding, string certPath, string certPwd)
{
reqData["certId"] = CertUtil.GetSignCertId(certPath, certPwd);
//将Dictionary信息转换成key1=value1&key2=value2的形式
string stringData = SDKUtil.CreateLinkString(reqData, true, false);
log.Info("待签名排序串:[" + stringData + "]");
string stringSign = null;
byte[] signDigest = SecurityUtil.Sha1X16(stringData, encoding);
string stringSignDigest = BitConverter.ToString(signDigest).Replace("-", "").ToLower();
log.Info("sha1结果:[" + stringSignDigest + "]");
byte[] byteSign = SecurityUtil.SignBySoft(CertUtil.GetSignProviderFromPfx(certPath, certPwd), encoding.GetBytes(stringSignDigest));
stringSign = Convert.ToBase64String(byteSign);
log.Info("签名结果:[" + stringSign + "]");
//设置签名域值
reqData["signature"] = stringSign;
}
/// <summary>
/// 对控件支付成功返回的结果信息中data域进行验签(控件端获取的应答信息)
/// </summary>
/// <param name="jsonData">json格式数据,例如:{"sign" : "J6rPLClQ64szrdXCOtV1ccOMzUmpiOKllp9cseBuRqJ71pBKPPkZ1FallzW18gyP7CvKh1RxfNNJ66AyXNMFJi1OSOsteAAFjF5GZp0Xsfm3LeHaN3j/N7p86k3B1GrSPvSnSw1LqnYuIBmebBkC1OD0Qi7qaYUJosyA1E8Ld8oGRZT5RR2gLGBoiAVraDiz9sci5zwQcLtmfpT5KFk/eTy4+W9SsC0M/2sVj43R9ePENlEvF8UpmZBqakyg5FO8+JMBz3kZ4fwnutI5pWPdYIWdVrloBpOa+N4pzhVRKD4eWJ0CoiD+joMS7+C0aPIEymYFLBNYQCjM0KV7N726LA==", "data" : "pay_result=success&tn=201602141008032671528&cert_id=68759585097"}</param>
/// <param name="encoding"></param>
/// <returns></returns>
public static bool ValidateAppResponse(string jsonData, Encoding encoding)
{
log.Info("控件返回报文验签:[" + jsonData + "]");
//获取签名
Dictionary <string, object> data = SDKUtil.JsonToDictionary(jsonData);
string stringData = (string)data["data"];
string signValue = (string)data["sign"];
Dictionary <string, string> dataMap = SDKUtil.parseQString(stringData, encoding);
byte[] signByte = Convert.FromBase64String(signValue);
byte[] signDigest = SecurityUtil.Sha1X16(stringData, encoding);
string stringSignDigest = BitConverter.ToString(signDigest).Replace("-", "").ToLower();
log.Debug("sha1结果:[" + stringSignDigest + "]");
RSACryptoServiceProvider provider = CertUtil.GetValidateProviderFromPath(dataMap["cert_id"]);
if (null == provider)
{
log.Error("未找到证书,无法验签,验签失败。");
return(false);
}
bool result = SecurityUtil.ValidateBySoft(provider, signByte, encoding.GetBytes(stringSignDigest));
if (result)
{
log.Info("验签成功");
}
else
{
log.Info("验签失败");
}
return(result);
}
/// <summary>
/// 解密
/// </summary>
/// <param name="dataString">原数据</param>
/// <returns>解密结果</returns>
public static byte[] decryptData(byte[] data)
{
try
{
return(CertUtil.GetSignProviderFromPfx().Decrypt(data, false));
}
catch (Exception e)
{
log.Error("decryptData error: " + e.Message);
return(new byte[0]);
}
}
///<summary>
/// 加密
/// </summary>
/// <returns></returns>
public static byte[] encryptedData(byte[] encData)
{
try
{
byte[] enBytes = CertUtil.GetEncryptKey().Encrypt(encData, false);
return(enBytes);
}
catch (Exception e)
{
log.Error("encryptedData error: " + e.Message);
return(new byte[0]);
}
}
//获取敏感信息加密证书的物理序列号
public static String GetEncryptCertId()
{
return(CertUtil.GetEncryptCertId());
}