/// <summary> /// 验证签名 /// </summary> /// <param name="rspData">数据源</param> /// <param name="encoding">编码格式</param> /// <param name="rootCertRawData">根证书的数据</param> /// <param name="middleCertRawData">中级证书数据</param> /// <returns></returns> public static bool Validate(Dictionary <string, string> rspData, Encoding encoding, byte[] rootCertRawData, byte[] middleCertRawData) { if (!ValidateBaseData(rspData)) { return(false); } byte[] signByte = Convert.FromBase64String(rspData["signature"]); rspData.Remove("signature"); string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding); byte[] signDigest = System.Security.Cryptography.SHA256.Create().ComputeHash(encoding.GetBytes(stringData)); string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest); string signPubKeyCert = rspData["signPubKeyCert"]; signPubKeyCert = signPubKeyCert.Replace("-----END CERTIFICATE-----", "").Replace("-----BEGIN CERTIFICATE-----", ""); var signCert = new X509Certificate2(Convert.FromBase64String(signPubKeyCert)); var rootCert = new X509Certificate2(rootCertRawData); var middleCert = new X509Certificate2(middleCertRawData); var chain = new X509Chain(); chain.ChainPolicy.ExtraStore.Add(rootCert); chain.ChainPolicy.ExtraStore.Add(middleCert); chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck; chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority; chain.Build(signCert); if (chain.ChainElements.Count != chain.ChainPolicy.ExtraStore.Count + 1) { return(false); } //bug 修复,类型对不上, 直接继承公共的基类,避免类型错误。 var rsa = signCert.PublicKey.Key as System.Security.Cryptography.RSA; return(rsa.VerifyData(encoding.GetBytes(stringSignDigest), signByte, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)); }