Exemplo n.º 1
0
        /// <summary>
        /// 证书方式签名(多证书时使用),指定证书路径。
        /// </summary>
        /// <param name="reqData"></param>
        /// <param name="encoding">编码</param>
        /// <param name="certPath">证书路径</param>
        /// <param name="certPwd">证书密码</param>
        /// <returns></returns>
        public static void SignByCertInfo(Dictionary <string, string> reqData, string certPath, string certPwd, Encoding encoding)
        {
            if (!reqData.ContainsKey("signMethod"))
            {
                log.Error("signMethod must Not null");
                return;
            }
            string signMethod = reqData["signMethod"];

            if (!reqData.ContainsKey("version"))
            {
                log.Error("version must Not null");
                return;
            }
            string version = reqData["version"];

            if ("01".Equals(signMethod))
            {
                reqData["certId"] = CertUtil.GetSignCertId(certPath, certPwd);

                //将Dictionary信息转换成key1=value1&key2=value2的形式
                string stringData = SDKUtil.CreateLinkString(reqData, true, false, encoding);
                log.Info("待签名排序串:[" + stringData + "]");

                if ("5.0.0".Equals(version))
                {
                    byte[] signDigest = SecurityUtil.Sha1(stringData, encoding);

                    string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest);
                    log.Info("sha1结果:[" + stringSignDigest + "]");

                    byte[] byteSign = SecurityUtil.SignSha1WithRsa(CertUtil.GetSignKeyFromPfx(certPath, certPwd), encoding.GetBytes(stringSignDigest));

                    string stringSign = Convert.ToBase64String(byteSign);
                    log.Info("5.0.0报文sha1RSA签名结果:[" + stringSign + "]");

                    //设置签名域值
                    reqData["signature"] = stringSign;
                }
                else
                {
                    byte[] signDigest = SecurityUtil.Sha256(stringData, encoding);

                    string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest);
                    log.Info("sha256结果:[" + stringSignDigest + "]");

                    byte[] byteSign = SecurityUtil.SignSha256WithRsa(CertUtil.GetSignKeyFromPfx(certPath, certPwd), encoding.GetBytes(stringSignDigest));

                    string stringSign = Convert.ToBase64String(byteSign);
                    log.Info("5.1.0报文sha256RSA签名结果:[" + stringSign + "]");

                    //设置签名域值
                    reqData["signature"] = stringSign;
                }
            }
            else
            {
                log.Error("Error signMethod [" + signMethod + "] in SignByCertInfo. ");
            }
        }
Exemplo n.º 2
0
        public static bool ValidateAppResponse(string jsonData, Encoding encoding)
        {
            log.Info("二维码返回报文验签:[" + jsonData + "]");
            //获取签名
            Dictionary <string, object> data = SDKUtil.JsonToDictionary(jsonData);

            string stringData = (string)data["data"];
            string signValue  = (string)data["sign"];
            Dictionary <string, string> dataMap = SDKUtil.parseQString(stringData, encoding);

            byte[] signByte         = Convert.FromBase64String(signValue);
            byte[] signDigest       = SecurityUtil.Sha1(stringData, encoding);
            string stringSignDigest = BitConverter.ToString(signDigest).Replace("-", "").ToLower();

            log.Debug("sha1结果:[" + stringSignDigest + "]");
            AsymmetricKeyParameter key = CertUtil.GetValidateKeyFromPath(dataMap["cert_id"]);

            if (null == key)
            {
                log.Error("未找到证书,无法验签,验签失败。");
                return(false);
            }
            bool result = SecurityUtil.ValidateSha1WithRsa(key, signByte, encoding.GetBytes(stringSignDigest));

            if (result)
            {
                log.Info("验签成功");
            }
            else
            {
                log.Info("验签失败");
            }
            return(result);
        }
Exemplo n.º 3
0
 ///<summary>
 /// 加密
 /// </summary>
 /// <returns></returns>
 private static byte[] encryptedData(byte[] encData)
 {
     try
     {
         IBufferedCipher c = CipherUtilities.GetCipher("RSA/NONE/PKCS1Padding");
         c.Init(true, new ParametersWithRandom(CertUtil.GetEncryptKey(), new SecureRandom()));
         return(c.DoFinal(encData));
     }
     catch (Exception e)
     {
         log.Error("encryptedData error: " + e.Message);
         return(new byte[0]);
     }
 }
Exemplo n.º 4
0
 /// <summary>
 /// 解密,多证书
 /// </summary>
 /// <param name="dataString">原字符串</param>
 /// <param name="encoding">编码</param>
 /// <returns>解密结果</returns>
 public static string DecryptData(string dataString, Encoding encoding, string certPath, string certPwd)
 {
     byte[] data = Convert.FromBase64String(dataString);
     data = decryptData(data, CertUtil.GetSignKeyFromPfx(certPath, certPwd));
     return(encoding.GetString(data));
 }
Exemplo n.º 5
0
        /// <summary>
        /// 获取应答报文中的加密公钥证书,并存储到本地,并备份原始证书。
        /// 更新成功则返回1,无更新返回0,失败异常返回-1。
        /// </summary>
        /// <param name="dic">Dictionary数据</param>
        /// <param name="encoding">编码</param>
        /// <returns>成功返回1,无更新返回0,失败异常返回-1</returns>
        public static int UpdateEncryptCert(Dictionary <string, string> dic, Encoding encoding)
        {
            if (!dic.ContainsKey("encryptPubKeyCert") || !dic.ContainsKey("certType"))
            {
                log.Error("encryptPubKeyCert or certType is null.");
                return(-1);
            }
            string          strCert  = dic["encryptPubKeyCert"];
            string          certType = dic["certType"];
            X509Certificate x509Cert = CertUtil.GetPubKeyCert(strCert);

            if (x509Cert == null)
            {
                log.Error("从encryptPubKeyCert获取证书内容失败。");
                return(-1);
            }
            if ("01".Equals(certType))
            {
                if (!CertUtil.GetEncryptCertId().Equals(x509Cert.SerialNumber.ToString()))
                {
                    // ID不同时进行本地证书更新操作
                    string localCertPath    = SDKConfig.EncryptCert;
                    string newLocalCertPath = SDKUtil.GenBackupName(localCertPath);

                    // 1.将本地证书进行备份存储
                    try
                    {
                        System.IO.File.Copy(localCertPath, newLocalCertPath, true);
                    }
                    catch (Exception e)
                    {
                        log.Error("备份旧加密证书失败:", e);
                        return(-1);
                    }
                    // 2.备份成功,进行新证书的存储
                    FileStream fs = null;
                    try
                    {
                        fs = File.OpenWrite(localCertPath);
                        Byte[] info = encoding.GetBytes(strCert);
                        fs.Write(info, 0, info.Length);
                    }
                    catch (Exception e)
                    {
                        log.Error("写入新加密证书失败:", e);
                        return(-1);
                    }
                    finally
                    {
                        if (fs != null)
                        {
                            fs.Close();
                        }
                    }
                    log.Info("save new encryptPubKeyCert success");
                    CertUtil.resetEncryptCertPublicKey();
                    return(1);
                }
                else
                {
                    log.Info("加密公钥无更新。");
                    return(0);
                }
            }
            else if ("02".Equals(certType))
            {
                log.Info("加密公钥无更新。");
                return(0);
            }
            else
            {
                log.Error("unknown cerType:" + certType);
                return(-1);
            }
        }
Exemplo n.º 6
0
 //获取敏感信息加密证书的物理序列号
 public static String GetEncryptCertId()
 {
     return(CertUtil.GetEncryptCertId());
 }
Exemplo n.º 7
0
        /// <summary>
        /// 验证签名
        /// </summary>
        /// <param name="rspData"></param>
        /// <param name="encoder"></param>
        /// <returns></returns>
        public static bool Validate(Dictionary <string, string> rspData, Encoding encoding)
        {
            if (!rspData.ContainsKey("signMethod") || !rspData.ContainsKey("signature") || !rspData.ContainsKey("version"))
            {
                log.Error("signMethod或signature或version为空,无法验证签名。");
                return(false);
            }
            string signMethod = rspData["signMethod"];
            string version    = rspData["version"];
            bool   result     = false;

            if ("01".Equals(signMethod))
            {
                log.Info("验签处理开始");
                if ("5.0.0".Equals(version))
                {
                    string signValue = rspData["signature"];
                    log.Info("签名原文:[" + signValue + "]");
                    byte[] signByte = Convert.FromBase64String(signValue);
                    rspData.Remove("signature");
                    string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding);
                    log.Info("排序串:[" + stringData + "]");
                    byte[] signDigest       = SecurityUtil.Sha1(stringData, encoding);
                    string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest);
                    log.Debug("sha1结果:[" + stringSignDigest + "]");
                    AsymmetricKeyParameter key = CertUtil.GetValidateKeyFromPath(rspData["certId"]);
                    if (null == key)
                    {
                        log.Error("未找到证书,无法验签,验签失败。");
                        return(false);
                    }
                    result = SecurityUtil.ValidateSha1WithRsa(key, signByte, encoding.GetBytes(stringSignDigest));
                }
                else
                {
                    string signValue = rspData["signature"];
                    log.Info("签名原文:[" + signValue + "]");
                    byte[] signByte = Convert.FromBase64String(signValue);
                    rspData.Remove("signature");
                    string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding);
                    log.Info("排序串:[" + stringData + "]");
                    byte[] signDigest       = SecurityUtil.Sha256(stringData, encoding);
                    string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest);
                    log.Debug("sha256结果:[" + stringSignDigest + "]");

                    //string signPubKeyCert = rspData["signPubKeyCert"];
                    //X509Certificate x509Cert = CertUtil.VerifyAndGetPubKey(signPubKeyCert);//从数据中获取
                    X509Certificate x509Cert = null;
                    if (x509Cert == null)
                    {
                        log.Error("获取验签证书失败,无法验签,验签失败。");
                        return(false);
                    }
                    result = SecurityUtil.ValidateSha256WithRsa(x509Cert.GetPublicKey(), signByte, encoding.GetBytes(stringSignDigest));
                }
            }
            else if ("11".Equals(signMethod) || "12".Equals(signMethod))
            {
                return(ValidateBySecureKey(rspData, SDKConfig.SecureKey, encoding));
            }
            else
            {
                log.Error("Error signMethod [" + signMethod + "] in Validate. ");
                return(false);
            }
            if (result)
            {
                log.Info("验签成功");
            }
            else
            {
                log.Info("验签失败");
            }
            return(result);
        }