/// <summary>
/// http的基本post方法
/// </summary>
/// <param name="reqData">请求数据</param>
/// <param name="url">URL地址</param>
/// <param name="encoding">编码</param>
/// <returns>服务器返回的数据</returns>
public static Dictionary <String, String> Post(Dictionary <String, String> reqData, String reqUrl, Encoding encoding)
{
string postData = SDKUtil.CreateLinkString(reqData, false, true);
byte[] byteArray = encoding.GetBytes(postData);
try
{
if ("false".Equals(SDKConfig.IfValidateRemoteCert)) //测试环境不验https证书
{
System.Net.ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate);
}
log.Info("发送post请求,url=[" + reqUrl + "],data=[" + postData + "]");
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(reqUrl);
request.ContentType = "application/x-www-form-urlencoded";
request.Method = "POST";
request.ContentLength = byteArray.Length;
request.ServicePoint.Expect100Continue = false;
Stream requestStream = request.GetRequestStream();
requestStream.Write(byteArray, 0, byteArray.Length);
HttpWebResponse webResponse = (HttpWebResponse)request.GetResponse();
StreamReader reader = new StreamReader(webResponse.GetResponseStream(), encoding);
String sResult = reader.ReadToEnd();
requestStream.Close();
reader.Close();
webResponse.Close();
if (webResponse.StatusCode == HttpStatusCode.OK)
{
log.Info("收到后台应答,data=[" + sResult + "]");
return(SDKUtil.CoverStringToDictionary(sResult, encoding));
}
else
{
string httpStatus = Enum.GetName(typeof(HttpStatusCode), webResponse.StatusCode);
log.Info("非200HTTP状态,httpStatus=" + httpStatus + ",data=[" + sResult + "]");
return(new Dictionary <string, string>());
}
}
catch (Exception ex)
{
log.Error("post失败,异常:" + ex.Message);
return(new Dictionary <string, string>());
}
}
/// <summary>
/// 建立请求,以模拟远程HTTP的POST请求方式构造并获取银联的处理结果
/// </summary>
/// <param name="sParaTemp">请求参数数组</param>
/// <returns>银联处理结果</returns>
public int Send(Dictionary <string, string> sParaTemp, Encoding encoder)
{
// System.Net.ServicePointManager.Expect100Continue = false;
//待请求参数数组字符串
// string strRequestData = BuildRequestParaToString(sParaTemp, encoder);
string strRequestData = SDKUtil.CreateLinkString(sParaTemp, true, true);
//把数组转换成流中所需字节数组类型
byte[] bytesRequestData = encoder.GetBytes(strRequestData);
HttpWebResponse HttpWResp = null;
try
{
System.Net.ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(CheckValidationResult);
//设置HttpWebRequest基本信息
HttpWebRequest myReq = (HttpWebRequest)HttpWebRequest.Create(requestUrl);
myReq.Method = "post";
myReq.ContentType = "application/x-www-form-urlencoded";
//填充POST数据
myReq.ContentLength = bytesRequestData.Length;
Stream requestStream = myReq.GetRequestStream(); //获得请求流
requestStream.Write(bytesRequestData, 0, bytesRequestData.Length);
requestStream.Close();
//发送POST数据请求服务器
HttpWResp = (HttpWebResponse)myReq.GetResponse();
Stream myStream = HttpWResp.GetResponseStream();
//获取服务器返回信息
StreamReader reader = new StreamReader(myStream, encoder);
result = reader.ReadToEnd();
//释放
myStream.Close();
return((int)HttpWResp.StatusCode);
}
catch (Exception exp)
{
result = "报错:" + exp.Message;
return(0);
}
}
/// <summary>
/// 证书方式签名(多证书时使用),指定证书路径。
/// </summary>
/// <param name="reqData"></param>
/// <param name="encoding">编码</param>
/// <param name="certPath">证书路径</param>
/// <param name="certPwd">证书密码</param>
/// <returns></returns>
public static void SignByCertInfo(Dictionary <string, string> reqData, string certPath, string certPwd, Encoding encoding)
{
if (!reqData.ContainsKey("version"))
{
log.Error("version cannot by null.");
return;
}
string version = reqData["version"];
string signMethod = null;
if (reqData.ContainsKey("signMethod"))
{
signMethod = reqData["signMethod"];
}
else if (!VERSION_1_0_0.Equals(version))
{
log.Error("signMethod cannot be null.");
return;
}
if ("01".Equals(signMethod) || VERSION_1_0_0.Equals(version))
{
reqData["certId"] = CertUtil.GetSignCertId(certPath, certPwd);
//将Dictionary信息转换成key1=value1&key2=value2的形式
string stringData = SDKUtil.CreateLinkString(reqData, true, false, encoding);
log.Info("待签名排序串:[" + stringData + "]");
if (VERSION_5_0_0.Equals(version) || VERSION_1_0_0.Equals(version))
{
byte[] signDigest = SecurityUtil.Sha1(stringData, encoding);
string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest);
log.Info("sha1结果:[" + stringSignDigest + "]");
byte[] byteSign = SecurityUtil.SignSha1WithRsa(CertUtil.GetSignKeyFromPfx(certPath, certPwd), encoding.GetBytes(stringSignDigest));
string stringSign = Convert.ToBase64String(byteSign);
log.Info("5.0.0报文sha1RSA签名结果:[" + stringSign + "]");
//设置签名域值
reqData["signature"] = stringSign;
}
else
{
byte[] signDigest = SecurityUtil.Sha256(stringData, encoding);
string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest);
log.Info("sha256结果:[" + stringSignDigest + "]");
byte[] byteSign = SecurityUtil.SignSha256WithRsa(CertUtil.GetSignKeyFromPfx(certPath, certPwd), encoding.GetBytes(stringSignDigest));
string stringSign = Convert.ToBase64String(byteSign);
log.Info("5.1.0报文sha256RSA签名结果:[" + stringSign + "]");
//设置签名域值
reqData["signature"] = stringSign;
}
}
else
{
log.Error("Error signMethod [" + signMethod + "] in SignByCertInfo. ");
}
}
/// <summary>
/// 获取应答报文中的加密公钥证书,并存储到本地,并备份原始证书。
/// 更新成功则返回1,无更新返回0,失败异常返回-1。
/// </summary>
/// <param name="dic">Dictionary数据</param>
/// <param name="encoding">编码</param>
/// <returns>成功返回1,无更新返回0,失败异常返回-1</returns>
public static int UpdateEncryptCert(Dictionary <string, string> dic, Encoding encoding)
{
if (!dic.ContainsKey("encryptPubKeyCert") || !dic.ContainsKey("certType"))
{
log.Error("encryptPubKeyCert or certType is null.");
return(-1);
}
string strCert = dic["encryptPubKeyCert"];
string certType = dic["certType"];
X509Certificate x509Cert = CertUtil.GetPubKeyCert(strCert);
if (x509Cert == null)
{
log.Error("从encryptPubKeyCert获取证书内容失败。");
return(-1);
}
if ("01".Equals(certType))
{
if (!CertUtil.GetEncryptCertId().Equals(x509Cert.SerialNumber.ToString()))
{
// ID不同时进行本地证书更新操作
string localCertPath = SDKConfig.EncryptCert;
string newLocalCertPath = SDKUtil.GenBackupName(localCertPath);
// 1.将本地证书进行备份存储
try
{
System.IO.File.Copy(localCertPath, newLocalCertPath, true);
}
catch (Exception e)
{
log.Error("备份旧加密证书失败:", e);
return(-1);
}
// 2.备份成功,进行新证书的存储
FileStream fs = null;
try
{
fs = File.OpenWrite(localCertPath);
Byte[] info = encoding.GetBytes(strCert);
fs.Write(info, 0, info.Length);
}
catch (Exception e)
{
log.Error("写入新加密证书失败:", e);
return(-1);
}
finally
{
if (fs != null)
{
fs.Close();
}
}
log.Info("save new encryptPubKeyCert success");
CertUtil.resetEncryptCertPublicKey();
return(1);
}
else
{
log.Info("加密公钥无更新。");
return(0);
}
}
else if ("02".Equals(certType))
{
log.Info("加密公钥无更新。");
return(0);
}
else
{
log.Error("unknown cerType:" + certType);
return(-1);
}
}
/// <summary>
/// 验证签名
/// </summary>
/// <param name="rspData"></param>
/// <param name="encoder"></param>
/// <returns></returns>
public static bool Validate(Dictionary <string, string> rspData, Encoding encoding)
{
if (!rspData.ContainsKey("version"))
{
log.Error("version is null, cannot validate signature.");
return(false);
}
string version = rspData["version"];
if (!rspData.ContainsKey("signature"))
{
log.Error("signature is null, cannot validate signature.");
return(false);
}
string signature = rspData["signature"];
string signMethod = null;
if (rspData.ContainsKey("signMethod"))
{
signMethod = rspData["signMethod"];
}
else if (!VERSION_1_0_0.Equals(version))
{
log.Error("signMethod is null, cannot validate signature.");
return(false);
}
bool result = false;
if ("01".Equals(signMethod) || VERSION_1_0_0.Equals(version))
{
log.Info("验签处理开始");
if (VERSION_5_0_0.Equals(version) || VERSION_1_0_0.Equals(version))
{
string signValue = rspData["signature"];
log.Info("签名原文:[" + signValue + "]");
byte[] signByte = Convert.FromBase64String(signValue);
rspData.Remove("signature");
string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding);
log.Info("排序串:[" + stringData + "]");
byte[] signDigest = SecurityUtil.Sha1(stringData, encoding);
string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest);
log.Debug("sha1结果:[" + stringSignDigest + "]");
AsymmetricKeyParameter key = CertUtil.GetValidateKeyFromPath(rspData["certId"]);
if (null == key)
{
log.Error("未找到证书,无法验签,验签失败。");
return(false);
}
result = SecurityUtil.ValidateSha1WithRsa(key, signByte, encoding.GetBytes(stringSignDigest));
}
else
{
string signValue = rspData["signature"];
log.Info("签名原文:[" + signValue + "]");
byte[] signByte = Convert.FromBase64String(signValue);
rspData.Remove("signature");
string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding);
log.Info("排序串:[" + stringData + "]");
byte[] signDigest = SecurityUtil.Sha256(stringData, encoding);
string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest);
log.Debug("sha256结果:[" + stringSignDigest + "]");
string signPubKeyCert = rspData["signPubKeyCert"];
X509Certificate x509Cert = CertUtil.VerifyAndGetPubKey(signPubKeyCert);
if (x509Cert == null)
{
log.Error("获取验签证书失败,无法验签,验签失败。");
return(false);
}
result = SecurityUtil.ValidateSha256WithRsa(x509Cert.GetPublicKey(), signByte, encoding.GetBytes(stringSignDigest));
}
}
else if ("11".Equals(signMethod) || "12".Equals(signMethod))
{
return(ValidateBySecureKey(rspData, SDKConfig.SecureKey, encoding));
}
else
{
log.Error("Error signMethod [" + signMethod + "], version [" + version + "] in Validate. ");
return(false);
}
if (result)
{
log.Info("验签成功");
}
else
{
log.Info("验签失败");
}
return(result);
}
