/// <summary> /// 用密钥签名(多密钥时使用)。 /// </summary> /// <param name="reqData"></param> /// <param name="encoding">编码</param> /// <param name="certPath">证书路径</param> /// <param name="certPwd">证书密码</param> /// <returns></returns> public static void SignBySecureKey(Dictionary <string, string> reqData, string secureKey, Encoding encoding) { if (!reqData.ContainsKey("signMethod")) { log.Error("signMethod must Not null"); return; } string signMethod = reqData["signMethod"]; //将Dictionary信息转换成key1=value1&key2=value2的形式 string stringData = SDKUtil.CreateLinkString(reqData, true, false, encoding); log.Info("待签名排序串:[" + stringData + "]"); if ("11".Equals(signMethod)) { String strBeforeSha256 = stringData + "&" + SDKUtil.ByteArray2HexString(SecurityUtil.Sha256(secureKey, encoding)); String strAfterSha256 = SDKUtil.ByteArray2HexString(SecurityUtil.Sha256(strBeforeSha256, encoding)); log.Info("5.1.0 sha256 密钥方式签名结果:[" + strAfterSha256 + "]"); //设置签名域值 reqData["signature"] = strAfterSha256; } else if ("12".Equals(signMethod)) { String strBeforeSm3 = stringData + "&" + SDKUtil.ByteArray2HexString(SecurityUtil.Sm3(secureKey, encoding)); String strAfterSm3 = SDKUtil.ByteArray2HexString(SecurityUtil.Sm3(strBeforeSm3, encoding)); log.Info("5.1.0 sm3 密钥方式签名结果:[" + strAfterSm3 + "]"); //设置签名域值 reqData["signature"] = strAfterSm3; } else { log.Error("Error signMethod [" + signMethod + "] in SignBySecureKey. "); } }
/// <summary> /// 证书方式签名(多证书时使用),指定证书路径。 /// </summary> /// <param name="reqData"></param> /// <param name="encoding">编码</param> /// <param name="certPath">证书路径</param> /// <param name="certPwd">证书密码</param> /// <returns></returns> public static void SignByCertInfo(Dictionary <string, string> reqData, string certPath, string certPwd, Encoding encoding) { if (!reqData.ContainsKey("signMethod")) { log.Error("signMethod must Not null"); return; } string signMethod = reqData["signMethod"]; if (!reqData.ContainsKey("version")) { log.Error("version must Not null"); return; } string version = reqData["version"]; if ("01".Equals(signMethod)) { reqData["certId"] = CertUtil.GetSignCertId(certPath, certPwd); //将Dictionary信息转换成key1=value1&key2=value2的形式 string stringData = SDKUtil.CreateLinkString(reqData, true, false, encoding); log.Info("待签名排序串:[" + stringData + "]"); if ("5.0.0".Equals(version)) { byte[] signDigest = SecurityUtil.Sha1(stringData, encoding); string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest); log.Info("sha1结果:[" + stringSignDigest + "]"); byte[] byteSign = SecurityUtil.SignSha1WithRsa(CertUtil.GetSignKeyFromPfx(certPath, certPwd), encoding.GetBytes(stringSignDigest)); string stringSign = Convert.ToBase64String(byteSign); log.Info("5.0.0报文sha1RSA签名结果:[" + stringSign + "]"); //设置签名域值 reqData["signature"] = stringSign; } else { byte[] signDigest = SecurityUtil.Sha256(stringData, encoding); string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest); log.Info("sha256结果:[" + stringSignDigest + "]"); byte[] byteSign = SecurityUtil.SignSha256WithRsa(CertUtil.GetSignKeyFromPfx(certPath, certPwd), encoding.GetBytes(stringSignDigest)); string stringSign = Convert.ToBase64String(byteSign); log.Info("5.1.0报文sha256RSA签名结果:[" + stringSign + "]"); //设置签名域值 reqData["signature"] = stringSign; } } else { log.Error("Error signMethod [" + signMethod + "] in SignByCertInfo. "); } }
/// <summary> /// 验证签名(多密钥方式) /// </summary> /// <param name="rspData"></param> /// <param name="secureKey"></param> /// <param name="encoder"></param> /// <returns></returns> public static bool ValidateBySecureKey(Dictionary <string, string> rspData, string secureKey, Encoding encoding) { log.Info("验签处理开始"); if (!rspData.ContainsKey("signMethod") || !rspData.ContainsKey("signature")) { log.Error("signMethod或signature为空,无法验证签名。"); return(false); } string signMethod = rspData["signMethod"]; bool result = false; if ("11".Equals(signMethod)) { string stringSign = rspData["signature"]; log.Info("签名原文:[" + stringSign + "]"); rspData.Remove("signature"); string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding); log.Info("待验签返回报文串:[" + stringData + "]"); string strBeforeSha256 = stringData + "&" + SDKUtil.ByteArray2HexString(SecurityUtil.Sha256(secureKey, encoding)); log.Debug("before final sha256: [" + strBeforeSha256 + "]"); string strAfterSha256 = SDKUtil.ByteArray2HexString(SecurityUtil.Sha256(strBeforeSha256, encoding)); result = stringSign.Equals(strAfterSha256); if (!result) { log.Debug("after final sha256: [" + strAfterSha256 + "]"); } } else if ("12".Equals(signMethod)) { string stringSign = rspData["signature"]; log.Info("签名原文:[" + stringSign + "]"); rspData.Remove("signature"); string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding); log.Info("待验签返回报文串:[" + stringData + "]"); string strBeforeSm3 = stringData + "&" + SDKUtil.ByteArray2HexString(SecurityUtil.Sm3(secureKey, encoding)); log.Debug("before final sm3: [" + strBeforeSm3 + "]"); string strAfterSm3 = SDKUtil.ByteArray2HexString(SecurityUtil.Sm3(strBeforeSm3, encoding)); result = stringSign.Equals(strAfterSm3); if (!result) { log.Debug("after final sm3: [" + strAfterSm3 + "]"); } } else { log.Error("Error signMethod [" + signMethod + "] in ValidateBySecureKey. "); return(false); } if (result) { log.Info("验签成功"); } else { log.Info("验签失败"); } return(result); }
/// <summary> /// 验证签名 /// </summary> /// <param name="rspData"></param> /// <param name="encoder"></param> /// <returns></returns> public static bool Validate(Dictionary <string, string> rspData, Encoding encoding) { if (!rspData.ContainsKey("version")) { log.Error("version is null, cannot validate signature."); return(false); } string version = rspData["version"]; if (!rspData.ContainsKey("signature")) { log.Error("signature is null, cannot validate signature."); return(false); } string signature = rspData["signature"]; string signMethod = null; if (rspData.ContainsKey("signMethod")) { signMethod = rspData["signMethod"]; } else if (!VERSION_1_0_0.Equals(version)) { log.Error("signMethod is null, cannot validate signature."); return(false); } bool result = false; if ("01".Equals(signMethod) || VERSION_1_0_0.Equals(version)) { log.Info("验签处理开始"); if (VERSION_5_0_0.Equals(version) || VERSION_1_0_0.Equals(version)) { string signValue = rspData["signature"]; log.Info("签名原文:[" + signValue + "]"); byte[] signByte = Convert.FromBase64String(signValue); rspData.Remove("signature"); string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding); log.Info("排序串:[" + stringData + "]"); byte[] signDigest = SecurityUtil.Sha1(stringData, encoding); string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest); log.Debug("sha1结果:[" + stringSignDigest + "]"); AsymmetricKeyParameter key = CertUtil.GetValidateKeyFromPath(rspData["certId"]); if (null == key) { log.Error("未找到证书,无法验签,验签失败。"); return(false); } result = SecurityUtil.ValidateSha1WithRsa(key, signByte, encoding.GetBytes(stringSignDigest)); } else { string signValue = rspData["signature"]; log.Info("签名原文:[" + signValue + "]"); byte[] signByte = Convert.FromBase64String(signValue); rspData.Remove("signature"); string stringData = SDKUtil.CreateLinkString(rspData, true, false, encoding); log.Info("排序串:[" + stringData + "]"); byte[] signDigest = SecurityUtil.Sha256(stringData, encoding); string stringSignDigest = SDKUtil.ByteArray2HexString(signDigest); log.Debug("sha256结果:[" + stringSignDigest + "]"); string signPubKeyCert = rspData["signPubKeyCert"]; X509Certificate x509Cert = CertUtil.VerifyAndGetPubKey(signPubKeyCert); if (x509Cert == null) { log.Error("获取验签证书失败,无法验签,验签失败。"); return(false); } result = SecurityUtil.ValidateSha256WithRsa(x509Cert.GetPublicKey(), signByte, encoding.GetBytes(stringSignDigest)); } } else if ("11".Equals(signMethod) || "12".Equals(signMethod)) { return(ValidateBySecureKey(rspData, SDKConfig.SecureKey, encoding)); } else { log.Error("Error signMethod [" + signMethod + "], version [" + version + "] in Validate. "); return(false); } if (result) { log.Info("验签成功"); } else { log.Info("验签失败"); } return(result); }