.Net版本SHA256WithRSA算法

在与建设银行做对接的项目的时候，签名的时候需要用SHA256WithRSA算法，因为只有java版本的代码，所以需要自己改写一版.Net算法代码。

1、证书的生成(OpenSSL)

由于我们对接需要互相认证对方的证书，这里的证书要求是SSL证书，网上有很多安装教程可以参考，这里给大家介绍一种比较好的OpenSSL插件，在我们经常使用的项目管理器Git，在安装的时候已经自带了一个OpenSSL插件，我们可以直接运行这个文件，路径是：“C:Program FilesGitmingw64inopenssl.exe”，如下图（注：需要使用管理员身份运行）

命令行如下

openssl genrsa -des3 -out test.key 2048 //需要输入私钥密码   
openssl req -new -key test.key -out test.csr
openssl x509 -req -in test.csr -out test.cer -signkey test.key -days 7500  //有效时间
openssl pkcs12 -export -clcerts -in test.cer -inkey test.key -out test.pfx

//test.cer为公钥证书，test.pfx为私钥证书

证书如下（test.cer为公钥证书，test.pfx为私钥证书）

2、算法代码

生成好证书就可以写算法代码了，直接上代码。

项目引用： using System.Security.Cryptography;using System.Security.Cryptography.X509Certificates;

 /// <summary>
        /// 签名算法--SHA256WithRSA
        /// </summary>
        /// <param name="dataStr">配置json</param>
        /// <param name="keyFile">证书路径</param>
        /// <param name="password">证书密码</param>
        /// <returns></returns>
        public static string Sha256Sign(string dataStr, string keyFile, string password)
        {
            using (RSACryptoServiceProvider sha256 = new RSACryptoServiceProvider())
            {
                var privateKey = GetPrivateKey(keyFile, password);  //获取私钥
                byte[] dataInBytes = DafaultEncoding.GetBytes(dataStr);
                sha256.FromXmlString(privateKey);
                byte[] inArray = sha256.SignData(dataInBytes, CryptoConfig.MapNameToOID("SHA256"));
                string sign = Convert.ToBase64String(inArray);
                return sign;
            }
        }

 /// <summary>
        /// 获取私钥
        /// </summary>
        /// <param name="path">文件路径</param>
        /// <param name="password">文件秘钥</param>
        /// <returns></returns>
        public static string GetPrivateKey(string path, string password)
        {
            try
            {
                X509Certificate2 cert = new X509Certificate2(path, password, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
                return cert.PrivateKey.ToXmlString(true);
            }
            catch
            {
                return "";
            }
        }

3、发签名和数据

 public static string SendPostRequestJson(string url, string appId, string jsonData,string version, string tenancyId,string passWord, Encoding encoding)
        {
            if (string.IsNullOrEmpty(url))
                throw new ArgumentNullException("url");

            if (encoding == null)
                encoding = Encoding.UTF8;

            //var dataString = string.Join("&", data.Select(pattern => pattern.Key + "=" + pattern.Value));

            var sign = SignHelper.Sha256Sign(jsonData, "E:/1-trunk/CCB.JobService/CcbApi/files/test.pfx", passWord);

            HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
            request.Method = "POST";
            request.ContentType = "application/json; charset=" + encoding.WebName;
            request.Timeout = 60000;
            request.UserAgent = "IIS";
            request.Headers.Add("C-Signature", sign);
            request.Headers.Add("C-App-Id", appId);
            request.Headers.Add("C-Business-Id", SignHelper.GetBussinessId(appId));
            request.Headers.Add("C-Timestamp", DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"));
            request.Headers.Add("version", version);
            request.Headers.Add("C-Tenancy-Id", tenancyId);
            if (jsonData != null)
            {
                byte[] buffer = encoding.GetBytes(jsonData);
                string json = Convert.ToBase64String(buffer);

                byte[] buffer1 = encoding.GetBytes(json);

                using (Stream stream = request.GetRequestStream())
                {
                    stream.Write(buffer1, 0, buffer1.Length);
                }
            }

            using (HttpWebResponse response = request.GetResponse() as HttpWebResponse)
            {
                return ReadResponse(response);
            }
        }

        /// <summary>
        /// 读取响应内容。
        /// </summary>
        /// <param name="response"></param>
        /// <returns></returns>
        private static string ReadResponse(HttpWebResponse response)
        {
            if (response == null) return string.Empty;
            Stream strem = null;
            if (response.Headers["Content-Encoding"] == "gzip")
                strem = new GZipStream(response.GetResponseStream(), CompressionMode.Decompress);
            else
                strem = response.GetResponseStream();

            if (strem == null) return string.Empty;
            using (StreamReader reader = new StreamReader(strem))
            {
                return reader.ReadToEnd();
            }
        }

4、通用接口

/// <summary>
        /// 通用接口
        /// </summary>
        /// <typeparam name="T">返回数据实体</typeparam>
        /// <param name="jsonDate">要传输的参数json字符串</param>
        /// <param name="url">接口URL</param>
        /// <returns>响应数据</returns>
        private static ResponseBase<T> InvokApi<T>(string jsonDate, string url)
        {
            try
            {
                url = CcbUrl + url;
                var result = HttpWebRequestHelper.SendPostRequestJson(url, AppId, jsonDate, Version, TenancyId, PassWord, Encoding.UTF8);
                if (!string.IsNullOrEmpty(result))
                {
                    result = DecodeBase64(Encoding.UTF8, result);
                }
                var res = JsonConvert.DeserializeObject<ResponseBase<T>>(result);
                if (res.Status != "00")
                {
                    LogHelper.Log(DateTime.Now + url + ":调用建设银行接口：" + jsonDate);
                    LogHelper.Log(DateTime.Now + ": 调用建设银行返回：" + JsonConvert.SerializeObject(result));
                }

                return res;
            }
            catch (Exception e)
            {
                return new ResponseBase<T>();
            }

        }

over。。