using KGIS.Framework.Platform;
using KGIS.Framework.Utils;
using Kingo.Crypto;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
namespace Kingo.PluginServiceInterface
{
public static class EncryptionHelper
{
///
/// 非对称加密私钥
///
//private static string PrvKeySM2 { get; set; }
///
/// 非对称加密公钥
///
//private static string PubKeySM2 { get; set; }
private static string priKeySM2 = "3CD79D91480CF410148A2E8E1D8E5E8C534945F90E6CC92F43C92705112DC1AD";
///
/// 生成非对称加密秘钥
///
public static void GenerKeySM2()
{
try
{
string prvKey = string.Empty;
string pubKey = string.Empty;
SM2.GenerateKeyPair(out prvKey, out pubKey);
using (StreamWriter writer = new StreamWriter("PrivateKey_SM2.xml")) //这个文件要保密
{
writer.WriteLine(prvKey);
}
using (StreamWriter writer = new StreamWriter("PublicKey_SM2.xml"))
{
writer.WriteLine(pubKey);
}
}
catch (Exception ex)
{
LogAPI.Debug(ex);
throw ex;
}
}
///
/// 生成对称加密秘钥
///
public static string GenerKeySM4()
{
try
{
SM4 sm4 = new SM4();
//生成秘钥
return sm4.GenerateKey();
//using (StreamWriter writer = new StreamWriter("PrivateKey_SM4.xml")) //这个文件要保密
//{
// writer.WriteLine(PrvKeySM4);
//}
}
catch (Exception ex)
{
throw ex;
}
}
///
/// 非对称加密
///
///
/// 1:县级内网私钥加密 2:县级内网公钥加密 3:枢纽机公钥
///
public static string SM2Encrypt(string txtWord, int keyType, string xzqdm, bool isDog)
{
try
{
if (isDog)
{
return SM2.Encrypt(GetDogKey(keyType, xzqdm), txtWord);
}
else
{
string pubk = SysConfigsOprator.GetAppsetingValueByKey("SM2PubK");
if (xzqdm.StartsWith("51") && Platform.Instance.SystemType == SystemTypeEnum.WYZS)
{
pubk = "04129C9C9E1FCA56B889B1D04BA2EC40194F69BCDE2BA2A32221C8A6E1CF78028550BBEDF3CECA7F505B3495340976E5AC90A5D84F61C74D04E27689E8A250B6703CA9EFC923182CA8426E4C529E51DFC08381E5AAC8D8C03E0B89CF233767BAECA6DC64EC3E0E86AE9462E92C9143FD2D977696DBE51E2D7D63E22F46E9257D0C82F26AE27053E90A83071F24C05ADE2ECA6B396AEE4AA057B45F901666DF76C4C9324BC7FFBF28FEB2236AD9B852D7A5C04474E8154FFE32431C2D3EB4EB020DA438D5E01211EE62D802B09058D538D350F1F1C62AE0870C98870B0CA81ED219767D";
return SM2.Encrypt(Encoding.UTF8.GetString(SM2.Decrypt(priKeySM2, pubk)), txtWord);
}
else if (Platform.Instance.SystemType == SystemTypeEnum.DTBJK && xzqdm.StartsWith("11"))
{
pubk = GetDogKey(2, xzqdm);
return SM2.Encrypt(pubk, txtWord);
}
return SM2.Encrypt(Encoding.UTF8.GetString(SM2.Decrypt(priKeySM2, pubk)), txtWord);
}
}
catch (Exception ex)
{
LogAPI.Debug("非对称加密失败:" + ex.Message);
throw ex;
}
}
///
/// 非对称解密
///
public static string SM2Decrypt(string txtWord, string xzqdm, bool isDog)
{
try
{
if (isDog)
{
return System.Text.Encoding.UTF8.GetString(SM2.Decrypt(GetDogKey(1, xzqdm), txtWord));
}
else
{
return SM2.Encrypt(SysConfigsOprator.GetAppsetingValueByKey("SM2PriK"), txtWord);
}
}
catch (Exception ex)
{
LogAPI.Debug("非对称解密失败,请检查是否插入加密狗:" + ex.Message);
throw new Exception("请检查是否插入加密狗!");
}
}
///
/// 对称加密
///
public static string SM4Encrypt(string txtWord, string key)
{
try
{
SM4 sm4 = new SM4();
sm4.secretKey = key;
sm4.hexString = true;
return sm4.EncryptECB(txtWord);
}
catch (Exception ex)
{
LogAPI.Debug("对称加密失败:" + ex.Message);
throw ex;
}
}
///
/// 对称解密
///
public static string SM4Decrypt(string txtWord, string key)
{
try
{
SM4 sm4 = new SM4();
sm4.secretKey = key;
sm4.hexString = true;
return sm4.DecryptECB(txtWord);
}
catch (Exception ex)
{
LogAPI.Debug("对称解密失败:" + ex.Message);
throw ex;
}
}
///
/// 生成签章文件
///
///
///
///
public static string GetFileSing(string filePath, string xzqdm, string dataCode = "")
{
try
{
if (dataCode.ToUpper() == "SHP")
{
string shpFileMd5 = GetMD5HashFromFile(filePath, xzqdm);
string fileName = System.IO.Path.GetFileNameWithoutExtension(filePath);
string dbfFilePath = System.IO.Path.GetDirectoryName(filePath) + "\\" + fileName + ".dbf";
string dbfFileMd5 = GetMD5HashFromFile(dbfFilePath, xzqdm);
return shpFileMd5 + dbfFileMd5;
//string signContent = Kingo.Crypto.SM2.Sm2Sign(shpFileMd5 + dbfFileMd5, PrvKeySM2);
//string signFilePath = System.IO.Path.GetDirectoryName(filePath) + "\\" + fileName + ".sign";
//StreamWriter streamWriter = File.CreateText(signFilePath);
//streamWriter.Write(signContent);
//streamWriter.Close();
}
else if (dataCode.ToUpper() == "GDB")
{
string[] files = System.IO.Directory.GetFiles(filePath, "*.*", SearchOption.AllDirectories);
Dictionary keyVa = new Dictionary();
foreach (string item in files)
{
string fileName = System.IO.Path.GetFileName(item);
if (System.IO.Path.GetExtension(item).Equals(".lock", StringComparison.CurrentCultureIgnoreCase) ||
System.IO.Path.GetExtension(item).Equals(".xls", StringComparison.CurrentCultureIgnoreCase) ||
System.IO.Path.GetExtension(item).Equals(".xlsx", StringComparison.CurrentCultureIgnoreCase))
{
continue;
}
string fileMd5 = GetMD5HashFromFile(item, xzqdm);
if (string.IsNullOrWhiteSpace(fileMd5))
{
continue;
}
keyVa.Add(fileName, fileMd5);
}
return Newtonsoft.Json.JsonConvert.SerializeObject(keyVa);
}
else
{
return GetMD5HashFromFile(filePath, xzqdm);
}
}
catch (Exception ex)
{
throw ex;
}
}
public static bool CreateSign(string json, string signFileName)
{
try
{
try
{
if (System.IO.File.Exists(signFileName))
{
System.IO.File.Delete(signFileName);
}
}
catch (Exception ex)
{
LogAPI.Debug("删除已有签章失败:" + ex.Message);
}
//string signContent = Kingo.Crypto.SM2.Sm2Sign(json, PrvKeySM2);
using (StreamWriter streamWriter = File.CreateText(signFileName))
{
streamWriter.Write(json);
streamWriter.Close();
}
return true;
}
catch (Exception ex)
{
throw ex;
}
}
///
/// 获取文件MD5
///
/// 文件名
/// 是否加密
///
public static string GetMD5HashFromFile(string fileName, string xzqdm, bool isEncryption = true)
{
try
{
//System.Security.Cryptography.MD5 md5Hasher = System.Security.Cryptography.MD5.Create();
//byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(fileName));
//StringBuilder sBuilder = new StringBuilder();
//for (int i = 0; i < data.Length; i++)
//{
// sBuilder.Append(data[i].ToString("x2"));
//}
//return Kingo.Crypto.SM2.Sm2Sign(sBuilder.ToString(), key);
using (FileStream file = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.ReadWrite))
{
System.Security.Cryptography.MD5 md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
byte[] retVal = md5.ComputeHash(file);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < retVal.Length; i++)
{
sb.Append(retVal[i].ToString("x2"));
}
if (isEncryption)
{
return Kingo.Crypto.SM2.Sm2Sign(sb.ToString(), GetDogKey(1, xzqdm));
}
else
{
return sb.ToString();
}
}
}
catch (Exception ex)
{
LogAPI.Debug("获取文件md5失败:" + ex.Message);
return null;
}
}
///
/// 获取加密狗
///
/// 1:内网私钥 2:内网公钥 3:枢纽机公钥
///
public static string GetDogKey(int keyType, string xzqdm)
{
try
{
if (!string.IsNullOrWhiteSpace(xzqdm))
{
if (xzqdm.StartsWith("11") || xzqdm.StartsWith("51") || xzqdm.StartsWith("33"))
{
bool isSc = xzqdm.StartsWith("51");
bool isBj = xzqdm.StartsWith("11");
bool isZj = xzqdm.StartsWith("33");
switch (keyType)
{
case 1:
if (isSc)
{
return Encoding.UTF8.GetString(SM2.Decrypt(priKeySM2, "04129C9C9E1FCA56B889B1D04BA2EC40194F69BCDE2BA2A32221C8A6E1CF78028550BBEDF3CECA7F505B3495340976E5AC90A5D84F61C74D04E27689E8A250B6703DAE9DCD511F24DD32193C559A25DAB4F0F9E2ACCCD1C733088BBB554610BA9BDAD562ED4D7380DE9C6498589035F958E101E4A5906B5B0D62E12144EC500A7A0E39222B10663F92E3EFE154733F61AB893DDA94B7C5E46FD4FCB0B4CBA28469"));
}
else if (isBj)
{
return Encoding.UTF8.GetString(SM2.Decrypt(priKeySM2, "04129C9C9E1FCA56B889B1D04BA2EC40194F69BCDE2BA2A32221C8A6E1CF78028550BBEDF3CECA7F505B3495340976E5AC90A5D84F61C74D04E27689E8A250B67048AF9ABE546E2CDA386F3852EE51DCB3868EE3DDC8D1CE327AFBBB273364C39DAEDC66EE4F05F1DD9010E52C97418157E07DE6DAE61C2C7E69EC20339D21780A512F4E5D28E2126BF0F0A61DF87F63D7646DB888FFE488094583F3695BBA4E91"));
}
else if (isZj)
{
return Encoding.UTF8.GetString(SM2.Decrypt(priKeySM2, "04129C9C9E1FCA56B889B1D04BA2EC40194F69BCDE2BA2A32221C8A6E1CF78028550BBEDF3CECA7F505B3495340976E5AC90A5D84F61C74D04E27689E8A250B67039D8E8BD256B28DF401A4C529B53D5CD83FD9EA9B1D4C34208FBC9223664C09AAEAE649E397785D49314EC259748FC58907295A791682A7917E62E369F260D7C6A650F1F9AFB9897DDFE1DB5145D8A549205F6124CFA0E60C2251FD4A9393375"));
}
return KGIS.Framework.Utils.SysConfigsOprator.GetAppsetingValueByKey("SM2PriK");
case 2:
if (isSc)
{
return Encoding.UTF8.GetString(SM2.Decrypt(priKeySM2, "04129C9C9E1FCA56B889B1D04BA2EC40194F69BCDE2BA2A32221C8A6E1CF78028550BBEDF3CECA7F505B3495340976E5AC90A5D84F61C74D04E27689E8A250B6703CA9EFC923182CA8426E4C529E51DFC08381E5AAC8D8C03E0B89CF233767BAECA6DC64EC3E0E86AE9462E92C9143FD2D977696DBE51E2D7D63E22F46E9257D0C82F26AE27053E90A83071F24C05ADE2ECA6B396AEE4AA057B45F901666DF76C4C9324BC7FFBF28FEB2236AD9B852D7A5C04474E8154FFE32431C2D3EB4EB020DA438D5E01211EE62D802B09058D538D350F1F1C62AE0870C98870B0CA81ED219767D"));
}
else if (isBj)
{
return Encoding.UTF8.GetString(SM2.Decrypt(priKeySM2, "04129C9C9E1FCA56B889B1D04BA2EC40194F69BCDE2BA2A32221C8A6E1CF78028550BBEDF3CECA7F505B3495340976E5AC90A5D84F61C74D04E27689E8A250B6703CA9E8C820692DDB376F30529551AEC4F0FC9EACBED9B43F098BCF2F3B60C0E8DDD964ED39778CA8E017992495408C5EE67596A7911E5978639227329954780EF5F51DED7421ED78F8086A23B32DDD53BC1C3D1A944DA757C42AE96F67A002C0CE3F4DB4F5C758F9B4551CD2BE20A5D4C733039963468B454A1C2D3EB3EB7F7DA2405730CA366CB749071E23A71348AE5BA7B3265809161F232A50AA6630E684255E"));
}
else if (isZj)
{
return Encoding.UTF8.GetString(SM2.Decrypt(priKeySM2, "04129C9C9E1FCA56B889B1D04BA2EC40194F69BCDE2BA2A32221C8A6E1CF78028550BBEDF3CECA7F505B3495340976E5AC90A5D84F61C74D04E27689E8A250B6703CA9EECA501C5BD7406C3B22EA53D9CCF7FAE1DDCBD9B6417E8CC6204360C0EDA6A9179D3B0781ABE7149C5F9546892A9777EED6E51B5D7866E1263599227F7885871CE00454997A8B066B24B05BAE56BE68396A9B3CA525B22F951D1AA071B1CE4E38B288BB2A8DB45661D2BB51D0DFB4467CEA1135F435336B2A4CCD987F0DD337625452C5996886AEDAB72CE42E4C0BEB12E5867E578B824ED3738C07435F4476"));
}
return KGIS.Framework.Utils.SysConfigsOprator.GetAppsetingValueByKey("SM2PubK");
case 3:
return KGIS.Framework.Utils.SysConfigsOprator.GetAppsetingValueByKey("SM2OutPubK");
}
}
}
KGIS.USBDog.USBKey uSBKey = KGIS.USBDog.Dog.GetDogContent();
if (uSBKey == null)
{
string dogKey = KGIS.Framework.Utils.SysConfigsOprator.GetAppsetingValueByKey("TestKey");
if (!string.IsNullOrWhiteSpace(dogKey) && dogKey.Equals("kingo"))
{
switch (keyType)
{
case 1:
return KGIS.Framework.Utils.SysConfigsOprator.GetAppsetingValueByKey("SM2PriK");
case 2:
return KGIS.Framework.Utils.SysConfigsOprator.GetAppsetingValueByKey("SM2PubK");
case 3:
return KGIS.Framework.Utils.SysConfigsOprator.GetAppsetingValueByKey("SM2OutPubK");
}
}
}
else
{
if (uSBKey.Xzqdm.EndsWith("0000"))//省级加密狗
{
}
else if (uSBKey.Xzqdm.EndsWith("00") && xzqdm.StartsWith(uSBKey.Xzqdm.Substring(0, 4)))//市级加密狗
{
}
else if (uSBKey.Type != 2 || !uSBKey.Xzqdm.Equals(xzqdm)) //uSBKey.Type = 2 县级内网加密狗
{
//LogAPI.Debug($"获取到的加密狗不是{xzqdm}县内网加密狗!");
return string.Empty;
}
switch (keyType)
{
case 1:
return uSBKey.SelfPrivateKey;
case 2:
return uSBKey.SelfPublicKey;
case 3:
return uSBKey.PublicKey;
}
}
}
catch (Exception ex)
{
LogAPI.Debug("获取加密狗异常:" + ex.Message);
LogAPI.Debug(ex);
}
throw new Exception("获取加密狗异常");
//return string.Empty;
}
///
/// 验证基础库签章
///
///
///
public static void CheckJCKSign(List lstPath)
{
try
{
string signKey = KGIS.Framework.Utils.SysConfigsOprator.GetAppsetingValueByKey("SignPubK");
if (string.IsNullOrWhiteSpace(signKey))
{
throw new Exception("未获取到SystemConfig.xml配置文件签章的公钥SignPubK!");
}
foreach (var jckPath in lstPath)
{
string[] files = new string[1];
if (jckPath.EndsWith(".gdb", StringComparison.OrdinalIgnoreCase))
{
files = System.IO.Directory.GetFiles(Directory.GetParent(jckPath)?.FullName, "*.sign", SearchOption.AllDirectories);
}
else
{
files = System.IO.Directory.GetFiles(jckPath, "*.sign", SearchOption.AllDirectories);
}
if (files == null || files.Length <= 0)
{
throw new Exception("请确认路径下签章是否存在:" + jckPath);
}
if (files.Length > 1)
{
throw new Exception(jckPath + "路径下有多个签章,无法验证签章!");
}
string signPath = files[0];
string jckSign = CommonHelper.ReadTextFileConten(signPath);
if (string.IsNullOrWhiteSpace(jckSign))
{
throw new Exception(signPath + "签章内容为空!");
}
string[] dirs = System.IO.Directory.GetDirectories(System.IO.Path.GetDirectoryName(signPath));
if (dirs == null || dirs.Length <= 0)
{
throw new Exception("同级文件夹下未找到省级下发基础库GDB!");
}
string gdbPath = dirs[0];
if (dirs.Length > 1 && dirs.Where(x => x.EndsWith(".gdb", StringComparison.CurrentCultureIgnoreCase)).Count() > 1)
{
throw new Exception(signPath + "签章同级文件夹下存在多个GDB,无法读取基础库!");
}
gdbPath = dirs.FirstOrDefault(x => x.EndsWith(".gdb", StringComparison.CurrentCultureIgnoreCase));
Dictionary JCDataList = Newtonsoft.Json.JsonConvert.DeserializeObject>(jckSign);
if (JCDataList != null && JCDataList.Count > 0)
{
string filePath = string.Empty;
foreach (var item in JCDataList)
{
filePath = System.IO.Path.Combine(gdbPath, item.Key);
if (!System.IO.File.Exists(filePath))
{
continue;
}
string fileMd5 = GetMD5HashFromFile(filePath, null, false);
if (!SM2.Verify(fileMd5, item.Value, signKey))
{
throw new Exception(signPath + "签章校验不通过!");
}
}
}
}
}
catch (Exception ex)
{
throw ex;
}
}
///
/// 验证基础库签章
///
/// 需要验证的路径列表
/// 验证失败时抛出异常
public static void SignatureVerification(List lstPath)
{
string signKey = KGIS.Framework.Utils.SysConfigsOprator.GetAppsetingValueByKey("SignPubK");
if (string.IsNullOrWhiteSpace(signKey))
{
throw new Exception("未获取到SystemConfig.xml配置文件签章的公钥SignPubK!");
}
ProjectInfo projectInfo = KGIS.Framework.Maps.MapsManager.Instance.MapService.GetProjectInfo() as ProjectInfo;
foreach (var jckPath in lstPath)
{
if (string.IsNullOrWhiteSpace(jckPath))
{
continue;
}
if (jckPath.EndsWith(".gdb", StringComparison.OrdinalIgnoreCase))
{
ValidateGdbSignatures(jckPath, signKey);
}
else if ((projectInfo.CODE ?? SysConfigsOprator.GetAppsetingValueByKey("ArearName")).StartsWith("51") && jckPath.Contains("影像"))
{
ValidateImageSignatures(jckPath, signKey);
}
else
{
ValidateRegularSignatures(jckPath, signKey);
}
}
}
///
/// 验证GDB文件的签名
///
private static void ValidateGdbSignatures(string gdbPath, string signKey)
{
string parentDir = Directory.GetParent(gdbPath)?.FullName;
string[] signFiles = Directory.GetFiles(parentDir, "*.sign", SearchOption.AllDirectories);
if (signFiles.Length == 0)
{
throw new Exception($"请确认路径下签章是否存在:{gdbPath}");
}
ValidateSingleSignature(signFiles[0], signKey, parentDir);
}
///
/// 验证影像文件(.img/.tif)的签名
///
private static void ValidateImageSignatures(string imageDir, string signKey)
{
var imageFiles = Directory.EnumerateFiles(imageDir, "*.*", SearchOption.AllDirectories)
.Where(file => file.EndsWith(".img", StringComparison.OrdinalIgnoreCase) ||
file.EndsWith(".tif", StringComparison.OrdinalIgnoreCase));
foreach (string imagePath in imageFiles)
{
string signFilePath = Path.ChangeExtension(imagePath, ".sign");
if (!File.Exists(signFilePath))
{
throw new Exception($"请确认该签章文件存在:{signFilePath}");
}
string jckSign = CommonHelper.ReadTextFileConten(signFilePath);
if (string.IsNullOrWhiteSpace(jckSign))
{
throw new Exception($"{signFilePath}签章内容为空!");
}
var signatureData = Newtonsoft.Json.JsonConvert.DeserializeObject>(jckSign);
if (signatureData == null || signatureData.Count == 0)
{
continue;
}
foreach (var item in signatureData)
{
if (!File.Exists(imagePath))
{
continue;
}
string fileMd5 = GetMD5HashFromFile(imagePath, null, false);
if (!SM2.Verify(fileMd5, item.Value, signKey))
{
throw new Exception($"{signFilePath}签章校验不通过!");
}
}
}
}
///
/// 验证常规签名文件
///
private static void ValidateRegularSignatures(string dirPath, string signKey)
{
string[] signFiles = Directory.GetFiles(dirPath, "*.sign", SearchOption.AllDirectories);
if (signFiles.Length == 0)
{
throw new Exception($"请确认路径下签章是否存在:{dirPath}");
}
if (signFiles.Length > 1)
{
throw new Exception($"{dirPath}路径下有多个签章,无法验证签章!");
}
ValidateSingleSignature(signFiles[0], signKey, dirPath);
}
///
/// 验证单个签名文件
///
private static void ValidateSingleSignature(string signPath, string signKey, string baseDir)
{
string jckSign = CommonHelper.ReadTextFileConten(signPath);
if (string.IsNullOrWhiteSpace(jckSign))
{
throw new Exception($"{signPath}签章内容为空!");
}
string[] gdbDirs = Directory.GetDirectories(Path.GetDirectoryName(signPath))
.Where(x => x.EndsWith(".gdb", StringComparison.OrdinalIgnoreCase))
.ToArray();
if (gdbDirs.Length == 0)
{
throw new Exception("同级文件夹下未找到省级下发基础库GDB!");
}
if (gdbDirs.Length > 1)
{
throw new Exception($"{signPath}签章同级文件夹下存在多个GDB,无法读取基础库!");
}
var signatureData = Newtonsoft.Json.JsonConvert.DeserializeObject>(jckSign);
if (signatureData == null || signatureData.Count == 0)
{
return;
}
foreach (var item in signatureData)
{
string filePath = Path.Combine(gdbDirs[0], item.Key);
if (!File.Exists(filePath))
{
continue;
}
string fileMd5 = GetMD5HashFromFile(filePath, null, false);
if (!SM2.Verify(fileMd5, item.Value, signKey))
{
throw new Exception($"{signPath}签章校验不通过!");
}
}
}
///
/// MD5加密
///
/// 加密数据
/// 返回32位大写字符串
public static string GetMd5Hash(string input)
{
byte[] inputBytes = Encoding.UTF8.GetBytes(input);
MD5 md5 = MD5.Create();
byte[] hashBytes = md5.ComputeHash(inputBytes);
StringBuilder stringBuilder = new StringBuilder();
for (int i = 0; i < hashBytes.Length; i++)
{
stringBuilder.Append(hashBytes[i].ToString("X2"));
}
return stringBuilder.ToString();
}
}
}