我正在关注PayPal安全性RailsCasts episode。我尝试将此代码移植到C#并使用OpenSSL.NET
是否可以在不使用OpenSSL包装库的情况下执行此操作,因为它使用了一些非托管代码?
我想要移植的ruby代码是:
def encrypt_for_paypal(values)
signed = OpenSSL::PKCS7::sign(OpenSSL::X509::Certificate.new(APP_CERT_PEM), OpenSSL::PKey::RSA.new(APP_KEY_PEM, ''), values.map { |k, v| "#{k}=#{v}" }.join("\n"), [], OpenSSL::PKCS7::BINARY)
OpenSSL::PKCS7::encrypt([OpenSSL::X509::Certificate.new(PAYPAL_CERT_PEM)], signed.to_der, OpenSSL::Cipher::Cipher::new("DES3"), OpenSSL::PKCS7::BINARY).to_s.gsub("\n", "")
end
有谁知道如何使用C#OpenSSL包装器执行此操作?
答案 0 :(得分:1)
原来我找到了article that explains how to do this for C#。请阅读以下教程。我使用Cygwin Bash Shell来创建密钥。我已经包含了我使用的代码,因为它可能会有所帮助:)
这是Damon Williams在书Pro PayPal E-Commerce中发表的所有代码
private string EncryptForPayPal()
{
var Server = HttpContext.Current.Server;
string paypalCertPath = Server.MapPath("App_Data/paypal_cert_pem.txt");
string signerPfxPath = Server.MapPath("App_Data/my_pkcs12.p12");
string signerPfxPassword = "your_password_used_when_generating_keys";
string clearText = "cmd=_xclick\n" +
"your_paypal_business_email@somedomain.com\n" +
"currency_code=GBP\n" +
"item_name=Tennis Balls ßü (£12 umlot OK)\n" +
"amount=15.00\n" +
"return=https://localhost:2416/return\n" +
"cancel_return=https://localhost:2416/cancel\n" +
"cert_id=ZSGYTRNCK445J";
FormEncryption ewp = new FormEncryption();
ewp.LoadSignerCredential(signerPfxPath, signerPfxPassword);
ewp.RecipientPublicCertPath = paypalCertPath;
string result = ewp.SignAndEncrypt(clearText);
return result;
}
FormEncryption类
using System;
using System.Collections.Generic;
using System.Text;
using System.Security.Cryptography;
using Pkcs = System.Security.Cryptography.Pkcs;
using X509 = System.Security.Cryptography.X509Certificates;
public class FormEncryption
{
private Encoding _encoding = Encoding.Default;
private string _recipientPublicCertPath;
private X509.X509Certificate2 _signerCert;
private X509.X509Certificate2 _recipientCert;
/// <summary>
/// Character encoding, e.g. UTF-8, Windows-1252
/// </summary>
public string Charset
{
get { return _encoding.WebName; }
set
{
if (!string.IsNullOrEmpty(value))
{
_encoding = Encoding.GetEncoding(value);
}
}
}
/// <summary>
/// Path to the recipient's public certificate in PEM format
/// </summary>
public string RecipientPublicCertPath
{
get { return _recipientPublicCertPath; }
set
{
_recipientPublicCertPath = value;
_recipientCert = new X509.X509Certificate2(_recipientPublicCertPath);
}
}
/// <summary>
/// Loads the PKCS12 file which contains the public certificate
/// and private key of the signer
/// </summary>
/// <param name="signerPfxCertPath">
/// File path to the signer's public certificate plus private key
/// in PKCS#12 format</param>
/// <param name="signerPfxCertPassword">
/// Password for signer's private key</param>
public void LoadSignerCredential(string signerPfxCertPath, string signerPfxCertPassword)
{
_signerCert = new X509.X509Certificate2(signerPfxCertPath, signerPfxCertPassword);
}
/// <summary>
/// Sign a message and encrypt it for the recipient.
/// </summary>
/// <param name="clearText">Name value pairs
/// must be separated by \n (vbLf or chr(10)),
/// for example "cmd=_xclick\nbusiness=..."</param>
/// <returns></returns>
public string SignAndEncrypt(string clearText)
{
string result = null;
byte[] messageBytes = _encoding.GetBytes(clearText);
byte[] signedBytes = Sign(messageBytes);
byte[] encryptedBytes = Envelope(signedBytes);
result = Base64Encode(encryptedBytes);
return result;
}
private byte[] Sign(byte[] messageBytes)
{
Pkcs.ContentInfo content = new Pkcs.ContentInfo(messageBytes);
Pkcs.SignedCms signed = new Pkcs.SignedCms(content);
Pkcs.CmsSigner signer = new Pkcs.CmsSigner(_signerCert);
signed.ComputeSignature(signer);
byte[] signedBytes = signed.Encode();
return signedBytes;
}
private byte[] Envelope(byte[] contentBytes)
{
Pkcs.ContentInfo content = new Pkcs.ContentInfo(contentBytes);
Pkcs.EnvelopedCms envMsg = new Pkcs.EnvelopedCms(content);
Pkcs.CmsRecipient recipient = new Pkcs.CmsRecipient(Pkcs.SubjectIdentifierType.IssuerAndSerialNumber, _recipientCert);
envMsg.Encrypt(recipient);
byte[] encryptedBytes = envMsg.Encode();
return encryptedBytes;
}
private string Base64Encode(byte[] encoded)
{
const string PKCS7_HEADER = "-----BEGIN PKCS7-----";
const string PKCS7_FOOTER = "-----END PKCS7-----";
string base64 = Convert.ToBase64String(encoded);
StringBuilder formatted = new StringBuilder();
formatted.Append(PKCS7_HEADER);
formatted.Append(base64);
formatted.Append(PKCS7_FOOTER);
return formatted.ToString();
}
}
然后是html表单
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr">
<%= Html.Hidden("cmd", "_s-xclick") %>
<%= Html.Hidden("encrypted", cart.PayPalEncypted(returnUrl, instantNotificationurl)) %>
<input type="submit" name="Checkout" value="Checkout" />
</form>