附录1

签名生成

HTTP

Java

String mti = "001X";
String jweString = "eyJlcGsiOnsia3R5Ijo...";

String message = mti + jweString;

String path = KEYPAIR_DIR + "ec_private_key_521.pem";

FileReader fileReader = new FileReader(path);
PEMParser pemParser = new PEMParser(fileReader);

PEMKeyPair pemKeyPair = (PEMKeyPair) pemParser.readObject();
byte[] encodedPrivateKey = pemKeyPair.getPrivateKeyInfo().getEncoded();

PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedPrivateKey);

KeyFactory keyFactory = KeyFactory.getInstance("EC");
PrivateKey privateKey = keyFactory.generatePrivate(keySpec);

Signature privateSignature = Signature.getInstance("SHA512withECDSA");
privateSignature.initSign(privateKey);
privateSignature.update(message.getBytes(StandardCharsets.UTF_8));

byte[] signature = privateSignature.sign();
String signatureStr = URLEncoder.encode(Base64.getEncoder().encodeToString(signature));

Node.js

const privateKeyPem = fs.readFileSync("ec_private_key_521.pem", "utf8");

const mti = "001X";
const jweString = "eyJlcGsiOnsia3R5Ijo...";
const message = mti + jweString;

const sign = new KJUR.crypto.Signature({ alg: "SHA512withECDSA" });

sign.init(privateKeyPem);
sign.updateString(message);
const signatureHex = sign.sign();
const signatureBase64 = btoa(
    String.fromCharCode(
        ...signatureHex.match(/.{1,2}/g).map((byte) => parseInt(byte, 16))
    )
);

const signedMessage = encodeURIComponent(signatureBase64);

Python

private_key_path = r"...\private.key"

mti = "001X"
jweString = "eyJlcGsiOnsia3R5Ijo..." 
message = mti + jweString

with open(private_key_path, "rb") as key_file:
        private_key = serialization.load_pem_private_key(
            key_file.read(), password=None, backend=default_backend()
        )
        
signature = private_key.sign(message.encode("utf-8"), ec.ECDSA(hashes.SHA512()))

base64_signature = base64.b64encode(signature).decode("utf-8")

signed_message = urllib.parse.quote(base64_signature, safe="")

.Net

string jweString = "eyJlcGsiOnsia3R5Ijo..."
string mti = "0011";
string message = mti + jweString;

string privateKeyName = "ec_private_key_521.pem";
string messageFilePath = Path.GetTempFileName();
File.WriteAllText(messageFilePath, message);

string opensslCommand = $"openssl dgst -sha512 -sign {privateKeyName} -out signature.bin {messageFilePath}";

var process = Process.Start(new ProcessStartInfo
{
    FileName = "cmd.exe",
    Arguments = $"/c {opensslCommand}",
    RedirectStandardOutput = true,
    UseShellExecute = false,
    CreateNoWindow = true
});

if (process == null)
{
    Console.WriteLine("Failed to start the process.");
    return;
}

process.WaitForExit();

byte[] signature = File.ReadAllBytes("signature.bin");
string signedMessage = Uri.EscapeDataString(Convert.ToBase64String(signature));

PHP

$mti = "001X";
$jweString = "eyJlcGsiOnsia3R5Ijo...";

$data = $mti . "\n" . $jweString;

$privateKey = file_get_contents('key/mxx/mxx_keypair/private.key');

//Sign the data
$ecdsaKey = openssl_pkey_get_private($privateKey);
openssl_sign($data, $signature, $ecdsaKey, OPENSSL_ALGO_SHA512);
$signedMessage = urlencode(base64_encode($signature));

预授权付款

Java

String sourceSystem = "mxx";
String jsonStr = "{"
    + "\"MsgVer\":\"1.0\","
    + "\"PmtType\":\"01\","
    + "\"CallerDeviceType\":\"\","
    + "\"Email\":\"\","
    + "\"DeviceSN\":\"PPXXX722XXX05XXX\","
    + "\"CallerDeviceVer\":\"\","
    + "\"TxnID\":\"20230615155030POS\","
    + "\"LocalTxnDTTime\":\"\","
    + "\"AmtTxn\":\"000000000100\","
    + "\"CrcyTxn\":\"458\","
    + "\"Description\":\"Description\","
    + "\"OptInPrintReceipt\":\"OptInPrintReceipt\","
    + "\"OptInSendReceipt\":\"OptInSendEReceipt\","
    + "\"sourceSystem\":\"mxx\","
    + "\"sequenceNo\":\"1\""
    + "}";
String message = sourceSystem + "\n" + jsonStr;

String path = KEYPAIR_DIR + "ec_private_key_521.pem";

FileReader fileReader = new FileReader(path);
PEMParser pemParser = new PEMParser(fileReader);

PEMKeyPair pemKeyPair = (PEMKeyPair) pemParser.readObject();
byte[] encodedPrivateKey = pemKeyPair.getPrivateKeyInfo().getEncoded();

PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedPrivateKey);

KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey privateKey = keyFactory.generatePrivate(keySpec);

Signature privateSignature = Signature.getInstance("SHA256withRSA");
privateSignature.initSign(privateKey);
privateSignature.update(message.getBytes(StandardCharsets.UTF_8));

byte[] signature = privateSignature.sign();
String signatureStr = URLEncoder.encode(Base64.getEncoder().encodeToString(signature));

Node.js

const privateKeyPath = "ec_private_key_521.pem";
const fetchPrivateKey = async (path) => {
    try {
        const response = await fetch(path);
        const privateKey = await response.text();
        return privateKey;
        catch (error) {}
    }
};

const privateKey = await fetchPrivateKey(privateKeyPath);
const rsaPrivateKey = forge.pki.privateKeyFromPem(privateKey);
const sourceSystem = 'mxx';

const request = {
    MsgVer: '1.0',
    PmtType: formData.pmtType,
    CallerDeviceType: "",
    Email: '',
    DeviceSN: formData.deviceSN,
    CallerDeviceVer: '',
    TxnID: '06a8735d-aa4d-4d89-a453-508be0122119',
    LocalTxnDTTime: '',
    AmtTxn: formData.amtTxn,
    CrcyTxn: formData.crcyTxn,
    TxnTyp: '',
    Description: formData.description,
    OptInPrintReceipt: 'Y',
    OptInSendEReceipt: 'N',
    sourceSystem: sourceSystem,
    sequenceNo: '1',

};

const jsonString = JSON.stringify(request);
const data = `{sourceSystem}\n${jsonString}`;

//encryption step
const privateKey = await fetchPrivateKey(privateKeyPath);
const rsaPrivateKey = forge.pki.privateKeyFromPem(privateKey);
const md = forge.md.sha256.create();
md.update(data, 'utf8');
const signature = rsaPrivateKey.sign(md);
const signedMessage = encodedURIComponent(forge.util.encode64(signature));

Python

private_key_path = r"...\"

with open(private_key_path, "rb") as f:
    private_key_data = f.read()

private_key = serialization.load_pem_private_key(private_key_data, password=None, backend=default_backend())
sourceSystem = "mxx"

request_data = OrderedDict()
request_data["MsgVer"] = "1.0"
request_data["PmtType"] = pmt_type
request_data["CallerDeviceType"] = ""
request_data["TxnID"] = "06a8735d-aa4d-4d89-a453-508be0122119"
request_data["LocalTxnDTTime"] = ""
request_data["AmtTxn"] = amt_txn
request_data["CrcyTxn"] = crcy_txn
request_data["TxnTyp"] = ""
request_data["Description"] = description
request_data["OptInPrintReceipt"] = "Y"
request_data["OptInSendEReceipt"] = "N"
request_data["sourceSystem"] = sourceSystem
request_data["sequenceNo"] = "1"

json_output = json.dumps(request_data, separators=(",", ":"))
data = f"{sourceSystem}\n{json_output}"
signature = private_key.sign(
    data.encode('utf-8'),
    padding.PKCSv15(),
    hashes.SHA256()
)
encoded_signature = base64.b64encode(signature).decode('utf-8')
url_encoded_signature = urllib.parse.quote(encoded_signature, safe='')

request_data["signedMessage"] = url_encoded_signature

.Net

string sourceSystem = "mxx";

string jsonStr = "{"
    + "\"MsgVer\":\"1.0\","
    + "\"sequenceNo\":\"1\","
    + "\"sourceSystem\":\"" + sourceSystem + "\","
    + "\"CallerDeviceType\":\"\","
    + "\"Email\":\"\","
    + "\"PmtType\":\"01\","
    + "\"DeviceSN\":\"PP35272222000167\","
    + "\"TxnID\":\"\","
    + "\"OptInPrintReceipt\":\"Y\","
    + "\"OptInSendEReceipt\":\"N\","
    + "\"LocalTxnDTTime\":\"\","
    + "\"TxnTyp\":\"\","
    + "\"CallerDeviceVer\":\"\""
    + "}";
using (RSA rsa = RSA.Create())
{
    //private key used to sign message
    var reader = System.IO.File.ReadAllText(@"E:\xaas_development\Business_Idea_MyXaas\EPFDemo\WebApplication3\wwwroot\key\mxx\mxx_keypair\private.key");
    String data = sourceSystem +"\n"+ jsonStr;
    rsa.ImportFromPem(reader.ToCharArray());
    byte[] signature = rsa.SignData(Encoding.UTF8.GetBytes(data), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
    bool verify = rsa.VerifyData(Encoding.UTF8.GetBytes(data), signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
    signedMessage = Uri.EscapeDataString(Convert.ToBase64String(signature));
}

PHP

$sourceSystem = "mxx";

$jsonString = '{'
    . '"MsgVer":"1.0",'
    . '"PmtType":"01",'
    . '"CallerDeviceType":"",'
    . '"Email":"",'
    . '"DeviceSN":"PP35272222000167",'
    . '"CallerDeviceVer":"",'
    . '"TxnID":"06a8735d-aa4d-4d89-a453-508be0122119",'
    . '"LocalTxnDTTime":"",'
    . '"AmtTxn":"20",'
    . '"CrcyTxn":"458",'
    . '"TxnTyp":"",'
    . '"Description":"",'
    . '"OptInPrintReceipt":"Y",'
    . '"OptInSendEReceipt":"N",'
    . '"sourceSystem":"' . $sourceSystem . '",'
    . '"sequenceNo":"1"'
    . '}';

$data = $sourceSystem . "\n" . $jsonString;

$privateKey = file_get_contents('key/mxx/mxx_keypair/private.key');

//Sign the data
$rsa = openssl_get_privatekey($privateKey);
openssl_sign($data, $signature, $rsa, OPENSSL_ALGO_SHA256);
$signedMessage = urlencode(base64_encode($signature));