附录1

签名验证

HTTP

Java

String responseBody = "001XeyJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIm..."
String responseSignedMessage = response.header("Signature");
Signature vrfResSignature = Signature.getInstance("SHA512withECDSA");
vrfResSignature.initVerify(publicKeySigning);
Boolean result = vrfResSignature.verify(decodeBase64AsByteArray(decodeURL(responseSignedMessage)));

Node.js

const responseBody = "001XeyJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIm...";
const responseSignedMessage = response.headers['Signature'];

const decodeURL = (str) => decodeURIComponent(str);

const decodeBase64AsByteArray = (str) => Buffer.from(str, 'base64');

const publicKeySigning = "MIGbMBAGByqGSM49AgEGBS...";
const vrfResSignature = crypto.createVerify('SHA512');
vrfResSignature.update(responseBody);

const result = vrfResSignature.verify(publicKeySigning, decodeBase64AsByteArray(decodeURL(responseSignedMessage)));

Python

response_body = "001XeyJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIm..."
response_signed_message = "MIGIAkIAzHW%2FwRBp4JJmBPdOlKU4nPtzZ..." 

def decode_url(encoded_str):
    return urllib.parse.unquote(encoded_str)

def decode_base64_as_byte_array(base64_str):
    return base64.b64decode(base64_str)

public_key_signing = "MIGbMBAGByqGSM49AgEGBS..."
public_key = ec.load_pem_public_key(public_key_signing.encode(), backend=default_backend())

decoded_signed_message = decode_base64_as_byte_array(decode_url(response_signed_message))

verifier = public_key.verifier(
    decoded_signed_message,
    ec.ECDSA(hashes.SHA512())
)

verifier.update(response_body.encode())

try:
    verifier.verify()
    result = True
except Exception as e:
    result = False

.Net

string responseBody = "001XeyJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIm...";
string responseSignedMessage = "MIGIAkIAzHW%2FwRBp4JJmBPdOlKU4nPtzZ..."

string base64SignedMessage = DecodeUrlBase64(responseSignedMessage);

using (var ecdsa = ECDsa.Create())
{
    ecdsa.ImportSubjectPublicKey(publicKeySigning); 

    byte[] signedMessageBytes = Convert.FromBase64String(base64SignedMessage);

    bool result = ecdsa.VerifyData(Encoding.UTF8.GetBytes(responseBody), signedMessageBytes, HashAlgorithmName.SHA512, DSASignatureFormat.Raw);
}

private static string DecodeUrlBase64(string input)
{
    string base64 = input.Replace('-', '+').Replace('_', '/');
    
    switch (base64.Length % 4)
    {
        case 2: base64 += "=="; break;
        case 3: base64 += "="; break;
    }
    
    return base64;
}

PHP

$responseBody = "001XeyJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIm...";
$responseSignedMessage = "MIGIAkIAzHW%2FwRBp4JJmBPdOlKU4nPtzZ...";

$decodedResponseSignedMessage = urldecode($responseSignedMessage);

$signedMessageBytes = base64_decode($decodedResponseSignedMessage);

$publicKeySigning = "MIGbMBAGByqGSM49AgEGBS...";

$publicKey = openssl_pkey_get_public($publicKeySigning);

$verificationResult = openssl_verify($responseBody, $signedMessageBytes, $publicKey, OPENSSL_ALGO_SHA512);

预授权付款

Java

String jsonStr = "{"
    + "\"sequenceNo\":\"1\","
    + "\"sourceSystem\":\"mxx\","
    + "\"MsgVer\":\"1.0\","
    + "\"TxnID\":\"20XX0825023XXXXX\","
    + "\"ResultCode\":\"0\","
    + "\"RespCd\":\"00\","
    + "\"OrgRespCd\":\"00\","
    + "\"RRN\":\"32376300XXXX\","
    + "\"STAN\":\"006XXX\","
    + "\"AuthIdResp\":\"945XXX\","
    + "\"MRN\":\"23237V6XXX\","
    + "\"TxnDTTime\":\"20230825143413\","
    + "\"PaymentScheme\":\"MC\""
    + "}";
byte[] messageBytes = jsonStr.getBytes();
signature.update(messageBytes);
boolean verified = signature.verify(signedMessageBytes);

Node.js

const request = {
    sequenceNo = '1',
	sourceSystem = 'mxx',
	MsgVer = '1.0',
	TxnID = '20230825023XXXXXX',
	ResultCode = '0',
	RespCd = '00',
	OrgRespCd = '00',
	RRN = '323763006XXX',
	STAN = '006XXX',
	AuthIdResp = '945XXX',
	MRN = '23237V6XXX',
	TxnDTTime = '20230825143413',
	PaymentScheme = 'MC'
};

const json = JSON.stringify(request);
const sourceSystem = "mxx";
const jsonString = `${sourceSystem}\n${json}`;
const signature = "68acc11449277468cb5e619f16bcff62f5448fa3911a462fd52abadaf4bc8f3effb";
const decodedUrl = decodeURIComponent(signature);
const decodedBytes = atob(decodedUrl);

const byteBuffer = new Uint8Array(decodedBytes.length);
for (let i = 0; i < decodedBytes.length; i++) {
    byteBuffer[i] = decodedBytes.charCodeAt(i);
}
const md = forge.md.sha256.create();
md.update(jsonString, "utf8");
const verified = rsaPubicKey.verify(md.digest().bytes(), byteBuffer);

Python

request_data = OrderedDict()
request_data["sequenceNo"] = "1"
request_data["sourceSystem"] = "mxx"
request_data["MsgVer"] = "1.0"
request_data["TxnID"] = "20230825023XXXXXX"
request_data["ResultCode"] = "0"
request_data["RespCd"] = "00"
request_data["OrgRespCd"] = "00"
request_data["RRN"] = "323763006XXX"
request_data["STAN"] = "006XXX"
request_data["AuthIdResp"] = "945XXX"
request_data["MRN"] = "23237V6XXX"
request_data["TxnDTTime"] = "20230825143413"
request_data["PaymentScheme"] = "MC"
json_string = json.dumps(request_data, separators=(",", ":"))
source_system="mxx"
message = f"{source_system}\n{json_string}"
signature = "68acc11449277468cb5e619f16bcff62f5448fa3911a462fd52abadaf4bc8f3effb"
verified = public_key.verify(
    signature,
    hasher.update(message).digest(),
    padding=padding,
)

.Net

string json = "{"
    + "\"sequenceNo\":\"1\","
    + "\"sourceSystem\":\"mxx\","
    + "\"MsgVer\":\"1.0\","
    + "\"TxnID\":\"20230825023XXXXXX\","
    + "\"ResultCode\":\"0\","
    + "\"RespCd\":\"00\","
    + "\"OrgRespCd\":\"00\","
    + "\"RRN\":\"323763006XXX\","
    + "\"STAN\":\"006XXX\","
    + "\"AuthIdResp\":\"945XXX\","
    + "\"MRN\":\"23237V6XXX\","
    + "\"TxnDTTime\":\"20230825143413\","
    + "\"PaymentScheme\":\"MC\""
    + "}";
string sourceSystem = "mxx";
string jsonString = sourceSystem + "\n" + json;
string signature = "68acc11449277468cb5e619f16bcff62f5448fa3911a462fd52abadaf4bc8f3effb";
bool verify = rsa.VerifyData(Encoding.UTF8.GetBytes(jsonString), Encoding.UTF8.GetBytes(signature), HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);

PHP

$jsonStringResponse = '{'
    . '"sequenceNo":"1",'
    . '"sourceSystem":"mxx",'
    . '"MsgVer":"1.0",'
    . '"TxnID":"20230825023XXXXXX",'
    . '"ResultCode":"0",'
    . '"RespCd":"00",'
    . '"OrgRespCd":"00",'
    . '"RRN":"323763006XXX",'
    . '"STAN":"006XXX",'
    . '"AuthIdResp":"945XXX",'
    . '"MRN":"23237V6XXX",'
    . '"TxnDTTime":"20230825143413",'
    . '"PaymentScheme":"MC"'
    . '}';
$sourceSystem='mxx';
$dataResponse = $sourceSystem . "\n" . $jsonStringResponse;
$minifiedJson = json_encode(json_decode($updateJson));

$decodedSignedMessage = '68acc11449277468cb5e619f16bcff62f5448fa3911a462fd52abadaf4bc8f3effb';
$decodedUrl = urldecode($decodedSignedMessage);
$decodedSignature = base64_decode($decodedUrl);
$verifyResponse = openssl_verify($dataResponse, $decodedSignature, $publicKeyPEM, OPENSSL_ALGO_SHA256);