带有签名的接口设计 -- 借鉴与改进

带有签名的接口设计 -- 借鉴与改进
一 原有参考逻辑
1加签(改造前)


(1)将接口中实际全部上送的字段(除 sign 参数外),按照字段名的 ASCII 码从小到大排序后(字典序),使用 URL 键值对的格式(即 key1=value1&key2=value2…)拼接成字符串 string1。 
busicd=PURC&charset=utf-8&inscd=10130001&mchntid=100000000000203&orderNum=1481006881300&scanCodeId=130704380939251367&signType=SHA256&terminalid=00000001&txamt=000000000001&txndir=Q&version=2.3.1 
(2)在 string1 最后直接拼接(不需要用“&”连接)双方约定的签名密钥 K1(接入时后台系统侧分配),得到 stringSignTemp1 字符串。 
busicd=PURC&charset=utf-8&inscd=10130001&mchntid=100000000000203&orderNum=1481006881300&scanCodeId=130704380939251367&signType=SHA256&terminalid=00000001&txamt=000000000001&txndir=Q&version=2.3.1zsdfyreuoyamdphhaweyrjbvzkgfdycs 
(3)对 stringSignTemp1 字符串进行 SHA256 运算,得到签名 sign。 
sign=SHA256(stringSignTemp1)=2394af792892ffe5d1b83bb3c7842635167476f6b8f571e7d01443aa9d258725 


2验签(改造前)


(1)将收到的报文中所有字段(除 sign 参数外),按照字段名的 ASCII 码从小到大排序后(字典序),使用 URL 键值对的格式(即 key1=value1&key2=value2…)拼接成字符串 string2。 
{"bankType":"CFT","busicd":"PURC","channelOrderNum":"4001532001201707130466979768","chcd":"WXP","chcdDiscount":"0.00","consumerAccount":"orS1BuFv3529BkM7m_ou7wKgDuc4","errorDetail":"成功","inscd":"10130001","mchntid":"100000000000203","merDiscount":"0.00","orderNum":"25026839024001998","respcd":"00","sign":"0faaf0f5e1c99f22460b58446833a0a00411e86091f7db306c4ac2ce84597b3c","terminalid":"00000001","transTime":"2017-07-13 10:40:03","txamt":"000000000001","txndir":"A"} 
拼接后的字符串 string2 为: 
bankType=CFT&busicd=PURC&channelOrderNum=4001532001201707130466979768&chcd=WXP&chcdDiscount=0.00&consumerAccount=orS1BuFv3529BkM7m_ou7wKgDuc4&errorDetail=成功&inscd=10130001&mchntid=100000000000203&merDiscount=0.00&orderNum=25026839024001998&respcd=00&terminalid=00000001&transTime=2017-07-13 10:40:03&txamt=000000000001&txndir=A 
(2)在 string2 最后直接拼接(不需要用“&”连接)双方约定的签名密钥K1(接入时后台系统侧分配),得到 stringSignTemp2 字符串。 
bankType=CFT&busicd=PURC&channelOrderNum=4001532001201707130466979768&chcd=WXP&chcdDiscount=0.00&consumerAccount=orS1BuFv3529BkM7m_ou7wKgDuc4&errorDetail=成功&inscd=10130001&mchntid=100000000000203&merDiscount=0.00&orderNum=25026839024001998&respcd=00&terminalid=00000001&transTime=2017-07-13 10:40:03&txamt=000000000001&txndir=Azsdfyreuoyamdphhaweyrjbvzkgfdycs 
(3)对 stringSignTemp2 字符串进行 SHA256 运算,得到签名 sign。 
sign=SHA256(stringSignTemp2)=0faaf0f5e1c99f22460b58446833a0a00411e86091f7db306c4ac2ce84597b3c 
(4)校验签名,若计算的签名与报文中获取的一致,则验签通过。


(二) 进行改造的加解签逻辑
1加签(改造后)


(1)将接口中实际全部上送的字段(除 sign 参数外),按照字段名的 ASCII 码从小到大排序后(字典序),使用 URL 键值对的格式(即 key1=value1&key2=value2…)拼接成字符串 string1。 
busicd=PURC&charset=utf-8&inscd=10130001&mchntid=100000000000203&orderNum=1481006881300&scanCodeId=130704380939251367&signType=SHA256&terminalid=00000001&txamt=000000000001&txndir=Q&version=2.3.1 
(2)在 string1 最后直接拼接(不需要用“&”连接)双方约定的签名密钥 K1(接入时后台系统侧分配),得到 stringSignTemp1 字符串。 
busicd=PURC&charset=utf-8&inscd=10130001&mchntid=100000000000203&orderNum=1481006881300&scanCodeId=130704380939251367&signType=SHA256&terminalid=00000001&txamt=000000000001&txndir=Q&version=2.3.1zsdfyreuoyamdphhaweyrjbvzkgfdycs 
(3)对 stringSignTemp1 字符串进行 SHA256 运算,得到签名 sign。 
sign=SHA256(stringSignTemp1)=2394af792892ffe5d1b83bb3c7842635167476f6b8f571e7d01443aa9d258725
(4)拼接成字符串stringResult1 = string1 + "&sign=" + sign;
busicd=PURC&charset=utf-8&inscd=10130001&mchntid=100000000000203&orderNum=1481006881300&scanCodeId=130704380939251367&signType=SHA256&terminalid=00000001&txamt=000000000001&txndir=Q&version=2.3.1&sign=2394af792892ffe5d1b83bb3c7842635167476f6b8f571e7d01443aa9d258725
(5)对stringResult1进行URLEncode,放在get请求QueryString中
busicd%3dPURC%26charset%3dutf-8%26inscd%3d10130001%26mchntid%3d100000000000203%26orderNum%3d1481006881300%26scanCodeId%3d130704380939251367%26signType%3dSHA256%26terminalid%3d00000001%26txamt%3d000000000001%26txndir%3dQ%26version%3d2.3.1%26sign%3d2394af792892ffe5d1b83bb3c7842635167476f6b8f571e7d01443aa9d258725




2验签(改造后)


(1)将收到get请求QueryString。 
busicd%3dPURC%26charset%3dutf-8%26inscd%3d10130001%26mchntid%3d100000000000203%26orderNum%3d1481006881300%26scanCodeId%3d130704380939251367%26signType%3dSHA256%26terminalid%3d00000001%26txamt%3d000000000001%26txndir%3dQ%26version%3d2.3.1%26sign%3d2394af792892ffe5d1b83bb3c7842635167476f6b8f571e7d01443aa9d258725 
URLDecode后的字符串 string2 为: 
busicd=PURC&charset=utf-8&inscd=10130001&mchntid=100000000000203&orderNum=1481006881300&scanCodeId=130704380939251367&signType=SHA256&terminalid=00000001&txamt=000000000001&txndir=Q&version=2.3.1&sign=2394af792892ffe5d1b83bb3c7842635167476f6b8f571e7d01443aa9d258725
截取"sign=2394af792892ffe5d1b83bb3c7842635167476f6b8f571e7d01443aa9d258725"获得报文中的签名
截取stringSRC,"busicd=PURC&charset=utf-8&inscd=10130001&mchntid=100000000000203&orderNum=1481006881300&scanCodeId=130704380939251367&signType=SHA256&terminalid=00000001&txamt=000000000001&txndir=Q&version=2.3.1"
(2)在 stringSRC 最后直接拼接(不需要用“&”连接)双方约定的签名密钥K1(接入时后台系统侧分配),得到 stringSignTemp2 字符串。 
busicd=PURC&charset=utf-8&inscd=10130001&mchntid=100000000000203&orderNum=1481006881300&scanCodeId=130704380939251367&signType=SHA256&terminalid=00000001&txamt=000000000001&txndir=Q&version=2.3.1zsdfyreuoyamdphhaweyrjbvzkgfdycs 
(3)对 stringSignTemp2 字符串进行 SHA256 运算,得到签名 sign。 
sign=SHA256(stringSignTemp2)=2394af792892ffe5d1b83bb3c7842635167476f6b8f571e7d01443aa9d258725 
(4)校验签名,若计算的签名与报文中获取的一致,则验签通过。


改造签名的适用,避免客户解签出现的”签名不一致“问题。在对接过程中,出现最多的也是解签时签名不一致。

 

深圳逆时针

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值