请求加密流程
为了数据安全,首信易支付接口用了两种加密方法、两种签名方法以及一种排序方法,分别是:CFCA公钥证书加密、AES加密、SHA1签名、CFCA私钥证书签名和键名首字母排序,首信易的三种语言demo分别都提供了各个方法,具体用法:
1.键名首字母排序:
该方法的主要作用是将原数据json按照键名首字母进行从a-z的顺序进行排序,并按照排好的顺序进行拼接键值,各键值中间用#号隔开,例:
排序前:
<![CDATA[
{
"merchantId": "890000593",
"orderAmount": "1",
"orderCurrency": "CNY",
"requestId": "1556592332569",
"notifyUrl": "https://sdk.5upay.com/sdk/onlinepay/notify",
"callbackUrl": "https://sdk.5upay.com/sdk/onlinepay/callback",
"remark": "备注",
"paymentModeCode": "",
"productDetails": [{
"name": "",
"quantity": 1,
"amount": 1,
"receiver": "",
"description": ""
}],
"payer":
{
"name": "付款人姓名",
"idType": "IDCARD",
"idNum": "232201198701280426",
"bankCardNum": "6222021001116245702",
"phoneNum": "18800000000",
"email": "cs@cc.com"
},
"hmac": "Wf7yNZUdruKx7Q1P6bwv6dhu05o13wYfp0S7zC7GP0aolLdjYqjNbR2n4gXinH7Tr1B3 GyOEJ2B6SDa3xEebBl8cd7m/Msng3jY
bB1Nzo23nHkIQec329Xuh19kr0SQB+xdMAbX7Dzt dDweNMEnH+5pJLgbDjSyMocF9jBkhShvX5g1VdBpfK05ZTqRNaGcLrLgwMh4QlPtJhvq
TBtOikZtIylinHiVaaXnbsR9WGg5fsmtRly3Cf6LW/XbJUuyh6O92eArAV1CXOEuKy04+qIkSW0bQ=="
}
]]>
'#' 符号尾加首不加,排序后:
<![CDATA[ https://sdk.5upay.Com/sdk/onlinepay/callback#890000593#https://sdk.5upay.com/sdk/onlinepay/notify#1#cny#
6222021001116245702#cs@cc.com#132201198701280426#IDCARD#付款人姓名#18800000000#1#1#备注#1556592332569#]]>
SHA1签名:
该签名方法用于对数据进行初步摘要。例:
签名前:
<![CDATA[ https://sdk.5upay.com/sdk/onlinepay/callback#890000595#https://sdk.5upay.com/sdk/onlinepay/notify#1#CNY#6222
021001116245702#cs@cc.com#132201198701280426#IDCARD#付款人姓名#18800000000#1#1#备注#1556592332569#]]>
签名后:
<![CDATA[ wkJpxZ9o+vuGhQn2pieT3S5GvSo=]]>
3.CFCA私钥签名:
PS:此操作完成后得到的是hmac,将签名后的值传到原json里的hmac项。
商户使用自身CFCA私钥证书(商户与首信易方面业务人员申请)进行签名,该签名优点是不可被破解,请求接口后首信易支付使用商户在商户后台上传的公钥进行验签,防止信息篡改。例:
签名前:
<![CDATA[ wkJpxZ9o+vuGhQn2pieT3S5GvSo=]]>
签名后:
<![CDATA[
SjhLrzimZKXWCz1m1L5npw/rBs6GdTOMSDlg5D49TWdgQUY9+eC2j14TnhopGSk7euAWX7cWQaMCP096znzKeRFaYp0rsghkQSquzRwFQi
VWhgePJSVdnl5raUHGPW4r0gfRLuKbtMCe2pgidMrGM1WTOGjHj9kM/1qaecDO1PXHSDJWNIuypXbsMg1bvkltg1qlfOJgCRJ6IDJSr3vn
W4eWVEZJDqkcYZAU7lZnnq419XJnbXGqefBYW4pBrVlFgyKkP7PG25JGu5b03IuxgKTmp5qeXB0BHZzgaVRfrRyNqvRtK2qqCB7/+QI7O1
c7wexsF6uR/ekGKArWRCDCw==
]]>
4.自动生成十六位aes密钥
此操作完成后得到用于加密加入了hmac的原json数据的aes密钥。
商户自行生成一串十六位的随机数用于进行aes加密使用。
例:wsF0iQI3myswBmH8
5.AES加密:
此操作完成后得到的是请求接口的请求体data数据,将加密完成后的值放到请求接口的请求体里
该加密可通过相同的密钥进行解密,可自行生成16位随机数密钥进行加密,首信易支付接收到后通过相同的密钥进行解密,AES加密作用于加密已经含有hmac参数的原数据,例:
加密前:
<![CDATA[
{
"merchantId": "890000593",
"orderAmount": "1",
"orderCurrency": "CNY",
"requestId": "1556592332569",
"notifyUrl": "https://sdk.5upay.com/sdk/onlinepay/notify",
"callbackUrl": "https://sdk.5upay.com/sdk/onlinepay/callback",
"remark": "备注",
"paymentModeCode": "",
"productDetails": [{
"name": "",
"quantity": 1,
"amount": 1,
"receiver": "",
"description": ""
}],
"payer": {
"name": "付款人姓名",
"idType": "IDCARD",
"idNum": "132201198701280426",
"bankCardNum": "6222021001116245702",
"phoneNum": "18000000000",
"email": "cs@cc.com",
"nationality": null
},
"hmac": " SjhLrzimZKXWCz1m1L5npw/rBs6GdTOMSDlg5D49TWdgQUY9+eC2j14TnhopGSk7euAWX7cWQaMCP096znzKeRFaYp0rsghkQSquzRwFQi
VWh/gePJSVdnl5raUHGPW4r0gfRLuKbtMCe2pgidMrGM1WTOGjHj9kM/1qaecDO1PXHSDJWNIuypXbsMg1bvkltg1qlfOJgCRJ6IDJSr3vnW4eWVE
ZJDqkcYZAU7lZnnq419XJnbXGqefBYW4pBrVlFgyKkP7PG25JGu5b03IuxgKTmp5qeXB0BHZzgaVRfrRyNqvRtK2qqCB7/+QI7O1c7wexsF6uR/ek
GKArWRCDCw=="
}
]]>
加密后:
<![CDATA[
PoE9VSppnI/ixnoi7j2/LE0o28NGVdREh6TfZXXPS0Z0xZTs8Iy9FOoL2lDYOOGfoNNb3YRGtQ1y1ggUykbBaMRh8ipd7njD8XgH0suhx0nyKcSuU
S6vkCV3rI+0cJyjENozstB7vhAv31LxOoWyhrBCim/9mnyMomi6jEZS0xdQizUu4TcgJsQL2wXCecHdoD6C6PzLS+oSpizoBC6OtMMuD3aPR/tU5d
hofU/r1Bof8CuWulV4sCNr8X5EsduZs3uu3dnLsLEJNDjqplN7dGYga492DMg5KHqm8yAOGkiLAyR2jEspHz0ICVdB7RSS6RTDrtqAVzEIw2zrAYyo
TMbKOPkh720eFjkRc3iBw5TLfry9ZP4/sBtCzeOvcKw5rxGWiV6RIzxmftUFfsZLAA45DAil6+qryNU7cvS6UupxFiJLykkg88HvZRCGXuY4RxMhTxM
T4Vt+emA3RkYHr4U5Z+jUmvx1AjzQs6VBEoqmiFtM5vwHVkkF+e6JYV3d8BVeWyWCcYWYR0h9WYOdvnozsLv5NAQZtFYLbON7krN9abvqUa1Nwn+f8f+
kQpyQAqhhLbqx/r2V9jvaIWXYyUzo0oLIH8eL2WvWBPDXMeipo0c0erwxqL3cGI1jxsAvrpAHPoGxYaeRCdWWIWDG2l6hHwiER/pZKp16k0JSOsJVBG
apgWvbPFAd/kfoP6SHuRG/dNjgahiS+tK/QUrV+X8D16Q7uixBJ15/Gwg/b2QSC88Dvs9t14UmYqtqVYFZAo4u5O718r4yA20nk8bZCd9Zwv+Hy6IEg1
MzzZEYoOoT9oXCvrQEb6SY5JzCymLPOLq07Mi1a5IZ1c9KGWY2gi6UaXFEHGVCLt8ITlHhG5V8NCo8+uMB3l4vFKNAMRC21tc1Z7dFdD29vnU+2sa2oa
86JGMDLbe+MXgVEpWsmFouGhcq1uU+xDSgTKlhm87TW0waUihBX/VnmCPrpV0YQgIN/RZMnWAHEf78cWx4UMXEqi+eqJer27CuKG8L2k6sCImskWdIBv
VXRpHrEsDqZnzsBDQuQ5f0kPjljqXjhk/vLzYy+READjUwVpKDhwkvPd2JT+j+UZBg+shYia0UNpPc0GdvFCgz0unqZUIhkEf9dHXQBzu+pyIMOFspxv
f9O41Otj+Y/cDCxeqIP+KlxJrxLrxr6g868VpWKffKEMivuMZMo528QV0/xUyivzUBxep4OCq6x8zB6poGRaap50PAvbMPEZ9FDJdrSpMkZcGJ5c9w+E
T/Pu2xBEv1Pk7ykfyv2FPgM0vfh+xvjhLvAa0YPXvM7xbeB35LQ2iA54T/voza91sNhMowoR7ZcS0xK6+bp+VDCJfAK6kP4dwvCg==
]]>
6.CFCA公钥加密:
此操作完成后得到的是请求接口的请求头encryptKey数据,将加密完成后的值放到请求接口的请求头里,键名为encryptKey
该加密是不对称加密,商户通过首信易提供的公钥进行CFCA公钥证书加密,加密方法在demo内有提供,加密的数据是AES密钥,防止AES密钥泄露。
加密前:
wsF0iQI3myswBmH8
加密后:
O3ch2CMfQaVeP8b6WbziCffGVGHF2BSsjaOQm2EvO+3Q1X8y2CSobquLNcT/g/FdsvRnmPwfscR3lbFBYvH9M9NdGjKjLNHkGc2ekagABPGWDwMzcnrLj
vkNL3xgHSt4+mmZDDs8OUlpN5WCDVnMBcq2NEb4IY0We7I4g80xIFj1+XwPhzFZL6MMny5fq1/GVbAfh/iNV1XxpOvGsi0v8bRxEwu/auqTM5K6p7VrS
ZgcE7rdwD1I11PgN1sHUaPQn1X/2oJ2qELWdNi9K7aAC/7SfZhGXzU5+Z22ShxYzN27l1MIIVKBCbR7/tOMZe2VfQn8YFQgT05TB5dntaJeGw==
7.接口请求:
商户请求时需要确认好请求地址正确以及相关加密流程准确无误,请求方式为post,请求时请确认好编码为utf-8,以下为相关请求内容
请求头:
| 键名 |
键值 |
注释 |
| merchantId |
商户编号 |
首信易分配给商户的唯一身份标识,在商户后台获取 |
| requestId |
商户订单号 |
商户自行拟定的订单号(如果业务没有订单号的话可不传此参数) |
| partnerId |
服务商id |
首信易分配给服务商的唯一身份标识,和商户编号有对应关系(如果业务没有服务商id的话可不传此参数) |
| Content-Type |
application/vnd.5upay-v3.0+json |
首信易固定的请求头 |
| encryptKey |
经过cfca公钥加密过后的aes密钥数据 |
请求加密流程里的第6步CFCA公钥加密后得到的值 |