I have A Nonce, I have A key, Uh It's time to Crypto.
為確保資料安全性,每次呼叫API都必須取得Nonce後計算出安全簽章及訊息加密,概述基本流程如下:
商家 | 通訊方向 | 永豐金流系統 |
---|---|---|
要求取得Nonce | --> | |
<-- | 回覆Nonce | |
產生API內容 | ||
要求API服務 | --> | |
<-- | 回覆要求資料 |
前一天的文章結尾,包含一個取得Nonce的API Request,之後將利用該API結合金鑰資訊產生安全簽章(Sign)
由四組Hash金鑰進行兩兩XOR位元運算,再相加的32位元字串,後續用作AES加密的Key使用
ValA | ValB | XOR |
---|---|---|
0 | 0 | 0 |
0 | 1 | 1 |
1 | 0 | 1 |
1 | 1 | 0 |
計算流程參考XOR運算
以Python實現
def xor_two_str(a,b):
a = int(a,base=16)
b = int(b,base=16)
return hex(a ^ b)
def HashID(Hash:SimpleNamespace):
str1 = (xor_two_str(Hash.A1, Hash.A2)[2:]).upper()
str2 = (xor_two_str(Hash.B1, Hash.B2)[2:]).upper()
print(f"str1:{str1}, str2:{str2}")
return str1 + str2
產生出來的HashID必須搭配其他參數一起使用,在此必須先撰寫一個產生API服務規格的程式,以JSON格式的API Request,可以自行撰寫,或參考我的寫法
{
//API服務規格範例
"ShopNo": "BA0026_001",
"OrderNo": "A201804270001",
"Amount": 50000,
"CurrencyID": "TWD",
"PayType": "A",
"ATMParam": { "ExpireDate": "20180502" },
"CardParam": { },
"ConvStoreParam": { },
"PrdtName": "虛擬帳號訂單",
"ReturnURL": "http://10.11.22.113:8803/QPay.ApiClient/Store/Return",
"BackendURL": "http://10.11.22.113:8803/QPay.ApiClient/AutoPush/PushSuccess"
}
以Python實現產生API服務規格的資料結構(建立訂單)
def ReqOrderCreate(ShopNo = "", OrderNo = "", Amount = 0, CurrencyID = "TWD", PrdtName = "", Memo = "", \
Param1 = "", Param2 = "", Param3 = "", ReturnURL = "", BackendURL = "", PayType = "", ExpireDate = "", \
AutoBilling = "Y", ExpBillingDays = 7, ExpMinutes = 10, PayTypeSub = "ONE"):
# 永豐銀行- 數位金流 API 技術規格文件 page 32
return SimpleNamespace(ShopNo = ShopNo, OrderNo = OrderNo, Amount = Amount, CurrencyID = CurrencyID, PrdtName = PrdtName, Memo = Memo, \
Param1 = Param1, Param2 = Param2, Param3 = Param3, ReturnURL = ReturnURL, BackendURL = BackendURL, PayType = PayType, \
ATMParam = SimpleNamespace(ExpireDate = ExpireDate), CardParam = SimpleNamespace(AutoBilling = AutoBilling, \
ExpBillingDays = ExpBillingDays, ExpMinutes = ExpMinutes, PayTypeSub = PayTypeSub))