Signature algorithms

Signature generation steps

Let all the data sent or received be set M, sort the parameters of the non-null parameter values in the set M according to the ASCII code of the parameter name from small to large (dictionary order), and use the format of the URL key-value pair (i.e., key1=value1&key2=value2...). ) concatenated into the string stringA.
Finally, concatenate the key (merchant key) on stringA to obtain the stringSignTemp string, perform MD5 operation on stringSignTemp, and then convert all the characters of the obtained string to uppercase to obtain the sign value signValue.

note

Parameter name: ASCII code sorted from smallest to largest (dictionary order);
If the value of the parameter is empty, it does not participate in the signature;
Parameter names are case-sensitive;
When the verification call is returned or the payment system actively notifies the signature, the sign parameter in the data does not participate in the signature, and the generated signature is verified with the sign value.
The payment interface may add additional fields, and the additional extended fields must be supported when verifying signatures.
When signing, the merchant key is used in plaintext when setting (if the Google verification code is not bound, the merchant backend key may be displayed in ciphertext)

example

For example, the request parameters are as follows:

 {
  "countryId": "COL",
  "currency": "COP",
  "customerAccount": "3720000264",
  "merId": "8301000002750275",
  "merOrderNo": "merOrderNo",
  "nonceStr": "string",
  "orderAmount": "30000",
  "payProduct": "08",
  "nonceStr": "4cKcL83FIsDgjAi"
}

Concatenate the string according to the rule to obtain the string to be signed

countryId=COL&currency=COP&customerAccount=3720000264&merId=8301000002750275&merOrderNo=merOrderNo&nonceStr=4cKcL83FIsDgjAi&orderAmount=30000&payProduct=08&key=11111111111111111111111111111111

Final Signature Result

1DD2448C750D92B3AE512F2E493F5665

Final request parameters

 {
  "countryId": "COL",
  "currency": "COP",
  "customerAccount": "3720000264",
  "merId": "8301000002750275",
  "merOrderNo": "merOrderNo",
  "nonceStr": "string",
  "orderAmount": "30000",
  "payProduct": "08",
  "nonceStr": "4cKcL83FIsDgjAi",
  "sign": "1DD2448C750D92B3AE512F2E493F5665"
}

Use the Signature SDK

For details about how to download the SDK,see Dictionary Resource > Downloads - Signing SDKs
Introduce the "supefina-sign" jar package into your own project
The signature operation is completed through the com.supefina.sign.SupefinaSignUtils#sign(java.lang.Object,java.lang.String) method. (Parameter 1: request parameter JSON object; Parameter 2: Merchant Key)

Sign the demo

public static String sign(Object data, String key) {
        return sign(JSON.parseObject(JSONObject.toJSONString(data)), key);
    }

public static String sign(Map<String, Object> data, String key) {
        data.remove("sign");
        String signedValue = getSignedValue(data);
        signedValue += "key=" + key;
        log.info("signedValue:{}", signedValue);
        return md5(signedValue, "UTF-8").toUpperCase();
    }

private static String getSignedValue(Map<String, Object> reqMap) {
        Map<String, String> copy = new TreeMap<>();
        reqMap.forEach((k, v) -> {
            if (v != null && !"".equals(v)) {
                copy.put(k, v.toString());
            }
        });
        StringBuilder sb = new StringBuilder();
        copy.forEach((k, v) -> {
            if (v != null) {
                sb.append(k).append("=").append(v).append("&");
            }
        });
        return sb.toString();
    }

Verify the demo

String callbackData = "{\n" + "  \"countryId\": \"COL\",\n" + "  \"currency\": \"COP\",\n"
+ "  \"customerAccount\": \"3720000264\",\n" + "  \"merId\": \"8301000002750275\",\n"
+ "  \"merOrderNo\": \"merOrderNo\",\n" + "  \"nonceStr\": \"string\",\n"
+ "  \"orderAmount\": \"30000\",\n" + "  \"payProduct\": \"08\",\n"
+ "  \"nonceStr\": \"4cKcL83FIsDgjAi\",\n" + "  \"sign\": \"1DD2448C750D92B3AE512F2E493F5665\"\n" + "}";
JSONObject data = JSON.parseObject(callbackData);

String sign = data.get("sign").toString();
data.remove("sign");
String signValue = SupefinaSignUtils.sign(data, "商户key");
if (Objects.equals(sign, signValue)) {
    // 验证签名通过
} else {
    // 失败
}

AnteriorQuick Start SiguienteNotification callback description

Última actualización hace 10 meses

hashtagSignature generation steps

hashtagexample

hashtagUse the Signature SDK

hashtagSign the demo

hashtagVerify the demo

Signature generation steps

example

Use the Signature SDK

Sign the demo

Verify the demo