签名
1. 获取所有支付参数
假设所有发送和接收的数据都是集合M。按照M的升序字母顺序(即字典顺序),并通过相应的URL键值格式(例如key1=value1&key2=value2…)将它们连接到字符串A中。
请注意:
根据ASCII编码的名称(例如字典顺序)按升序字母排列参数名称;
参数名称区分大小写;
当检查返回的数据或YabandPay推送通知签名时,传输的“sign”和“data”不参与签名数据。
2. 使用stringA和secret_key获取stringSign
对stringA执行HMAC-SHA256算法,从而获取sign的值(signValue)。
Use stringA and secret_key to get stringSign, perform HMAC-SHA256 arithmetic on stringSign, thus get sign's value (signValue).
例如:
a) 获取所有支付参数
array(13) {
["description"] => string(27) "YabandPay test"
["timeout"] => string(1) "0"
["pay_method"] => string(8) "online"
["sub_pay_method"] => string(6) "WeChat Pay"
["order_id"] => string(17) "20180902014018888"
["amount"] => string(3) "0.1"
["currency"] => string(3) "EUR"
["redirect_url"] => string(49) "https://www.yabandpay.com"
["notify_url"] => string(44) "https://www.yabandpay.com/notify"
["demo"] => string(4) "test"
["user"] => string(20) "016683"
["method"] => string(17) "v3.CreatePayments"
["time"] => int(1555498137)
}
b) 对所有支付参数排序
array(13) {
["amount"] => string(3) "0.1"
["currency"] => string(3) "EUR"
["demo"] => string(3) "test"
["description"] => string(27) "YabandPay test"
["method"] => string(17) "v3.CreatePayments"
["notify_url"] => string(44) "https://www.yabandpay.com/notify"
["order_id"] => string(17) "20180902014018888"
["pay_method"] => string(8) "online"
["redirect_url"] => string(49) "https://www.yabandpay.com"
["sub_pay_method"] => string(6) "WeChat Pay"
["time"] => int(1555498137)
["timeout"] => string(1) "0"
["user"] => string(20) "016683"
}
c) 拼接为URL方式的字符串
string(326) "amount=0.1¤cy=EUR&demo=test&description=YabandPay test&method=v3.CreatePayments¬ify_url=https://www.yabandpay.com/notify&order_id=20180902014018888&pay_method=online&redirect_url=https://www.yabandpay.com&sub_pay_method=WeChat Pay&time=1555498137&timeout=0&user=016683"
d) 得到的 stringA 使用 secret_key做签名
secret_key 在本案例中为 62184c09df1aeb63239e07079875be81
得到的签名如下:
string(64) "f8f90c7537c5f335b57cee1d5f7360c1bea34eeec0d12e0ffdc3f0985019c846"