Amazon-Pay-IPN签名验证与AWS-SNS签名验证有何不同?

时间:2018-03-05 14:49:18

标签: amazon-web-services aws-sdk paypal-ipn amazon-sns amazon-pay

我是aws-services和amazon-pay-services的新手。我正在尝试为亚马逊付费服务添加即时付款通知(IPN)。我正在通过IPN-doc,它提到我们需要验证IPN身体的签名,类似于aws-sns-sign-verify

所以我在这里很困惑。

根据aws-sns的文档,帖子请求将是这样的

amazon-pay-IPN

POST /SPN_project2/iopn HTTP/1.1 x-amz-sns-message-type: Notification x-amz-sns-message-id: 4227aa54-ccf8-5a2a-8038-fb740d9f65d6 x-amz-sns-topic-arn: arn:aws:sns:eu-west-1:598607868003:A18VPDB9UTK24DA3GEDG4FJC14BQ x-amz-sns-subscription-arn: arn:aws:sns:eu-west-1:598607868003:A18VPDB9UTK24DA3GEDG4FJC14BQ:993a0851-1b8d-4e0c-a48a-c4b2cbd17036 Content-Length: 2301 Content-Type: text/plain; charset=UTF-8 Host: ded73b97.ngrok.io User-Agent: Amazon Simple Notification Service Agent Accept-Encoding: gzip,deflate X-Forwarded-Proto: https X-Forwarded-For: 54.240.197.7 { "Type" : "Notification", "MessageId" : "4227aa54-ccf8-5a2a-8038-fb740d9f65d6", "TopicArn" : "arn:aws:sns:eu-west-1:598607868003:A18VPDB9UTK24DA3GEDG4FJC14BQ", "Message" : "{\"ReleaeEnvironment\":\"Live\",\"MarketplaceID\":\"220451\",\"Version\":\"2013-01-01\",\"NotificationType\":\"OrderReferenceNotification\",\"SellerId\":\"A3GEDG4FJC14BQ\",\"NotificationReferenceId\":\"f80ab4f0-82ca-42c8-a0d1-9b07f5b3fa30\",\"Timestamp\":\"2017-02-17T09:15:18.679Z\",\"NotificationData\":\"<?xml version=\\\"1.0\\\" encoding=\\\"UTF-8\\\"?><ChargeTransactionNotification xmlns=\\\"https://mws.amazonservices.com/ipn/OffAmazonPayments/2013-01-01\\\">\\n <ChargeTransactionDetails>\\n <OrderID>P04-5366666-6431174<\\/OrderID>\\n <SellerReferenceId>test<\\/SellerReferenceId>\\n <Amount>\\n <Amount>10.0<\\/Amount>\\n <CurrencyCode>INR<\\/CurrencyCode>\\n <\\/Amount>\\n <TotalFee>\\n <Amount>0.0<\\/Amount>\\n <CurrencyCode>INR<\\/CurrencyCode>\\n <\\/TotalFee>\\n <PaymentModes/>\\n <FeeBreakup/>\\n <CreationTimestamp>2017-02-17T09:00:13.592Z<\\/CreationTimestamp>\\n <Status>\\n <State>Declined<\\/State>\\n <LastUpdateTimestamp>2017-02-17T09:15:13.879Z<\\/LastUpdateTimestamp>\\n <ReasonCode>SessionExpired<\\/ReasonCode>\\n <ReasonDescription>Session Expired<\\/ReasonDescription>\\n <\\/Status>\\n <\\/ChargeTransactionDetails>\\n<\\/ChargeTransactionNotification>\"}", "Timestamp" : "2017-02-17T09:15:19.922Z", "SignatureVersion" : "1", "Signature" : "FIRgFXytZTrpt4axHOHqVto+hbXadKhCnP2gfGaII3+6Jnawz939iT/KW4Z8wVYed3s+EGtC+xM3JCBVNJ5m7Ctf4bZZ9rFy+7Y7hAS/c18J1bNeEbEz2l0WQvpI4MDzH5/mmSVEWawfwX6zPE0R9U9kT81hac7a/NRedbUnJpOQCytCbTHxCn/k1s4WQQpXwIPnOVyp0x3Dj7ofkhJNB7bZk2bQET22DaOpSg01I4/KTU5t1iFzYVeoVRa3BcnB+X9d5GEdbmKjGg0SHhVSkzq0Qx3cpcipiyXzqv1IR62wxlpVC1yYkGXiw5uNU9k8QIweAoO4TuzR1IwYakTO3g==", "SigningCertURL" : "https://sns.eu-west-1.amazonaws.com/SimpleNotificationService-b95095beb82e8f6a046b3aafc7f4149a.pem", "UnsubscribeURL" : "https://sns.eu-west-1.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:eu-west-1:598607868003:A18VPDB9UTK24DA3GEDG4FJC14BQ:993a0851-1b8d-4e0c-a48a-c4b2cbd17036" } 的帖子请求看起来像这样

sns-service

我们可以看到,在Amazon-pay-IPN-service的情况下,正文的消息字段具有纯字符串类型值(即上面的测试消息例如)

但是在Message的情况下,正文的消息字段具有字符串类型值,但包含json-data,许多转义字符以及xml-string。

因此,在IPN服务中签名验证时,我是否需要在创建规范消息时在json, xml-str, escape-char字段中处理这些额外数据? IPN正文中的这些额外数据({{1}})是否会对符号验证过程进行任何更改?

任何帮助将不胜感激。感谢。

2 个答案:

答案 0 :(得分:0)

您是否有理由要手动验证IPN消息?有SDKs available主要语言,如PHP,Java,Python,.NET / C#和Ruby,已经实现了IPN验证。

如果您不能使用任何这些SKD,您仍然可以查看PHP SDK的IpnHandler class或Java SDK的NotificationVerification class等实现,以了解如何这是有效的。

答案 1 :(得分:0)

使用JSON库反序列化整个正文。

Message将是一个字符串,任何已被SNS转义的内容都将被正确转义为签名验证目的。此时字符串的含义并不重要 - 它将以正确的形式进行验证。

然后,一旦验证了签名,就用你的JSON库再次反序列化Message字符串,你将得到最后的消息,作为一个有效的对象,然后你可以处理它。