我是aws-services和amazon-pay-services的新手。我正在尝试为亚马逊付费服务添加即时付款通知(IPN)。我正在通过IPN-doc,它提到我们需要验证IPN身体的签名,类似于aws-sns-sign-verify
所以我在这里很困惑。
根据aws-sns的文档,帖子请求将是这样的
amazon-pay-IPN
POST /SPN_project2/iopn HTTP/1.1
x-amz-sns-message-type: Notification
x-amz-sns-message-id: 4227aa54-ccf8-5a2a-8038-fb740d9f65d6
x-amz-sns-topic-arn: arn:aws:sns:eu-west-1:598607868003:A18VPDB9UTK24DA3GEDG4FJC14BQ
x-amz-sns-subscription-arn: arn:aws:sns:eu-west-1:598607868003:A18VPDB9UTK24DA3GEDG4FJC14BQ:993a0851-1b8d-4e0c-a48a-c4b2cbd17036
Content-Length: 2301
Content-Type: text/plain; charset=UTF-8
Host: ded73b97.ngrok.io
User-Agent: Amazon Simple Notification Service Agent
Accept-Encoding: gzip,deflate
X-Forwarded-Proto: https
X-Forwarded-For: 54.240.197.7
{
"Type" : "Notification",
"MessageId" : "4227aa54-ccf8-5a2a-8038-fb740d9f65d6",
"TopicArn" : "arn:aws:sns:eu-west-1:598607868003:A18VPDB9UTK24DA3GEDG4FJC14BQ",
"Message" : "{\"ReleaeEnvironment\":\"Live\",\"MarketplaceID\":\"220451\",\"Version\":\"2013-01-01\",\"NotificationType\":\"OrderReferenceNotification\",\"SellerId\":\"A3GEDG4FJC14BQ\",\"NotificationReferenceId\":\"f80ab4f0-82ca-42c8-a0d1-9b07f5b3fa30\",\"Timestamp\":\"2017-02-17T09:15:18.679Z\",\"NotificationData\":\"<?xml version=\\\"1.0\\\" encoding=\\\"UTF-8\\\"?><ChargeTransactionNotification xmlns=\\\"https://mws.amazonservices.com/ipn/OffAmazonPayments/2013-01-01\\\">\\n <ChargeTransactionDetails>\\n <OrderID>P04-5366666-6431174<\\/OrderID>\\n <SellerReferenceId>test<\\/SellerReferenceId>\\n <Amount>\\n <Amount>10.0<\\/Amount>\\n <CurrencyCode>INR<\\/CurrencyCode>\\n <\\/Amount>\\n <TotalFee>\\n <Amount>0.0<\\/Amount>\\n <CurrencyCode>INR<\\/CurrencyCode>\\n <\\/TotalFee>\\n <PaymentModes/>\\n <FeeBreakup/>\\n <CreationTimestamp>2017-02-17T09:00:13.592Z<\\/CreationTimestamp>\\n <Status>\\n <State>Declined<\\/State>\\n <LastUpdateTimestamp>2017-02-17T09:15:13.879Z<\\/LastUpdateTimestamp>\\n <ReasonCode>SessionExpired<\\/ReasonCode>\\n <ReasonDescription>Session Expired<\\/ReasonDescription>\\n <\\/Status>\\n <\\/ChargeTransactionDetails>\\n<\\/ChargeTransactionNotification>\"}",
"Timestamp" : "2017-02-17T09:15:19.922Z",
"SignatureVersion" : "1",
"Signature" : "FIRgFXytZTrpt4axHOHqVto+hbXadKhCnP2gfGaII3+6Jnawz939iT/KW4Z8wVYed3s+EGtC+xM3JCBVNJ5m7Ctf4bZZ9rFy+7Y7hAS/c18J1bNeEbEz2l0WQvpI4MDzH5/mmSVEWawfwX6zPE0R9U9kT81hac7a/NRedbUnJpOQCytCbTHxCn/k1s4WQQpXwIPnOVyp0x3Dj7ofkhJNB7bZk2bQET22DaOpSg01I4/KTU5t1iFzYVeoVRa3BcnB+X9d5GEdbmKjGg0SHhVSkzq0Qx3cpcipiyXzqv1IR62wxlpVC1yYkGXiw5uNU9k8QIweAoO4TuzR1IwYakTO3g==",
"SigningCertURL" : "https://sns.eu-west-1.amazonaws.com/SimpleNotificationService-b95095beb82e8f6a046b3aafc7f4149a.pem",
"UnsubscribeURL" : "https://sns.eu-west-1.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:eu-west-1:598607868003:A18VPDB9UTK24DA3GEDG4FJC14BQ:993a0851-1b8d-4e0c-a48a-c4b2cbd17036"
}
的帖子请求看起来像这样
sns-service
我们可以看到,在Amazon-pay-IPN-service
的情况下,正文的消息字段具有纯字符串类型值(即上面的测试消息例如)
但是在Message
的情况下,正文的消息字段具有字符串类型值,但包含json-data,许多转义字符以及xml-string。
因此,在IPN服务中签名验证时,我是否需要在创建规范消息时在json, xml-str, escape-char
字段中处理这些额外数据? IPN正文中的这些额外数据({{1}})是否会对符号验证过程进行任何更改?
任何帮助将不胜感激。感谢。
答案 0 :(得分:0)
您是否有理由要手动验证IPN消息?有SDKs available主要语言,如PHP,Java,Python,.NET / C#和Ruby,已经实现了IPN验证。
如果您不能使用任何这些SKD,您仍然可以查看PHP SDK的IpnHandler class或Java SDK的NotificationVerification class等实现,以了解如何这是有效的。
答案 1 :(得分:0)
使用JSON库反序列化整个正文。
Message
将是一个字符串,任何已被SNS转义的内容都将被正确转义为签名验证目的。此时字符串的含义并不重要 - 它将以正确的形式进行验证。
然后,一旦验证了签名,就用你的JSON库再次反序列化Message
字符串,你将得到最后的消息,作为一个有效的对象,然后你可以处理它。