我正在尝试在后端验证从使用google-pays的移动应用程序中获得的支付令牌。
令牌看起来像这样:
"{\"signature\":\"MEUCIFGFWxmw/6WRXAqEoZAT7TspkckP/Rd5DtfVfa7NHqJ9AiEA1cK5O/hUENf+npc3lKyI1DsKYMA5gNP77Gmhkie/Q00\\u003d\",\"intermediateSigningKey\":{\"signedKey\":\"{\\\"keyValue\\\":\\\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwKVBSYqrKGeBTdL4eXerp+qfUAA3Ie5CINH2aK34iYNpmxn+xDIuD67vthpIRjiKtyGtJvqLHs6MPp3kkru8vg\\\\u003d\\\\u003d\\\",\\\"keyExpiration\\\":\\\"1598399127387\\\"}\",\"signatures\":[\"MEUCIQC0n7zyHhvD8sUJhRa+HOeV6hRl1XscT7wt1G685PxyTAIgTVeq4rR1MFseYZcYJ4nKeNz4BGC9m+ax8i434rCoV6w\\u003d\"]},\"protocolVersion\":\"ECv2\",\"signedMessage\":\"{\\\"encryptedMessage\\\":\\\"nxO5fQEB5MXV+9qBXoCpIlxW+F/e5plpQU2nYM5jIBQipzF9gNU9QOv6NKafJv73FQQsCeKADziRaoJagoRST8NApmnl2wlJAyzWLfJKXWKdVLLwnHdccV0qD2sQypn+mZBu7QyQUK52HEgXPV22ms8/4rLr868gIaA9Lmh5sgal4C78P7qzImRJImK5aGVZlzCwopUfqOVipGqJ2ffTXeKsS44OhF2hgYVpfFSbNIrPJR1J82oPl7sNAYKPIQ3CKySE7Y81VINnIVlq5i8/c7DdxK9zkc1Q0j38tLAnP9rvd0fvuvxEFHjHlJoc3eCZbwLUmPb+PyOoLHVbSJDKAg7f8W8jKLalhMziO5zVPmh3rCjMef7mNHuL4qrSPNSZrQPWWkOZ9T/KC8MCXozzP6YxyIWcmrh0AQzVBTQnMUI/AdWK5xkEJDuSC4sS8DU0VyxDJ0SlQcAr7olDQc5CEdOO57erAYVJcaczgvLhzo4Sz1aoIec3lyQculLNr76qRwdQrXcucKloqLU/anatNVn6ZODJqmo\\\\u003d\\\",\\\"ephemeralPublicKey\\\":\\\"BIi24MIm0uqQ3JoaHQ9mY0tk7z+VV2Uue9zCmxrH+gj/DUwvTRFn0D9g860j7JzsdSTPXKr23CFsKRKvOAypNoU\\\\u003d\\\",\\\"tag\\\":\\\"h41QJdk8uByJnwtKPgZiFQzT4evU4pPDUtpi96tMthk\\\\u003d\\\"}\"}"
关于我应该在后端实施的过程的文档非常丰富,以验证有效载荷是否有效并解码encryptedMessage,据称其中包含购买的详细信息。
这些可以在这里找到:https://developers.google.com/pay/api/android/guides/resources/payment-data-cryptography#using-tink
令我惊讶的是,Google Pay仅提供了如何使用Java(使用tink libray)完成此操作的代码示例。 我真的很想不必将Java服务添加到系统中,否则它就不会在堆栈中。
理想情况下,我想使用nodejs进行验证和解码。但是如果需要,我也可以选择Python。出乎意料的是,我无法为此找到一个解决方案,并且我已经花费了数小时试图使用crypto模块来实现该解决方案。
是否有人知道可以使用的库,或者可以共享代码示例?
答案 0 :(得分:-1)
您无法验证有效负载数据,但使用 nodejs 可以使用 joi 验证有效负载结构。
// https://npmjs.com/package/joi
const joi = require('joi');
const payload = '{"signature":"MEUCIFGFWxmw/6WRXAqEoZAT7TspkckP/Rd5DtfVfa7NHqJ9AiEA1cK5O/hUENf+npc3lKyI1DsKYMA5gNP77Gmhkie/Q00\\u003d","intermediateSigningKey":{"signedKey":"{\\"keyValue\\":\\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwKVBSYqrKGeBTdL4eXerp+qfUAA3Ie5CINH2aK34iYNpmxn+xDIuD67vthpIRjiKtyGtJvqLHs6MPp3kkru8vg\\\\u003d\\\\u003d\\",\\"keyExpiration\\":\\"1598399127387\\"}","signatures":["MEUCIQC0n7zyHhvD8sUJhRa+HOeV6hRl1XscT7wt1G685PxyTAIgTVeq4rR1MFseYZcYJ4nKeNz4BGC9m+ax8i434rCoV6w\\u003d"]},"protocolVersion":"ECv2","signedMessage":"{\\"encryptedMessage\\":\\"nxO5fQEB5MXV+9qBXoCpIlxW+F/e5plpQU2nYM5jIBQipzF9gNU9QOv6NKafJv73FQQsCeKADziRaoJagoRST8NApmnl2wlJAyzWLfJKXWKdVLLwnHdccV0qD2sQypn+mZBu7QyQUK52HEgXPV22ms8/4rLr868gIaA9Lmh5sgal4C78P7qzImRJImK5aGVZlzCwopUfqOVipGqJ2ffTXeKsS44OhF2hgYVpfFSbNIrPJR1J82oPl7sNAYKPIQ3CKySE7Y81VINnIVlq5i8/c7DdxK9zkc1Q0j38tLAnP9rvd0fvuvxEFHjHlJoc3eCZbwLUmPb+PyOoLHVbSJDKAg7f8W8jKLalhMziO5zVPmh3rCjMef7mNHuL4qrSPNSZrQPWWkOZ9T/KC8MCXozzP6YxyIWcmrh0AQzVBTQnMUI/AdWK5xkEJDuSC4sS8DU0VyxDJ0SlQcAr7olDQc5CEdOO57erAYVJcaczgvLhzo4Sz1aoIec3lyQculLNr76qRwdQrXcucKloqLU/anatNVn6ZODJqmo\\\\u003d\\",\\"ephemeralPublicKey\\":\\"BIi24MIm0uqQ3JoaHQ9mY0tk7z+VV2Uue9zCmxrH+gj/DUwvTRFn0D9g860j7JzsdSTPXKr23CFsKRKvOAypNoU\\\\u003d\\",\\"tag\\":\\"h41QJdk8uByJnwtKPgZiFQzT4evU4pPDUtpi96tMthk\\\\u003d\\"}"}';
const parsedPayload = JSON.parse(payload);
const payloadSchema = joi.object(
{
signature: joi.number().string().required("'signature' is missing from the payload"),
intermediateSigningKey: joi.object().required("'intermediateSigningKey' is a required param and it must be an object."),
protocolVersion: joi.string().trim().required("'protocolVersion' is a required param."),
signedMessage: joi.string().trim().required("'signedMessage' is a required param."),
},
);
const payloadValidationResult = payloadSchema.validate(paymentData);
if (payloadValidationResult.error) {
console.log(payloadValidationResult.error.details[0]);
}