不管是微信支付还是支付宝支付, 3个最棘手的问题是:
1,如何生成签名
2,支付请求如何提交
3, 如何验证签名
http://bbs.2ccc.com/topic.asp?topicid=590034
下面就围绕这三个问题来讲。
我使用的是XE3.
先看微信支付:
1,微信支付的签名生成
uses IdHashMessageDigest, NatvieXml; //我使用的是NativeXml4.07 function TMicroPayParamBuilder.GetSign: string; var Digest: TIdHashMessageDigest5; utf8: UTF8String; begin utf8 := ''; Assert(FAppId <> '', '公众账号ID 不能为空!'); utf8 := utf8 + 'appid=' + FAppId; if FAttach <> '' then utf8 := utf8 + '&attach=' + FAttach; Assert(FAuthCode <> '', '授权码 不能为空!'); utf8 := utf8 + '&auth_code=' + FAuthCode; Assert(FBody <> '', '商品描述 不能为空!'); utf8 := utf8 + '&body=' + FBody; if FDetail <> '' then utf8 := utf8 + '&detail=' + BuildDetail(); Assert(FMchId <> '', '商户号 不能为空!'); utf8 := utf8 + '&mch_id=' + FMchId; utf8 := utf8 + '&non_ce_str=' + FNonceStr; Assert(FOutTradeNo <> '', '商户订单号 不能为空!'); utf8 := utf8 + '&out_trade_no=' + FOutTradeNo; Assert(FSpbillCreateIp <> '', '终端IP 不能为空!'); utf8 := utf8 + '&spbill_create_ip=' + FSpbillCreateIp; Assert(FTotalFee > 0, '订单金额 必须大于0!'); utf8 := utf8 + '&total_fee=' + IntToStr(FTotalFee); Assert(Fkey <> '', '密钥 不能为空!'); utf8 := utf8 + '&key=' + Fkey; //计算签名 try Digest:= TIdHashMessageDigest5.Create; Result := Digest.HashBytesAsHex(BytesOf(utf8)); finally Digest.Free; end; end; //生成Http Post请求的数据 function TMicroPayParamBuilder.BuildParam: string; var xml : TNativeXml; Node: TXmlNode; begin xml := TNativeXml.CreateEx(nil, False, False, True, 'xml'); try Node:= xml.NodeNewTextType('appid', FAppId , xeElement); xml.Root.NodeAdd(Node); Node:= xml.NodeNewTextType('mch_id', FMchId , xeElement); xml.Root.NodeAdd(Node); Node:= xml.NodeNewTextType('nonce_str', FNonceStr , xeElement); xml.Root.NodeAdd(Node); Node:= xml.NodeNewTextType('sign', Sign , xeElement); xml.Root.NodeAdd(Node); Node:= xml.NodeNewTextType('body', FBody , xeElement); xml.Root.NodeAdd(Node); Node:= xml.NodeNewTextType('out_trade_no', FOutTradeNo , xeElement); xml.Root.NodeAdd(Node); Node:= xml.NodeNewIntType('total_fee', FTotalFee , xeElement); xml.Root.NodeAdd(Node); Node:= xml.NodeNewTextType('spbill_create_ip', FSpbillCreateIp , xeElement); xml.Root.NodeAdd(Node); Node:= xml.NodeNewTextType('auth_code', FAuthCode , xeElement); xml.Root.NodeAdd(Node); if FAttach <> '' then begin Node:= xml.NodeNewTextType('attach', FAttach , xeElement); xml.Root.NodeAdd(Node); end; if FDetail <> '' then begin Node:= xml.NodeNewTextType('detail', BuildDetail() , xeElement); xml.Root.NodeAdd(Node); end; Result := xml.WriteToString; finally xml.Free; end; end;
2, 微信支付请求如何提交
class function TTencentSSLHttpPost.Post(URL: string; Builder: TBaseParamBuilder): string; var ssl:TIdSSLIOHandlerSocketOpenSSL; http: TIdHttp; inStrm, outStrm: TStringStream; begin http:= TIdHttp.Create(nil); ssl:=TIdSSLIOHandlerSocketOpenSSL.Create(nil); ssl.SSLOptions.Method := sslvSSLv23; http.IOHandler := ssl; inStrm:= TStringStream.Create(Builder.BuildParam, TEncoding.UTF8); outStrm:= TStringStream.Create('', TEncoding.UTF8); try try http.Post(URL, inStrm, outStrm); Result := outStrm.DataString; except Result := ''; end; finally ssl.Free; http.Free; outStrm.Free; inStrm.Free; end; end; const URL_MicroPay = 'https://api.mch.weixin.qq.com/pay/micropay'; class function TMicroPayHttpUtils.PostRequest( Builder: TMicroPayParamBuilder): string; begin Result := TTencentSSLHttpPost.Post(URL_MicroPay, Builder); end;
微信如何验证签名:
TStringsHelper = class helper for TStrings function Join(const Splitter: string): string; end; { TMyStrings} function TStringsHelper.Join(const Splitter: string): string; var I : Integer; begin Result := ''; for I := 0 to Self.Count - 1 do Result := Result + Splitter + Self.Names[I] + '=' + Self.ValueFromIndex[I]; if Result <> '' then System.Delete(result, 1, Length(Splitter)); end; function MyStringListSort(List: TStringList; Index1, Index2: Integer): Integer; begin Result := CompareStr(List.Names[Index1], List.Names[Index2]); end; function VerifyResponseSign(xml: TNativeXml; Key: string): Boolean; overload; var sign: string; I : Integer; List : TStringList; utf8: UTF8String; Digest: TIdHashMessageDigest5; begin Result := False; if xml.Root.FindNode('sign') = nil then Exit; sign := xml.Root.FindNode('sign').ValueUnicode; List := TStringList.Create; try for I := 0 to xml.Root.NodeCount - 1 do begin if (xml.Root.Nodes[I].NameUnicode <> 'sign') and (xml.Root.Nodes[I].NameUnicode <> 'WhiteSpace') and (xml.Root.Nodes[I].ValueUnicode <> '') then List.Add(xml.Root.Nodes[I].NameUnicode + '=' + xml.Root.Nodes[I].ValueUnicode); end; List.CustomSort(MyStringListSort); utf8 := List.Join('&') + '&key=' + key; try Digest:= TIdHashMessageDigest5.Create; Result := SameText(Digest.HashBytesAsHex(BytesOf(utf8)), sign); finally Digest.Free; end; finally List.Free; end; end; function VerifyResponseSign(xml: TNativeXml): Boolean; overload; begin Result := VerifyResponseSign(xml, GetKey()); end; function VerifyResponseSign(Response: string; Key: string): Boolean; overload; var xml: TNativeXml; begin Result := False; xml := TNativeXml.Create(nil); try try xml.ReadFromString(Response); except Exit; end; Result := VerifyResponseSign(xml, Key); finally xml.Free; end; end;
那么如何发送一个刷卡支付请求呢?
procedure TForm4.btn4Click(Sender: TObject); var Param: TMicroPayParamBuilder; Response: string; begin Param:= TMicroPayParamBuilder.Create; try if edBody.Text <> '' then Param.Body := edBody.Text; Param.OutTradeNo:= edTradeNo.Text; Param.SpbillCreateIp:=idpwtch1.LocalIP; param.AuthCode:= edAuthCode.Text; Param.Attach := edAttach.Text; Param.TotalFee := 10; param.AppId := edAppId.Text; Param.MchId := edMch_id.Text; Param.Key := edKey.Text; mmo1.Lines.Append(Param.BuildParam); mmo1.Lines.Append('----------'); Response := TMicroPayHttpUtils.PostRequest(Param); if Response = '' then begin ShowMessage('请求出错! 可能是网络不通!'); Exit; end; mmo1.Lines.Append(Response); if not VerifyResponseSign(Response, GetKey()) then showmessage('签名验证不通过!'); finally Param.Free; end; end;
支付宝支付:
1,支付宝支付的签名生成
uses IdSSLOpenSSL, IdSSLOpenSSLHeaders; //生成RSA签名 //参数: //PrivateKey:私钥 //Content: 要签名的内容 function GenerateRSASign(const PrivateKey:AnsiString; const Content: AnsiString): AnsiString; var rsaPrivate:PRSA; rsa_out_len: Cardinal; bio:PBIO; hIdCrypto:HMODULE; hash:array[0..SHA_DIGEST_LENGTH - 1] of AnsiChar; type TRSA_sign = function (_type : LongInt; const m : PAnsiChar; m_length : LongWord; sigret : PAnsiChar; var siglen : Cardinal; const rsa : PRSA) : LongInt; cdecl; TSHA1 = function (d: PAnsiChar; n:Cardinal; md:PAnsiChar):PAnsiChar; cdecl; function LoadFunctionCLib(const FceName: string; const ACritical : Boolean = True): Pointer; begin Result := GetProcAddress(hIdCrypto, PChar(FceName)); end; var RSA_sign : TRSA_sign; SHA1: TSHA1; bytes: TBytes; begin LoadOpenSSLLibrary; hIdCrypto := LoadLibrary('libeay32.dll'); Assert(hIdCrypto <> 0, '无法加载libeay32.dll'); try bio := BIO_new_mem_buf(@PrivateKey[1], Length(PrivateKey)); rsaPrivate :=PEM_read_bio_RSAPrivateKey(bio, nil, nil, nil) ; Assert(rsaPrivate <> nil, GetErrorMssage()); FillChar(hash[0], SHA_DIGEST_LENGTH, 0); SHA1:= LoadFunctionCLib('SHA1'); Assert(@SHA1 <> nil, 'SHA1加载失败'); SHA1(@Content[1], Length(Content), @hash[0]); RSA_sign:= LoadFunctionCLib('RSA_sign'); Assert(@RSA_sign <> nil, 'RSA_sign加载失败'); SetLength(bytes, 1024); RSA_sign(EVP_sha1()._type, @hash[0], SHA_DIGEST_LENGTH, @bytes[0], rsa_out_len, rsaPrivate); SetLength(bytes, rsa_out_len); Result := TIdEncoderMIME.EncodeBytes(bytes); BIO_free(bio); RSA_free(rsaPrivate); finally UnLoadOpenSSLLibrary FreeLibrary(hIdCrypto); end; end; //生成条码支付的签名 //TAliPayRequestParamBuilder继承自TBaseAliPayParamBuilder function TAliPayRequestParamBuilder.GetSign: string; var utf8: UTF8String; ansi: AnsiString; List: TStringList; begin List := TStringList.Create; try Assert(AppId <> '' , '开发者的应用ID 不能为空!'); List.Add('app_id=' + AppId); List.Add('biz_con_tent=' + BizContent.AsString); //BizContent: ISuperObject Assert(Charset <> '' , '编码格式 不能为空!'); List.Add('charset=' + Charset); Assert(Method <> '' , '接口名称 不能为空!'); List.Add('method=' + Method); if NotifyUrl <> '' then List.Add('notify_url=' + NotifyUrl); Assert(SignType <> '' , '签名算法类型 不能为空!'); List.Add('sign_type=' + SignType); Assert(Timestamp <> '' , '发送请求时间 不能为空!'); List.Add('timestamp=' + Timestamp); Assert(Version <> '' , '接口版本 不能为空!'); List.Add('version=' + Version); List.CustomSort(MyStringListSort); utf8 := List.Join('&'); TLogger.Instance.Warn('TTradePayParamBuilder.GetSign:' + utf8); ansi := Utf8ToAnsi(utf8); Assert(PrivateKey <> '', '私钥 不能为空!'); Result := GenerateRSASign(PrivateKey, ansi);//生成签名 finally List.Free; end; end; //生成条码支付的请求参数 procedure TAliPayRequestParamBuilder.BuildParamList(Params: TStrings); begin Params.Add('app_id=' + AppId); Params.Add('biz_con_tent=' + BizContent.AsString); Params.Add('charset=' + Charset); Params.Add('method=' + Method); if NotifyUrl <> '' then Params.Add('notify_url=' + NotifyUrl); Params.Add('sign_type=' + SignType); Params.Add('timestamp=' + Timestamp); Params.Add('version=' + Version); Params.Add('sign=' + GetSign()); end;
2,支付宝如何提交请求
class function TAliPaySSLHttpPost.Post(const URL: string; Builder: TBaseAliPayParamBuilder): string; var ssl:TIdSSLIOHandlerSocketOpenSSL; http: TIdHttp; List: TStrings; begin http:= TIdHttp.Create(nil); http.Request.Accept := 'text/xml,text/javascript,text/html,text/plain'; http.Request.UserAgent := 'aop-sdk-java'; http.HTTPOptions := [hoKeepOrigProtocol, hoForceEncodeParams]; ssl:=TIdSSLIOHandlerSocketOpenSSL.Create(nil); ssl.SSLOptions.Method := sslvTLSv1_2; http.IOHandler := ssl; List:= TStringList.Create; Builder.BuildParamList(List); //把请求参数放到List里 TLogger.Instance.Warn('TAliPaySSLHttpPost.Post Params:' + List.Join('&')); try try Result := http.Post(URL, List, TEncoding.ANSI); except on e: Exception do begin Result := ''; end; end; finally ssl.Free; http.Free; List.Free; end; end;
3,支付宝支付如何验证签名
//验证RSA签名 //参数: //PublicKey:支付宝公钥 //Content: 要签名的内容 //Sign: 签名 function VerifyRSASign(const PublicKey,Sign: AnsiString; const Content:AnsiString ): Boolean; var rsaPub:PRSA; bioPub:PBIO; hIdCrypto:HMODULE; hash:array[0..SHA_DIGEST_LENGTH - 1] of AnsiChar; type TSHA1 = function (d: PAnsiChar; n:Cardinal; md:PAnsiChar):PAnsiChar; cdecl; TRSA_verify = function (dtype : LongInt; const m : PAnsiChar; m_length : LongWord; sigret : PAnsiChar; siglen : Cardinal; const rsa : PRSA) : LongInt; cdecl; TPEM_read_bio_RSA_PUBKEY =function (bp:PBIO; x:PPRSA; cb: Ppem_password_cb; u:Pointer):PRSA; cdecl; function LoadFunctionCLib(const FceName: string; const ACritical : Boolean = True): Pointer; begin Result := GetProcAddress(hIdCrypto, PChar(FceName)); end; var SHA1: TSHA1; RSA_verify:TRSA_verify; bytes: TBytes; PEM_read_bio_RSA_PUBKEY : TPEM_read_bio_RSA_PUBKEY; begin hIdCrypto := LoadLibrary('libeay32.dll'); Assert(hIdCrypto <> 0, '无法加载libeay32.dll'); try bioPub := BIO_new_mem_buf(@PublicKey[1], Length(PublicKey)); PEM_read_bio_RSA_PUBKEY := LoadFunctionCLib('PEM_read_bio_RSA_PUBKEY'); Assert(@PEM_read_bio_RSA_PUBKEY <> nil , 'PEM_read_bio_RSA_PUBKEY加载失败'); rsaPub := PEM_read_bio_RSA_PUBKEY(bioPub, nil, nil, nil) ; Assert(rsaPub <> nil, GetErrorMssage()); FillChar(hash[0], SHA_DIGEST_LENGTH, 0); SHA1:= LoadFunctionCLib('SHA1'); Assert(@SHA1 <> nil, 'SHA1加载失败'); SHA1(@Content[1], Length(Content), @hash[0]); bytes := TIdDecoderMIME.DecodeBytes(Sign); RSA_verify:= LoadFunctionCLib('RSA_verify'); Assert(@RSA_verify <> nil, 'RSA_sign加载失败'); Result := RSA_verify(EVP_sha1()._type, @hash[0], SHA_DIGEST_LENGTH, @bytes[0], Length(bytes), rsaPub)>0; BIO_free(bioPub); RSA_free(rsaPub); finally FreeLibrary(hIdCrypto); end; end;