Alipay public Account building of Merchant Gateway, RSA key pair generation

Original Address: http://blog.csdn.net/yehuijun/article/details/24780119

Alipay's public account document address http://open.alipay.com/index.htm

To activate Alipay's public account the first step is to verify the validity of the merchant gateway and the developer's public key.

Https://openhome.alipay.com/doc/docIndex.htm?url=https://openhome.alipay.com/doc/viewKbDoc.htm?key=236714_ 422556&type=info

Some details are omitted from the documentation, which is supplemented in the following details. 1. Generate RSA public key pair

A public key pair is generated via OpenSSL and is generally installed by default under Linux systems:

1, let OpenSSL randomly generated a private key, encryption length is 1024 bits

OpenSSL genrsa-out Rsa_private_key.pem 1024

2. Generate public key based on private key

OpenSSL rsa-in rsa_private_key.pem-out rsa_public_key.pem-pubout

3, the private key is not directly used, need to be pkcs#8 encoded

OpenSSL pkcs8-topk8-inform pem-in rsa_private_key.pem-outform pem-out pkcs8_rsa_private_key.pem-nocrypt

Remove the header and line breaks, and the public key pair is ready to use. Note the private key is a version encoded using PKCS#8.

Examples of "go-round and wrap" such as the public key are as follows

yulong$ more RSA_PUBLIC_KEY.PEM
-----BEGIN Public Key-----
migfma0gcsqgsib3dqebaquaa4gnadcbiqkbgqcnlk8+l+ Ynhrd0sm9p/d2zhxaw
Sb9zpt+mdlyytslwypibhmhemivkpyhxllqrtop2gnnr4quf2tgaw/ds5e5g+ggs
EshN1F5R6rIN2eKk59 /nv4f7jzvkv+iq+kftg8myan76ptbuk7tyahnbx4u3umus
qgicihuyjpcokrq5eqidaqab
-----END Public KEY-----

The public key to be used in the code is:

migfma0gcsqgsib3dqebaquaa4gnadcbiqkbgqcnlk8+l+ynhrd0sm9p/d2zhxawsb9zpt+ mdlyytslwypibhmhemivkpyhxllqrtop2gnnr4quf2tgaw/ds5e5g+ggseshn1f5r6rin2ekk59/nv4f7jzvkv+iq+ Kftg8myan76ptbuk7tyahnbx4u3umusqgicihuyjpcokrq5eqidaqab

Note If the public key is configured in XML, add <! [cdata[]]> preventing XML escaping

<property name=<span class= "Code-quote" style= "Color:rgb (0, 145, 0); Background-color:inherit; " > "PublicKey" </span>><value><! [cdata[${public_key}]]></value></property>

2. Key details of the merchant Gateway's response

When you open the Merchant developer mode, you need to verify the gateway. Alipay public account to the configured gateway address, to send a htttp POST request, the Merchant website must be able to properly respond to this HTTP POST request in order to complete the authentication of the merchant gateway.

The basic details of the verification are provided in the Alipay documentation, which mentions two points that are not mentioned in the documentation.

The first sign of the content is the following stitching completed string

"<success>true/false</success><biz_content> developer Public key </biz_content>" for RSA endorsement, can call Alipay provided by the SDK to complete

public void process (Message message, Modelmap Modelmap) {
        Boolean issuccess=true;
        if (Message==null | | (!config.getappid (). Equalsignorecase (Message.getappid ()))) {
            issuccess=false;
        }
        String bizcontent= "<success>" +string.valueof (issuccess) + "</success>" + "<biz_content>"
                           + customerpublickey+ "</biz_content>";
        String Signresult = alipaysignature.encryptandsign (bizcontent, Alipaypublickey,
                                  Customerprivatekey, ALIPAYCONSTANTS.CHARSET_GBK, False, true);
        Modelmap.put ("Signresult", Signresult);
   }

<span style= "Font-family:helvetica, Arial, Sans-serif; font-size:10pt; line-height:13pt; Background-color:rgb (255, 255, 255); " >config.getappid () for merchant AppID, can be queried on the public account platform, is a digital ID; Customerpublickey is the merchant RSA public key generated in the previous section, Customerprivatekey generates the PKCS#8 encoded merchant private key for the previous section. </span>

Signresult is the XML result that is ready to return to Alipay's public account platform. The Alipaysignature.encryptandsign function will automatically assemble the feedback XML results. Two Boolean parameter indicating whether to encrypt or not to sign.

After you have prepared the feedback string, pay attention to the details

public void DoPost (Modelmap modelmap, WebRequest request,httpservletresponse response) {
        //.... Omit the previous generated XML feedback details
        //To note that the head of the HTTP request to set the feedback is specified in XML format, otherwise the special characters in the XML are escaped as HTML, causing the Alipay public account platform to be unrecognized.
        Response.setheader ("Content-type", "Application/xml");
        try {
            if (Modelmap.containsattribute ("Signresult")) {
                Logger.warn ("Response:" + (String) modelmap.get (" Signresult "));
                Response.getoutputstream (). Print ((String) modelmap.get ("Signresult"));
            Response.getoutputstream (). Flush ();
        } catch (IOException e) {
            logger.error ("Write Response error", e);
        }
    }