当前位置: 文江博客话题详情

在 PHP 中编码亚马逊灵活支付秘密字符串时出现问题

发布于 2024-12-27 02:01:17 字数 1844 浏览 5 评论 0原文

我正在尝试使用亚马逊支付服务,他们要求我做这样的事情:

这是完整的签名,所以你可以看到我添加了签名方法:

$string_to_sign = "GET\n
authorize.payments-sandbox.amazon.com\n
cobranded-ui/actions/start?
SignatureMethod=HmacSHA256&SignatureVersion=2&callerKey=my_key&callerReference=YourCallerReference&paymentReason=donation&pipelineName=SingleUse&returnUrl=http%3A%2F%2Fyourwebsite.com%2Freturn.html&transactionAmount=4.0";

然后我像下面一样对其进行加密。

$encoded_string_to_sign = URLEncode(Base64_Encode(hash_hmac("sha256", $string_to_sign, 'my_secret_key')));

我这样做了,但随后我收到了他们的错误消息:

Caller Input Exception: The following input(s) are either invalid or absent:[signatureMethod]

知道这里可能出了什么问题吗?

这是完整的代码:(变量已在上面赋值)

<?php
$string_to_sign = 'GET
authorize.payments-sandbox.amazon.com/cobranded-ui/actions/startSignatureMethod=HmacSHA256&SignatureVersion=2&callerKey=AKIAJENBYSJCJX2IDWDQ&callerReference=YourCallerReference&paymentReason=donation&pipelineName=SingleUse&returnUrl=http%3A%2F%2Fproblemio.com&transactionAmount=4.0';

    $encoded_string_to_sign = URLEncode(Base64_Encode(hash_hmac("sha256", $string_to_sign, 'my_secret_key')));

$amazon_request_sandbox = 'https://authorize.payments-sandbox.amazon.com/cobranded-ui/actions/start?SignatureVersion=2&returnUrl='.$return_url.'&paymentReason='.$payment_reason.'&callerReference=YourCallerReference&callerKey='.$my_access_key_id.'&transactionAmount=4.0&pipelineName=SingleUse&SignatureMethod=HmacSHA256&Signature='.$encoded_string_to_sign;

//echo $amazon_request_sandbox; - use this if you want to see the resulting request and paste it into the browser

header('Location: '.$amazon_request_sandbox);
?>

谢谢!

原文

I am trying to use Amazon Payment Services, and they require me to do something like this:

Here is the complete signature so you can see I added the signature method:

$string_to_sign = "GET\n
authorize.payments-sandbox.amazon.com\n
cobranded-ui/actions/start?
SignatureMethod=HmacSHA256&SignatureVersion=2&callerKey=my_key&callerReference=YourCallerReference&paymentReason=donation&pipelineName=SingleUse&returnUrl=http%3A%2F%2Fyourwebsite.com%2Freturn.html&transactionAmount=4.0";

and then I encrypt it like below.

$encoded_string_to_sign = URLEncode(Base64_Encode(hash_hmac("sha256", $string_to_sign, 'my_secret_key')));

I do that, but then I get an error from them saying:

Caller Input Exception: The following input(s) are either invalid or absent:[signatureMethod]

Any idea what might be going wrong here?

Here is the entire code for this: (the variables are assigned values above)

<?php
$string_to_sign = 'GET
authorize.payments-sandbox.amazon.com/cobranded-ui/actions/startSignatureMethod=HmacSHA256&SignatureVersion=2&callerKey=AKIAJENBYSJCJX2IDWDQ&callerReference=YourCallerReference&paymentReason=donation&pipelineName=SingleUse&returnUrl=http%3A%2F%2Fproblemio.com&transactionAmount=4.0';

    $encoded_string_to_sign = URLEncode(Base64_Encode(hash_hmac("sha256", $string_to_sign, 'my_secret_key')));

$amazon_request_sandbox = 'https://authorize.payments-sandbox.amazon.com/cobranded-ui/actions/start?SignatureVersion=2&returnUrl='.$return_url.'&paymentReason='.$payment_reason.'&callerReference=YourCallerReference&callerKey='.$my_access_key_id.'&transactionAmount=4.0&pipelineName=SingleUse&SignatureMethod=HmacSHA256&Signature='.$encoded_string_to_sign;

//echo $amazon_request_sandbox; - use this if you want to see the resulting request and paste it into the browser

header('Location: '.$amazon_request_sandbox);
?>

Thanks!!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(7

软糖 2025-01-03 02:01:17

检查您是否在请求中包含 &SignatureMethod=HmacSHA256

此类错误有 3 个基本性质:

  • 缺少键/值
  • 键/值上的拼写错误 键
  • /值上的编码或空格不正确

希望有所帮助!

问候

Check if you included &SignatureMethod=HmacSHA256 on the request

This kind of errors has 3 basic natures:

  • Missing Keys/Values
  • Typos on Keys/Values
  • Incorrect encoding or spaces on Keys/Values

Hope that helps!

Regards

回复 原文
笑饮青盏花 2025-01-03 02:01:17

唯一没有建议的是,您需要对属于 $string_to_sign 一部分的 transactionAmount 使用 rawurlencode()

大多数其他答案都是问题的一部分。例如,您需要在 GET(您已拥有)之后、authorize. payments-sandbox.amazon 之后的 $string_to_sign 中添加新行。 com,以及 /cobranded-ui/actions/start 之后。您还需要在 hash_hmac() 函数中将 $raw_output 参数设置为 true

我已经对您的代码进行了完整的重写(替换 ):

$return_url = rawurlencode('http://problemio.com');
$payment_reason = 'donation';
$transaction_amount = rawurlencode('4.0');

$secret_key = '<Your_Secret_Key>';
$my_access_key_id = '<Your_Access_Key>';

$string_to_sign = 'GET
authorize.payments-sandbox.amazon.com
/cobranded-ui/actions/start
SignatureMethod=HmacSHA256&SignatureVersion=2&callerKey=' . $my_access_key_id . '&callerReference=YourCallerReference&paymentReason=' . $payment_reason . '&pipelineName=SingleUse&returnUrl=' . $return_url . '&transactionAmount=' . $transaction_amount;

$encoded_string_to_sign = URLEncode(Base64_Encode(hash_hmac("sha256", $string_to_sign, $secret_key, true)));

$amazon_request_sandbox = 'https://authorize.payments-sandbox.amazon.com/cobranded-ui/actions/start?SignatureVersion=2&returnUrl=' . $return_url . '&paymentReason=' . $payment_reason . '&callerReference=YourCallerReference&callerKey=' . $my_access_key_id . '&transactionAmount=4.0&pipelineName=SingleUse&SignatureMethod=HmacSHA256&Signature=' . $encoded_string_to_sign;

但是,我强烈建议您使用 FPS 社区提供的 PHP 库,该库可以是 在此处下载。我在生产代码中使用它并且从未遇到过问题。使用 FPS 库,您的代码将如下所示:

<?php

require_once 'CBUISingleUsePipeline.php';
require_once 'CBUIPipeline.php';

$secret_key = '<Your_Secret_Key>';
$my_access_key_id = '<Your_Access_Key>';

$return_url = 'http://problemio.com';
$transaction_amount = '4.0';
$caller_reference = '<Your_Caller_Reference>';
$payment_reason = 'donation';

$base = 'https://authorize.payments-sandbox.amazon.com/cobranded-ui/actions/start';

$pipeline = new Amazon_FPS_CBUISingleUsePipeline($my_access_key_id, $secret_key);
$pipeline->setMandatoryParameters($caller_reference, $return_url, $transaction_amount);
$pipeline->addParameter('paymentReason', $payment_reason);
$uRL = $pipeline->getURL($base);

?>

The only piece that wasn't suggested was that you need to use rawurlencode() on the transactionAmount that's part of the $string_to_sign.

Most other answers are a piece of the problem. For instance, you need to add a new line to the $string_to_sign after the GET (which you have), after the authorize.payments-sandbox.amazon.com, and after the /cobranded-ui/actions/start. You also need to set the $raw_output parameter to true in the hash_hmac() function.

I've included a complete working rewrite of your code (replace <Your_Access_Key> and <Your_Secret_Key>):

$return_url = rawurlencode('http://problemio.com');
$payment_reason = 'donation';
$transaction_amount = rawurlencode('4.0');

$secret_key = '<Your_Secret_Key>';
$my_access_key_id = '<Your_Access_Key>';

$string_to_sign = 'GET
authorize.payments-sandbox.amazon.com
/cobranded-ui/actions/start
SignatureMethod=HmacSHA256&SignatureVersion=2&callerKey=' . $my_access_key_id . '&callerReference=YourCallerReference&paymentReason=' . $payment_reason . '&pipelineName=SingleUse&returnUrl=' . $return_url . '&transactionAmount=' . $transaction_amount;

$encoded_string_to_sign = URLEncode(Base64_Encode(hash_hmac("sha256", $string_to_sign, $secret_key, true)));

$amazon_request_sandbox = 'https://authorize.payments-sandbox.amazon.com/cobranded-ui/actions/start?SignatureVersion=2&returnUrl=' . $return_url . '&paymentReason=' . $payment_reason . '&callerReference=YourCallerReference&callerKey=' . $my_access_key_id . '&transactionAmount=4.0&pipelineName=SingleUse&SignatureMethod=HmacSHA256&Signature=' . $encoded_string_to_sign;

However, I strongly suggest that you use the PHP library provided by the FPS community which can be downloaded here. I use this in production code and have never had an issue. Using the FPS library, your code would look like the following:

<?php

require_once 'CBUISingleUsePipeline.php';
require_once 'CBUIPipeline.php';

$secret_key = '<Your_Secret_Key>';
$my_access_key_id = '<Your_Access_Key>';

$return_url = 'http://problemio.com';
$transaction_amount = '4.0';
$caller_reference = '<Your_Caller_Reference>';
$payment_reason = 'donation';

$base = 'https://authorize.payments-sandbox.amazon.com/cobranded-ui/actions/start';

$pipeline = new Amazon_FPS_CBUISingleUsePipeline($my_access_key_id, $secret_key);
$pipeline->setMandatoryParameters($caller_reference, $return_url, $transaction_amount);
$pipeline->addParameter('paymentReason', $payment_reason);
$uRL = $pipeline->getURL($base);

?>
回复 原文
嘴硬脾气大 2025-01-03 02:01:17

您设置签名方式了吗?来自 AWS 文档

您必须将 SignatureMethod 请求参数设置为
HmacSHA256 或 HmacSHA1 指示您使用的签名方法

Have you set your signature method? from the AWS documentation:

You must set the SignatureMethod request parameter to either
HmacSHA256 or HmacSHA1 to indicate which signing method you're using

回复 原文
仅冇旳回忆 2025-01-03 02:01:17

我不认为您需要对散列进行 Base64 编码(毕竟,它已经被进行了 urlencoded)——尝试删除 Base64_Encode。

I don't believe you need to base64 encode the hash (after all, it's already being urlencoded) -- try removing Base64_Encode.

回复 原文
¢好甜 2025-01-03 02:01:17

您的 $string_to_sign 变量缺少“?”位于编码签名的 start 和 SignatureMethod 之间。

签名版本 2 是 Amazon 的增强签名方法
Simple Pay 和亚马逊灵活支付服务。

对于入站请求(从您的应用程序到 Amazon Payments),它
使用整个请求 URI 作为签名的基础,
基于您帐户的唯一安全凭证的加密。

对于出站请求(从 Amazon Payments 到您的应用程序),
亚马逊签署了您可以使用以下方式验证的响应
验证签名API

编辑:

正如 @Jonathan Spooner 已经提到的,我使用的是位于的函数 varifySignature()

/amazon-fps-2010-08-28-php5-library/src/Amazon/FPS/Samples/Client.php

可以下载 此处。它还有一个关于如何使用它的示例

/amazon-fps-2010-08-28-php5-library/src/Amazon/FPS/Samples/VerifySignatureSample.php

它使整个过程变得更加容易。也许值得一试...

Your $string_to_sign variable is missing a '?' between start and SignatureMethod for your encoded Signature.

Signature version 2 is an enhanced signing method for both Amazon
Simple Pay and Amazon Flexible Payments Service.

For inbound requests (from your application to Amazon Payments), it
uses the entire request URI as the basis for the signature, with
encryption based on the unique security credentials for your account.

For outbound requests (from Amazon Payments to your application),
Amazon signs the response which you can verify using the
VerifySignature API

EDIT:

As @Jonathan Spooner mentioned already and what I use is the function varifySignature() located in

/amazon-fps-2010-08-28-php5-library/src/Amazon/FPS/Samples/Client.php

which can be downloaded here. It also has an example as to how to use it in

/amazon-fps-2010-08-28-php5-library/src/Amazon/FPS/Samples/VerifySignatureSample.php

It makes the whole process much easier. It may be worth a shot...

回复 原文
淡墨 2025-01-03 02:01:17

您尝试过这个

base64_encode(hash_hmac('sha256', $Request, $AmazonSecretKey, true));

传递一个布尔值以将其作为原始输出传递。

Have you tried this

base64_encode(hash_hmac('sha256', $Request, $AmazonSecretKey, true));

Pass a boolean to pass it as a raw output.

回复 原文
她说她爱他 2025-01-03 02:01:17

您肯定缺少 hash_hmac 的最后一个参数,必须将其设置为 true 才能获得符合 RFC 2104 的 HMAC 签名:

base64_encode(
    hash_hmac($hash, $data, $key, true)
);

在完整的示例中,您缺少新的$string_to_sign 中的行。

You're most definitely missing the last parameter for hash_hmac which has to be set true to get RFC 2104-compliant HMAC signature:

base64_encode(
    hash_hmac($hash, $data, $key, true)
);

And in the complete example you're missing new lines in $string_to_sign.

回复 原文
~没有更多了~

关于作者

空宴

暂无简介

文章
评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

陪我终i

文章 0 评论 0

别忘他

文章 0 评论 0

野心澎湃

文章 0 评论 0

蒲公英的约定

文章 0 评论 0

文章 0 评论 0

旧时模样

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文