Verify Sign

Verify sign is similar to Add Sign, now we use a sample notification to show the logic. Let's say we have obtained an asynchronous notification and get its body like this:

We assume you have downloaded the public key which is provided by LianLian.

{
    "bank_code": "01020000",
    "dt_order": "20180518102511",
    "money_order": "0.01",
    "no_order": "1526610305612",
    "oid_partner": "201103171000000000",
    "oid_paybill": "2018051845781369",
    "pay_type": "P",
    "result_pay": "SUCCESS",
    "settle_date": "20180518",
    "sign": "fh5bg2w6fvsUsgt+Qo+gl9s+6okHOL186+Mr+DW8eNQJyEwI98RHIFO6/XApGgcdwXPfKevTPAyymlK1Q0F6DmIkMSGSUL2u1SM7CZCU7mPdD8xDUAin83TnH0WdTO+AJj55HpQDkEpExrmEdGQPbVpuepnUOB0fLFX3cSiFqVU=",
    "sign_type": "RSA"
}

A verify sign flow contains 2 step:

1. Generate signature source

Take parameter sign and its value out and then put all the other parameters with format {key}={value} and connect them with & character together, note:

  • The signature source need to be ascended in order of the first letter.

bank_code=01020000&dt_order=20180518102511&money_order=0.01&no_order=1526610305612&oid_partner=201103171000000000&oid_paybill=2018051845781369&pay_type=P&result_pay=SUCCESS&settle_date=20180518&sign_type=RSA

2. Verify it

Execute the verify function with sign and the generated signature source as well as the public key provided by LianLian. Here is a sample using Java:

    /**
     * RSA签名验证
     *
     * @param reqObj: The obtained asynchronous notification body
     * @param rsa_public: The public key provided by LianLian
     * @return
     */
    private boolean checkSignRSA(JSONObject reqObj, String rsa_public)
    {
        if (reqObj == null)
        {
            return false;
        }
        String sign = reqObj.getString("sign");
        String sign_src = getInstance().generateSignSrc(reqObj);
        try
        {
            if (TraderRSAUtil.checksign(rsa_public, sign_src, sign))
            {
                return true;
            } else
            {
                return false;
            }
        } catch (Exception e)
        {
            return false;
        }
    }

You can continue with your own delivery logic once the verification is successful.

Last updated