Skip to main content

Signature Generation

Info

VMP requires the client to sign the request. VMP will verify the signature upon receiving the request.

Developers can generate the signature for the request by following these steps.

Preparation

The client needs to prepare a set of user_confirm_key and secret_code , which can be obtained by:

  • Sending an email to the contact person for integration.

Constructing the Signature String

Assuming the request parameters:

{
	"p0": "c",
	"p2": "b",
	"p1": "a"
}

Assuming secret_code :

testsignkey1234

Step 1: Sort the parameters in ascending order based on the parameter names in ASCII dictionary order.

{
	"p0": "c",
	"p1": "a",
	"p2": "b"
}

Step 2: Concatenate the parameters in the format of key=value using the & symbol.

p0=c&p1=a&p2=b

Step 3: Prepend the secret_code without the & symbol to the string generated in the previous step to form the signature string.

testsignkey1234p0=c&p1=a&p2=b

Calculating the Signature Value

Calculate the SHA-256 hash of the signature string using the UTF-8 encoding.

sha256('testsignkey1234p0=c&p1=a&p2=b', 'UTF-8');

Signature result:

ed473ec9e423747a40b87403aa9814030861932d514dab000ed1f8a741f1d6df

Constructing the Complete Request Parameters

Add the signature value to the request parameters to form the complete request parameters.

{
	"p0": "c",
	"p2": "b",
	"p1": "a",
    "sign": "ed473ec9e423747a40b87403aa9814030861932d514dab000ed1f8a741f1d6df"
}

Demo Code

import net.sf.json.JSONObject;
import org.junit.Assert;
import org.junit.Test;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.*;

public class SignTest {

    @Test
    public void doSign() throws Exception {

        JSONObject requestParams = new JSONObject();
        requestParams.put("p0", "c");
        requestParams.put("p2", "b");
        requestParams.put("p1", "a");

        String secretCode = "testsignkey1234";

        String asciiLinkString = createAsciiLinkString(requestParams);
        System.out.println(asciiLinkString);

        String signTempString = secretCode + asciiLinkString;
        System.out.println(signTempString);

        String signCode = sha256(signTempString, "UTF-8");
        System.out.println(signCode);

        requestParams.put("sign", signCode);
        
    }

    private String createAsciiLinkString(JSONObject params) {
        List<String> keys = new ArrayList();
        keys.addAll(params.keySet());
        Collections.sort(keys);

        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < keys.size(); i++) {
            stringBuffer.append(keys.get(i)).append("=").append(params.get(keys.get(i)));
            if (i != keys.size() - 1) {
                stringBuffer.append("&");
            }
        }
        return stringBuffer.toString();
    }

    private String sha256(String signTempString, String charset)
            throws UnsupportedEncodingException, NoSuchAlgorithmException {
        byte[] bt = signTempString.getBytes(charset);
        MessageDigest md = MessageDigest.getInstance("SHA-256");
        md.update(bt);
        byte[] r = md.digest();
        return bytes2Hex(r);
    }

    private String bytes2Hex(byte[] bts) {
        String des = "";
        for (int i = 0; i < bts.length; i++) {
            String tmp = (Integer.toHexString(bts[i] & 0xFF));
            if (tmp.length() == 1) {
                des += "0";
            }
            des += tmp;
        }
        return des;
    }

}

Signature Verification Tool

Click here to openopen in new window

Powered By eftPay Copyright©2023 eftPay All Rights Reserved.