paypal Encryption 支付编程全解
[面试之前还是回顾一下曾经做过的Paypal支付过程]
How-To Build your own PayPal Encrypted Buttons 制作加密付款按钮
首先,了解一下加密过程:
The encryption process – Senders use their private keys and receivers’ public keys to encrypt information before
sending it. Receivers use their private keys and senders’ public keys to decrypt information after receiving it. This
encryption process also uses digital signatures in public certificates to verify the sender of the information.
You use your private key and PayPal’s public key to encrypt your HTML button code. PayPal uses it’s private key and
your public key to decrypt button code after people click your payment buttons.
简而言之,用的是一种非对等加密技术,发送者与接收者都有各自的公钥与私钥,双方都共享自己的公钥,发送方首先用自己的私钥加密,再用接收方的公钥加密,经过这两次加密后传递信息,接收方收到信息后先用自己的私钥解密,再用发送方的公钥解密,之后得到明文.
因此,我们必须和paypal交换公钥
Step 1: Generate your private key and public certificate
很简单,生成私钥,由私钥再生成相应的公钥,不知道我理解得对不对
http://myzerg.cnblogs.com/archive/2006/02/07/myzerg.html
而我是从http://www.stellarwebsolutions.com/certificates/stellar_cert_builder.php生成私钥和公钥的
接着,制作证书,方法见第一个链接
Step 2: Upload Your Public Certificate
To upload your public certificates to PayPal:
1. Log in to your Business or Premier account.
2. Click the Profile subtab.
3. In the Seller Preferences column, click Encrypted Payment Settings.
4. Click Add.
5. Click Browse, and select your public certificate file "my-pubcert.pem".
6. When your public certificate is successfully uploaded, it appears on the next screen under Your Public Certificates.
7. Record the Cert ID, you'll need to include this in any encrypted data.好,记下这个Cert ID,它在明文中的写法为 cert_id=”……”,
Step 3: Download the PayPal Public Certificate
下载PAYPAL的公钥
You use PayPal's public certificate to encrypt your button code. To download PayPal's public certificate: 1. Log in to your Business or Premier account.
2. Click the Profile subtab.
3. In the Seller Preferences column, click Encrypted Payment Settings.
4. Click Download in the PayPal Public Certificate area.Step 4: Block unencrypted payment buttons
阻止未加密的付款
You can prevent malicious users from submitting made up unencrypted buttons by blocking unencrypted payments. You should probably have everything working before you complete this step or your current payment buttons may become broken.
1. Log in to your Business or Premier account.
2. Click the Profile subtab.
3. Click the Website Payment Preferences link in the right-hand menu.
4. Select On next to Block Non-encrypted Website Payments.
5. Click Save.Setp 5:Turn ON PDT
看这,但一直没明白这个identity token是什么东西,这篇文章说它是私钥,但我在此次项目中都没用到,IPN不需要它
加密过程需要四个东西:明文,paypal的公钥,由自己的公钥与私钥生成的证书,以及证书密码
其中明文中必须指明cert_id=”…..”,这是指示paypal用自己上传的哪个公钥来解密
主要代码:
while (reader.Read())
{
encrypted_pro[i] = string.Empty;
itemname[i] = reader["PRODUCT_NAME"].ToString();
tax[i] = reader["PRODUCT_TAX"].ToString();
price[i] = reader["PRODUCT_PRICE"].ToString();
p[i]=new PayPalForm(i+1,itemname[i],price[i],tax[i],notify_url,BusinessInfo.getReturnurl(),BusinessInfo.GetEmail(),BusinessInfo.GetCert_id());
encrypted_pro[i] = new ButtonEncryption().SignAndEncrypt(p[i].GetUnEncrypted(), BusinessInfo.GetCertPhysicalPath(), BusinessInfo.GetPrivateCertPwd(), BusinessInfo.GetPayPalCertPath());
i++;
}*****************************************************************
using System;
using System.Collections.Generic;
using System.Web;
using System.Collections;
using System.Text;
/// <summary>
/// Summary description for PayPalForm
/// </summary>
public class PayPalForm
{
protected int productid;
protected string cert_id;
protected string business;
protected string item_name;
protected string price;
protected string notify_url;
protected string returnurl;
protected string custom;
protected string tax;public PayPalForm(int productid,string itemname,string price,string tax,string notify_url,string return_url,string business,string certid)
{
this.productid = productid;
this.cert_id = certid;
this.item_name = itemname;
this.business = business;
this.tax = tax;
this.notify_url = notify_url;
this.returnurl = return_url;
this.price = price;
}
public PayPalForm(string business,string cert_id)
{
this.business = business;
this.cert_id = cert_id;
}
public DictionaryEntry[] GetDic() // non-IEnumerable version
{
return new DictionaryEntry[]
{
new DictionaryEntry("cmd", "_cart"),
new DictionaryEntry("add","1"),
new DictionaryEntry("business",business),
new DictionaryEntry("cert_id",cert_id),
new DictionaryEntry("item_name",item_name),
new DictionaryEntry("item_number",productid),
new DictionaryEntry("amount", price),
new DictionaryEntry("currency_code", "USD"),new DictionaryEntry("return", returnurl),
new DictionaryEntry("cancel_return", returnurl),
new DictionaryEntry("notify_url",notify_url),new DictionaryEntry("tax",tax),
};
}
public DictionaryEntry[] GetViewCartDic()
{return new DictionaryEntry[]
{
new DictionaryEntry("cmd", "_cart"),
new DictionaryEntry("display","1"),
new DictionaryEntry("cert_id",cert_id),
new DictionaryEntry("business",this.business),
};
}
public string GetUnEncrypted()
{
StringBuilder sb = new StringBuilder();
DictionaryEntry[] dic = this.GetDic();
int len = dic.Length;
for (int i = 0; i < len; i++)
sb.Append(dic[i].Key).Append("=").Append(dic[i].Value).Append("\n");
return sb.ToString();
}
public string GetUnEncryptedViewCart()
{
StringBuilder sb = new StringBuilder();
DictionaryEntry[] dic = this.GetViewCartDic();
int len = dic.Length;
for (int i = 0; i < len; i++)
sb.Append(dic[i].Key).Append("=").Append(dic[i].Value).Append("\n");
return sb.ToString();
}}
PDT主要参数说明:http://bjutren.spaces.live.com/blog/cns!B6940F2EF5F948FC!285.entry
躲猫猫社团团长 http://t.sina.com.cn/coolria
