文档

参考apple 官网的文档:Applepay解密过程

原始数据Base64解码

这里以RSA作为介绍,源码里面包含了Ecc的,文章不重复写

{
	"version": "RSA_v1",
	"data": "N6h9l7hs9bUn1DGfc9MEEhP9/COm5AVsIuzKSXMcG85P7FkR058VuQnYRCY+EiTx3Kde7EUfrCnHWeGurDEB5v5au0Omo8uLyKAMsFeEJYntgLw8Wnhf98UlrlT06UwqI16Y+iNu62EE1Uz2ydZJfyrBT7OpuCdK5LH2FIEsjElZrMh7NDofOz4vSErya/llAFSceZCJr09zVwBpz86AYspmXtnk098bF+93Dnw3bWH4X5L2FujP5OnGO4mKW5RxMDudm+t6tFKbHfESGJufAevFU5LSNGIYCunDxF7EAw/yDFUlLJBrEYL2ZSRPaV/SQ7WXvYqhg6WNm/ZMgJCW4apQ+JuqULMYTksxKQS6x/z5vdslk4803ByeeEOxEQK0QZ8o0QeOELnOJuNs",
	"signature": "MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCAMIIErTCCBFOgAwIBAgIISaWX1yvjfKIwCgYIKoZIzj0EAwIwejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE2MDExMTIxMDEyM1oXDTIxMDEwOTIxMDEyM1owXzElMCMGA1UEAwwccnNhLXNtcC1icm9rZXItc2lnbl9VQzQtUFJPRDEUMBIGA1UECwwLaU9TIFN5c3RlbXMxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQVz1Fhm2yl8s1VuXKa+oUqNn4I0f7cO3syJRN7u7E2QYSa/ZLrN5S/oT62zpPDtxKAIcTr1PbofjhZCCj2cSeyxwFGDKh0qlgn7+6ijDsvELjm3oyq0mxw5ZflxsfXmxCRtuu9mWdUNc/n8vNN1BXtCdeCAqL7MWRZgh/Yrf2MqrozQ7Af8cbo/YTjRwyn/qLngfGOtGBT/BWJ8mVJX295EQ6PguA7fHaDYoCWN6C/BQaeSnxzD+O6YXyOKK1ZbR2IG0YTIP/SQpGbF5/mFdhs3phRS0KCKL2FkwuWIBcUMP2Yo43983tWniEsWFIgwDlAPv7/UEE3ZKjQbJ+o8aQIDAQABo4ICETCCAg0wRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzABhilodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDA0LWFwcGxlYWljYTMwMzAdBgNVHQ4EFgQUZMOfztomh7HwZGf+qKiURaQ2bCEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQj8knET5Pk7yfmxPYobD+iu/0uSzCCAR0GA1UdIASCARQwggEQMIIBDAYJKoZIhvdjZAUBMIH+MIHDBggrBgEFBQcCAjCBtgyBs1JlbGlhbmNlIG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFzc3VtZXMgYWNjZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJkIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUgcG9saWN5IGFuZCBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMDYGCCsGAQUFBwIBFipodHRwOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS8wNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVhaWNhMy5jcmwwDgYDVR0PAQH/BAQDAgeAMA8GCSqGSIb3Y2QGHQQCBQAwCgYIKoZIzj0EAwIDSAAwRQIgXT37W8PKVeh6RScRafB4pS6ozOJRkPqjl+3V7xZDGIUCIQDTk4hvkbnSjzzhhGxlIHLrAgLTCtxr/k7cw2sWjpSsezCCAu4wggJ1oAMCAQICCEltL786mNqXMAoGCCqGSM49BAMCMGcxGzAZBgNVBAMMEkFwcGxlIFJvb3QgQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE0MDUwNjIzNDYzMFoXDTI5MDUwNjIzNDYzMFowejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8BcRhBnXZIXVGl4lgQd26ICi7957rk3gjfxLk+EzVtVmWzWuItCXdg0iTnu6CP12F86Iy3a7ZnC+yOgphP9URaOB9zCB9DBGBggrBgEFBQcBAQQ6MDgwNgYIKwYBBQUHMAGGKmh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDQtYXBwbGVyb290Y2FnMzAdBgNVHQ4EFgQUI/JJxE+T5O8n5sT2KGw/orv9LkswDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS7sN6hWDOImqSKmd6+veuv2sskqzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmFwcGxlLmNvbS9hcHBsZXJvb3RjYWczLmNybDAOBgNVHQ8BAf8EBAMCAQYwEAYKKoZIhvdjZAYCDgQCBQAwCgYIKoZIzj0EAwIDZwAwZAIwOs9yg1EWmbGG+zXDVspiv/QX7dkPdU2ijr7xnIFeQreJ+Jj3m1mfmNVBDY+d6cL+AjAyLdVEIbCjBXdsXfM4O5Bn/Rd8LCFtlk/GcmmCEm9U+Hp9G5nLmwmJIWEGmQ8Jkh0AADGCAk0wggJJAgEBMIGGMHoxLjAsBgNVBAMMJUFwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUwIISaWX1yvjfKIwDQYJYIZIAWUDBAIBBQCggZgwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAxMDIzMDQyNTQxWjAtBgkqhkiG9w0BCTQxIDAeMA0GCWCGSAFlAwQCAQUAoQ0GCSqGSIb3DQEBCwUAMC8GCSqGSIb3DQEJBDEiBCDAqGxFun0pvLQ/Paw8/4bkDImtmpMsy/0nGbIpUEOd7jANBgkqhkiG9w0BAQsFAASCAQAH0JjmM5XMLyPgAm666b9fSDvxh0M6pQz6UkCeUELD1tAKPxTsVaMn08nWDxQQQNvGo+A1ZqwN4UVbqgBAoQURBv1AnIDVkxKZUTpdQRcygHSoncUkME9UQMu7ScBCKVlgdpj5mhzoO9TZrr6lR80TevlMEyucSjEy1Ek6P0795zwM6WtL01ISkA0gK/QiVu8UMF9/VekMhBZgCszPV2yi9TaGqvTlE5jTSj78IaDSmcU6vG3Yx4MxaD9IeZcFDmGzNnrv4MleKLRvrQgPZBxJ/HaY+vv9XQnjjXsKcMDmKTgvMw2ExNyRyfk3jFMzM+RGLjcLZ8gYJGkOaz5iV/f3AAAAAAAA",
	"header": {
		"publicKeyHash": "ZDKQxFk0hs8YTl0dWrj2FevQOZH8aaUP8ezlvO7yt5g=",
		"transactionId": "82e309ac4cfac5b573980485a7bee36cff63806f669bc50b71bacb2f208f2bf6",
		"wrappedKey": "s9UOpf2p7XWfqQ8iW26YboR16HXOh9x1Spdb/D3XkUHXbg7zoOJg8m2hPmu0ygJR156wjj/VdJo23D+fs4CgvpWEz4ElpgSGjPo+Fjk1qNFEogDFB4QJH7ZHTU1F/KxDh43Uu2Ms0IfSxFYYBJeohxH3XRit+PmzdzMpnYcl6u0ikozgEcepFhzIeNKIhjMRRE5xh40pPRlAOJeFUVBrnI55h9KXG4cZIeg0aBon0SFTo7aiIhNdSxZgEEZEnrR9bC8dJK4RoFbfNmvOHz9jTPE4EbbIL0dRP8TlOtrnA7gXf240zY0MxoNSE9mjDe1CFpSiseKgG1keZNN3cmhNpw=="
	}
}

签名校验

如何保证数据是从applepay正确的来源,防止假冒数据。

虽然你不校验,发送到发卡行也会被校验出来错误的数据,但是,在银行交易里面,简单的错误多了,轻则会被卡组织罚款,重则被取消支付牌照。

获取对应秘钥

这里值得说一下的是,在我们配置秘钥时我们如何计算这个Hash,从而,让我们真正拿到hash时,能够通过hash来获取对应的秘钥,这部分代码资料比较少,很多人都是忽略这部分,直接自己定义了一套索引:

func CalcCerHash(cerContent []byte) (string, error) {
	cer, err := x509.ParseCertificate(cerContent)
	if err != nil {
		return "", nil
	}

	ret := algorithmutils.Sha256(cer.RawSubjectPublicKeyInfo)

	return ret, nil
}

解密