如何验证 bluesnap ipn 安全头?

huangapple go评论63阅读模式
英文:

How to validate bluesnap ipn security header?

问题

我已在IPN设置页面中配置了IPN安全头。

现在我需要在我的服务器端使用请求的头部和正文来验证bls-signature。
我在文档中找不到任何关于如何使用HMAC-SHA256计算签名的提及:

  • 用于创建HMAC-SHA256输入值的头部是哪些?
  • 如何解析头部/正文以创建HMAC-SHA256输入值?
  • 如何将头部和正文组合以创建HMAC-SHA256输入值?
  • 将输入值转换为HMAC-SHA256字节时使用的编码是什么?

我急需找到答案,希望这里有人知道。

英文:

I have configured the IPN security header in the IPN setting page.

Now I need to validate the bls-signature using the headers and body of the request on my server side.
I can’t find in the documentation any mention of how the signature is computed using the HMAC-SHA256:

  • What headers are used for the creation of the input value for the HMAC-SHA256?
  • How to parse the headers/body for the creation of the input value for the HMAC-SHA256?
  • How the headers and body are combined to create the input value for the HMAC-SHA256?
  • What encoding is used for the conversion of the input value to bytes for the HMAC-SHA256?

I am desperate to find the answer, I hope someone here may know it.

答案1

得分: 0

我收到了来自Bluesnap支持的回复。

这是有关IPN身份验证的更新文档:

可选:如果您想要验证IPN是否来自BlueSnap,您可以通过使用“生成密钥”按钮创建一个加密密钥,或者在字段中输入自己的密钥。您可以使用此功能验证消息的真实性:

i. 使用此功能会向您的IPN请求添加两个自定义标头,bls-signature和bls-ipn-timestamp。

ii. bls-signature的值是使用加密密钥对bls-timestamp和IPN正文进行HMAC-SHA-256拼接的签名。

例如:

2023-05-15 13:02:57.878这里放置IPN正文

英文:

I got a response from Bluesnap support.

this is the updated documentation for the Authentication of the IPN:

Optional: If you want to authenticate that an IPN originated from BlueSnap, you can add an encryption key by using the Generate Key button to create one or by entering your own key in the field. You can use this feature to validate the authenticity of the message:

i. Using this feature adds two custom headers, bls-signature and bls-ipn-timestamp, to your IPN requests.

ii. The value of bls-signature is the signature of the bls-timestamp concatenated with the IPN body in HMAC-SHA-256 using the encryption key.

for example:

2023-05-15 13:02:57.878HereYouPutTheIPNBody

huangapple
  • 本文由 发表于 2023年6月27日 20:10:04
  • 转载请务必保留本文链接:https://go.coder-hub.com/76564720.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定