之前做过金融支付这块儿。到过北京石景山区银行卡检测中心过检PBOC的level2认证,去过上海银联总部和湖南银联对接银联卡和扫码支付。对金融支付和卡交易这块儿熟悉。现在这块儿知识用不上了总结下留作备忘,同时分享给有需要的人。
关于免密免密交易
免密支付指的是在支付一定金额时,不用输入密码,即可完成交易。小额免密免签,也叫小额双免。是中国银联提供的一种小额快速支付服务。银联闪付就是免密支付的应用,通过联机方式,使用具有“闪付”标识的银行银联芯信用卡,或承载个人信用卡信息的移动支付产品,将银联芯片卡靠近终端“闪付”感应区即可完成支付。
这是大概在2015年10月银联为了紧跟时代潮流和方便用户推出的新业务。我们知道原来的银行卡用起来很不方便,随后它推出的有一个"电子现金"功能,但还是需要先到ATM机上往卡里圈存一部分钱才能用,这部分圈存到卡片上的钱俗称电子现金,消费通过带有闪付标识的银联pos机使用,只需挥卡不用输入密码和签名即可消费,用在一些小额支付场景如公交,地铁和商超。
现在这种小额支付免密交易很流行,各大平台和支付结构都有一定小额的免密交易。银联小额免密免签不需要密码也能保障资金安全,因为小额免密免签使用高安全性的金融ic卡,同时银联联合银行为持卡人提供风险控制和赔付机制。
银联8583协议
8583协议在金融系统中很常用,报文简短,定义清晰规范。是基于ISO8583报文国际标准的包格式的通讯协议,8583包最多由128个字段域组成,每个域都有统一的规定,并有定长与变长之分。8583包前面一段为位图,它是打包解包确定字段域的关键代替。
曾写过一个java版的8583解析协议,全互联网最简单好用的,地址在这里:
java版银联8583协议解析,超简单超直观的实现及示例(全互联网最简单)_特立独行的猫a的博客-CSDN博客_银联8583demo
银联公网接入规范
银联提供了公网https接入规范。HTTP交易报文由http头加传统交易报文数据组成。http头中主要定义了交易报文类型及长度,同时需符合http协议规范。
POST /mjc/webtrans/XX HTTP/1.1
HOST: 145.4.206.XX:XX
User-Agent: XXXX
Cache-Control: no-cache
Content-Type:x-ISO-TPDU/x-auth
Accept: */*
Content-Length: length
https握手流程
HTTPS(全称:Hyper Text Transfer Protocol over Secure Socket Layer),是以安全为目标的HTTP通道,简单讲是HTTP的安全版。即HTTP下加入SSL层,HTTPS的安全基础是SSL。在发送HTTP报文之前需要建立SSL连接,以此加密HTTP数据。关系如下图所示:
SSL连接分为两个阶段,即握手和数据传输阶段;传输任何应用数据之前必须先完成握手。
握手协议:
- 对服务器进行认证;
- 确立用于保护数据传输的加密密钥;
- 记录协议:
-
传输数据;
银联通信MAC算法
8583通信有个MAC校验,相关算法参照博主博文:
ANSI-X99MAC算法和PBOC的3DES MAC算法_特立独行的猫a的博客-CSDN博客
Java的HTTP接口封装
没有使用第三方的jar包,使用java自带的net.HttpURLConnection包的封装,简单易用。支持http和https,可以让https不验证本地证书。
package com.yang.utils;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
/**
* https请求工具类
*
* @author yang
* @date 2018/6/6 19:12
*/
public class HttpsUtils {
/*
* https请求是在http请求的基础上加上一个ssl层
*/
public static String doPost(String requestUrl, String bodyStr, Map<String, String> header, String charset, String contentType) throws Exception {
System.out.printf("https post 请求地址:%s 内容:%s", requestUrl, bodyStr);
charset = null == charset ? "utf-8" : charset;
// 创建SSLContext
SSLContext sslContext = SSLContext.getInstance("SSL");
TrustManager[] trustManagers = {new X509TrustManager() {
/*
* 实例化一个信任连接管理器
* 空实现是所有的连接都能访问
*/
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}};
// 初始化
sslContext.init(null, trustManagers, new SecureRandom());
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
URL url = new URL(requestUrl);
HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
httpsURLConnection.setSSLSocketFactory(sslSocketFactory);
// 以下参照http请求
httpsURLConnection.setDoOutput(true);
httpsURLConnection.setDoInput(true);
httpsURLConnection.setUseCaches(false);
httpsURLConnection.setRequestMethod("POST");
httpsURLConnection.setRequestProperty("Accept-Charset", charset);
if (null != bodyStr) {
httpsURLConnection.setRequestProperty("Content-Length", String.valueOf(bodyStr.length()));
}
if (contentType == null) {
httpsURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
} else {
httpsURLConnection.setRequestProperty("Content-Type", contentType);
}
if (!header.isEmpty()) {
for (Map.Entry<String, String> entry : header.entrySet()) {
httpsURLConnection.setRequestProperty(entry.getKey(), entry.getValue());
}
}
httpsURLConnection.connect();
// 读写内容
OutputStream outputStream = null;
InputStream inputStream = null;
InputStreamReader streamReader = null;
BufferedReader bufferedReader = null;
StringBuffer stringBuffer;
try {
if (null != bodyStr) {
outputStream = httpsURLConnection.getOutputStream();
outputStream.write(bodyStr.getBytes(charset));
outputStream.close();
}
if (httpsURLConnection.getResponseCode() >= 300) {
throw new Exception("https post failed, response code " + httpsURLConnection.getResponseCode());
}
inputStream = httpsURLConnection.getInputStream();
streamReader = new InputStreamReader(inputStream, charset);
bufferedReader = new BufferedReader(streamReader);
stringBuffer = new StringBuffer();
String line;
while ((line = bufferedReader.readLine()) != null) {
stringBuffer.append(line);
}
} catch (Exception e) {
throw e;
} finally {
if (outputStream != null) {
outputStream.close();
}
if (inputStream != null) {
inputStream.close();
}
if (streamReader != null) {
streamReader.close();
}
if (bufferedReader != null) {
bufferedReader.close();
}
}
System.out.printf("--- https post 返回内容:%s", stringBuffer.toString());
return stringBuffer.toString();
}
public static byte[] doUpHttpsPost(String requestUrl, byte[] bodyHex) throws Exception {
System.out.printf("请求地址:%s\n", requestUrl);
// 创建SSLContext
SSLContext sslContext = SSLContext.getInstance("SSL");
TrustManager[] trustManagers = {new X509TrustManager() {
/*
* 实例化一个信任连接管理器
* 空实现是所有的连接都能访问
*/
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
//return new X509Certificate[0];
return new X509Certificate[]{};
}
}};
// 初始化
sslContext.init(null, trustManagers, new SecureRandom());
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
URL url = new URL(requestUrl);
HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
httpsURLConnection.setSSLSocketFactory(sslSocketFactory);
HostnameVerifier hv = new HostnameVerifier(){
@Override
public boolean verify(String string, SSLSession ssls) {
return true;//To change body of generated methods, choose Tools | Templates.
}
};
httpsURLConnection.setHostnameVerifier(hv);
// 以下参照http请求
httpsURLConnection.setDoOutput(true);
httpsURLConnection.setDoInput(true);
httpsURLConnection.setUseCaches(false);
httpsURLConnection.setRequestMethod("POST");
String strLen = String.valueOf(bodyHex.length);
httpsURLConnection.setRequestProperty("User-Agent", "Donjin Http 0.1");
httpsURLConnection.setRequestProperty("Content-Length", strLen);
httpsURLConnection.setRequestProperty("Accept", "*/*");
httpsURLConnection.setRequestProperty("Content-Type", "x-ISO-TPDU/x-auth");
httpsURLConnection.setRequestProperty("Cache-Control", "no-cache");
httpsURLConnection.connect();
// 读写内容
OutputStream outputStream = null;
InputStream inputStream = null;
ByteArrayOutputStream byteArrayOutputStream = null;
try {
outputStream = httpsURLConnection.getOutputStream();
outputStream.write(bodyHex);
outputStream.flush();
outputStream.close();
System.out.printf("\n--- https ResponseCode:%d\n", httpsURLConnection.getResponseCode());
if (httpsURLConnection.getResponseCode() >= 300) {
throw new Exception("https post failed, response code " + httpsURLConnection.getResponseCode());
}
inputStream = httpsURLConnection.getInputStream();
byteArrayOutputStream = new ByteArrayOutputStream();
int len = 0;
byte[] bytes = new byte[inputStream.available()];
while ((len = inputStream.read(bytes)) != -1) {
byteArrayOutputStream.write(bytes, 0, len);
}//写入数据
return byteArrayOutputStream.toByteArray();
//byte[] nbytes = bytes.c
} catch (Exception e) {
throw e;
} finally {
if (outputStream != null) {
outputStream.close();
}
if (inputStream != null) {
inputStream.close();
}
if (byteArrayOutputStream != null) {
byteArrayOutputStream.close();
}
}
}
}
免密免签交易流程
测试源码在这里:
https://download.csdn.net/download/qq8864/87280073
报文示例
test...
2022/12/13 18:57:16 Server:XXX.XX.XX.XXX
2022/12/13 18:57:16 Port:0
2022/12/13 18:57:16 Url:https://202.xx.25.xx:xx/mjc/webtrans/ABC
pack 8583 fields
Print fields...
==========================================
Len: 0057
Tpdu: 6002100000
Head: 613100311108
Msge: 0800
Bitmap: 0020000000c00016
==========================================
[field:11] [000001]
------------------------------
[field:41] [3134313030303033]
------------------------------
[field:42] [313431343230313431313130303033]
------------------------------
[field:60] [len:0011] [000000000030]
------------------------------
[field:62] [len:0025] [53657175656e6365204e6f3132333036303134313030303033]
------------------------------
[field:63] [len:0003] [303031]
------------------------------
2022/12/13 18:57:16 connect:server=https://2xx.101.25.18x:2x141/mjc/webtrans/ABC
send:0057600210000061310031110808000020000000c0001600000131343130303030333134313432303134313131303030330011000000000030002553657175656e6365204e6f31323330363031343130303030330003303031
ReadFile err: open UP.pem: no such file or directory
2022/12/13 18:57:16 begin post...
User-Agent : Donjin Http 0.1
Content-Type : x-ISO-TPDU/x-auth
Cache-Control : no-cache
2022/12/13 18:57:16 recv ok!len=123
recv:007960000002106131003111080810003800010ac00014000001185716121308000952103138353731363035373232373030313431303030303331343134323031343131313030303300110000001700300040b31544e6cf8a5d091450ad5970c2143e7e960636afd9761ce25f41f70000000000000000c7e1867b
ans 8583 fields
解析成功
Print fields...
==========================================
Len: 0079
Tpdu: 6002100000
Head: 613100311108
Msge: 0810
Bitmap: 003800010ac00014
==========================================
[field:11] [000001]
------------------------------
[field:12] [185716]
------------------------------
[field:13] [1213]
------------------------------
[field:32] [len:08] [00095210]
------------------------------
[field:37] [313835373136303537323237]
------------------------------
[field:39] [3030]
------------------------------
[field:41] [3134313030303033]
------------------------------
[field:42] [313431343230313431313130303033]
------------------------------
[field:60] [len:0011] [000000170030]
------------------------------
[field:62] [len:0040] [b31544e6cf8a5d091450ad5970c2143e7e960636afd9761ce25f41f70000000000000000c7e1867b]
------------------------------
mackey:e5986862d3efefae
2022/12/13 18:57:16 签到成功
![[附源码]Nodejs计算机毕业设计基于web技术的米其林轮胎管理系统Express(程序+LW)](https://img-blog.csdnimg.cn/6efdff7c0e0940d0aac0f050ebd28860.png)
