银联支付接口调试

最近一周做银联的交易接口,踩了不少的坑。现在把代码全部奉上。

 

#include <io.h>
#include <time.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <unistd.h>
#include <tchar.h>
#include <winsock2.h>
#include <Windows.h>

#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>

#include "WjCryptLib_Sha1.h"
#include "WjCryptLib_Sha256.h"

#ifdef  __cplusplus
extern "C" {
#endif

#include <openssl/applink.c>

#ifdef  __cplusplus
}
#endif

//static char basis_64[203] = "/012FGpqrWXY39abPQRBjkcdNOwxCHIJefgzAvMKLhistuSTUVylmnoDEZ45678+???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????";
static char basis_64[203] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????";

static char Pad64 = '=';

int Base64Encode(src, srclength, target, targsize)
    unsigned char const *src;
    size_t srclength;
    char *target;
    size_t targsize;
{
    size_t datalength = 0;
    unsigned char input[3];
    unsigned char output[4];
    int i;

    while (2 < srclength) {
        input[0] = *src++;
        input[1] = *src++;
        input[2] = *src++;
        srclength -= 3;

        output[0] = input[0] >> 2;
        output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
        output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
        output[3] = input[2] & 0x3f;

        if (datalength + 4 > targsize)
            return (-1);
        target[datalength++] = basis_64[output[0]];
        target[datalength++] = basis_64[output[1]];
        target[datalength++] = basis_64[output[2]];
        target[datalength++] = basis_64[output[3]];
    }
    
    /* Now we worry about padding. */
    if (0 != srclength) {
        /* Get what's left. */
        input[0] = input[1] = input[2] = '\0';
        for (i = 0; i < srclength; i++)
            input[i] = *src++;
    
        output[0] = input[0] >> 2;
        output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
        output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);

        if (datalength + 4 > targsize)
            return (-1);
        target[datalength++] = basis_64[output[0]];
        target[datalength++] = basis_64[output[1]];
        if (srclength == 1)
            target[datalength++] = Pad64;
        else
            target[datalength++] = basis_64[output[2]];
        target[datalength++] = Pad64;
    }
    if (datalength >= targsize)
        return (-1);
    target[datalength] = '\0';    /* Returned value doesn't count \0. */
    return (datalength);
}

int Base64Decode(src, target, targsize)
    char const *src;
    unsigned char *target;
    size_t targsize;
{
    int tarindex, state, ch;
    unsigned char nextbyte;
    char *pos;

    state = 0;
    tarindex = 0;
    while ((ch = (unsigned char)*src++) != '\0') {
        if (isspace(ch))    /* Skip whitespace anywhere. */
            continue;

        if (ch == Pad64)
            break;

        pos = strchr(basis_64, ch);
        if (pos == 0)         /* A non-base64 character. */
            return (-1);

        switch (state) {
        case 0:
            if (target) {
                if (tarindex >= targsize)
                    return (-1);
                target[tarindex] = (pos - basis_64) << 2;
            }
            state = 1;
            break;
        case 1:
            if (target) {
                if (tarindex >= targsize)
                    return (-1);
                target[tarindex]   |=  (pos - basis_64) >> 4;
                nextbyte = ((pos - basis_64) & 0x0f) << 4;
                if (tarindex + 1 < targsize)
                    target[tarindex+1] = nextbyte;
                else if (nextbyte)
                    return (-1);
            }
            tarindex++;
            state = 2;
            break;
        case 2:
            if (target) {
                if (tarindex >= targsize)
                    return (-1);
                target[tarindex]   |=  (pos - basis_64) >> 2;
                nextbyte = ((pos - basis_64) & 0x03) << 6;
                if (tarindex + 1 < targsize)
                    target[tarindex+1] = nextbyte;
                else if (nextbyte)
                    return (-1);
            }
            tarindex++;
            state = 3;
            break;
        case 3:
            if (target) {
                if (tarindex >= targsize)
                    return (-1);
                target[tarindex] |= (pos - basis_64);
            }
            tarindex++;
            state = 0;
            break;
        }
    }
    /*
     * We are done decoding Base-64 chars.  Let's see if we ended
     * on a byte boundary, and/or with erroneous trailing characters.
     */

    if (ch == Pad64) {            /* We got a pad char. */
        ch = (unsigned char)*src++;    /* Skip it, get next. */
        switch (state) {
        case 0:        /* Invalid = in first position */
        case 1:        /* Invalid = in second position */
            return (-1);

        case 2:        /* Valid, means one byte of info */
            /* Skip any number of spaces. */
            for (; ch != '\0'; ch = (unsigned char)*src++)
                if (!isspace(ch))
                    break;
            /* Make sure there is another trailing = sign. */
            if (ch != Pad64)
                return (-1);
            ch = (unsigned char)*src++;        /* Skip the = */
            /* Fall through to "single trailing =" case. */
            /* FALLTHROUGH */

        case 3:        /* Valid, means two bytes of info */
            /*
             * We know this char is an =.  Is there anything but
             * whitespace after it?
             */
            for (; ch != '\0'; ch = (unsigned char)*src++)
                if (!isspace(ch))
                    return (-1);

            /*
             * Now make sure for cases 2 and 3 that the "extra"
             * bits that slopped past the last full byte were
             * zeros.  If we don't check them, they become a
             * subliminal channel.
             */
            if (target && tarindex < targsize &&
                target[tarindex] != 0)
                return (-1);
        }
    } else {
        /*
         * We ended by seeing the end of the string.  Make sure we
         * have no partial bytes lying around.
         */
        if (state != 0)
            return (-1);
    }

    return (tarindex);
}

//用openssl自家的base64输出值。
int base64_encode(char *in_str, int in_len, char *out_str)
{
    BIO *b64, *bio;
    BUF_MEM *bptr = NULL;
    size_t size = 0;
 
    if (in_str == NULL || out_str == NULL)
        return -1;
 
    b64 = BIO_new(BIO_f_base64());
    bio = BIO_new(BIO_s_mem());
    bio = BIO_push(b64, bio);
 
    BIO_write(bio, in_str, in_len);
    BIO_flush(bio);
 
    BIO_get_mem_ptr(bio, &bptr);
    memcpy(out_str, bptr->data, bptr->length);
    out_str[bptr->length] = '\0';
    size = bptr->length;
 
    BIO_free_all(bio);
    return size;
}
 
int base64_decode(char *in_str, int in_len, char *out_str)
{
    BIO *b64, *bio;
    BUF_MEM *bptr = NULL;
    int counts;
    int size = 0;
 
    if (in_str == NULL || out_str == NULL)
        return -1;
 
    b64 = BIO_new(BIO_f_base64());
    BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
 
    bio = BIO_new_mem_buf(in_str, in_len);
    bio = BIO_push(b64, bio);
 
    size = BIO_read(bio, out_str, in_len);
    out_str[size] = '\0';
 
    BIO_free_all(bio);
    return size;
}

char *_btoa(char *ecode)
{
    static int inlen,outlen;
    static char outstr[4096];
    
    inlen=strlen(ecode);
    outlen=sizeof(outstr);
    Base64Encode(ecode, inlen, outstr, &outlen);
    return outstr;
}

char *_atob(char *dcode)
{
    static int outlen;
    static char outstr[4096];
    
    Base64Decode(dcode, outstr, &outlen);
    return outstr;
}

//有点bug 输出大于4096自己改
char *urlencorder(char *ecode)
{
    int i,n,len;
    static char outstr[4096];
    
    len = strlen(ecode);
    for(i=n=0;n<len;n++)
    {
        //如果是数字或字母0-9 or a-z or A-Z
        if((ecode[n]>='0' && ecode[n]<='9') || 
        (ecode[n]>='a' && ecode[n]<='z') || 
        (ecode[n]>='A' && ecode[n]<='Z'))
        {
            outstr[i] = ecode[n];
            i++;
        }
        //否则就要加上%及字符16进制码
        else
        {
            sprintf(outstr+i, "%%%02x", ecode[n]&0xff);
            i += 3;
        }
    }
    outstr[i] = 0;
    
    return outstr;
}

//https://www.php.net/manual/zh/function.hash.php
char *sha256Abstract(char *string)
{
    char *ptr;
    static char sha_str[64];
    Sha256Context sha256Context;
    SHA256_HASH sha256Hash;
    uint16_t i,j;
    
    Sha256Initialise( &sha256Context );
    Sha256Update( &sha256Context, (unsigned char*)string, (uint32_t)strlen(string) );
    Sha256Finalise( &sha256Context, &sha256Hash );
    
    for( i=0,j=0; i<sizeof(sha256Hash); i++ )
    {
        j = i*2;
        ptr = &sha_str[j];
        sprintf( ptr,"%02x", sha256Hash.bytes[i] );
    }
    
    printf( "%s\n",sha_str );
    
    return sha_str;
}

char *sha11Abstract(char *string)
{
    char *ptr;
    static char sha_str[40];
    Sha1Context sha1Context;
    SHA1_HASH sha1Hash;
    uint16_t i,j;
    
    Sha1Initialise( &sha1Context );
    Sha1Update( &sha1Context, (unsigned char*)string, (uint32_t)strlen(string) );
    Sha1Finalise( &sha1Context, &sha1Hash );
    
    for( i=0,j=0; i<sizeof(sha1Hash); i++ )
    {
        j = i*2;
        ptr = &sha_str[j];
        sprintf( ptr,"%02x", sha1Hash.bytes[i] );
    }
    
    printf( "%s\n",sha_str );
    
    return sha_str;
}

RSA *getRSAPrivateKey(char *file)
{
    BIO *priio;
    RSA *prikey = RSA_new();
    
    priio = BIO_new_file(file, "rb");
    prikey = PEM_read_bio_RSAPrivateKey(priio, &prikey, NULL, NULL);
    BIO_free(priio);
    
    return prikey;
}

RSA *getRSAPublicKey(char *file)
{
    BIO *pubio;
    RSA *pubkey = RSA_new();
    
    pubio = BIO_new_file(file, "rb");
    pubkey = PEM_read_bio_RSAPublicKey(pubio, &pubkey, NULL, NULL);
    BIO_free(pubio);
    
    return pubkey;
}

//https://pay.weixin.qq.com/wiki/doc/api/index.html //微信支付都要跳转到微信平台
//https://opendocs.alipay.com/apis/api_1/alipay.trade.wap.pay
//https://open.unionpay.com/tjweb/acproduct/APIList?acpAPIId=334&apiservId=453&version=V2.2&bussType=0
//application/x-www-form-urlencoded空格要转换成'+'

//https://www.cnblogs.com/gordon0918/p/5382541.html
//openssl md5 -sha256 -sign acp_test_sign.key -out zsign1.txt zfile.txt
//openssl base64 -in zsign1.txt -out zbase64sign1.txt
char *Payment(SSL *fd)
{
    int i,len;
    time_t now;
    struct tm *tp;
    BIO *priio,*pubio;
    RSA *pubkey = RSA_new();
    RSA *prikey = RSA_new();
    char *ptr,*msg,buf[4096],temp[1024],sha[64];
    char version[] = "5.1.0";//版本号
    char encoding[16] = "utf-8";//"utf-8";//编码方式
    char txnType[] = "01";//交易类型
    char txnSubType[] = "01";//交易子类
    char bizType[] = "000201";//业务类型
    char backUrl[64] = "http://www.specialUrl.com";//后台通知地址 可以固定上送http://www.specialUrl.com
    char signMethod[] = "01";//"RSA-SHA256";//签名方法 RSA-SHA256:表示采用RSA签名,摘要算法用SHA256
    unsigned char signature[1024];//报文签名BASE64
    char channelType[] = "08";//渠道类型,07-PC,08-手机
    char accessType[] = "0";//接入类型
    char currencyCode[] ="156";//交易币种,境内商户固定156
    char merId[20] = "777290058183095";//商户代码 仅支持数字和字母
    char orderId[40] = "SJ20200827170201";//商户订单号 仅支持数字和字母
    char txnTime[20] = "20200827170201";//订单发送时间,格式为YYYYMMDDhhmmss,取北京时间
    char txnAmt[10] = "22";//交易金额,单位分
    char payTimeout[20];//超过超时时间就算交易成功钱也会返回到用户卡上date('YmdHis', strtotime('+15 minutes'))
    //char riskRateInfo[] = "{commodityName=测试商品名称}";//风控信息字段
    //char merCertId[128];//商户签名私钥证书的Serial Number(十进制)仅支持数字
    //char nonceStr[32] = "asdfasdf";//随机字符串
    //char bizMethod[128] = "acp.unified.pay";//"acp.trade.pay";//业务接口
    //char bizContent[10240];//
    char certId[128] = "68759663125";//"1002653215";//证书ID
    char frontUrl[64] = "http://api.mysxlive.com/";//前台通知地址
    priio = BIO_new_file("./acp_test_sign.key", "rb");
    prikey = PEM_read_bio_RSAPrivateKey(priio, &prikey, NULL, NULL);
    
    pubio = BIO_new_file("./acp_test_public_sign.key", "rb");
    pubkey = PEM_read_bio_RSAPublicKey(pubio, &pubkey, NULL, NULL);
    
    now = time( (time_t*) 0 );
    tp = localtime(&now);
    //订单发送时间
    sprintf(txnTime,"%d%02d%02d%02d%02d%02d",1900 + tp->tm_year,tp->tm_mon+1,tp->tm_mday,tp->tm_hour,tp->tm_min,tp->tm_sec);
    //tp->tm_min+1 超过五分钟没有交易成功的就超时
    sprintf(payTimeout,"%d%02d%02d%02d%02d%02d",1900 + tp->tm_year,tp->tm_mon+1,tp->tm_mday,tp->tm_hour,tp->tm_min+5,tp->tm_sec);
    //商户订单号
    sprintf(orderId,"SJ%s",txnTime);
    //注意了这里哪部分内容拿去前面银联demo也没有说清楚!
    //sprintf(buf,"version=%s&encoding=%s&txnType=%s&txnSubType=%s&bizType=%s&backUrl=%s&channelType=%s&accessType=%s&currencyCode=%s&merId=%s&orderId=%s&txnTime=%s&txnAmt=%s&payTimeout=%s&certId=%s&frontUrl=%s&signMethod=%s",version,encoding,txnType,txnSubType,bizType,backUrl,channelType,accessType,currencyCode,merId,orderId,txnTime,txnAmt,payTimeout,certId,frontUrl,signMethod);
    
    sprintf(buf,"accessType=%s&backUrl=%s&bizType=%s&certId=%s&channelType=%s&currencyCode=%s&encoding=%s&frontUrl=%s&merId=%s&orderId=%s&payTimeout=%s&signMethod=%s&txnAmt=%s&txnSubType=%s&txnTime=%s&txnType=%s&version=%s",accessType,backUrl,bizType,certId,channelType,currencyCode,encoding,frontUrl,merId,orderId,payTimeout,signMethod,txnAmt,txnSubType,txnTime,txnType,version);
    
    len = 0;
    //"360d9f5272fce05908375f25a5c398c747eccea87bd1f485105fa2a6b3f504c9"
    //strcpy(sha,sha256Abstract("accessType=0&backUrl=http://www.specialUrl.com&bizType=000201&certId=68759663125&channelType=08&currencyCode=156&encoding=utf-8&frontUrl=http://api.mysxlive.com/&merId=777290058183095156&orderId=SJ20200902094006&payTimeout=20200902094506&signMethod=01&txnAmt=22&txnSubType=01&txnTime=20200902094006&txnType=01&version=5.1.0"));
    //strcpy(sha,"360d9f5272fce05908375f25a5c398c747eccea87bd1f485105fa2a6b3f504c9");
    strcpy(sha,sha256Abstract(buf));
    msg = sha;
    
    //有点蛋疼的交互接口,php$params_str = createLinkString ( $params, true, false );不需要$value = urlencode ( $value );的!...
    strcpy(encoding,"utf%2d8");
    strcpy(backUrl,"http%3a%2f%2fwww%2especialUrl%2ecom");
    strcpy(frontUrl,"http%3a%2f%2fapi%2emysxlive%2ecom%2f");
    sprintf(buf,"accessType=%s&backUrl=%s&bizType=%s&certId=%s&channelType=%s&currencyCode=%s&encoding=%s&frontUrl=%s&merId=%s&orderId=%s&payTimeout=%s&signMethod=%s&txnAmt=%s&txnSubType=%s&txnTime=%s&txnType=%s&version=%s",accessType,backUrl,bizType,certId,channelType,currencyCode,encoding,frontUrl,merId,orderId,payTimeout,signMethod,txnAmt,txnSubType,txnTime,txnType,version);
    
    printf("===============000================\n");
    EVP_MD_CTX *mdctx;        //摘要算法上下文变量
    EVP_PKEY *evpKey=NULL,*evpubkey=NULL;        //EVP KEY结构体变量
    
    mdctx = EVP_MD_CTX_create();
        
    evpKey = EVP_PKEY_new();//新建一个EVP_PKEY变量
    if(evpKey == NULL)
    {
        printf("EVP_PKEY_new err\n");
        goto endPayment;
    }
    if(EVP_PKEY_set1_RSA(evpKey,prikey) != 1)    //保存prikey结构体到EVP_PKEY结构体
    {
        printf("EVP_PKEY_set1_RSA err\n");
        EVP_PKEY_free(evpKey);
        goto endPayment;
    }
    //以下是计算签名代码
    EVP_MD_CTX_init(mdctx);//初始化摘要上下文
    printf("===============001================\n");
    if(!EVP_SignInit_ex(mdctx, EVP_sha256(), NULL))//签名初始化,设置摘要算法EVP_md5()
    {
        printf("err\n");
        EVP_PKEY_free(evpKey);
        goto endPayment;
    }
    printf("===============002================\n");
    if(!EVP_SignUpdate(mdctx, msg, strlen(msg)))//计算签名(摘要)Update
    {
        printf("err\n");
        EVP_PKEY_free(evpKey);
        goto endPayment;
    }
    printf("===============003================\n");
    if(!EVP_SignFinal(mdctx,signature,&len,evpKey))    //签名输出
    {
        printf("err\n");
        EVP_PKEY_free(evpKey);
        goto endPayment;
    }
    printf("===============004================\n");
    //printf("消息\"%s\"的签名值是: \n",mess1);
    for(i = 0; i < len; i++)
    {
        if(i%16==0)
            printf("\n%08xH: ",i);
        printf("%02x ", signature[i]);    
    }
    printf("\n");
    //EVP_MD_CTX_cleanup(&mdctx);
    /*if(RSA_sign(NID_sha256, msg, strlen(msg),signature,&len, prikey)!=1)
    {
        printf("RSA_sign err!\n");
        RSA_free(prikey);
        return -1;
    }*/
    
    //以下是验证签名代码
    evpubkey = EVP_PKEY_new();//新建一个EVP_PKEY变量
    if(EVP_PKEY_set1_RSA(evpubkey,pubkey) != 1)    //保存prikey结构体到EVP_PKEY结构体
    {
        printf("EVP_PKEY_set1_RSA err\n");
        EVP_PKEY_free(evpubkey);
        goto endPayment;
    }
    EVP_MD_CTX_init(mdctx);//初始化摘要上下文
    if(!EVP_VerifyInit_ex(mdctx, EVP_sha256(), NULL))//验证初始化,设置摘要算法。
    {
        printf("EVP_VerifyInit_ex err\n");
        EVP_PKEY_free(evpubkey);
        goto endPayment;
    }
    if(!EVP_VerifyUpdate(mdctx, msg, strlen(msg)))//验证签名(摘要)Update
    {
        printf("err\n");
        EVP_PKEY_free(evpubkey);
        goto endPayment;
    }    
    if(!EVP_VerifyFinal(mdctx,signature,len,evpubkey))//验证签名
    {
        printf("verify err\n");
        EVP_PKEY_free(evpubkey);
        goto endPayment;
    }
    else
    {
        printf("Verify that the signature is correct.\n");
    }

#if 0
    if(RSA_sign(NID_sha256,msg,strlen(msg),signature,&len,prikey)!=1)
    {
        printf("RSA_sign err!\n");
        goto endPayment;
    }
    for(i = 0; i < len; i++)
    {
        if(i%16==0)
            printf("\n%08xH: ",i);
        printf("%02x ", signature[i]);    
    }
#endif
    printf("[[strlen(buf)=%d]][len=%d]\n",strlen(buf),len);
    char outstr[4096];
    int outlen = sizeof(outstr);
    
    //https://blog.csdn.net/lell3538/article/details/59137414?utm_source=blogxgwz2
    Base64Encode(signature, len, outstr, &outlen);
    //base64_encode(signature,len,outstr);
    
    printf("[[outlen=%d]]|%s\n",outlen,"go in");
    printf("\n[[%s]]\n\n",outstr);
    ptr = &buf[strlen(buf)];
    sprintf(ptr,"&signature=%s",urlencorder(outstr));//urlencorder 有bug.
    printf("[len=%d][outlen=%d][[%s]]\n",len,outlen,buf);
    //int vret = RSA_verify(NID_sha1, msg, strlen(msg), sinDat, sinLen, pubkey);
    //printf("[%s]|sinLen=%d|sign_verify=%d\n",sinDat,sinLen,vret);
    
    len = strlen(buf);
    
    sprintf(temp,"POST /gateway/api/frontTransReq.do HTTP/1.1\n\
Host: gateway.test.95516.com\n\
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0\n\
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\n\
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\n\
Accept-Encoding: gzip, deflate\n\
Content-Type: application/x-www-form-urlencoded\n\
Content-Length: %d\n\
Connection: keep-alive\n\
Upgrade-Insecure-Requests: 1\n\n",len);

    int clen = SSL_write(fd,temp,strlen(temp));
    if (clen < 0)
    {
        printf("message send fail!error code is %d,error info'%s'\n",errno, strerror(errno));
        exit(0);
    }
    clen = SSL_write(fd,buf,len);
    if (clen < 0)
    {
        printf("message send fail!error code is %d,error info'%s'\n",errno, strerror(errno));
        exit(0);
    }
    //接收返回数据
    //...
    int nfile=open("./zresult.txt",O_WRONLY|O_TRUNC|O_CREAT,00700);
        if(nfile==-1)exit( 1 );
    do
    {
        len = SSL_read(fd, buf, 4096);
        buf[len] = 0;
        if(len)printf("[len=%d][\n%s]\n",len,buf);
        //for(i=0;i<len;i++)putc(buf[i],stdout);
        if(len)write(nfile,buf,len);//debug
    }while(0);
    close(nfile);
    //提取验签,其实也可以不验签直接处理结果即可!
    //...

endPayment:
    EVP_MD_CTX_destroy(mdctx);
    RSA_free(pubkey);
    BIO_free(pubio);
    RSA_free(prikey);
    BIO_free(priio);
    return buf;
}
#if 0
//ConsumeuUndo
{
    char version[] = "6.0.0";//版本号
    char encoding[] = "utf-8";//编码方式
    char txnType[] = "31";//交易类型
    char txnSubType[] = "00";//交易子类
    char bizType[] = "000201";//业务类型
    char backUrl[] = "http://www.specialUrl.com";//后台通知地址 可以固定上送http://www.specialUrl.com
    char signMethod[32];//签名方法 RSA-SHA256:表示采用RSA签名,摘要算法用SHA256
    char signature[1024];//报文签名
    char channelType[] = "08";//渠道类型,07-PC,08-手机
    char accessType[] = "0";//接入类型
    char merId[15] = "123456789";//商户代码 仅支持数字和字母
    char orderId[40] = "SJ20200827170201";//商户订单号 仅支持数字和字母
    char origQryId[] = "";//原消费的queryId,可以从查询接口或者通知接口中获取
    char txnTime[] = "20200827170201";//订单发送时间,格式为YYYYMMDDhhmmss,取北京时间
    char txnAmt[] = "";//交易金额,单位分
    
}
//如果返回处理中,还需要定时刷新查询状态,如果状态未知还要进行冲正操作。
//Query
{
    char version[] = "6.0.0";//版本号
    char encoding[] = "utf-8";//编码方式
    char txnType[] = "00";//交易类型
    char txnSubType[] = "00";//交易子类
    char bizType[] = "000000";//业务类型
    char backUrl[] = "http://www.specialUrl.com";//后台通知地址 可以固定上送http://www.specialUrl.com
    char signMethod[32];//签名方法 RSA-SHA256:表示采用RSA签名,摘要算法用SHA256
    char signature[1024];//报文签名
    char channelType[] = "08";//渠道类型,07-PC,08-手机
    char accessType[] = "0";//接入类型
    char merId[15] = "123456789";//商户代码 仅支持数字和字母
    char orderId[40] = "SJ20200827170201";//商户订单号 仅支持数字和字母
    char txnTime[] = "20200827170201";//订单发送时间,格式为YYYYMMDDhhmmss,取北京时间
    
}
#endif
void testRsa()
{
    /*BIO *priio,*pubio;
    RSA *pubkey = RSA_new();
    RSA *prikey = RSA_new();
    
    priio = BIO_new_file("./acp_test_sign_pkcs8.key", "rb");
    prikey = PEM_read_bio_RSAPrivateKey(priio, &prikey, NULL, NULL);
    
    pubio = BIO_new_file("./acp_test_public_sign_pkcs8.key", "rb");
    pubkey = PEM_read_bio_RSAPublicKey(pubio, &pubkey, NULL, NULL);
    
    RSA_print_fp(stdout, pubkey, 0);
    printf("====================================\n");
    RSA_print_fp(stdout, prikey, 0);

    RSA_free(pubkey);
    BIO_free(pubio);
    RSA_free(prikey);
    BIO_free(priio);*/
    
    FILE *prif,*pubf;
    RSA *pubkey = RSA_new();
    RSA *prikey = RSA_new();
    
    prif = fopen("./acp_test_sign.key", "rb");
    prikey = PEM_read_RSAPrivateKey(prif, &prikey, NULL, NULL);
    
    pubf = fopen("./acp_test_public_sign.key", "rb");
    pubkey = PEM_read_RSAPublicKey(pubf, &pubkey, NULL, NULL);
    
    RSA_print_fp(stdout, pubkey, 0);
    printf("====================================\n");
    RSA_print_fp(stdout, prikey, 0);

    fclose(pubf);
    fclose(prif);
    RSA_free(pubkey);
    RSA_free(prikey);
}

#if 0
int send_headers(SSL *fd,int len)
{
    char buf[1024];
    
    sprintf(buf,"POST /Monitor HTTP/1.1\n\
Host: 110.87.159.245:443\n\
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0\n\
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\n\
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\n\
Accept-Encoding: gzip, deflate\n\
Content-Type: application/x-www-form-urlencoded\n\
Content-Length: %d\n\
Connection: keep-alive\n\
Upgrade-Insecure-Requests: 1\n\n",len);

    return SSL_write(fd,buf,strlen(buf));//send(fd, buf, strlen(buf), 0);
}
#endif
//https://www.cnblogs.com/cocoajin/p/10510574.html
//https://blog.csdn.net/xiangguiwang/article/details/79821220
//https://www.cnblogs.com/cocoajin/p/6126099.html
//https://blog.csdn.net/weixin_43836778/article/details/100114212
//110.87.159.245
#if 0
int main(int argc, char * argv[])
{
    //testRsa();
    /*RSA *prikey,*pubkey;
    char *msg = "0123456789";
    char *sinDat = malloc(4096);
    int sinLen = 0;
    
    //prikey = getRSAPrivateKey("./acp_test_sign.key");
    prikey = getRSAPrivateKey("./acp_test_sign_pkcs8.key");
    pubkey = getRSAPublicKey("./acp_test_public_sign.key");
    //pubkey = getRSAPublicKey("./acp_test_public_sign_pkcs8.key");
    
    RSA_sign(NID_sha1, msg,strlen(msg),sinDat,&sinLen, prikey);
    
    int vret = RSA_verify(NID_sha1, msg, strlen(msg), sinDat, sinLen, pubkey);
    printf("[%s]|sinLen=%d|sign_verify=%d\n",sinDat,sinLen,vret);
    
    RSA_free(pubkey);
    RSA_free(prikey);*/
    
    //sha256Abstract("my name is samuel...");
    int tp;
    char *pemCert;
    struct stat fst;
    X509 *x509;
    EVP_PKEY *pkey;
    RSA *pubkey;
    
    tp=open("./server.crt",O_RDONLY|O_BINARY,00700);
    if(tp==-1)
    {
        return printf("open file error!\n");
    }
    fstat( tp, &fst );
    lseek( tp, 0, SEEK_SET );//再定位文件指针到文件头
    pemCert = malloc(fst.st_size);
    read(tp,pemCert,fst.st_size);
    close(tp);
    
    printf("\n[%s]\n=======================================\n",pemCert);
    //BIO *b = BIO_new_mem_buf(pemCert, fst.st_size);
    BIO *b = BIO_new_file("./server.crt", "r");
    if (NULL == b){
        return -1001;
    }
    printf("\n=====0==================================\n");
    x509 = PEM_read_bio_X509(b, NULL, NULL, NULL);
    if (NULL == x509){
        BIO_free(b), b=NULL;
        X509_free(x509), x509=NULL;
        ERR_print_errors_fp(stderr);
        exit(1);
    }
    printf("\n=====1==================================\n");
    /* Get public key - eay */
    pkey=X509_get_pubkey(x509);
    if (pkey == NULL) {
        ERR_print_errors_fp (stderr);
        exit (1);
    }
    printf("\n=====2==================================\n");
    
    pubkey = EVP_PKEY_get1_RSA(pkey);
    
    int i,len;
    EVP_MD_CTX *mdctx;        //摘要算法上下文变量
    EVP_PKEY *evpubkey=NULL;        //EVP KEY结构体变量
    char signature[4096],*msg = "360d9f5272fce05908375f25a5c398c747eccea87bd1f485105fa2a6b3f504c9";
    
    /*evpubkey = EVP_PKEY_new();//新建一个EVP_PKEY变量
    if(EVP_PKEY_set1_RSA(evpubkey,pubkey) != 1)    //保存prikey结构体到EVP_PKEY结构体
    {
        printf("EVP_PKEY_set1_RSA err\n");
        EVP_PKEY_free(evpubkey);
        exit(1);
    }
    
    //以下是计算签名代码
    mdctx = EVP_MD_CTX_create();
    EVP_MD_CTX_init(mdctx);//初始化摘要上下文
    printf("===============001================\n");
    if(!EVP_SignInit_ex(mdctx, EVP_sha256(), NULL))//签名初始化,设置摘要算法EVP_md5()
    {
        printf("err\n");
        EVP_PKEY_free(evpubkey);
        exit(1);
    }
    printf("===============002================\n");
    if(!EVP_SignUpdate(mdctx, msg, strlen(msg)))//计算签名(摘要)Update
    {
        printf("err\n");
        EVP_PKEY_free(evpubkey);
        exit(1);
    }
    printf("===============003================\n");
    if(!EVP_SignFinal(mdctx,signature,&len,evpubkey))    //签名输出
    {
        printf("err\n");
        EVP_PKEY_free(evpubkey);
        exit(1);
    }
    printf("===============004================\n");*/
    printf("\n=====2.5==================================\n");
    if(RSA_sign(NID_sha256, msg, strlen(msg),signature,&len, pubkey)!=1)
    {
        printf("RSA_sign err!\n");
        RSA_free(pubkey);
        return -1;
    }
    //printf("消息\"%s\"的签名值是: \n",mess1);
    for(i = 0; i < len; i++)
    {
        if(i%16==0)
            printf("\n%08xH: ",i);
        printf("%02x ", signature[i]);    
    }
    printf("\n=====3==================================\n");
    
    
    
    RSA_print_fp(stdout, pubkey, 0);
    
    printf("\n=====4==================================\n");
    
    X509 *cert;
    char *line;
    
    cert = x509;
        //cert = SSL_get_peer_certificate(ssl);
    
        if (cert != NULL) 
        {
            printf("数字证书信息:\n");
            
            
            //line = X509_NAME_oneline(X509_get_serialNumber(cert), 0, 0);
            //printf("证书: %s\n", line);
            
            ASN1_INTEGER *bs = NULL;
            char *res = NULL;
            BIGNUM     *bn = NULL;
            bs = X509_get_serialNumber(cert);
            if (bs->length == 0) {
                printf("X509_get_serialNumber()  length=0 error!\n");
                return -1;
            }
            bn = ASN1_INTEGER_to_BN(bs, NULL);
            res = BN_bn2hex(bn);
            printf("serial = %s\n", res);
            OPENSSL_free(res);
            res = NULL;
            BN_free(bn);
            bn = NULL;
            
            
            line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
            printf("证书: %s\n", line);
            OPENSSL_free(line);
            line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
            printf("颁发者: %s\n", line);
            OPENSSL_free(line);
            X509_free(cert);
        }
    
    free(pemCert);
    return 1;
}
#endif


int main(int argc, char * argv[])
{
    WSADATA wsaData;
    int sockfd,len,ret;
    struct sockaddr_in dest;
    char buffer[10240];
    //这里用了服务端一样的证书和KEY所以连接不成功的
    //char *certificate_file="./3453137_classify.mysxlive.com.pem";
    //char *PrivateKey_file="./3453137_classify.mysxlive.com.key";
    SSL_CTX *ctx;
    SSL *ssl;

    /* SSL 库初始化,参看 ssl-server.c 代码 */
    SSL_library_init();
    OpenSSL_add_all_algorithms();
    SSL_load_error_strings();
    ctx = SSL_CTX_new(TLSv1_2_client_method());
    if (ctx == NULL) {
        ERR_print_errors_fp(stdout);
        exit(1);
    }
#if 0
    // 双向验证
    // SSL_VERIFY_PEER---要求对证书进行认证,没有证书也会放行
    // SSL_VERIFY_FAIL_IF_NO_PEER_CERT---要求客户端需要提供证书,但验证发现单独使用没有证书也会放行
    SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
    
    // 设置信任根证书
    if (SSL_CTX_load_verify_locations(ctx, "./ca.cer",NULL)<=0){
        printf("Failed to load CA digital certificate\n");
        return -1;
    }

    /* 载入用户的数字证书, 此证书用来发送给客户端。 证书里包含有公钥 */
    if (SSL_CTX_use_certificate_file(ctx, certificate_file, SSL_FILETYPE_PEM) <= 0) {
        ERR_print_errors_fp(stdout);
        exit(1);
    }
    /* 载入用户私钥 */
    if (SSL_CTX_use_PrivateKey_file(ctx, PrivateKey_file, SSL_FILETYPE_PEM) <= 0) {
        ERR_print_errors_fp(stdout);
        exit(1);
    }
    /* 检查用户私钥是否正确 */
    if (!SSL_CTX_check_private_key(ctx)) {
        ERR_print_errors_fp(stdout);
        exit(1);
    }
#endif
    //MAKEWORD(1, 1)1.1版只支持TCP/IP协议MAKEWORD(2, 2)2.2版只支持TCP/IP协议
    if (WSAStartup(MAKEWORD(2, 2), &wsaData) != 0)
    {
        printf("WSAStartup failed\n");
        return -1;
    }
    /* 创建一个 socket 用于 tcp 通信 */
    if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
        perror("Socket");
        exit(errno);
    }
    printf("socket created\n");

    /* 初始化服务器端(对方)的地址和端口信息 */
    memset(&dest,0, sizeof(dest));
    dest.sin_family = AF_INET;
    dest.sin_port = htons(443);
    dest.sin_addr.S_un.S_addr = inet_addr("58.220.73.190");//先向我们自己的https服务器发送测试请求106.122.254.99 118.123.233.174 42.81.147.159 58.220.73.190 112.47.14.66 23.217.207.13 150.138.170.33
    
    printf("address created\n");

    /* 连接服务器 */
    if (connect(sockfd, (struct sockaddr *) &dest, sizeof(dest)) != 0) {
        perror("Connect ");
        exit(errno);
    }
    printf("server connected\n");

    /* 基于 ctx 产生一个新的 SSL */
    ssl = SSL_new(ctx);
    SSL_set_fd(ssl, sockfd);
    /* 建立 SSL 连接 */
    if (SSL_connect(ssl) == -1)
        ERR_print_errors_fp(stderr);
    else {
        printf("Connected with %s encryption\n", SSL_get_cipher(ssl));
        //ShowCerts(ssl);//客户端验证证书...
        X509 *cert;
        char *line;
        cert = SSL_get_peer_certificate(ssl);
        if (cert != NULL) 
        {
            printf("数字证书信息:\n");
            
            
            //line = X509_NAME_oneline(X509_get_serialNumber(cert), 0, 0);
            //printf("证书: %s\n", line);
            
            ASN1_INTEGER *bs = NULL;
            char *res = NULL;
            BIGNUM     *bn = NULL;
            bs = X509_get_serialNumber(cert);
            if (bs->length == 0) {
                printf("X509_get_serialNumber()  length=0 error!\n");
                return -1;
            }
            bn = ASN1_INTEGER_to_BN(bs, NULL);
            res = BN_bn2hex(bn);
            printf("serial = %s\n", res);
            OPENSSL_free(res);
            res = NULL;
            BN_free(bn);
            bn = NULL;
            
            
            line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
            printf("证书: %s\n", line);
            OPENSSL_free(line);
            line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
            printf("颁发者: %s\n", line);
            OPENSSL_free(line);
            X509_free(cert);
        }
        //x509.get_serial_number
        
            /*int  x509_get_serial_num(X509 *x)
        {
            ASN1_INTEGER *bs = NULL;
            char *res = NULL;
            BIGNUM     *bn = NULL;
            bs = X509_get_serialNumber(x);
            if (bs->length == 0) {
                printf("X509_get_serialNumber()  length=0 error!\n");
                return -1;
            }
            bn = ASN1_INTEGER_to_BN(bs, NULL);
            res = BN_bn2hex(bn);
            printf("serial = %s\n", res);
            OPENSSL_free(res);
            res = NULL;
            BN_free(bn);
            bn = NULL;
            return 0 ;
        }*/
    }
    
    Payment(ssl);

#if 0
    //发送一个GET/POST请求
    memset(buffer,0, MAXBUF);
    strcpy(buffer, "GET /web/index.html HTTP/1.1\n"
"Host: 127.0.0.1\n"
"User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0\n"
"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\n"
"Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\n"
"Accept-Encoding: gzip, deflate\n"
"Connection: keep-alive\n"
"Cookie: Hm_lvt_fe3b7a223fc08c795f0f4b6350703e6f=1582005872,1582069091\n"
"Upgrade-Insecure-Requests: 1\n"
"Cache-Control: max-age=0\n\n");
    /* 发消息给服务器 */
    len = SSL_write(ssl, buffer, strlen(buffer));
    if (len < 0)
    {
        printf
            ("message'%s'send fail!error code is %d,error info'%s'\n",
             buffer, errno, strerror(errno));
        exit(0);//要退出否则会一直与服务器保持while SSL_read,服务端要超时踢出设置,不然端口占完就拒绝服务了!试一下服务器有没有超时踢并关闭释放端口,另外是不是客户端这边自己死循环了。
    }
    else
        printf("message'%s'send success,A total of %d bit!\n",
               buffer, len);

    /* 接收对方发过来的消息,最多接收 MAXBUF 个字节 */
    memset(buffer,0, MAXBUF);
    //简单的HTTPS爬虫模型!
    /* 接收服务器来的消息 ,可以用循环因为服务器回复完数据后就会把端口关闭,所以这个循环就会立即退出。这样看来客户端获取的包与上传到服务端上的包还不一样,如果不循环数据就读一点 就没有下文了!*/
    while(SSL_read(ssl, buffer, MAXBUF))
    {
        printf(buffer);
        memset(buffer,0, MAXBUF);
    }
#endif
    /*len = SSL_read(ssl, buffer, MAXBUF);
    if (len > 0)
        printf("reve message success :'%s',total %d bit data\n",
               buffer, len);
    else {
        printf
            ("message rev faill!error code%d,error info'%s'\n",
             errno, strerror(errno));
        goto finish;
    }*/
printf("out ....\n");
  finish:
    /* 关闭连接 */
    SSL_shutdown(ssl);
    SSL_free(ssl);
    close(sockfd);
    SSL_CTX_free(ctx);
    WSACleanup();
    return 0;
}

 

 

最后会有一个 Location: https://cashier.test.95516.com/b2c/api/unifiedOrder.action?.......的302地址调转,转到银联的支付平台......。

代码下载: unionpay.zip

上一篇:openssl-EVP_md5()


下一篇:运行ss服务报错:undefined symbol: EVP_CIPHER_CTX_cleanup