尝试在沙盒中调用支付宝支付 API 时获取 "illegal parameter"

Getting "illegal parameter" when trying to call the alipay Payment API in the Sandbox

所以我想做的是用支付宝打几个 API 电话 https://global.alipay.com/docs/ac/ams/api API

我按照集成指南创建了必要的私钥/public 密钥和客户端 ID。我也在这里遵循了生成签名指南:https://global.alipay.com/docs/ac/ams/digital_signature#gNWs0

我也是从支付宝的开发者工具iTest上复制了部分代码,所以实际上signWithSHA256RSA这个函数是来自支付宝的

我知道我的私钥应该可以用,因为我用支付宝的开发者工具成功测试了相同的请求。

// generate ISO 8601 date
$oDateTime = new \DateTime();
$sDate = $oDateTime->format('c');

$privatekey = '<private_key_removed>';

$curl = curl_init(); 
curl_setopt($curl, CURLOPT_URL, 'https://open-eu.alipay.com/ams/api/v1/payments/pay');

$reqBody = json_encode(array('productCode' => 'IN_STORE_PAYMENT'));

$headers = array();
$headers[] = "Content-Type:application/json; charset=UTF-8";
$headers[] = "Request-Time:".$sDate;
$headers[] = "client-id:<client_id_removed>";
$headers[] = "Signature:". "algorithm=RSA256,keyVersion=1,signature=".signWithSHA256RSA($sDate, $reqBody, $privatekey);

curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_POST, true);

curl_setopt($curl, CURLOPT_POSTFIELDS, $reqBody);
$rspContent = curl_exec($curl);

function signWithSHA256RSA($timeString, $reqBody, $privateKey){

  $priKey = "-----BEGIN RSA PRIVATE KEY-----\n". 
            wordwrap($privateKey, 64, "\n", true).
            "\n-----END RSA PRIVATE KEY-----";

  $signContent = "POST /ams/api/v1/payments/pay"."\n<client_id_removed>".".".$timeString. ".".$reqBody;
  
  openssl_sign($signContent, $signValue, $priKey, OPENSSL_ALGO_SHA256);

  return base64_encode($signValue);
}

我收到的错误代码是:

{"result":
 {
  "resultCode":"PARAM_ILLEGAL",
  "resultMessage":"illegal parameter:OpenapiV2签名字段异常: algorithm=RSA256,keyVersion=1,signature=<signature_removed>",
"resultStatus":"F"}
}

Error via Google Translate: '签名字段异常' -> 'Signature field exception'

  1. 验证签名。用你的秘密替换 $privateKey$publicKey
$data = 'POST ...';
$keyPair = openssl_pkey_new(
    [
        'private_key_bits' => 2048,
        'private_key_type' => OPENSSL_KEYTYPE_RSA,
    ]
);
openssl_pkey_export($keyPair, $privateKey);
$details = openssl_pkey_get_details($keyPair);
$publicKey = $details['key'];
openssl_sign($data, $signature, $privateKey, OPENSSL_ALGO_SHA256);
var_dump($signature);
//verify signature
$isValidSignature = openssl_verify(
    $data,
    $signature, 
    $publicKey, 
    'sha256WithRSAEncryption'
);
var_dump($isValidSignature);
  1. 文档中说 generatedSignature=base64UrlEncode(sha256withrsa(<Content_To_Be_Signed>), <privateKey>))

并提供了java示例

return URLEncoder.encode(new String(Base64.encodeBase64(signed), "UTF-8"), "UTF-8");

php等价于

urlencode(base64_encode($signature))