ssl 使用node-fetch生成apple pay paymentSession

yduiuuwa  于 2023-10-19  发布在  其他
关注(0)|答案(1)|浏览(117)

我正试图整合Apple Pay,像往常一样,Apple文档令人惊叹。
我需要request an Apple Pay Payment Session
请求应该使用我在Apple开发者帐户中的证书签名
这是我当前的测试文件

import express from "express"
import fs from "fs"
import fetch from "node-fetch"
import https from "https"

const app = express()

app.get('/', function (req, res) {
    const html = fs.readFileSync('index.html', 'utf8')
    res.send(html)
})

app.get('/paymentSession', async function(){

    const httpsAgent = new https.Agent({
        rejectUnauthorized: false,
        cert: fs.readFileSync('merchant_id.cer', 'utf8'),
      });

    const response = await fetch('https://apple-pay-gateway.apple.com/paymentservices/paymentSession',{
        method: 'POST',
        headers: {
            'content-type': 'application/json'
        },
        agent: httpsAgent,
        body: JSON.stringify({
            merchantIdentifier: 'merchant.com.xxx.xxx',
            displayName: 'xxx',
            initiative: 'web',
            initiativeContext: 'xxx.com'
        })
    })

    console.log(response.status);

    const text = await response.text()

    console.log(text);

    res.json({})
})

app.listen(3000)

我正在尝试使用从我的Apple开发者帐户merchant_id.cer下载的证书,并且出现以下错误

node:internal/tls/secure-context:70
    context.setCert(cert);
            ^

Error: error:0480006C:PEM routines::no start line
    at node:internal/tls/secure-context:70:13
    at Array.forEach (<anonymous>)
    at setCerts (node:internal/tls/secure-context:68:3)
    at configSecureContext (node:internal/tls/secure-context:157:5)
    at Object.createSecureContext (node:_tls_common:116:3)
    at Object.connect (node:_tls_wrap:1718:48)
    at Agent.createConnection (node:https:169:22)
    at Agent.createSocket (node:_http_agent:342:26)
    at Agent.addRequest (node:_http_agent:289:10)
    at new ClientRequest (node:_http_client:337:16) {
  library: 'PEM routines',
  reason: 'no start line',
  code: 'ERR_OSSL_PEM_NO_START_LINE'
}

然后尝试使用openssl x509 -inform der -in merchant_id.cer -out merchant_id.pemmerchant_id.cer转换为merchant_id.pem

file:///Users/ajouve/Developer/test/apple-pay/node_modules/node-fetch/src/index.js:108
            reject(new FetchError(`request to ${request.url} failed, reason: ${error.message}`, 'system', error));
                   ^

FetchError: request to https://apple-pay-gateway.apple.com/paymentservices/paymentSession failed, reason: 80E06BF801000000:error:0A00045C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required:ssl/record/rec_layer_s3.c:1586:SSL alert number 116

    at ClientRequest.<anonymous> (file:///Users/ajouve/Developer/test/apple-pay/node_modules/node-fetch/src/index.js:108:11)
    at ClientRequest.emit (node:events:526:35)
    at TLSSocket.socketErrorListener (node:_http_client:495:9)
    at TLSSocket.emit (node:events:514:28)
    at TLSSocket._emitTLSError (node:_tls_wrap:994:10)
    at TLSWrap.onerror (node:_tls_wrap:482:11) {
  type: 'system',
  errno: 'ERR_SSL_TLSV13_ALERT_CERTIFICATE_REQUIRED',
  code: 'ERR_SSL_TLSV13_ALERT_CERTIFICATE_REQUIRED',
  erroredSysCall: undefined
}

似乎证书无效

zd287kbt

zd287kbt1#

发现了这个问题,我不得不用私钥生成一个csr,然后使用它
生成csr

openssl req -newkey rsa:2048 -keyout merchant_id.key -out merchant_id.csr

cer转换为pem

openssl x509 -inform der -in merchant_id.cer -out merchant_id.pem

配置httpsAgent

const httpsAgent = new https.Agent({
  rejectUnauthorized: false,
  cert: fs.readFileSync('cert/merchant_id.pem', 'utf-8'),
  key: fs.readFileSync('cert/merchant_id.key', 'utf-8'),
  passphrase: 'xxx'
});

相关问题