View a markdown version of this page

AWS Payment Cryptography 使用示例 AWS CLI 使用 Bash 脚本 - AWS SDK 代码示例

文档 AWS SDK 示例 GitHub 存储库中还有更多 S AWS DK 示例

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

AWS Payment Cryptography 使用示例 AWS CLI 使用 Bash 脚本

以下代码示例向您展示了如何使用 with Bash 脚本来执行操作和实现常见场景。 AWS Command Line Interface AWS Payment Cryptography

场景是向您演示如何通过在一个服务中调用多个函数或与其他 AWS 服务结合来完成特定任务的代码示例。

每个示例都包含一个指向完整源代码的链接,您可以从中找到有关如何在上下文中设置和运行代码的说明。

主题

场景

以下代码示例展示了如何:

  • 创建密钥

  • 验证 CVV2 值

  • 清理资源

AWS CLI 使用 Bash 脚本
注意

还有更多相关信息 GitHub。在 Sample developer tutorials 存储库中查找完整示例,了解如何进行设置和运行。

#!/bin/bash # AWS Payment Cryptography Getting Started Script # This script demonstrates how to use AWS Payment Cryptography to create a key, # generate and verify CVV2 values, and clean up resources. set -euo pipefail # Initialize log file with secure permissions LOG_FILE="payment-cryptography-tutorial.log" touch "$LOG_FILE" chmod 600 "$LOG_FILE" echo "AWS Payment Cryptography Tutorial - $(date)" > "$LOG_FILE" # Function to log messages log() { local message="$1" echo "$(date +"%Y-%m-%d %H:%M:%S") - $message" | tee -a "$LOG_FILE" } # Function to handle errors handle_error() { local error_message="$1" log "ERROR: $error_message" log "Script failed. Please check the log file: $LOG_FILE" echo "" echo "===========================================" echo "ERROR ENCOUNTERED" echo "===========================================" echo "The script encountered an error: $error_message" echo "Resources created will be listed below." echo "" if [ -n "${KEY_ARN:-}" ]; then echo "Key ARN: $KEY_ARN" fi exit 1 } # Function to check command output for errors check_error() { local output="$1" local command="$2" if echo "$output" | grep -iq "error\|exception\|fail"; then handle_error "Command failed: $command" fi } # Validate AWS CLI is available and credentials are configured if ! command -v aws &> /dev/null; then handle_error "AWS CLI is not installed or not in PATH" fi if ! aws sts get-caller-identity &> /dev/null; then handle_error "AWS credentials are not properly configured" fi log "Starting AWS Payment Cryptography tutorial" # Step 1: Create a key log "Step 1: Creating a card verification key (CVK)" if ! KEY_OUTPUT=$(aws payment-cryptography create-key \ --exportable \ --key-attributes KeyAlgorithm=TDES_2KEY,KeyUsage=TR31_C0_CARD_VERIFICATION_KEY,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{Generate=true,Verify=true}' \ --tags Key=project,Value=doc-smith Key=tutorial,Value=aws-payment-cryptography-gs 2>&1); then handle_error "Failed to create key" fi echo "$KEY_OUTPUT" check_error "$KEY_OUTPUT" "create-key" # Extract the Key ARN from the output KEY_ARN=$(echo "$KEY_OUTPUT" | grep -o '"KeyArn": "[^"]*' | cut -d'"' -f4) if [ -z "$KEY_ARN" ]; then handle_error "Failed to extract Key ARN from output" fi log "Successfully created key with ARN: $KEY_ARN" # Step 2: Generate a CVV2 value log "Step 2: Generating a CVV2 value" if ! CVV2_OUTPUT=$(aws payment-cryptography-data generate-card-validation-data \ --key-identifier "$KEY_ARN" \ --primary-account-number=171234567890123 \ --generation-attributes CardVerificationValue2={CardExpiryDate=0123} 2>&1); then handle_error "Failed to generate CVV2 value" fi echo "$CVV2_OUTPUT" check_error "$CVV2_OUTPUT" "generate-card-validation-data" # Extract the CVV2 value from the output - updated to use ValidationData instead of CardDataValue CVV2_VALUE=$(echo "$CVV2_OUTPUT" | grep -o '"ValidationData": "[^"]*' | cut -d'"' -f4) if [ -z "$CVV2_VALUE" ]; then handle_error "Failed to extract CVV2 value from output" fi log "Successfully generated CVV2 value" # Step 3: Verify the CVV2 value log "Step 3: Verifying the CVV2 value" if ! VERIFY_OUTPUT=$(aws payment-cryptography-data verify-card-validation-data \ --key-identifier "$KEY_ARN" \ --primary-account-number=171234567890123 \ --verification-attributes CardVerificationValue2={CardExpiryDate=0123} \ --validation-data "$CVV2_VALUE" 2>&1); then handle_error "Failed to verify CVV2 value" fi echo "$VERIFY_OUTPUT" check_error "$VERIFY_OUTPUT" "verify-card-validation-data" log "Successfully verified CVV2 value" # Step 4: Perform a negative test log "Step 4: Performing a negative test with incorrect CVV2" if aws payment-cryptography-data verify-card-validation-data \ --key-identifier "$KEY_ARN" \ --primary-account-number=171234567890123 \ --verification-attributes CardVerificationValue2={CardExpiryDate=0123} \ --validation-data 999 2>&1; then handle_error "Negative test did not fail as expected" fi log "Negative test completed successfully (verification failed as expected)" # Display created resources echo "" echo "===========================================" echo "RESOURCES CREATED" echo "===========================================" echo "Key ARN: $KEY_ARN" echo "" # Auto-confirm cleanup echo "===========================================" echo "CLEANUP CONFIRMATION" echo "===========================================" echo "Proceeding with cleanup of all created resources..." log "Step 5: Cleaning up resources" # Delete the key log "Deleting key: $KEY_ARN" if ! DELETE_OUTPUT=$(aws payment-cryptography delete-key \ --key-identifier "$KEY_ARN" 2>&1); then handle_error "Failed to delete key" fi echo "$DELETE_OUTPUT" check_error "$DELETE_OUTPUT" "delete-key" log "Key scheduled for deletion. Default waiting period is 7 days." log "To cancel deletion before the waiting period ends, use:" log "aws payment-cryptography restore-key --key-identifier $KEY_ARN" echo "" echo "===========================================" echo "CLEANUP COMPLETE" echo "===========================================" echo "The key has been scheduled for deletion after the default waiting period (7 days)." echo "To cancel deletion before the waiting period ends, use:" echo "aws payment-cryptography restore-key --key-identifier $KEY_ARN" log "Tutorial completed successfully" echo "" echo "Tutorial completed successfully. See $LOG_FILE for details."