本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWS Payment Cryptography AWS CLI 搭配 Bash 指令碼使用 的範例
下列程式碼範例說明如何搭配 AWS Command Line Interface Bash 指令碼使用 來執行動作和實作常見案例 AWS Payment Cryptography。
案例是向您展示如何呼叫服務中的多個函數或與其他 AWS 服務組合來完成特定任務的程式碼範例。
每個範例均包含完整原始碼的連結,您可在連結中找到如何設定和執行內容中程式碼的相關指示。
主題
案例
以下程式碼範例顯示做法:
建立 金鑰
驗證 CVV2 值
清除資源
- AWS CLI 搭配 Bash 指令碼
-
注意
GitHub 上提供更多範例。尋找完整範例,並了解如何在範例開發人員教學課程
儲存庫中設定和執行。 #!/bin/bash # AWS Payment Cryptography Getting Started Script # This script demonstrates how to use AWS Payment Cryptography to create a key, # generate and verify CVV2 values, and clean up resources. set -euo pipefail # Initialize log file with secure permissions LOG_FILE="payment-cryptography-tutorial.log" touch "$LOG_FILE" chmod 600 "$LOG_FILE" echo "AWS Payment Cryptography Tutorial - $(date)" > "$LOG_FILE" # Function to log messages log() { local message="$1" echo "$(date +"%Y-%m-%d %H:%M:%S") - $message" | tee -a "$LOG_FILE" } # Function to handle errors handle_error() { local error_message="$1" log "ERROR: $error_message" log "Script failed. Please check the log file: $LOG_FILE" echo "" echo "===========================================" echo "ERROR ENCOUNTERED" echo "===========================================" echo "The script encountered an error: $error_message" echo "Resources created will be listed below." echo "" if [ -n "${KEY_ARN:-}" ]; then echo "Key ARN: $KEY_ARN" fi exit 1 } # Function to check command output for errors check_error() { local output="$1" local command="$2" if echo "$output" | grep -iq "error\|exception\|fail"; then handle_error "Command failed: $command" fi } # Validate AWS CLI is available and credentials are configured if ! command -v aws &> /dev/null; then handle_error "AWS CLI is not installed or not in PATH" fi if ! aws sts get-caller-identity &> /dev/null; then handle_error "AWS credentials are not properly configured" fi log "Starting AWS Payment Cryptography tutorial" # Step 1: Create a key log "Step 1: Creating a card verification key (CVK)" if ! KEY_OUTPUT=$(aws payment-cryptography create-key \ --exportable \ --key-attributes KeyAlgorithm=TDES_2KEY,KeyUsage=TR31_C0_CARD_VERIFICATION_KEY,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{Generate=true,Verify=true}' \ --tags Key=project,Value=doc-smith Key=tutorial,Value=aws-payment-cryptography-gs 2>&1); then handle_error "Failed to create key" fi echo "$KEY_OUTPUT" check_error "$KEY_OUTPUT" "create-key" # Extract the Key ARN from the output KEY_ARN=$(echo "$KEY_OUTPUT" | grep -o '"KeyArn": "[^"]*' | cut -d'"' -f4) if [ -z "$KEY_ARN" ]; then handle_error "Failed to extract Key ARN from output" fi log "Successfully created key with ARN: $KEY_ARN" # Step 2: Generate a CVV2 value log "Step 2: Generating a CVV2 value" if ! CVV2_OUTPUT=$(aws payment-cryptography-data generate-card-validation-data \ --key-identifier "$KEY_ARN" \ --primary-account-number=171234567890123 \ --generation-attributes CardVerificationValue2={CardExpiryDate=0123} 2>&1); then handle_error "Failed to generate CVV2 value" fi echo "$CVV2_OUTPUT" check_error "$CVV2_OUTPUT" "generate-card-validation-data" # Extract the CVV2 value from the output - updated to use ValidationData instead of CardDataValue CVV2_VALUE=$(echo "$CVV2_OUTPUT" | grep -o '"ValidationData": "[^"]*' | cut -d'"' -f4) if [ -z "$CVV2_VALUE" ]; then handle_error "Failed to extract CVV2 value from output" fi log "Successfully generated CVV2 value" # Step 3: Verify the CVV2 value log "Step 3: Verifying the CVV2 value" if ! VERIFY_OUTPUT=$(aws payment-cryptography-data verify-card-validation-data \ --key-identifier "$KEY_ARN" \ --primary-account-number=171234567890123 \ --verification-attributes CardVerificationValue2={CardExpiryDate=0123} \ --validation-data "$CVV2_VALUE" 2>&1); then handle_error "Failed to verify CVV2 value" fi echo "$VERIFY_OUTPUT" check_error "$VERIFY_OUTPUT" "verify-card-validation-data" log "Successfully verified CVV2 value" # Step 4: Perform a negative test log "Step 4: Performing a negative test with incorrect CVV2" if aws payment-cryptography-data verify-card-validation-data \ --key-identifier "$KEY_ARN" \ --primary-account-number=171234567890123 \ --verification-attributes CardVerificationValue2={CardExpiryDate=0123} \ --validation-data 999 2>&1; then handle_error "Negative test did not fail as expected" fi log "Negative test completed successfully (verification failed as expected)" # Display created resources echo "" echo "===========================================" echo "RESOURCES CREATED" echo "===========================================" echo "Key ARN: $KEY_ARN" echo "" # Auto-confirm cleanup echo "===========================================" echo "CLEANUP CONFIRMATION" echo "===========================================" echo "Proceeding with cleanup of all created resources..." log "Step 5: Cleaning up resources" # Delete the key log "Deleting key: $KEY_ARN" if ! DELETE_OUTPUT=$(aws payment-cryptography delete-key \ --key-identifier "$KEY_ARN" 2>&1); then handle_error "Failed to delete key" fi echo "$DELETE_OUTPUT" check_error "$DELETE_OUTPUT" "delete-key" log "Key scheduled for deletion. Default waiting period is 7 days." log "To cancel deletion before the waiting period ends, use:" log "aws payment-cryptography restore-key --key-identifier $KEY_ARN" echo "" echo "===========================================" echo "CLEANUP COMPLETE" echo "===========================================" echo "The key has been scheduled for deletion after the default waiting period (7 days)." echo "To cancel deletion before the waiting period ends, use:" echo "aws payment-cryptography restore-key --key-identifier $KEY_ARN" log "Tutorial completed successfully" echo "" echo "Tutorial completed successfully. See $LOG_FILE for details."-
如需 API 詳細資訊,請參閱《AWS CLI 命令參考》中的下列主題。
-
