doubei3312 2015-09-22 18:52
浏览 59
已采纳

EBS支付网关:安全哈希算法

I am bit confused about the way you should calculate the hash. The integration guide and some integration kits calculates from all sorted parameters (PHP kit has got this part of the code commented out). However the PHP integration kit and some online tutorials calculates the request hash only from several of them (secret key,account id, amount, order, return url and mode) and actually works.

I am looking for an explanations of this state.

Also I am experiencing some difficulties with calculating the response hash.

$data = $config['secretKey'];
$hash = $params['SecureHash'];
unset($params['SecureHash']);
ksort($params);
foreach ($params as $param) {
    if (strlen($param) > 0) {
        $data .= '|' . $param;
    };
}
$data = hash($config['hashAlgoritm'], $data); // The same hash algorithm used for request
return $data == $hash;

Also the response does not seem to contain the AccountID.

ResponseCode = '0'
ResponseMessage = 'Transaction Successful'
DateCreated = '2015-09-23 00:18:15'
PaymentID = '42609232'
MerchantRefNo = '223'
Amount = '1.00'
Mode = 'TEST'
BillingName = 'John Raj'
BillingAddress = 'Arcot Road'
BillingCity = 'Chennai'
BillingState = 'Tamil Nadu'
BillingPostalCode = '600001'
BillingCountry = 'IND'
BillingPhone = '04423452345'
BillingEmail = 'test@40test.test'
DeliveryName = 'John Esak'
DeliveryAddress = 'Arcot Road'
DeliveryCity = 'Chennai'
DeliveryState = 'Tamil Nadu'
DeliveryPostalCode  = '600001'
DeliveryCountry = 'IND'
DeliveryPhone = '04423452345'
Description = 'Test Order Description'
IsFlagged = 'NO'
TransactionID = '110978476'
PaymentMethod = '1001'
RequestID = '7331147'
SecureHash = 'f9101f3cbf53be4da75e51c208775953'
  • 写回答

1条回答 默认 最新

  • donglin9068 2015-09-27 20:53
    关注

    Request

    So far, the calculating the request hash from the secret key, account id, amount, reference number, return url and mode seems as the right way.

    $hashData = 'The secret key';
    $hashType = 'md5'; // md5|sha1|sha250
    $hash .= "|" . urlencode($params['account_id']) . "|"
          . urlencode($params['amount']) . "|"
          . urlencode($params['reference_no']) . "|" 
          . $params['return_url'] . "|"
          . urlencode($params['mode']);
    return hash($hashType, $hashData);
    

    Response

    As for the response I was unable to reconstruct the way the secure hash should be calculated or even if the secure hash should be used for the verification at all. So I have switched to using the encrypted version of the response.

    EBS does not specify what sort of algorithm should be used but it seams that it is some sort of RC4 cipher.

    To use the encrypted response the return url must complain the following format as specified in knowledgebase: 'http://www.yourdomainname.com/response.extension?DR={DR}'

    $DR = preg_replace("/\s/","+",$_GET['DR']);
    $rc4 = new Crypt_RC4($secret_key);
    $QueryString = base64_decode($DR);
    
    $rc4->decrypt($QueryString);
    $QueryString = explode('&',$QueryString);
    
    $response = array();
    foreach($QueryString as $param){
        $param = explode('=',$param);
        $response[$param[0]] = urldecode($param[1]);
    }
    return $response
    

    The Crypt_RC43 class is then provided by EBS inside of Rc43 file which is part of the integration kits.

    Note: The Rc43 file is not part of every integration kit. Some kits even includes the Crypt_RC43 class as private inner class of the controller. For mine implementation I have used the Rc43 file contained in Wordpress-3.7.x Donate integration kit.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥100 华为ensp只要2-9实验运行结果能做的来
  • ¥15 我这个代码哪里有问题 acm 平台上显示错误 90%,我自己运行好像没什么问题
  • ¥50 C#编程中使用printDocument类实现文字排版打印问题
  • ¥15 找会编程的帅哥美女 可以用MATLAB里面的simulink编程,用Keil5编也可以。
  • ¥15 已知隐函数其中一个变量τ的具体值,求另一个变量
  • ¥15 r语言Hurst指数
  • ¥15 Acrn IVSHMEM doorbell问题
  • ¥15 yolov5中的val测试集训练时数量变小问题
  • ¥15 MPLS/VPN实验中MPLS的配置问题
  • ¥15 materialstudio氢键计算问题