doubei3312
2015-09-22 18:52
浏览 56
已采纳

EBS支付网关:安全哈希算法

I am bit confused about the way you should calculate the hash. The integration guide and some integration kits calculates from all sorted parameters (PHP kit has got this part of the code commented out). However the PHP integration kit and some online tutorials calculates the request hash only from several of them (secret key,account id, amount, order, return url and mode) and actually works.

I am looking for an explanations of this state.

Also I am experiencing some difficulties with calculating the response hash.

$data = $config['secretKey'];
$hash = $params['SecureHash'];
unset($params['SecureHash']);
ksort($params);
foreach ($params as $param) {
    if (strlen($param) > 0) {
        $data .= '|' . $param;
    };
}
$data = hash($config['hashAlgoritm'], $data); // The same hash algorithm used for request
return $data == $hash;

Also the response does not seem to contain the AccountID.

ResponseCode = '0'
ResponseMessage = 'Transaction Successful'
DateCreated = '2015-09-23 00:18:15'
PaymentID = '42609232'
MerchantRefNo = '223'
Amount = '1.00'
Mode = 'TEST'
BillingName = 'John Raj'
BillingAddress = 'Arcot Road'
BillingCity = 'Chennai'
BillingState = 'Tamil Nadu'
BillingPostalCode = '600001'
BillingCountry = 'IND'
BillingPhone = '04423452345'
BillingEmail = 'test@40test.test'
DeliveryName = 'John Esak'
DeliveryAddress = 'Arcot Road'
DeliveryCity = 'Chennai'
DeliveryState = 'Tamil Nadu'
DeliveryPostalCode  = '600001'
DeliveryCountry = 'IND'
DeliveryPhone = '04423452345'
Description = 'Test Order Description'
IsFlagged = 'NO'
TransactionID = '110978476'
PaymentMethod = '1001'
RequestID = '7331147'
SecureHash = 'f9101f3cbf53be4da75e51c208775953'

图片转代码服务由CSDN问答提供 功能建议

我对你应该计算哈希的方式感到有点困惑。 集成指南和一些集成工具包从所有已排序的参数计算(PHP工具包已将这部分代码注释掉)。 然而,PHP集成工具包和一些在线教程仅从其中几个(秘密密钥,帐户ID,金额,订单,返回URL和模式)计算请求哈希并且实际上有效。

I 我正在寻找这种状态的解释。

此外,我在计算响应哈希方面遇到了一些困难。

  $ data = $  config ['secretKey']; 
 $ hash = $ params ['SecureHash']; 
unset($ params ['SecureHash']); 
ksort($ params); 
foreach($ params as $ param){\  n if(strlen($ param)> 0){
 $ data。='|'  。  $ param; 
}; 
} 
 $ data = hash($ config ['hashAlgoritm'],$ data);  //用于request 
return $ data == $ hash; 
   
 
 

的相同哈希算法此外,响应似乎不包含AccountID。

  ResponseCode ='0'
ResponseMessage ='交易成功'
DateCreated ='2015-09-23 00:18:15'
PaymentID ='42609232'
MerchantRefNo ='223'\  nAmount ='1.00'
Mode ='TEST'
BillingName ='John Raj'
BillingAddress ='Arcot Road'
BillingCity ='Chennai'
BillingState ='Tamil Nadu'
BillingPostalCode ='600001'
BillingCountry ='IND'  
BillingPhone ='04423452345'
BillingEmail ='test@40test.test'
DeliveryName ='John Esak'
DeliveryAddress ='Arcot Road'
DeliveryCity ='Chennai'
DeliveryState ='Tamil Nadu'
DeliveryPostalCode ='600001'\  nDeliveryCountry ='IND'
DeliveryPhone ='04423452345'
Description ='测试订单描述'
IsFlagged ='NO'
TransactionID ='110978476'
PaymentMethod ='1001'
RequestID ='7331147'
SecureHash ='f9101f3cbf53be4da75e51c208775953'\  n   
 
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • donglin9068 2015-09-27 20:53
    已采纳

    Request

    So far, the calculating the request hash from the secret key, account id, amount, reference number, return url and mode seems as the right way.

    $hashData = 'The secret key';
    $hashType = 'md5'; // md5|sha1|sha250
    $hash .= "|" . urlencode($params['account_id']) . "|"
          . urlencode($params['amount']) . "|"
          . urlencode($params['reference_no']) . "|" 
          . $params['return_url'] . "|"
          . urlencode($params['mode']);
    return hash($hashType, $hashData);
    

    Response

    As for the response I was unable to reconstruct the way the secure hash should be calculated or even if the secure hash should be used for the verification at all. So I have switched to using the encrypted version of the response.

    EBS does not specify what sort of algorithm should be used but it seams that it is some sort of RC4 cipher.

    To use the encrypted response the return url must complain the following format as specified in knowledgebase: 'http://www.yourdomainname.com/response.extension?DR={DR}'

    $DR = preg_replace("/\s/","+",$_GET['DR']);
    $rc4 = new Crypt_RC4($secret_key);
    $QueryString = base64_decode($DR);
    
    $rc4->decrypt($QueryString);
    $QueryString = explode('&',$QueryString);
    
    $response = array();
    foreach($QueryString as $param){
        $param = explode('=',$param);
        $response[$param[0]] = urldecode($param[1]);
    }
    return $response
    

    The Crypt_RC43 class is then provided by EBS inside of Rc43 file which is part of the integration kits.

    Note: The Rc43 file is not part of every integration kit. Some kits even includes the Crypt_RC43 class as private inner class of the controller. For mine implementation I have used the Rc43 file contained in Wordpress-3.7.x Donate integration kit.

    点赞 打赏 评论

相关推荐 更多相似问题