doubei3312 2015-09-22 18:52
浏览 59
已采纳

EBS支付网关:安全哈希算法

I am bit confused about the way you should calculate the hash. The integration guide and some integration kits calculates from all sorted parameters (PHP kit has got this part of the code commented out). However the PHP integration kit and some online tutorials calculates the request hash only from several of them (secret key,account id, amount, order, return url and mode) and actually works.

I am looking for an explanations of this state.

Also I am experiencing some difficulties with calculating the response hash.

$data = $config['secretKey'];
$hash = $params['SecureHash'];
unset($params['SecureHash']);
ksort($params);
foreach ($params as $param) {
    if (strlen($param) > 0) {
        $data .= '|' . $param;
    };
}
$data = hash($config['hashAlgoritm'], $data); // The same hash algorithm used for request
return $data == $hash;

Also the response does not seem to contain the AccountID.

ResponseCode = '0'
ResponseMessage = 'Transaction Successful'
DateCreated = '2015-09-23 00:18:15'
PaymentID = '42609232'
MerchantRefNo = '223'
Amount = '1.00'
Mode = 'TEST'
BillingName = 'John Raj'
BillingAddress = 'Arcot Road'
BillingCity = 'Chennai'
BillingState = 'Tamil Nadu'
BillingPostalCode = '600001'
BillingCountry = 'IND'
BillingPhone = '04423452345'
BillingEmail = 'test@40test.test'
DeliveryName = 'John Esak'
DeliveryAddress = 'Arcot Road'
DeliveryCity = 'Chennai'
DeliveryState = 'Tamil Nadu'
DeliveryPostalCode  = '600001'
DeliveryCountry = 'IND'
DeliveryPhone = '04423452345'
Description = 'Test Order Description'
IsFlagged = 'NO'
TransactionID = '110978476'
PaymentMethod = '1001'
RequestID = '7331147'
SecureHash = 'f9101f3cbf53be4da75e51c208775953'
  • 写回答

1条回答 默认 最新

  • donglin9068 2015-09-27 20:53
    关注

    Request

    So far, the calculating the request hash from the secret key, account id, amount, reference number, return url and mode seems as the right way.

    $hashData = 'The secret key';
    $hashType = 'md5'; // md5|sha1|sha250
    $hash .= "|" . urlencode($params['account_id']) . "|"
          . urlencode($params['amount']) . "|"
          . urlencode($params['reference_no']) . "|" 
          . $params['return_url'] . "|"
          . urlencode($params['mode']);
    return hash($hashType, $hashData);
    

    Response

    As for the response I was unable to reconstruct the way the secure hash should be calculated or even if the secure hash should be used for the verification at all. So I have switched to using the encrypted version of the response.

    EBS does not specify what sort of algorithm should be used but it seams that it is some sort of RC4 cipher.

    To use the encrypted response the return url must complain the following format as specified in knowledgebase: 'http://www.yourdomainname.com/response.extension?DR={DR}'

    $DR = preg_replace("/\s/","+",$_GET['DR']);
    $rc4 = new Crypt_RC4($secret_key);
    $QueryString = base64_decode($DR);
    
    $rc4->decrypt($QueryString);
    $QueryString = explode('&',$QueryString);
    
    $response = array();
    foreach($QueryString as $param){
        $param = explode('=',$param);
        $response[$param[0]] = urldecode($param[1]);
    }
    return $response
    

    The Crypt_RC43 class is then provided by EBS inside of Rc43 file which is part of the integration kits.

    Note: The Rc43 file is not part of every integration kit. Some kits even includes the Crypt_RC43 class as private inner class of the controller. For mine implementation I have used the Rc43 file contained in Wordpress-3.7.x Donate integration kit.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 基于RTKLIB框架写的精密单点定位-AR
  • ¥15 PFENet的预训练权重
  • ¥15 程序哪有错误怎么改?
  • ¥15 交换机和交换机之间的链路带宽以及主机带宽的理解
  • ¥15 ai创想家对战模式代码
  • ¥15 集合A由3个2行4列二维数组构成,从集合A中任意取一个二维数组元素、如果该二维数组元素的对应列位置的上、下两数都是奇数,而且仅有2个列是奇数/奇数,则该数组有意义,并放入集合B中打印输出。
  • ¥15 电信IPV6 无法外网访问吗
  • ¥15 有偿求效果比较好的遥感影像匹配的c++代码
  • ¥15 博主,你好,我下载了你的智能网联汽车辅助驾驶安全信息检测系统,现在不会运行,可以教我吗,
  • ¥15 怎么在excle输入下列公式