doubei3312 2015-09-22 18:52
浏览 59
已采纳

EBS支付网关:安全哈希算法

I am bit confused about the way you should calculate the hash. The integration guide and some integration kits calculates from all sorted parameters (PHP kit has got this part of the code commented out). However the PHP integration kit and some online tutorials calculates the request hash only from several of them (secret key,account id, amount, order, return url and mode) and actually works.

I am looking for an explanations of this state.

Also I am experiencing some difficulties with calculating the response hash.

$data = $config['secretKey'];
$hash = $params['SecureHash'];
unset($params['SecureHash']);
ksort($params);
foreach ($params as $param) {
    if (strlen($param) > 0) {
        $data .= '|' . $param;
    };
}
$data = hash($config['hashAlgoritm'], $data); // The same hash algorithm used for request
return $data == $hash;

Also the response does not seem to contain the AccountID.

ResponseCode = '0'
ResponseMessage = 'Transaction Successful'
DateCreated = '2015-09-23 00:18:15'
PaymentID = '42609232'
MerchantRefNo = '223'
Amount = '1.00'
Mode = 'TEST'
BillingName = 'John Raj'
BillingAddress = 'Arcot Road'
BillingCity = 'Chennai'
BillingState = 'Tamil Nadu'
BillingPostalCode = '600001'
BillingCountry = 'IND'
BillingPhone = '04423452345'
BillingEmail = 'test@40test.test'
DeliveryName = 'John Esak'
DeliveryAddress = 'Arcot Road'
DeliveryCity = 'Chennai'
DeliveryState = 'Tamil Nadu'
DeliveryPostalCode  = '600001'
DeliveryCountry = 'IND'
DeliveryPhone = '04423452345'
Description = 'Test Order Description'
IsFlagged = 'NO'
TransactionID = '110978476'
PaymentMethod = '1001'
RequestID = '7331147'
SecureHash = 'f9101f3cbf53be4da75e51c208775953'
  • 写回答

1条回答 默认 最新

  • donglin9068 2015-09-27 20:53
    关注

    Request

    So far, the calculating the request hash from the secret key, account id, amount, reference number, return url and mode seems as the right way.

    $hashData = 'The secret key';
$hashType = 'md5'; // md5|sha1|sha250
$hash .= "|" . urlencode($params['account_id']) . "|"
      . urlencode($params['amount']) . "|"
      . urlencode($params['reference_no']) . "|" 
      . $params['return_url'] . "|"
      . urlencode($params['mode']);
return hash($hashType, $hashData);

    Response

    As for the response I was unable to reconstruct the way the secure hash should be calculated or even if the secure hash should be used for the verification at all. So I have switched to using the encrypted version of the response.

    EBS does not specify what sort of algorithm should be used but it seams that it is some sort of RC4 cipher.

    To use the encrypted response the return url must complain the following format as specified in knowledgebase: 'http://www.yourdomainname.com/response.extension?DR={DR}'

    $DR = preg_replace("/\s/","+",$_GET['DR']);
$rc4 = new Crypt_RC4($secret_key);
$QueryString = base64_decode($DR);

$rc4->decrypt($QueryString);
$QueryString = explode('&',$QueryString);

$response = array();
foreach($QueryString as $param){
    $param = explode('=',$param);
    $response[$param[0]] = urldecode($param[1]);
}
return $response

    The Crypt_RC43 class is then provided by EBS inside of Rc43 file which is part of the integration kits.

    Note: The Rc43 file is not part of every integration kit. Some kits even includes the Crypt_RC43 class as private inner class of the controller. For mine implementation I have used the Rc43 file contained in Wordpress-3.7.x Donate integration kit.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 求京东批量付款能替代天诚
  • ¥15 slaris 系统断电后,重新开机后一直自动重启
  • ¥15 51寻迹小车定点寻迹
  • ¥15 谁能帮我看看这拒稿理由啥意思啊阿啊
  • ¥15 关于vue2中methods使用call修改this指向的问题
  • ¥15 idea自动补全键位冲突
  • ¥15 请教一下写代码,代码好难
  • ¥15 iis10中如何阻止别人网站重定向到我的网站
  • ¥15 滑块验证码移动速度不一致问题
  • ¥15 Utunbu中vscode下cern root工作台中写的程序root的头文件无法包含