Authorize.Net AIM 响应中缺少 HMAC-SHA512 哈希
HMAC-SHA512 hash missing from Authorize.Net AIM response
我被 Authorize.Net's recent retirement of the md5 hash 打了个措手不及,以验证他们对 AIM 交易的响应。我正在尝试修复一些遗留代码,以使我们的遗留站点一瘸一拐地运行,直到我们可以重建站点——它不会 运行 最新的 Authorize.Net PHP SDK 所以请这样做不建议回答这个问题。
在尝试修复此遗留代码时,我无法获得测试交易(甚至一些测试交易 运行 使用 live/production 凭据)来提供 [=] 中承诺的 HMAC-SHA512 哈希15=] 在标题为 "Authenticating the Response."
的部分
这是来自 AIM 交易的示例原始响应:
"1"|"1"|"1"|"This transaction has been approved."|"52R4QE"|"Y"|"40034138508"|"2019-07-0269072"|"Purchase Description Blah Blah Blah"|"99.95"|"CC"|"auth_capture"|"3"|"Joe"|"Test"|"n/a"|"123 Main St."|"Los Angeles"|"CA"|"90026"|"US"|""|""|"joe.test@example.com"|""|""|""|""|""|""|""|""|""|""|""|""|""|""|"P"|"2"|""|""|""|""|""|""|""|""|""|""|"XXXX1111"|"Visa"|""|""|""|""|""|""|""|""|""|""|""|""|""|""|""|""|""
根据 AIM 指南:
"The last field in the response contains the HMAC-SHA512 hash that Authorize.Net generated for the transaction, which can be used to authenticate the response. To use it, construct an HMAC-SHA512 hash..."
这似乎根本不是这种情况。这个 HMAC 是否只存在于某些类型的交易中?不是沙盒网关提供的吗?这是怎么回事? HMAC-SHA512 哈希在哪里?
这里有一个 PHP 脚本可以说明我的问题:
<?php
$now = time();
// AUTOMATICALLY GENERATE AN INVOICE NUMBER
$invoice_number = date('Y', $now) . "-" . date('m', $now) . "-" . date('d', $now) . rand(0,100000);
// Authorize.net credentials
$api_login_id = "<YOUR API-LOGIN-ID-HERE>";
$transaction_key = "<YOUR TRANSACTION KEY HERE>";
$authnet_values = array(
// "x_test_request" => "TRUE",
"x_login" => $api_login_id,
"x_version" => "3.1",
"x_delim_char" => "|",
"x_encap_char" => "\"",
"x_delim_data" => "TRUE",
"x_url" => "FALSE",
"x_type" => "AUTH_CAPTURE",
"x_method" => "CC",
"x_tran_key" => $transaction_key,
"x_relay_response" => "FALSE",
"x_card_num" => "4111111111111111",
"x_exp_date" => "01-2020",
"x_description" => "TEST TRANSACTION " . uniqid(),
"x_amount" => 12.34,
"x_currency_code" => "USD",
"x_cust_id" => 1234,
"x_first_name" => "Joe",
"x_last_name" => "Test",
"x_company" => "",
"x_address" => "123 Main St.",
"x_city" => "Springfield",
"x_state" => "MO",
"x_zip" => "12345",
"x_email" => "Joe.Text@example.com",
"x_invoice_num" => uniqid(),
);
$fields = "";
foreach( $authnet_values as $key => $value ) $fields .= "$key=" . urlencode( $value ) . "&";
// ========== !!! DO THE TRANSACTION !!! ==========
// URL of gateway for cURL to post to
$url = "https://test.authorize.net/gateway/transact.dll";
//$url = "https://secure.authorize.net/gateway/transact.dll";
$ch = curl_init($url)
or die("Couldn't establish connection to payment gateway, code 1");
// set to 0 to eliminate header info from response
curl_setopt($ch, CURLOPT_HEADER, 0)
or die("Couldn't establish connection to payment gateway, code 2");
// Returns response data instead of printing it out directly
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1)
or die("Couldn't establish connection to payment gateway, code 3");
// use HTTP POST to send form data
curl_setopt($ch, CURLOPT_POST, TRUE)
or die("Couldn't establish connection to payment gateway, code 4a");
// supply POST data
curl_setopt($ch, CURLOPT_POSTFIELDS, rtrim( $fields, "& " ))
or die("Couldn't establish connection to payment gateway, code 4b");
// Optionally use an old cert bundle or we face ssl authentication problems
//curl_setopt($ch, CURLOPT_CAINFO, '/var/www/ca-bundle/old-ca-bundle.pem')
// or die("Could not establish connection to payment gateway, code 5");
$resp = curl_exec($ch); //execute post and get results
echo "=== RAW ===\n";
print_r($resp);
echo "=== END RAW ===\n";
$curl_info = curl_getinfo($ch);
$curl_info["curl_error"] = curl_error($ch);
$curl_info["curl_errno"] = curl_errno($ch);
echo "=== CURL_INFO ===\n";
print_r($curl_info);
echo "=== END CURL_INFO ===\n";
curl_close ($ch);
$parsed = str_getcsv($resp, '|');
echo "=== PARSED ===\n";
print_r($parsed);
echo "=== END PARSED ===\n";
你的代码适合我:
C:\php\php.exe C:\Users\jconde\.PhpStorm2019.1\config\scratches\scratch.php
=== RAW ===
"1"|"1"|"1"|"This transaction has been approved."|"9FUGIS"|"Y"|"40034159620"|"5d1c987e8d88e"|"TEST TRANSACTION 5d1c987e8d4a6"|"12.34"|"CC"|"auth_capture"|"1234"|"Joe"|"Test"|""|"123 Main St."|"Springfield"|"MO"|"12345"|""|""|""|"Joe.Text@example.com"|""|""|""|""|""|""|""|""|""|""|""|""|""|""|"P"|"2"|""|""|""|""|""|""|""|""|""|""|"XXXX1111"|"Visa"|""|""|""|""|""|""|""|""|""|""|""|""|""|""|""|""|"FALSE"|"194894850DF855D0B801F3691203A98CB2EC6C5C1F71E06917FA699065412664DCD7BC35FE2918937BBAB8DCB460DA9E8741799E455CB1D7CCA6BEFEBA71DCC2"=== END RAW ===
=== CURL_INFO ===
Array
(
[url] => https://test.authorize.net/gateway/transact.dll
[content_type] => text/html
[http_code] => 200
[header_size] => 228
[request_size] => 636
[filetime] => -1
[ssl_verify_result] => 20
[redirect_count] => 0
[total_time] => 0.375
[namelookup_time] => 0.063
[connect_time] => 0.078
[pretransfer_time] => 0.11
[size_upload] => 488
[size_download] => 535
[speed_download] => 1426
[speed_upload] => 1301
[download_content_length] => 535
[upload_content_length] => 488
[starttransfer_time] => 0.375
[redirect_time] => 0
[redirect_url] =>
[primary_ip] => 23.219.20.24
[certinfo] => Array
(
)
[primary_port] => 443
[local_ip] => 10.21.50.28
[local_port] => 57726
[curl_error] =>
[curl_errno] => 0
)
=== END CURL_INFO ===
=== PARSED ===
Array
(
[0] => 1
[1] => 1
[2] => 1
[3] => This transaction has been approved.
[4] => 9FUGIS
[5] => Y
[6] => 40034159620
[7] => 5d1c987e8d88e
[8] => TEST TRANSACTION 5d1c987e8d4a6
[9] => 12.34
[10] => CC
[11] => auth_capture
[12] => 1234
[13] => Joe
[14] => Test
[15] =>
[16] => 123 Main St.
[17] => Springfield
[18] => MO
[19] => 12345
[20] =>
[21] =>
[22] =>
[23] => Joe.Text@example.com
[24] =>
[25] =>
[26] =>
[27] =>
[28] =>
[29] =>
[30] =>
[31] =>
[32] =>
[33] =>
[34] =>
[35] =>
[36] =>
[37] =>
[38] => P
[39] => 2
[40] =>
[41] =>
[42] =>
[43] =>
[44] =>
[45] =>
[46] =>
[47] =>
[48] =>
[49] =>
[50] => XXXX1111
[51] => Visa
[52] =>
[53] =>
[54] =>
[55] =>
[56] =>
[57] =>
[58] =>
[59] =>
[60] =>
[61] =>
[62] =>
[63] =>
[64] =>
[65] =>
[66] =>
[67] =>
[68] => FALSE
[69] => 194894850DF855D0B801F3691203A98CB2EC6C5C1F71E06917FA699065412664DCD7BC35FE2918937BBAB8DCB460DA9E8741799E455CB1D7CCA6BEFEBA71DCC2
)
=== END PARSED ===
Process finished with exit code 0
确保您已生成签名密钥。没有一个,将不会为您计算哈希值,因为生成它需要签名密钥)。
我被 Authorize.Net's recent retirement of the md5 hash 打了个措手不及,以验证他们对 AIM 交易的响应。我正在尝试修复一些遗留代码,以使我们的遗留站点一瘸一拐地运行,直到我们可以重建站点——它不会 运行 最新的 Authorize.Net PHP SDK 所以请这样做不建议回答这个问题。
在尝试修复此遗留代码时,我无法获得测试交易(甚至一些测试交易 运行 使用 live/production 凭据)来提供 [=] 中承诺的 HMAC-SHA512 哈希15=] 在标题为 "Authenticating the Response."
的部分这是来自 AIM 交易的示例原始响应:
"1"|"1"|"1"|"This transaction has been approved."|"52R4QE"|"Y"|"40034138508"|"2019-07-0269072"|"Purchase Description Blah Blah Blah"|"99.95"|"CC"|"auth_capture"|"3"|"Joe"|"Test"|"n/a"|"123 Main St."|"Los Angeles"|"CA"|"90026"|"US"|""|""|"joe.test@example.com"|""|""|""|""|""|""|""|""|""|""|""|""|""|""|"P"|"2"|""|""|""|""|""|""|""|""|""|""|"XXXX1111"|"Visa"|""|""|""|""|""|""|""|""|""|""|""|""|""|""|""|""|""
根据 AIM 指南:
"The last field in the response contains the HMAC-SHA512 hash that Authorize.Net generated for the transaction, which can be used to authenticate the response. To use it, construct an HMAC-SHA512 hash..."
这似乎根本不是这种情况。这个 HMAC 是否只存在于某些类型的交易中?不是沙盒网关提供的吗?这是怎么回事? HMAC-SHA512 哈希在哪里?
这里有一个 PHP 脚本可以说明我的问题:
<?php
$now = time();
// AUTOMATICALLY GENERATE AN INVOICE NUMBER
$invoice_number = date('Y', $now) . "-" . date('m', $now) . "-" . date('d', $now) . rand(0,100000);
// Authorize.net credentials
$api_login_id = "<YOUR API-LOGIN-ID-HERE>";
$transaction_key = "<YOUR TRANSACTION KEY HERE>";
$authnet_values = array(
// "x_test_request" => "TRUE",
"x_login" => $api_login_id,
"x_version" => "3.1",
"x_delim_char" => "|",
"x_encap_char" => "\"",
"x_delim_data" => "TRUE",
"x_url" => "FALSE",
"x_type" => "AUTH_CAPTURE",
"x_method" => "CC",
"x_tran_key" => $transaction_key,
"x_relay_response" => "FALSE",
"x_card_num" => "4111111111111111",
"x_exp_date" => "01-2020",
"x_description" => "TEST TRANSACTION " . uniqid(),
"x_amount" => 12.34,
"x_currency_code" => "USD",
"x_cust_id" => 1234,
"x_first_name" => "Joe",
"x_last_name" => "Test",
"x_company" => "",
"x_address" => "123 Main St.",
"x_city" => "Springfield",
"x_state" => "MO",
"x_zip" => "12345",
"x_email" => "Joe.Text@example.com",
"x_invoice_num" => uniqid(),
);
$fields = "";
foreach( $authnet_values as $key => $value ) $fields .= "$key=" . urlencode( $value ) . "&";
// ========== !!! DO THE TRANSACTION !!! ==========
// URL of gateway for cURL to post to
$url = "https://test.authorize.net/gateway/transact.dll";
//$url = "https://secure.authorize.net/gateway/transact.dll";
$ch = curl_init($url)
or die("Couldn't establish connection to payment gateway, code 1");
// set to 0 to eliminate header info from response
curl_setopt($ch, CURLOPT_HEADER, 0)
or die("Couldn't establish connection to payment gateway, code 2");
// Returns response data instead of printing it out directly
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1)
or die("Couldn't establish connection to payment gateway, code 3");
// use HTTP POST to send form data
curl_setopt($ch, CURLOPT_POST, TRUE)
or die("Couldn't establish connection to payment gateway, code 4a");
// supply POST data
curl_setopt($ch, CURLOPT_POSTFIELDS, rtrim( $fields, "& " ))
or die("Couldn't establish connection to payment gateway, code 4b");
// Optionally use an old cert bundle or we face ssl authentication problems
//curl_setopt($ch, CURLOPT_CAINFO, '/var/www/ca-bundle/old-ca-bundle.pem')
// or die("Could not establish connection to payment gateway, code 5");
$resp = curl_exec($ch); //execute post and get results
echo "=== RAW ===\n";
print_r($resp);
echo "=== END RAW ===\n";
$curl_info = curl_getinfo($ch);
$curl_info["curl_error"] = curl_error($ch);
$curl_info["curl_errno"] = curl_errno($ch);
echo "=== CURL_INFO ===\n";
print_r($curl_info);
echo "=== END CURL_INFO ===\n";
curl_close ($ch);
$parsed = str_getcsv($resp, '|');
echo "=== PARSED ===\n";
print_r($parsed);
echo "=== END PARSED ===\n";
你的代码适合我:
C:\php\php.exe C:\Users\jconde\.PhpStorm2019.1\config\scratches\scratch.php
=== RAW ===
"1"|"1"|"1"|"This transaction has been approved."|"9FUGIS"|"Y"|"40034159620"|"5d1c987e8d88e"|"TEST TRANSACTION 5d1c987e8d4a6"|"12.34"|"CC"|"auth_capture"|"1234"|"Joe"|"Test"|""|"123 Main St."|"Springfield"|"MO"|"12345"|""|""|""|"Joe.Text@example.com"|""|""|""|""|""|""|""|""|""|""|""|""|""|""|"P"|"2"|""|""|""|""|""|""|""|""|""|""|"XXXX1111"|"Visa"|""|""|""|""|""|""|""|""|""|""|""|""|""|""|""|""|"FALSE"|"194894850DF855D0B801F3691203A98CB2EC6C5C1F71E06917FA699065412664DCD7BC35FE2918937BBAB8DCB460DA9E8741799E455CB1D7CCA6BEFEBA71DCC2"=== END RAW ===
=== CURL_INFO ===
Array
(
[url] => https://test.authorize.net/gateway/transact.dll
[content_type] => text/html
[http_code] => 200
[header_size] => 228
[request_size] => 636
[filetime] => -1
[ssl_verify_result] => 20
[redirect_count] => 0
[total_time] => 0.375
[namelookup_time] => 0.063
[connect_time] => 0.078
[pretransfer_time] => 0.11
[size_upload] => 488
[size_download] => 535
[speed_download] => 1426
[speed_upload] => 1301
[download_content_length] => 535
[upload_content_length] => 488
[starttransfer_time] => 0.375
[redirect_time] => 0
[redirect_url] =>
[primary_ip] => 23.219.20.24
[certinfo] => Array
(
)
[primary_port] => 443
[local_ip] => 10.21.50.28
[local_port] => 57726
[curl_error] =>
[curl_errno] => 0
)
=== END CURL_INFO ===
=== PARSED ===
Array
(
[0] => 1
[1] => 1
[2] => 1
[3] => This transaction has been approved.
[4] => 9FUGIS
[5] => Y
[6] => 40034159620
[7] => 5d1c987e8d88e
[8] => TEST TRANSACTION 5d1c987e8d4a6
[9] => 12.34
[10] => CC
[11] => auth_capture
[12] => 1234
[13] => Joe
[14] => Test
[15] =>
[16] => 123 Main St.
[17] => Springfield
[18] => MO
[19] => 12345
[20] =>
[21] =>
[22] =>
[23] => Joe.Text@example.com
[24] =>
[25] =>
[26] =>
[27] =>
[28] =>
[29] =>
[30] =>
[31] =>
[32] =>
[33] =>
[34] =>
[35] =>
[36] =>
[37] =>
[38] => P
[39] => 2
[40] =>
[41] =>
[42] =>
[43] =>
[44] =>
[45] =>
[46] =>
[47] =>
[48] =>
[49] =>
[50] => XXXX1111
[51] => Visa
[52] =>
[53] =>
[54] =>
[55] =>
[56] =>
[57] =>
[58] =>
[59] =>
[60] =>
[61] =>
[62] =>
[63] =>
[64] =>
[65] =>
[66] =>
[67] =>
[68] => FALSE
[69] => 194894850DF855D0B801F3691203A98CB2EC6C5C1F71E06917FA699065412664DCD7BC35FE2918937BBAB8DCB460DA9E8741799E455CB1D7CCA6BEFEBA71DCC2
)
=== END PARSED ===
Process finished with exit code 0
确保您已生成签名密钥。没有一个,将不会为您计算哈希值,因为生成它需要签名密钥)。