public IActionResult Sign(string partnerCode, string input)
{
_external.SetPartnerCode();
var t1 = _external.GetInfoUser("0000000043");
var t2 = _external.PayIn("0170013731", "0000000043", 1000, "test");
_encrypt.SetKey(partnerCode);
var signed = _encrypt.EncryptData(input, "");
return(Ok(signed));
}
public bool PayIn(string source, string dest, decimal amount, string message)
{
long timestamp = ((DateTimeOffset)DateTime.UtcNow).ToUnixTimeSeconds();
string hash = Encrypting.HMD5Hash($"{_partnerCode}|{timestamp.ToString()}|{source}|{dest}|{(int)amount}|{message}", _secretKey);
_encrypt.SetKey(_setting.BankCode);
var obj = new
{
from_account_number = source,
to_account_number = dest,
amount = amount,
message = message
};
var headers = new Dictionary <string, string>()
{
{ "partner_code", _partnerCode },
{ "timestamp", timestamp.ToString() },
{ "hash", hash },
{ "signature", _encrypt.EncryptData(hash, _secretKey) }
};
var info = CallAPIHelper.CallAPI <ExternalBankRes <ExternalTransferMoneyResponse> >(string.Concat(_url, "api/transactions/receive_external"), "POST", obj, headers, addQueryParams: true);
if (info != null)
{
return(info.data.is_success);
}
else
{
return(false);
}
}
public override List <ICardDetails> Select()
{
try
{
bool Response = new Security(UserProfileObj).AuthenticateUser();
if (Response == true)
{
List <ICardDetails> DecryptedCardDetailsList = new List <ICardDetails>();
foreach (ICardDetails EncryptedCardObj in CardDetailsDataLayerObj.Select())
{
ICardDetails DecryptedCardDetails = new CardDetails();
AESObj.SetIV(EncryptedCardObj.GetIV());
AESObj.SetKey(EncryptedCardObj.GetDecryptionKey());
DecryptedCardDetails.SetCardID(EncryptedCardObj.GetCardID());
DecryptedCardDetails.SetName(AESObj.Decrypt(EncryptedCardObj.GetName()));
DecryptedCardDetails.SetCardNumber(AESObj.Decrypt(EncryptedCardObj.GetCardNumber()).ToString());
DecryptedCardDetails.SetExpiryMonth(AESObj.Decrypt(EncryptedCardObj.GetExpiryMonth()));
DecryptedCardDetails.SetExpiryYear(AESObj.Decrypt(EncryptedCardObj.GetExpiryYear()));
DecryptedCardDetails.SetCvv(AESObj.Decrypt(EncryptedCardObj.GetCvv()));
DecryptedCardDetailsList.Add(DecryptedCardDetails);
}
return(DecryptedCardDetailsList);
}
else
{
return(null);
}
}
catch (NullReferenceException nex)
{
Logger.Instance().Log(Warn.Instance(), new LogInfo("Received null reference while fetching card details (Routine : AuthenticateUser), might be token manipulation. Check token : " + UserProfileObj.GetToken()));
throw nex;
}
catch (Exception ex)
{
Logger.Instance().Log(Fatal.Instance(), ex);
throw ex;
}
}
/// <summary>
///
/// </summary>
/// <param name="request"></param>
/// <returns></returns>
private Tuple <int, string> CheckBasicAuthenForPartner(HttpRequest request)
{
StringBuilder log = new StringBuilder();
Tuple <int, string> result = new Tuple <int, string>(1, "success");
try
{
try
{
log.AppendLine(request.Path.Value);
log.AppendLine(JsonConvert.SerializeObject(request.Headers));
var task = Task.Run(() => ReadRequestBody(request)).GetAwaiter();
log.AppendLine(task.GetResult());
}
catch (Exception)
{
log.AppendLine("null body");
}
var keys = new[] {
"f936792f71344a6eabf773f18e2694e4",
"99793bb9137042a3a7f15950f1215950",// khuê
"bkt.partner"
};
long timestampReq = long.Parse(request.Query["timestamp"].ToString());
string keyReq = request.Query["partner_code"].ToString();
string checksumReq = request.Query["hash"].ToString();
// A kiểm tra lời gọi api có phải xuất phát từ B (đã đăng ký liên kết từ trước) hay không
if (!keys.Any(x => x.Equals(keyReq)))
{
return(new Tuple <int, string>(400, "partner_code invalid"));
}
// A kiểm tra xem lời gọi này là mới hay là thông tin cũ đã quá hạn
long timestamp = ((DateTimeOffset)DateTime.UtcNow.AddMinutes(-180)).ToUnixTimeSeconds();
if (timestamp > timestampReq)
{
return(new Tuple <int, string>(400, "timestamp expired"));
}
// Check toàn vẹn dữ liệu
if (request.Method.Equals("POST"))
{
if (request.Path.Value.ToLower().Contains("api/transactions/receive_external".ToLower()))
{
var infoPartner = _linkingBank.GetLinkingBankById(new Models.Filters.LinkingBankFilter()
{
Code = keyReq
});
if (infoPartner == null)
{
return(new Tuple <int, string>(500, "internal server error"));
}
var task = Task.Run(() => ReadRequestBody(request)).GetAwaiter();
var temp = task.GetResult();
var obj = JsonConvert.DeserializeObject <TransferMoneyRequest>(temp);
string secretKey = infoPartner.SecretKey;
string input = $"{keyReq}|{timestampReq}|{obj.from_account_number}|{obj.to_account_number}|{(int)obj.amount}|{obj.message}";
if (!Encrypting.HMD5Verify(input, checksumReq, secretKey))
{
log.Append("Hash: false");
return(new Tuple <int, string>(400, "hash invalid"));
}
// Nếu là controller partners thì check thêm mã hóa bất đối xứng
string encrypt = request.Query["signature"].ToString();
if (!string.IsNullOrWhiteSpace(encrypt))
{
string hash = Encrypting.HMD5Hash(input, secretKey);
_encrypt.SetKey(keyReq);
if (_encrypt.DecryptData(encrypt, hash))
{
return(result);
}
else
{
log.Append("DecryptData: false");
return(new Tuple <int, string>(400, "signature invalid"));
}
}
else
{
log.Append("DecryptData: false");
return(new Tuple <int, string>(400, "signature invalid"));
}
}
else if (request.Path.Value.ToLower().Contains("api/transactions/query_info".ToLower()))
{
var infoPartner = _linkingBank.GetLinkingBankById(new Models.Filters.LinkingBankFilter()
{
Code = keyReq
});
if (infoPartner == null)
{
return(new Tuple <int, string>(500, "internal server error"));
}
var task = Task.Run(() => ReadRequestBody(request)).GetAwaiter();
var temp = task.GetResult();
var obj = JsonConvert.DeserializeObject <InfoUserRequest>(temp);
string secretKey = infoPartner.SecretKey;
string hash = $"{keyReq}|{timestampReq}|{obj.account_number}";
if (!Encrypting.HMD5Verify(hash, checksumReq, secretKey))
{
log.Append("Hash: false");
return(new Tuple <int, string>(400, "hash invalid"));
}
}
else
{
return(new Tuple <int, string>(400, "invalid url"));
}
}
}
catch (Exception ex)
{
log.Append(ex.Message);
return(new Tuple <int, string>(500, "internal server error"));
}
finally
{
LoggingTxt.InsertLog(log.ToString());
}
return(result);
}
