public CardTransaction OnlinePayment(decimal amount, string destinationName, string destinationAccount, string cvv)
{
if (!CVV.Equals(cvv))
{
throw new CVVMismatchException(CVV, cvv);
}
var transaction = BankAccount.CreatePayment(amount, destinationName, destinationAccount, "Online Payment");
var cardTransaction = CardTransaction.Create(transaction, CardTransactionType.Online);
cardTransactions.Add(cardTransaction);
return(cardTransaction);
}
public static void Thread1(object sock)
{
string sendMessage, receiveMessage;
Common c = new Common();
Socket socket = (Socket)sock;
//nhận message từ gateway
string issuerPrivateKey = File.ReadAllText("d:/file/IssuerPrivateKey.xml");
receiveMessage = c.receive(socket);
string[] splitAuthReq = receiveMessage.Split('-');
ForwardAuthorizationRequest forwardAuthorization = new ForwardAuthorizationRequest(splitAuthReq[0], splitAuthReq[1], splitAuthReq[2], splitAuthReq[3]);
Console.WriteLine("verify gateway forward authorization: " + forwardAuthorization.verify(issuerPrivateKey));
string PI = forwardAuthorization.getPI(issuerPrivateKey);
string cardNumber, CVV, dateValid, transID;
long tien;
string[] splitPI = PI.Split(':');
transID = splitPI[0];
cardNumber = splitPI[3];
CVV = splitPI[4];
dateValid = splitPI[5];
tien = Convert.ToInt64(splitPI[6]);
//connect SQL server
SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder();
builder.DataSource = "localhost";
builder.UserID = "sa";
builder.Password = "******";
builder.InitialCatalog = "Bank";
bool flag = false;
using (SqlConnection connection = new SqlConnection(builder.ConnectionString))
{
connection.Open();
string sql;
StringBuilder sb = new StringBuilder();
sql = "SELECT CardNumber, CVV, DateValid FROM Issuer;";
using (SqlCommand command = new SqlCommand(sql, connection))
{
string a;
using (SqlDataReader reader = command.ExecuteReader())
{
while (reader.Read())
{
a = reader.GetString(2);
if (cardNumber.Equals(reader.GetString(0)) == true && CVV.Equals(reader.GetString(1)) == true && dateValid.Equals(reader.GetString(2)) == true)
{
flag = true;
}
}
}
}
//Console.WriteLine("kq sql server: " + flag);
//ghi PI vào log Isuuer
sb.Clear();
sb.Append("INSERT LogIssuer (TransID, CardNumber, Money, Paid) ");
sb.Append("VALUES (@trans, @cardid, @money, @paid);");
sql = sb.ToString();
using (SqlCommand command = new SqlCommand(sql, connection))
{
command.Parameters.AddWithValue("@trans", transID);
command.Parameters.AddWithValue("@cardid", cardNumber);
command.Parameters.AddWithValue("@money", tien);
command.Parameters.AddWithValue("@paid", 0);
int rowsAffected = command.ExecuteNonQuery();
Console.WriteLine(rowsAffected + " row(s) inserted");
}
connection.Close();
}
//gửi forward response
X509Certificate2 issuerCertificate = new X509Certificate2("d:/file/issuer.crt", "123456");
string issuerCert = c.ByteArrayToString(issuerCertificate.GetRawCertData());
ForwardAuthorizationResponse authorizationResponse = new ForwardAuthorizationResponse(transID, splitPI[1], 1, "ok", issuerPrivateKey, issuerCert);
c.send(authorizationResponse.ToMessage(), socket);
//nhận capture request từ gateway
receiveMessage = c.receive(socket);
string[] splitCapture = receiveMessage.Split('-');
string keyCapture = c.DecryptionRSA(issuerPrivateKey, splitCapture[2]);
string captureRequest = c.DecryptDES(splitCapture[1], keyCapture);//transid:RRPID:merchantcard:merchantCVV:merchantDatevalid:tien
X509Certificate2 certificate2 = new X509Certificate2(c.StringToByteArray(splitCapture[3]));
string gatewayPublicKey = certificate2.GetRSAPublicKey().ToXmlString(false);
Console.WriteLine("verify capture request: " + c.Verify(gatewayPublicKey, splitCapture[0], captureRequest));
string merchantCardNumber, merchantCVV, merchantDateValid;
string[] splitCaptureRequest = captureRequest.Split(':');
transID = splitCaptureRequest[0];
string RRPID = splitCaptureRequest[1];
merchantCardNumber = splitCaptureRequest[2];
merchantCVV = splitCaptureRequest[3];
merchantDateValid = splitCaptureRequest[4];
tien = Convert.ToInt64(splitCaptureRequest[5]);
//nhập dữ liệu thanh toán vào sql server
using (SqlConnection connection = new SqlConnection(builder.ConnectionString))
{
connection.Open();
string sql;
StringBuilder sb = new StringBuilder();
sb.Clear();
sb.Append("UPDATE LogIssuer SET Paid = @paid WHERE TransID = @id");
sql = sb.ToString();
using (SqlCommand command = new SqlCommand(sql, connection))
{
command.Parameters.AddWithValue("@id", transID);
command.Parameters.AddWithValue("@paid", 1);
int rowsAffected = command.ExecuteNonQuery();
}
string customerCardNumber = "";
sql = "SELECT TransID, CardNumber FROM LogIssuer;";
using (SqlCommand command = new SqlCommand(sql, connection))
{
string a;
using (SqlDataReader reader = command.ExecuteReader())
{
while (reader.Read())
{
a = reader.GetString(1);
if (transID.Equals(reader.GetString(0)) == true)
{
customerCardNumber = reader.GetString(1);
}
}
}
}
long tienBanDau = 0;
sql = "SELECT CardNumber, UsedMoney FROM Issuer;";
using (SqlCommand command = new SqlCommand(sql, connection))
{
string a;
using (SqlDataReader reader = command.ExecuteReader())
{
while (reader.Read())
{
if (cardNumber.Equals(reader.GetString(0)) == true)
{
tienBanDau = reader.GetInt64(1);
}
}
}
}
sb.Clear();
sb.Append("UPDATE Issuer SET UsedMoney = @tien WHERE CardNumber = @id");
sql = sb.ToString();
using (SqlCommand command = new SqlCommand(sql, connection))
{
command.Parameters.AddWithValue("@tien", tien + tienBanDau);
command.Parameters.AddWithValue("@id", customerCardNumber);
int rowsAffected = command.ExecuteNonQuery();
}
connection.Close();
}
//send message to acquirer
string message = transID + ":" + merchantCardNumber + ":" + merchantCVV + ":" + merchantDateValid + ":" + tien;
sendMessage = message + "-" + c.Sign(issuerPrivateKey, message) + "-" + issuerCert;
IPEndPoint iep = new IPEndPoint(IPAddress.Parse("127.0.0.1"), 1237);
Socket client = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
client.Connect(iep);
c.send(sendMessage, client);
//nhận message từ acquirer
receiveMessage = c.receive(client);
string[] splitAcquirer = receiveMessage.Split('-');
X509Certificate2 acquirerCertificate = new X509Certificate2(c.StringToByteArray(splitAcquirer[2]));
string acquirerPublicKey = acquirerCertificate.GetRSAPublicKey().ToXmlString(false);
Console.WriteLine("verify message from acquirer: " + c.Verify(acquirerPublicKey, splitAcquirer[1], splitAcquirer[0]));
string[] splitAcquirerMessage = splitAcquirer[0].Split(':');
if (splitAcquirerMessage[1].CompareTo("1") == 0)
{
//gửi capture response tới gateway
message = splitAcquirerMessage[0] + ":" + RRPID + ":" + splitAcquirerMessage[1] + ":" + splitAcquirerMessage[2];
c.send(message + "-" + c.Sign(issuerPrivateKey, message) + "-" + issuerCert, socket);
}
else
{
}
Console.Read();
}
public static void Thread1(object sock)
{
X509Certificate2 caCertificate = new X509Certificate2("d:/file/ca.crt");
X509Certificate2 gatewayCertificate;
string issuerPrivateKey = File.ReadAllText("d:/file/IssuerPrivateKey.xml");
X509Certificate2 issuerCertificate = new X509Certificate2("d:/file/issuer.crt");
string sendMessage, receiveMessage;
Common c = new Common();
Socket socket = (Socket)sock;
string message;
//nhận authorization request từ gateway
receiveMessage = c.receive(ref socket);
string[] splitAuthReq = receiveMessage.Split('-');
gatewayCertificate = new X509Certificate2(c.StringToByteArray(splitAuthReq[3]));
if (c.VerifyCertificate(caCertificate, gatewayCertificate) == false)
{
Console.WriteLine("verify authorization request certificate from gateway false");
message = "ERROR" + ":" + "3" + ":" + "xac thuc that bai";
ForwardAuthorizationResponse forwardAuthorizationResponse = new ForwardAuthorizationResponse(message, issuerPrivateKey, c.ByteArrayToString(issuerCertificate.GetRawCertData()));
c.send(forwardAuthorizationResponse.ToMessage(), ref socket);
}
else
{
Console.WriteLine("verify authorization request certificate from gateway true");
ForwardAuthorizationRequest forwardAuthorization = new ForwardAuthorizationRequest(splitAuthReq[0], splitAuthReq[1], splitAuthReq[2], splitAuthReq[3]);
if (forwardAuthorization.verify(issuerPrivateKey) == false)
{
Console.WriteLine("verify authorization request from gateway false");
string message1 = "ERROR" + ":" + "3" + ":" + "xac thuc that bai";
ForwardAuthorizationResponse forwardAuthorizationResponse = new ForwardAuthorizationResponse(message1, issuerPrivateKey, c.ByteArrayToString(issuerCertificate.GetRawCertData()));
c.send(forwardAuthorizationResponse.ToMessage(), ref socket);
}
else
{
Console.WriteLine("verify authorization request from gateway true");
string PI = forwardAuthorization.getPI(issuerPrivateKey);
string cardNumber, CVV, dateValid, transID;
long tien;
string[] splitPI = PI.Split(':');
transID = splitPI[0];
cardNumber = splitPI[3];
CVV = splitPI[4];
dateValid = splitPI[5];
tien = Convert.ToInt64(splitPI[6]);
//connect SQL server
SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder();
builder.DataSource = "localhost";
builder.UserID = "sa";
builder.Password = "******";
builder.InitialCatalog = "Bank";
using (SqlConnection connection = new SqlConnection(builder.ConnectionString))
{
connection.Open();
bool flag = false;
string sql;
StringBuilder sb = new StringBuilder();
sql = "SELECT CardNumber, CVV, DateValid FROM Issuer;";
using (SqlCommand command = new SqlCommand(sql, connection))
{
string a;
using (SqlDataReader sqlReader = command.ExecuteReader())
{
while (sqlReader.Read())
{
a = sqlReader.GetString(2);
if (cardNumber.Equals(sqlReader.GetString(0)) == true && CVV.Equals(sqlReader.GetString(1)) == true && dateValid.Equals(sqlReader.GetString(2)) == true)
{
flag = true;//kiểm tra tài khoản customer có đúng hay không
}
}
}
}
if (flag == false)
{
string s = "ERROR" + ":" + "2" + ":" + "tai khoan khong chinh xac";
ForwardAuthorizationResponse forwardAuthorizationResponse = new ForwardAuthorizationResponse(s, issuerPrivateKey, c.ByteArrayToString(issuerCertificate.GetRawCertData()));
c.send(forwardAuthorizationResponse.ToMessage(), ref socket);
}
else
{
//ghi PI vào log Isuuer
sb.Clear();
sb.Append("INSERT LogIssuer (TransID, CardNumber, Money, Paid) ");
sb.Append("VALUES (@trans, @cardid, @money, @paid);");
sql = sb.ToString();
using (SqlCommand command = new SqlCommand(sql, connection))
{
command.Parameters.AddWithValue("@trans", transID);
command.Parameters.AddWithValue("@cardid", cardNumber);
command.Parameters.AddWithValue("@money", tien);
command.Parameters.AddWithValue("@paid", 0);
int rowsAffected = command.ExecuteNonQuery();
}
//gửi forward response
string issuerCert = c.ByteArrayToString(issuerCertificate.GetRawCertData());
ForwardAuthorizationResponse authorizationResponse = new ForwardAuthorizationResponse(transID, 1, cardNumber, issuerPrivateKey, issuerCert);
c.send(authorizationResponse.ToMessage(), ref socket);
//nhận capture request từ gateway
receiveMessage = c.receive(ref socket);
string[] splitCapture = receiveMessage.Split('-');
gatewayCertificate = new X509Certificate2(c.StringToByteArray(splitCapture[6]));
if (c.VerifyCertificate(caCertificate, gatewayCertificate) == false)
{
Console.WriteLine("verify capture request certificate from gateway false");
string s = "ERROR" + ":" + "3" + ":" + "xac thuc that bai";
s = s + "-" + c.Sign(issuerPrivateKey, s) + "-" + c.ByteArrayToString(issuerCertificate.GetRawCertData());
c.send(s, ref socket);
}
else
{
Console.WriteLine("verify capture request certificate from gateway true");
string captureRequest = getToken(receiveMessage);//thông tin tài khoản customer
if (captureRequest == null)
{
string message1 = "ERROR" + ":" + "3" + ":" + "xac thuc that bai";
message1 = message1 + "-" + c.Sign(issuerPrivateKey, message1) + "-" + c.ByteArrayToString(issuerCertificate.GetRawCertData());
c.send(message1, ref socket);
}
else
{
string customerCardNumber;
long soTien;
string[] splitCaptureRequest = captureRequest.Split(':');
transID = splitCaptureRequest[0];
customerCardNumber = splitCaptureRequest[1];
soTien = Convert.ToInt64(splitCaptureRequest[2]);
//nhập dữ liệu thanh toán vào sql server
using (SqlConnection connection1 = new SqlConnection(builder.ConnectionString))
{
connection1.Open();
string sql1;
StringBuilder sb1 = new StringBuilder();
sb1.Clear();
sb1.Append("UPDATE LogIssuer SET Paid = @paid WHERE TransID = @id");
sql1 = sb1.ToString();
using (SqlCommand command = new SqlCommand(sql1, connection1))
{
command.Parameters.AddWithValue("@id", transID);
command.Parameters.AddWithValue("@paid", 1);
int rowsAffected = command.ExecuteNonQuery();
}
long tienBanDau = 0;
sql1 = "SELECT CardNumber, UsedMoney FROM Issuer;";
using (SqlCommand command = new SqlCommand(sql1, connection1))
{
using (SqlDataReader sqlReader = command.ExecuteReader())
{
while (sqlReader.Read())
{
if (cardNumber.Equals(sqlReader.GetString(0)) == true)
{
tienBanDau = sqlReader.GetInt64(1);
}
}
}
}
sb1.Clear();
sb1.Append("UPDATE Issuer SET UsedMoney = @tien WHERE CardNumber = @id");
sql1 = sb1.ToString();
using (SqlCommand command = new SqlCommand(sql1, connection1))
{
command.Parameters.AddWithValue("@tien", soTien + tienBanDau);
command.Parameters.AddWithValue("@id", customerCardNumber);
int rowsAffected = command.ExecuteNonQuery();
}
connection1.Close();
connection.Close();
}
//send message to acquirer
sendMessage = splitCapture[0] + "-" + splitCapture[1] + "-" + splitCapture[2] + "-" + splitCapture[6];
IPEndPoint iep = new IPEndPoint(IPAddress.Parse("127.0.0.1"), 1237);
Socket client = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
client.Connect(iep);
c.send(sendMessage, ref client);
//nhận message từ acquirer
receiveMessage = c.receive(ref client);
string[] splitAcquirer = receiveMessage.Split('-');
X509Certificate2 acquirerCertificate = new X509Certificate2(c.StringToByteArray(splitAcquirer[2]));
if (c.VerifyCertificate(caCertificate, acquirerCertificate) == true)
{
Console.WriteLine("verify capture response certificate from acquirer true");
string acquirerPublicKey = acquirerCertificate.GetRSAPublicKey().ToXmlString(false);
if (c.Verify(acquirerPublicKey, splitAcquirer[1], splitAcquirer[0]) == true)
{
Console.WriteLine("verify capture response from acquirer true");
message = splitAcquirer[0];
c.send(message + "-" + c.Sign(issuerPrivateKey, message) + "-" + issuerCert, ref socket);
}
}
//client.Close();
}
}
}
}
}
}
socket.Close();
}