public HostedAdminResponse(string webserviceResponseXml, string originalSecretWord, string expectedMerchantId)
{
WebserviceResponseXml = webserviceResponseXml;
var responseDocument = new XmlDocument();
responseDocument.LoadXml(webserviceResponseXml);
MessageBase64Encoded = responseDocument.SelectSingleNode("//message").InnerText;
Mac = responseDocument.SelectSingleNode("//mac").InnerText;
MerchantId = responseDocument.SelectSingleNode("//merchantid").InnerText;
var expectedMac = HashUtil.CreateHash(MessageBase64Encoded + originalSecretWord);
if (MerchantId != expectedMerchantId)
{
throw new System.Exception(
string.Format(
"The merchantId in the response from the server is not the expected. This could mean that someone has tamepered with the message. Expected:{0} Actual:{1}",
expectedMerchantId, MerchantId));
}
if (Mac != expectedMac)
{
throw new System.Exception(
string.Format(
"SEVERE: The mac from the server does not match the expected mac. The message might have been tampered with, or the secret word used is not correct. Merchant:{0} Message:\n{1}",
expectedMerchantId, MessageBase64Encoded));
}
Message = Base64Util.DecodeBase64String(MessageBase64Encoded);
MessageXmlDocument = new XmlDocument();
MessageXmlDocument.LoadXml(Message);
}
public PaymentForm SetHtmlFields()
{
_macSha512 = HashUtil.CreateHash(_xmlMessageBase64 + _secretWord);
var formFields = new Dictionary <string, string>
{
{
"form_start_tag",
"<form name=\"paymentForm\" id=\"paymentForm\" method=\"post\" action=\"" + _url + "\">"
},
{ "input_merchantId", "<input type=\"hidden\" name=\"merchantid\" value=\"" + _merchantid + "\" />" },
{ "input_message", "<input type=\"hidden\" name=\"message\" value=\"" + _xmlMessageBase64 + "\" />" },
{ "input_mac", "<input type=\"hidden\" name=\"mac\" value=\"" + _macSha512 + "\" />" },
{ "noscript_p_tag", "<noscript><p>" + _noScriptMessage + "</p></noscript>" },
{ "input_submit", "<input type=\"submit\" name=\"submit\" value=\"" + _submitText + "\" />" },
{ "form_end_tag", "</form>" }
};
foreach (var formField in formFields)
{
if (_formHtmlFields.ContainsKey(formField.Key))
{
_formHtmlFields[formField.Key] = formField.Value;
}
else
{
_formHtmlFields.Add(formField.Key, formField.Value);
}
}
return(this);
}
public void TestCreateHash()
{
const string hash =
"fe54c6e8727e9f8bf5f4f8e47a05567d694f68049cd1f116c19d9a6fbd066a742305d23da164291bca8869c34e7b8ff3bee15ab2da011d4ddc57adc736bc12ba";
Assert.That(HashUtil.CreateHash("Hsjhasj djahs djahs d"), Is.EqualTo(hash));
}
public HostedAdminRequest(string message, string secretWord, string merchantId, string endPointBase)
{
EndPointBase = endPointBase;
Message = message;
SecretWord = secretWord;
MerchantId = merchantId;
MessageBase64Encoded = Base64Util.EncodeBase64String(Message);
Mac = HashUtil.CreateHash(MessageBase64Encoded + secretWord);
MessageXmlDocument = new XmlDocument();
MessageXmlDocument.LoadXml(message);
}
public PaymentForm SetForm()
{
_macSha512 = HashUtil.CreateHash(_xmlMessageBase64 + _secretWord);
_completeHtmlFormWithSubmitButton = "<form name=\"paymentForm\" id=\"paymentForm\" method=\"post\" action=\""
+ _url
+ "\">"
+ "<input type=\"hidden\" name=\"merchantid\" value=\"" + _merchantid +
"\" />"
+ "<input type=\"hidden\" name=\"message\" value=\"" + _xmlMessageBase64 +
"\" />"
+ "<input type=\"hidden\" name=\"mac\" value=\"" + _macSha512 + "\" />"
+ "<noscript><p>" + _noScriptMessage + "</p></noscript>"
+ "<input type=\"submit\" name=\"submit\" value=\"" + _submitText +
"\" />"
+ "</form>";
return(this);
}
public void TestSetHtmlFields()
{
string base64Payment = Base64Util.EncodeBase64String("0");
string mac = HashUtil.CreateHash(base64Payment + SecretWord);
PaymentForm form = WebpayConnection.CreateOrder(SveaConfig.GetDefaultConfig())
.SetCountryCode(TestingTool.DefaultTestCountryCode)
.SetClientOrderNumber(TestingTool.DefaultTestClientOrderNumber)
.SetCurrency(TestingTool.DefaultTestCurrency)
.AddOrderRow(TestingTool.CreateMiniOrderRow())
.AddCustomerDetails(TestingTool.CreateCompanyCustomer())
.UsePayPageDirectBankOnly()
.SetReturnUrl("http://myurl.se")
.GetPaymentForm();
form.SetMessageBase64(base64Payment)
.SetMerchantId(MerchantId)
.SetSecretWord(SecretWord)
.SetHtmlFields();
var formHtmlFields = form.GetFormHtmlFields();
string url = form.GetPayPageUrl();
Assert.That(formHtmlFields["form_start_tag"],
Is.EqualTo("<form name=\"paymentForm\" id=\"paymentForm\" method=\"post\" action=\"" + url + "\">"));
Assert.That(formHtmlFields["input_merchantId"],
Is.EqualTo("<input type=\"hidden\" name=\"merchantid\" value=\"" + MerchantId + "\" />"));
Assert.That(formHtmlFields["input_message"],
Is.EqualTo("<input type=\"hidden\" name=\"message\" value=\"" + base64Payment + "\" />"));
Assert.That(formHtmlFields["input_mac"], Is.EqualTo("<input type=\"hidden\" name=\"mac\" value=\"" + mac + "\" />"));
Assert.That(formHtmlFields["noscript_p_tag"],
Is.EqualTo("<noscript><p>Javascript är inaktiverat i er webbläsare, ni får dirigera om till paypage manuellt</p></noscript>"));
Assert.That(formHtmlFields["input_submit"], Is.EqualTo("<input type=\"submit\" name=\"submit\" value=\"Betala\" />"));
Assert.That(formHtmlFields["form_end_tag"], Is.EqualTo("</form>"));
}
/*
* <currency>SEK</currency><amount>500</amount><vat>100</vat><customerrefno>test_1429280602870</customerrefno><returnurl>https://dev.sveaekonomi.se/webpay-admin/admin/merchantresponsetest.xhtml</returnurl><paymentmethod>DBNORDEASE</paymentmethod><simulatorcode>0</simulatorcode>
*/
private static Tuple <string, string> PostRequest(PaymentForm form)
{
CreateOrderBuilder order = WebpayConnection.CreateOrder(SveaConfig.GetDefaultConfig());
form.SetMacSha512(
HashUtil.CreateHash(form.GetXmlMessageBase64() +
order.GetConfig().GetSecretWord(PaymentType.HOSTED, order.GetCountryCode())));
string data = "mac=" + HttpUtility.UrlEncode(form.GetMacSha512()) +
"&message=" + HttpUtility.UrlEncode(form.GetXmlMessageBase64()) +
"&merchantid=" + HttpUtility.UrlEncode(form.GetMerchantId());
byte[] formData = Encoding.UTF8.GetBytes(data);
var request = WebRequest.Create(order.GetConfig().GetEndPoint(PaymentType.HOSTED)) as HttpWebRequest;
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = formData.Length;
using (Stream post = request.GetRequestStream())
{
post.Write(formData, 0, formData.Length);
}
string result;
string statusCode;
using (var response = request.GetResponse() as HttpWebResponse)
{
using (var reader = new StreamReader(response.GetResponseStream()))
{
result = reader.ReadToEnd();
}
statusCode = response.StatusCode.ToString();
}
return(new Tuple <string, string>(statusCode, result));
}
public void TestSetFormCardNoCustomerDetails()
{
string base64Payment = Base64Util.EncodeBase64String("0");
string mac = HashUtil.CreateHash(base64Payment + SecretWord);
PaymentForm form = WebpayConnection.CreateOrder(SveaConfig.GetDefaultConfig())
.SetCountryCode(TestingTool.DefaultTestCountryCode)
.SetCurrency(TestingTool.DefaultTestCurrency)
.SetClientOrderNumber(TestingTool.DefaultTestClientOrderNumber)
.AddOrderRow(TestingTool.CreateMiniOrderRow())
.UsePayPageCardOnly()
.SetReturnUrl("http://myurl.se")
.GetPaymentForm();
form.SetMessageBase64(base64Payment)
.SetMerchantId(MerchantId)
.SetSecretWord(SecretWord)
.SetForm();
string expected = "<form name=\"paymentForm\" id=\"paymentForm\" method=\"post\" action=\""
+ form.GetPayPageUrl()
+ "\">"
+ "<input type=\"hidden\" name=\"merchantid\" value=\""
+ MerchantId
+ "\" />"
+ "<input type=\"hidden\" name=\"message\" value=\""
+ base64Payment
+ "\" />"
+ "<input type=\"hidden\" name=\"mac\" value=\""
+ mac
+ "\" />"
+
"<noscript><p>Javascript är inaktiverat i er webbläsare, ni får dirigera om till paypage manuellt</p></noscript>"
+ "<input type=\"submit\" name=\"submit\" value=\"Betala\" />"
+ "</form>";
Assert.That(form.GetCompleteForm(), Is.EqualTo(expected));
}