protected virtual bool VerifySignatures(PaymentSuccessResponse response)
{
SortedDictionary <string, string> parameters = response.GetParameters();
string signatureOne = response.GetParameterValue(VerifoneConstants.ParameterName.SignatureOne);
string signatureTwo = response.GetParameterValue(VerifoneConstants.ParameterName.SignatureTwo);
if (string.IsNullOrWhiteSpace(signatureOne) || string.IsNullOrWhiteSpace(signatureTwo))
{
return(false);
}
SortedDictionary <string, string> parametersCopy = new SortedDictionary <string, string>(parameters);
parametersCopy.Remove(VerifoneConstants.ParameterName.SignatureOne);
parametersCopy.Remove(VerifoneConstants.ParameterName.SignatureTwo);
string content = PointSignatureUtil.FormatParameters(parametersCopy);
RSA publicKey = PointCertificateUtil.GetPointPublicKey();
//X509Certificate2 certificate = PointCertificateUtil.GetPointCertificate();
return(PointSignatureUtil.VerifySignature(publicKey, signatureOne, content, HashAlgorithm.SHA1) &&
PointSignatureUtil.VerifySignature(publicKey, signatureTwo, content, HashAlgorithm.SHA512));
}
/// <summary>
/// Validates the success response against the saved order.
/// </summary>
/// <param name="response"></param>
/// <returns></returns>
protected virtual StatusCode ValidateResponse(PaymentSuccessResponse response)
{
PurchaseOrder purchaseOrder = PurchaseOrder.LoadByOrderGroupId(int.Parse(response.OrderNumber));
if (purchaseOrder == null)
{
return(StatusCode.OrderNotFound);
}
if (string.IsNullOrWhiteSpace(response.TransactionNumber))
{
return(StatusCode.TransactionNumberMissing);
}
if (string.IsNullOrWhiteSpace(response.InterfaceVersion))
{
return(StatusCode.InterfaceVersionMissing);
}
if (string.IsNullOrWhiteSpace(response.OrderCurrencyCode))
{
return(StatusCode.OrderCurrencyCodeMissing);
}
if (string.IsNullOrWhiteSpace(response.OrderGrossAmount))
{
return(StatusCode.OrderGrossAmountMissing);
}
if (string.IsNullOrWhiteSpace(response.OrderGrossAmount))
{
return(StatusCode.OrderGrossAmountMissing);
}
if (string.IsNullOrWhiteSpace(response.SoftwareVersion))
{
return(StatusCode.SoftwareVersionMissing);
}
if (string.IsNullOrWhiteSpace(response.OrderTimestamp))
{
return(StatusCode.OrderTimestampMissing);
}
if (response.OrderTimestamp.Equals(purchaseOrder.GetString(MetadataConstants.OrderTimestamp), StringComparison.InvariantCulture) == false)
{
return(StatusCode.OrderTimestampMismatch);
}
if (response.OrderGrossAmount.Equals(purchaseOrder.Total.ToVerifoneAmountString()) == false)
{
return(StatusCode.OrderGrossAmountMismatch);
}
if (response.OrderCurrencyCode.Equals(purchaseOrder.GetString(MetadataConstants.OrderCurrencyCode)) == false)
{
return(StatusCode.OrderCurrencyCodeMismatch);
}
// TODO: Validate signature-one and signature-two
return(StatusCode.OK);
}
/// <summary>
/// Validates a successful payment against the order.
/// </summary>
/// <param name="response">The success response posted from Verifone <see cref="PaymentSuccessResponse"/></param>
/// <returns><see cref="StatusCode"/></returns>
public virtual StatusCode ValidateSuccessReponse(PaymentSuccessResponse response)
{
OrderGroup order = this.OrderContext.GetCart(int.Parse(response.OrderNumber));
if (order == null)
{
return(StatusCode.OrderNotFound);
}
if (string.IsNullOrWhiteSpace(response.TransactionNumber))
{
return(StatusCode.TransactionNumberMissing);
}
if (string.IsNullOrWhiteSpace(response.InterfaceVersion))
{
return(StatusCode.InterfaceVersionMissing);
}
if (string.IsNullOrWhiteSpace(response.OrderCurrencyCode))
{
return(StatusCode.OrderCurrencyCodeMissing);
}
if (string.IsNullOrWhiteSpace(response.OrderGrossAmount))
{
return(StatusCode.OrderGrossAmountMissing);
}
if (string.IsNullOrWhiteSpace(response.SoftwareVersion))
{
return(StatusCode.SoftwareVersionMissing);
}
if (string.IsNullOrWhiteSpace(response.OrderTimestamp))
{
return(StatusCode.OrderTimestampMissing);
}
if (response.OrderTimestamp.Equals(order.Created.ToVerifoneDateString(), StringComparison.InvariantCulture) == false)
{
return(StatusCode.OrderTimestampMismatch);
}
if (response.OrderGrossAmount.Equals(order.Total.ToVerifoneAmountString()) == false)
{
return(StatusCode.OrderGrossAmountMismatch);
}
// TODO: Find a way to verify this both for test and production. Not used at the moment to simplify testing but needs to be implemented before release.
//if (response.OrderCurrencyCode.Equals(Iso4217Lookup.LookupByCode(order.BillingCurrency).Number.ToString(CultureInfo.InvariantCulture)) == false)
//{
// return StatusCode.OrderCurrencyCodeMismatch;
//}
if (this.VerifySignatures(response) == false)
{
return(StatusCode.SignatureInvalid);
}
return(StatusCode.OK);
}
public static void SetSuccessMetaFields(this MetaStorageBase order, PaymentSuccessResponse successResponse)
{
//order.SetMetaField(MetadataConstants.FilingCode, long.Parse(successResponse.FilingCode));
//order.SetMetaField(MetadataConstants.TransactionNumber, long.Parse(successResponse.TransactionNumber));
//order.SetMetaField(MetadataConstants.ReferenceNumber, long.Parse(successResponse.ReferenceNumber));
}
