protected virtual bool VerifySignatures(PaymentSuccessResponse response) { SortedDictionary <string, string> parameters = response.GetParameters(); string signatureOne = response.GetParameterValue(VerifoneConstants.ParameterName.SignatureOne); string signatureTwo = response.GetParameterValue(VerifoneConstants.ParameterName.SignatureTwo); if (string.IsNullOrWhiteSpace(signatureOne) || string.IsNullOrWhiteSpace(signatureTwo)) { return(false); } SortedDictionary <string, string> parametersCopy = new SortedDictionary <string, string>(parameters); parametersCopy.Remove(VerifoneConstants.ParameterName.SignatureOne); parametersCopy.Remove(VerifoneConstants.ParameterName.SignatureTwo); string content = PointSignatureUtil.FormatParameters(parametersCopy); RSA publicKey = PointCertificateUtil.GetPointPublicKey(); //X509Certificate2 certificate = PointCertificateUtil.GetPointCertificate(); return(PointSignatureUtil.VerifySignature(publicKey, signatureOne, content, HashAlgorithm.SHA1) && PointSignatureUtil.VerifySignature(publicKey, signatureTwo, content, HashAlgorithm.SHA512)); }
/// <summary> /// Validates the success response against the saved order. /// </summary> /// <param name="response"></param> /// <returns></returns> protected virtual StatusCode ValidateResponse(PaymentSuccessResponse response) { PurchaseOrder purchaseOrder = PurchaseOrder.LoadByOrderGroupId(int.Parse(response.OrderNumber)); if (purchaseOrder == null) { return(StatusCode.OrderNotFound); } if (string.IsNullOrWhiteSpace(response.TransactionNumber)) { return(StatusCode.TransactionNumberMissing); } if (string.IsNullOrWhiteSpace(response.InterfaceVersion)) { return(StatusCode.InterfaceVersionMissing); } if (string.IsNullOrWhiteSpace(response.OrderCurrencyCode)) { return(StatusCode.OrderCurrencyCodeMissing); } if (string.IsNullOrWhiteSpace(response.OrderGrossAmount)) { return(StatusCode.OrderGrossAmountMissing); } if (string.IsNullOrWhiteSpace(response.OrderGrossAmount)) { return(StatusCode.OrderGrossAmountMissing); } if (string.IsNullOrWhiteSpace(response.SoftwareVersion)) { return(StatusCode.SoftwareVersionMissing); } if (string.IsNullOrWhiteSpace(response.OrderTimestamp)) { return(StatusCode.OrderTimestampMissing); } if (response.OrderTimestamp.Equals(purchaseOrder.GetString(MetadataConstants.OrderTimestamp), StringComparison.InvariantCulture) == false) { return(StatusCode.OrderTimestampMismatch); } if (response.OrderGrossAmount.Equals(purchaseOrder.Total.ToVerifoneAmountString()) == false) { return(StatusCode.OrderGrossAmountMismatch); } if (response.OrderCurrencyCode.Equals(purchaseOrder.GetString(MetadataConstants.OrderCurrencyCode)) == false) { return(StatusCode.OrderCurrencyCodeMismatch); } // TODO: Validate signature-one and signature-two return(StatusCode.OK); }
/// <summary> /// Validates a successful payment against the order. /// </summary> /// <param name="response">The success response posted from Verifone <see cref="PaymentSuccessResponse"/></param> /// <returns><see cref="StatusCode"/></returns> public virtual StatusCode ValidateSuccessReponse(PaymentSuccessResponse response) { OrderGroup order = this.OrderContext.GetCart(int.Parse(response.OrderNumber)); if (order == null) { return(StatusCode.OrderNotFound); } if (string.IsNullOrWhiteSpace(response.TransactionNumber)) { return(StatusCode.TransactionNumberMissing); } if (string.IsNullOrWhiteSpace(response.InterfaceVersion)) { return(StatusCode.InterfaceVersionMissing); } if (string.IsNullOrWhiteSpace(response.OrderCurrencyCode)) { return(StatusCode.OrderCurrencyCodeMissing); } if (string.IsNullOrWhiteSpace(response.OrderGrossAmount)) { return(StatusCode.OrderGrossAmountMissing); } if (string.IsNullOrWhiteSpace(response.SoftwareVersion)) { return(StatusCode.SoftwareVersionMissing); } if (string.IsNullOrWhiteSpace(response.OrderTimestamp)) { return(StatusCode.OrderTimestampMissing); } if (response.OrderTimestamp.Equals(order.Created.ToVerifoneDateString(), StringComparison.InvariantCulture) == false) { return(StatusCode.OrderTimestampMismatch); } if (response.OrderGrossAmount.Equals(order.Total.ToVerifoneAmountString()) == false) { return(StatusCode.OrderGrossAmountMismatch); } // TODO: Find a way to verify this both for test and production. Not used at the moment to simplify testing but needs to be implemented before release. //if (response.OrderCurrencyCode.Equals(Iso4217Lookup.LookupByCode(order.BillingCurrency).Number.ToString(CultureInfo.InvariantCulture)) == false) //{ // return StatusCode.OrderCurrencyCodeMismatch; //} if (this.VerifySignatures(response) == false) { return(StatusCode.SignatureInvalid); } return(StatusCode.OK); }
public static void SetSuccessMetaFields(this MetaStorageBase order, PaymentSuccessResponse successResponse) { //order.SetMetaField(MetadataConstants.FilingCode, long.Parse(successResponse.FilingCode)); //order.SetMetaField(MetadataConstants.TransactionNumber, long.Parse(successResponse.TransactionNumber)); //order.SetMetaField(MetadataConstants.ReferenceNumber, long.Parse(successResponse.ReferenceNumber)); }