【发布时间】:2019-07-03 06:50:45
【问题描述】:
Authorize.Net's recent retirement of the md5 hash 让我措手不及,无法验证他们对 AIM 交易的响应。我正在尝试修复一些遗留代码,以保持我们的遗留站点一瘸一拐,直到我们可以得到重建的站点——它不会运行最新的 Authorize.Net PHP SDK,所以请不要在回答这个问题时建议。
在尝试修复此遗留代码时,我无法让测试事务(甚至一些使用实时/生产凭据运行的测试事务)来提供标题为 部分中Aim Guide 中承诺的 HMAC-SHA512 哈希“验证响应。”
这是来自 AIM 交易的原始响应示例:
"1"|"1"|"1"|"This transaction has been approved."|"52R4QE"|"Y"|"40034138508"|"2019-07-0269072"|"Purchase Description Blah Blah Blah"|"99.95"|"CC"|"auth_capture"|"3"|"Joe"|"Test"|"n/a"|"123 Main St."|"Los Angeles"|"CA"|"90026"|"US"|""|""|"joe.test@example.com"|""|""|""|""|""|""|""|""|""|""|""|""|""|""|"P"|"2"|""|""|""|""|""|""|""|""|""|""|"XXXX1111"|"Visa"|""|""|""|""|""|""|""|""|""|""|""|""|""|""|""|""|""
根据 AIM 指南:
“响应中的最后一个字段包含 Authorize.Net 为交易生成的 HMAC-SHA512 哈希,可用于对响应进行身份验证。要使用它,请构造一个 HMAC-SHA512 哈希...”
这似乎根本不是这种情况。这个 HMAC 是否只存在于某些类型的交易中?不是沙盒网关提供的吗?这是怎么回事? HMAC-SHA512 哈希在哪里?
这是一个说明我的问题的 PHP 脚本:
<?php
$now = time();
// AUTOMATICALLY GENERATE AN INVOICE NUMBER
$invoice_number = date('Y', $now) . "-" . date('m', $now) . "-" . date('d', $now) . rand(0,100000);
// Authorize.net credentials
$api_login_id = "<YOUR API-LOGIN-ID-HERE>";
$transaction_key = "<YOUR TRANSACTION KEY HERE>";
$authnet_values = array(
// "x_test_request" => "TRUE",
"x_login" => $api_login_id,
"x_version" => "3.1",
"x_delim_char" => "|",
"x_encap_char" => "\"",
"x_delim_data" => "TRUE",
"x_url" => "FALSE",
"x_type" => "AUTH_CAPTURE",
"x_method" => "CC",
"x_tran_key" => $transaction_key,
"x_relay_response" => "FALSE",
"x_card_num" => "4111111111111111",
"x_exp_date" => "01-2020",
"x_description" => "TEST TRANSACTION " . uniqid(),
"x_amount" => 12.34,
"x_currency_code" => "USD",
"x_cust_id" => 1234,
"x_first_name" => "Joe",
"x_last_name" => "Test",
"x_company" => "",
"x_address" => "123 Main St.",
"x_city" => "Springfield",
"x_state" => "MO",
"x_zip" => "12345",
"x_email" => "Joe.Text@example.com",
"x_invoice_num" => uniqid(),
);
$fields = "";
foreach( $authnet_values as $key => $value ) $fields .= "$key=" . urlencode( $value ) . "&";
// ========== !!! DO THE TRANSACTION !!! ==========
// URL of gateway for cURL to post to
$url = "https://test.authorize.net/gateway/transact.dll";
//$url = "https://secure.authorize.net/gateway/transact.dll";
$ch = curl_init($url)
or die("Couldn't establish connection to payment gateway, code 1");
// set to 0 to eliminate header info from response
curl_setopt($ch, CURLOPT_HEADER, 0)
or die("Couldn't establish connection to payment gateway, code 2");
// Returns response data instead of printing it out directly
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1)
or die("Couldn't establish connection to payment gateway, code 3");
// use HTTP POST to send form data
curl_setopt($ch, CURLOPT_POST, TRUE)
or die("Couldn't establish connection to payment gateway, code 4a");
// supply POST data
curl_setopt($ch, CURLOPT_POSTFIELDS, rtrim( $fields, "& " ))
or die("Couldn't establish connection to payment gateway, code 4b");
// Optionally use an old cert bundle or we face ssl authentication problems
//curl_setopt($ch, CURLOPT_CAINFO, '/var/www/ca-bundle/old-ca-bundle.pem')
// or die("Could not establish connection to payment gateway, code 5");
$resp = curl_exec($ch); //execute post and get results
echo "=== RAW ===\n";
print_r($resp);
echo "=== END RAW ===\n";
$curl_info = curl_getinfo($ch);
$curl_info["curl_error"] = curl_error($ch);
$curl_info["curl_errno"] = curl_errno($ch);
echo "=== CURL_INFO ===\n";
print_r($curl_info);
echo "=== END CURL_INFO ===\n";
curl_close ($ch);
$parsed = str_getcsv($resp, '|');
echo "=== PARSED ===\n";
print_r($parsed);
echo "=== END PARSED ===\n";
【问题讨论】:
-
这是您正在测试的确切代码吗?如果是这样,似乎设置可能是我们两个帐户之间的差异。不过,我没有看到任何会导致该值不被返回的情况。
-
@JohnConde 是的,这就是确切的代码。我也在 authorize.net 社区论坛上发帖。我一定会发布任何可能出现的解决方案或解释。
-
查看我的更新答案。您可能缺少签名密钥。
标签: php authorize.net hmac php-curl