FoxPro付费网关

Question

我有一个桌面应用程序Foxpro9.0Execute，它需要连接到Payeezy，并通过API传输和接收XML数据。我使用WinHttpRequest.5.1从UPS地址验证API发送和接收XML数据。但我似乎对SHA-1 HMAC哈希计算头有问题。有人能给我一个关于如何在Foxpro中实现这一点的示例代码吗？https://support.payeezy.com/hc/en-us/articles/203731149-API-Security-HMAC-Hash

*api.demo.globalgatewaye4.firstdata.com
***************************
If Vartype(loReq)='U'
  Public loReq
ENDIF
lcURL='https://api-cert.payeezy.com/v1/transactions/v12'
lcPassWd ='Password'
lcExactID='ExactID'
lcKeyCode='Keycode'
ldDate=dtos(DATE())
lcDate=SUBSTR(ldDate,1,4)+'-'+SUBSTR(ldDate,5,2)+'-'+SUBSTR(ldDate,7,2)
ltTime=TIME()
lcDateTime=lcDate+'T'+TRANSFORM(ltTime)+'Z'
uri='transaction/v12'
lcTranstype='00'
lcAmount='1299.00'
lctype='visa'
lcname='John Smith'
lncc_no='4788250000028291'
lcExp_Date='1020'
lccvv='123'
lcAddress='21 Jump Street'
lcCity='Los Angeles'
lcZip='90210'
lcPhone='5557891234'
lcOrderno='12345678'
CustID='87654321'
lcTransactionType="00"
lcShip_Name="Customer Name"
XMLRequest='<?xml version="1.0" encoding="utf-8" ?>'+Chr(13)+;
  '<Transaction>'+Chr(13)+;
  '<Transaction_Type>'+lcTranstype+'</Transaction_Type>'+CHR(13)+;
  '<DollarAmount>'+lcAmount+'</DollarAmount>'+CHR(13)+;
  '<Expiry_Date>'+lcExp_Date+'</Expiry_Date>'+CHR(13)+;
  '<CardHolderName>'+lcname+'</CardHolderName>'+Chr(13)+;
  '<Reference_No>'+lcOrderno+'</Reference_No>'+CHR(13)+;
  '<Customer_Ref>'+CustID+'</Customer_Ref>'+CHR(13)+;
  '<Reference_3>'+lcname+'</Reference_3>'+CHR(13)+;
  '<ExactID>'+lcExactID+'</ExactID>'+CHR(13)+;
  '<Password>'+lcPassWd+ '</Password>'+CHR(13)+;
  '<Card_Number>'+lncc_no+'</Card_Number>'+chr(13)+; 
  '</Transaction>'
Hashme='POST'+chr(13)+'SOAP'+chr(13)+XMLRequest+chr(13)+lcDateTime+chr(13)+lcURL
baseHash=STRCONV(Hashme, 13)
loReq = Createobject('WinHttp.WinHttpRequest.5.1')
loReq.SetTimeouts(2500, 2500, 2500, 2500)
loReq.Open('POST', 'https://api-cert.payeezy.com/v1/transactions/v12', .F.)
loReq.SetCredentials(lcExactID, lcPassWd , 0)
loReq.SetRequestHeader('authorization', 'GGE4_API 14:'+lcKeyCode)
loReq.SetRequestHeader('x-gge4-content-sha1',baseHash )
loReq.SetRequestHeader('content-type', 'application/xml')
loReq.SetRequestHeader('accept', 'text/xml')
loReq.Send(XMLRequest)          
Xmltocursor(loReq.responsetext,'Payeezy')
loReq=""

Answer 1

您的代码将base64编码的m.Hashme填充到authorization头中。从您告诉我们的情况来看，您似乎需要计算m.Hashme的SHA-1哈希，并将该哈希放入报头(在base64 64编码之后)。

Fox没有构建SHA-1函数，因此您需要一个辅助源。在福克斯中使用Win32 CryptAPI是可能的，但这是不必要的混乱和相当痛苦的。_crypt.vcx存在于FoxPro基础类( FFC )中，但这并没有真正的帮助(而且和所有FFC一样，它也不适合生产使用)。

关于它的价值，这里有一个小的.prg，可以使用Win32 CryptAPI和_crypt.vcx来计算散列(缺省值: SHA1)

#include WinCrypt.h

lparameters cData, nAlgorithmId

with createobject([CCryptAPIWrapper_])
   return .Hash(@m.cData, m.nAlgorithmId)
endwith   

*******************************************************************************
* _CryptAPI.hProviderHandle needs to be hacked to PROTECTED or PUBLIC
* and also most of the member functions called here

define class CCryptAPIWrapper_ as _CryptAPI of _crypt.vcx

   function Init

      * declare missing CryptAPI functions
      declare long CryptGetHashParam in WIN32API long, long, string@, long@, long

      return dodefault()

   procedure Destroy

      if not empty(this.hProviderHandle)
         this.CryptReleaseContext(this.hProviderHandle)
      endif

   function Hash (cData, nAlgorithmId)

      nAlgorithmId = evl(m.nAlgorithmId, dnALG_SID_SHA)

      local hHashContext, cHash

      hHashContext = 0
      cHash = .null.
      try
         this.CryptCreateHash(this.hProviderHandle, nAlgorithmId, 0, 0, @m.hHashContext)
         this.CryptHashData(m.hHashContext, m.cData, len(m.cData), 0)
         cHash = this.RetrieveHashFromContext(m.hHashContext)
      finally
         if not empty(m.hHashContext)
            this.CryptDestroyHash(m.hHashContext)
         endif
      endtry

      return m.cHash

   function RetrieveHashFromContext (hHashContext)

      local cHashSize, nXferSize

      cHashSize = replicate(chr(0), 4)
      nXferSize = len(m.cHashSize)
      CryptGetHashParam(m.hHashContext, dnHP_HASHSIZE, @m.cHashSize, @m.nXferSize, 0)

      assert m.nXferSize == 4

      local nHashSize, cHashData

      nHashSize = extract_UINT32_(m.cHashSize)
      nXferSize = m.nHashSize
      cHashData = space(m.nHashSize)
      CryptGetHashParam(m.hHashContext, dnHP_HASHVAL, @m.cHashData, @m.nXferSize, 0)

      assert m.nXferSize == m.nHashSize

      return m.cHashData

enddefine

*******************************************************************************
* note: BITOR() and BITLSHIFT() give a signed result -> can't use them here

function extract_UINT32_ (s)

   return asc(substr(m.s, 1, 1)) ;
        + asc(substr(m.s, 2, 1)) * 0x100 ;
        + asc(substr(m.s, 3, 1)) * 0x10000 ;
        + asc(substr(m.s, 4, 1)) * 0x1000000

在使用之前，您需要像类定义上面的注释所示的那样黑掉_crypt.vcx，因为classlib是b0rked甚至VFP9。另外，VFP搜索路径需要同时包含Fox主目录和它的子目录FFC。

Answer 2

我在Payeezy第一数据组工作。我看到在您发布的示例代码中，您混合了我们的两个API，REST (https://api-cert.payeezy.com)和基于SOAP的API (api.demo.globalgatewaye4.firstdata.com)。

如果您正在使用REST，那么下面是在PHP中生成HMAC的示例代码。

<?php
$apiKey = "<your api key>";
$apiSecret = "<your consumer secret>";
$nonce = "<Crypographically strong random number>";
$timestamp = "<Epoch timestamp in milli seconds>";
$token = "<Merchant Token>";
$payload = "<For POST - Request body / For GET - empty string>";
$data = $apiKey + $nonce + $timestamp + $token + $payload;
$hashAlgorithm = "sha256";

<!-- Make sure the HMAC hash is in hex -->
$hmac = hash_hmac ( $hashAlgorithm , $data , $apiSecret, false );

<!-- Authorization : base64 of hmac hash -->
$authorization = base64_encode($hmac);
ehco $authorization;
?>

如果您使用的是基于SOAP的API，您将在这里找到示例代码：https://support.payeezy.com/hc/en-us/articles/203731149-API-Security-HMAC-Hash