SW-446: Use SHA-384 encryption and Hash Parameter in Auth.-, PreAuth.…

…- , Creditcardcheck.- and Managemandate API calls

Frontend/MoptPaymentPayone/Components/Payone/Api/Request/Abstract.php

@@ -96,6 +96,8 @@ abstract class Payone_Api_Request_Abstract implements Payone_Api_Request_Interfa
      * @var Payone_Protocol_Service_ApplyFilters
      */
     private $applyFilters = null;
+
+    protected $hash = null;
 
     /**
      * @param array $data

Frontend/MoptPaymentPayone/Components/Payone/ClientApi/Service/GenerateHash.php

@@ -76,19 +76,20 @@ class Payone_ClientApi_Service_GenerateHash
         'vreference',
         'clearingtype',
         'encoding',
+        'api_version'
         // @todo Item parameters not supported
         // 'id[x]', 'pr[x]', 'no[x]', 'de[x]', 'ti[x]', 'va[x]',
         // 'id', 'pr', 'no', 'de', 'ti', 'va',
     );
 
     /**
-     * @param Payone_ClientApi_Request_Interface $request All parameters of the request
+     * @param $request All parameters of the request
      * @param string $securityKey  Payone security key
      *
      * @return string The hash
      * @throws Payone_ClientApi_Exception_InvalidParameters
      */
-    public function generate(Payone_ClientApi_Request_Interface $request, $securityKey)
+    public function generate($request, $securityKey)
     {
         $requestData = $request->toArray();
 
@@ -101,8 +102,7 @@ public function generate(Payone_ClientApi_Request_Interface $request, $securityK
             }
             $hashString .= $requestData[$key];
         }
-        $hashString .= $securityKey;
-        $hash = hash('sha384',$hashString);
+        $hash = hash_hmac('sha384',$hashString, $securityKey);
         return $hash;
     }
 }

Frontend/MoptPaymentPayone/Controllers/Backend/FcPayone.php

@@ -221,6 +221,8 @@ public function creditcardCheckVisa($ecommercemode = null)
         $request->setPayment($paymentData);
         $request->setSuccessurl('https://payone.com');
         $request->setMode('test');
+        $generateHashService = $this->container->get('MoptPayoneBuilder')->buildServiceClientApiGenerateHash();
+        $request->set('hash', $generateHashService->generate($request, $this->apikey));
 
         $this->logging->lwrite('<span style="color: yellow;">teste Request Authorisierung im Modus Test mit Zahlart Kreditkarte (Visa)</span>');
         $response = $this->service->preauthorize($request);

Frontend/MoptPaymentPayone/Controllers/Frontend/MoptAjaxPayone.php

@@ -339,6 +339,9 @@ public function downloadMandateAction()
         $params = $this->moptPayoneMain->getParamBuilder()->buildGetFile($this->getPaymentId(), Shopware()->Session()->moptMandateDataDownload);
         $service = $this->payoneServiceBuilder->buildServiceManagementGetFile();
         $request = new Payone_Api_Request_GetFile($params);
+        // TODO check why SHA-384 seems unsupported
+        // $generateHashService = $this->container->get('MoptPayoneBuilder')->buildServiceClientApiGenerateHash();
+        // $request->set('hash', $generateHashService->generate($request, $params['key']));
 
         try {
             $response = $service->getFile($request);

Frontend/MoptPaymentPayone/Controllers/Frontend/MoptPaymentPayone.php

@@ -1619,6 +1619,7 @@ protected function buildAndCallPrecheck($config, $clearingType, $financetype, $p
     protected function mopt_payone__prepareRequest($paymentId = 0, $isAuthorized = false)
     {
         $params = $this->moptPayoneMain->getParamBuilder()->buildAuthorize($paymentId);
+        $generateHashService = $this->container->get('MoptPayoneBuilder')->buildServiceClientApiGenerateHash();
         $user = $this->getUser();
         $paymentName = $user['additional']['payment']['name'];
         if ($isAuthorized && !$this->moptPayonePaymentHelper->isPayoneBarzahlen($paymentName)) {
@@ -1637,6 +1638,7 @@ protected function mopt_payone__prepareRequest($paymentId = 0, $isAuthorized = f
                 'Shopware\CustomModels\MoptPayoneApiLog\MoptPayoneApiLog'
             )
         );
+        $request->set('hash', $generateHashService->generate($request, $params['key']));
         return $request;
     }
 

Frontend/MoptPaymentPayone/Subscribers/FrontendPostDispatch.php

@@ -771,7 +771,7 @@ protected function moptPayoneCheckEnvironment($controllerName = false)
 
         $payoneParams['mid'] = $creditCardConfig['merchant_id'];
         $payoneParams['portalid'] = $creditCardConfig['portal_id'];
-        $payoneParams['key'] = $creditCardConfig['api_key'];
+        $payoneParams['key'] = md5($creditCardConfig['api_key']);
         $payoneParams['aid'] = $creditCardConfig['subaccount_id'];
 
         if ($creditCardConfig['live_mode']) {
@@ -791,6 +791,7 @@ protected function moptPayoneCheckEnvironment($controllerName = false)
             'mid' => $payoneParams['mid'],
             'portalid' => $payoneParams['portalid'],
             'mode' => $payoneParams['mode'],
+            'key' => $payoneParams['key'],
             'encoding' => 'UTF-8',
             'language' => $payoneParams['language'],
             'solution_version' => Shopware()->Plugins()->Frontend()->MoptPaymentPayone()->getVersion(),

Frontend/MoptPaymentPayone/Subscribers/Payment.php

@@ -153,7 +153,10 @@ public function onValidateStep3(\Enlight_Hook_HookArgs $arguments)
                     $service->getServiceProtocol()->addRepository(Shopware()->Models()->getRepository(
                         'Shopware\CustomModels\MoptPayoneApiLog\MoptPayoneApiLog'
                     ));
+                    $generateHashService = $this->container->get('MoptPayoneBuilder')->buildServiceClientApiGenerateHash();
                     $request = new \Payone_Api_Request_ManageMandate($params);
+                    $request->set('hash', $generateHashService->generate($request, $params['key']));
+
                     $response = $service->managemandate($request);
 
                     if ($response->getStatus() == 'APPROVED') {