Merge branch 'new-hash' into 'preprod'

Use HMAC-SHA256 instead of SHA1 Closes #29 See merge request !5

Merge branch 'new-hash' into 'preprod'
Use HMAC-SHA256 instead of SHA1 Closes #29 See merge request !5
ef5f0d54 · Mindiell · 5a645e27 · 4f987deb · ef5f0d54 · ef5f0d54
Commit ef5f0d54 authored Oct 30, 2018 by Mindiell
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 5 deletions

app/controller/bank.php app/controller/bank.php +5 -3

app/controller/campaign.php app/controller/campaign.php +1 -1

app/controller/perso.php app/controller/perso.php +2 -1

No files found.
--- a/app/controller/bank.php
+++ b/app/controller/bank.php
@@ -81,9 +81,11 @@ class Bank extends Controller
            $sig .= $value . "+";
        }
        $sig .= CERTIFICATE;
-        $cb_log->write("sig: " . $signature . " == " . sha1($sig));
-        if (sha1($sig)!=$signature) {
-            $error = "Error in signature: " . $signature . " != " . sha1($sig);
+        ### Attempt to do it in hmac-sha256
+        $sig_hash = base64_encode(hash_hmac('sha256', $sig, CERTIFICATE, true));
+        $cb_log->write("sig: " . $signature . " == " . $sig_hash);
+        if ($sig_hash!=$signature) {
+            $error = "Error in signature: " . $signature . " != " . $sig_hash;
        }
        // Résultats des vérifications globales
        if ($error!="") {

--- a/app/controller/campaign.php
+++ b/app/controller/campaign.php
@@ -196,7 +196,7 @@ class Campaign extends Controller
            $signature .= $value."+";
        }
        $signature .= CERTIFICATE;
-        $signature = sha1($signature);
+        $signature = base64_encode(hash_hmac('sha256', $signature, CERTIFICATE, true));
        $params["signature"] = $signature;

        $f3->set('target', $target);

--- a/app/controller/perso.php
+++ b/app/controller/perso.php
@@ -538,7 +538,8 @@ class Perso extends Controller
            $signature .= $value."+";
        }
        $signature .= CERTIFICATE;
-        $signature = sha1($signature);
+        $signature = base64_encode(hash_hmac('sha256', $signature, CERTIFICATE, true));
+        #$signature = sha1($signature);
        $parameters["wsSignature"] = $signature;
        $client = new \SoapClient("https://paiement.systempay.fr/vads-ws/ident-v2.1?wsdl");
        $result = $client->customerCancel($parameters);