Commit ef5f0d54 authored by Mindiell's avatar Mindiell

Merge branch 'new-hash' into 'preprod'

Use HMAC-SHA256 instead of SHA1

Closes #29

See merge request !5
parents 5a645e27 4f987deb
...@@ -81,9 +81,11 @@ class Bank extends Controller ...@@ -81,9 +81,11 @@ class Bank extends Controller
$sig .= $value . "+"; $sig .= $value . "+";
} }
$sig .= CERTIFICATE; $sig .= CERTIFICATE;
$cb_log->write("sig: " . $signature . " == " . sha1($sig)); ### Attempt to do it in hmac-sha256
if (sha1($sig)!=$signature) { $sig_hash = base64_encode(hash_hmac('sha256', $sig, CERTIFICATE, true));
$error = "Error in signature: " . $signature . " != " . sha1($sig); $cb_log->write("sig: " . $signature . " == " . $sig_hash);
if ($sig_hash!=$signature) {
$error = "Error in signature: " . $signature . " != " . $sig_hash;
} }
// Résultats des vérifications globales // Résultats des vérifications globales
if ($error!="") { if ($error!="") {
......
...@@ -196,7 +196,7 @@ class Campaign extends Controller ...@@ -196,7 +196,7 @@ class Campaign extends Controller
$signature .= $value."+"; $signature .= $value."+";
} }
$signature .= CERTIFICATE; $signature .= CERTIFICATE;
$signature = sha1($signature); $signature = base64_encode(hash_hmac('sha256', $signature, CERTIFICATE, true));
$params["signature"] = $signature; $params["signature"] = $signature;
$f3->set('target', $target); $f3->set('target', $target);
......
...@@ -538,7 +538,8 @@ class Perso extends Controller ...@@ -538,7 +538,8 @@ class Perso extends Controller
$signature .= $value."+"; $signature .= $value."+";
} }
$signature .= CERTIFICATE; $signature .= CERTIFICATE;
$signature = sha1($signature); $signature = base64_encode(hash_hmac('sha256', $signature, CERTIFICATE, true));
#$signature = sha1($signature);
$parameters["wsSignature"] = $signature; $parameters["wsSignature"] = $signature;
$client = new \SoapClient("https://paiement.systempay.fr/vads-ws/ident-v2.1?wsdl"); $client = new \SoapClient("https://paiement.systempay.fr/vads-ws/ident-v2.1?wsdl");
$result = $client->customerCancel($parameters); $result = $client->customerCancel($parameters);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment