我有一个桌面应用程序Foxpro 9.0 Executive,需要连接到Payeezy并通过其API传输和接收XML数据。 我使用WinHttpRequest.5.1从UPS地址验证API发送和接收XML数据。但我似乎遇到了SHA-1 HMAC哈希计算头的问题。任何人都可以给我一些关于如何在Foxpro中完成此操作的示例代码? https://support.payeezy.com/hc/en-us/articles/203731149-API-Security-HMAC-Hash
*api.demo.globalgatewaye4.firstdata.com
***************************
If Vartype(loReq)='U'
Public loReq
ENDIF
lcURL='https://api-cert.payeezy.com/v1/transactions/v12'
lcPassWd ='Password'
lcExactID='ExactID'
lcKeyCode='Keycode'
ldDate=dtos(DATE())
lcDate=SUBSTR(ldDate,1,4)+'-'+SUBSTR(ldDate,5,2)+'-'+SUBSTR(ldDate,7,2)
ltTime=TIME()
lcDateTime=lcDate+'T'+TRANSFORM(ltTime)+'Z'
uri='transaction/v12'
lcTranstype='00'
lcAmount='1299.00'
lctype='visa'
lcname='John Smith'
lncc_no='4788250000028291'
lcExp_Date='1020'
lccvv='123'
lcAddress='21 Jump Street'
lcCity='Los Angeles'
lcZip='90210'
lcPhone='5557891234'
lcOrderno='12345678'
CustID='87654321'
lcTransactionType="00"
lcShip_Name="Customer Name"
XMLRequest='<?xml version="1.0" encoding="utf-8" ?>'+Chr(13)+;
'<Transaction>'+Chr(13)+;
'<Transaction_Type>'+lcTranstype+'</Transaction_Type>'+CHR(13)+;
'<DollarAmount>'+lcAmount+'</DollarAmount>'+CHR(13)+;
'<Expiry_Date>'+lcExp_Date+'</Expiry_Date>'+CHR(13)+;
'<CardHolderName>'+lcname+'</CardHolderName>'+Chr(13)+;
'<Reference_No>'+lcOrderno+'</Reference_No>'+CHR(13)+;
'<Customer_Ref>'+CustID+'</Customer_Ref>'+CHR(13)+;
'<Reference_3>'+lcname+'</Reference_3>'+CHR(13)+;
'<ExactID>'+lcExactID+'</ExactID>'+CHR(13)+;
'<Password>'+lcPassWd+ '</Password>'+CHR(13)+;
'<Card_Number>'+lncc_no+'</Card_Number>'+chr(13)+;
'</Transaction>'
Hashme='POST'+chr(13)+'SOAP'+chr(13)+XMLRequest+chr(13)+lcDateTime+chr(13)+lcURL
baseHash=STRCONV(Hashme, 13)
loReq = Createobject('WinHttp.WinHttpRequest.5.1')
loReq.SetTimeouts(2500, 2500, 2500, 2500)
loReq.Open('POST', 'https://api-cert.payeezy.com/v1/transactions/v12', .F.)
loReq.SetCredentials(lcExactID, lcPassWd , 0)
loReq.SetRequestHeader('authorization', 'GGE4_API 14:'+lcKeyCode)
loReq.SetRequestHeader('x-gge4-content-sha1',baseHash )
loReq.SetRequestHeader('content-type', 'application/xml')
loReq.SetRequestHeader('accept', 'text/xml')
loReq.Send(XMLRequest)
Xmltocursor(loReq.responsetext,'Payeezy')
loReq=""
答案 0 :(得分:1)
您的代码将http://myserver/api/objects?uri=http:%2F%2Fexample.comk%2FmyURI%2F的base64编码填充到m.Hashme标头中。从您告诉我们的内容来看,您似乎需要计算authorization的SHA-1哈希并将哈希值放入标头中(在对其进行base64编码之后)。
Fox没有内置SHA-1功能,所以你需要一个辅助源。可以在Fox中使用Win32 CryptAPI,但这不必要地混乱而且相当痛苦。 FoxPro基础课程(FFC)中有m.Hashme,但这并没有真正的帮助(和所有FFC一样,它不适合生产使用)。
对于它的价值,这里有一个小的.prg可用于使用Win32 CryptAPI和_crypt.vcx来计算哈希值(默认值:SHA1):
_crypt.vcx在使用之前,您需要按照类定义上方的注释来修改#include WinCrypt.h
lparameters cData, nAlgorithmId
with createobject([CCryptAPIWrapper_])
return .Hash(@m.cData, m.nAlgorithmId)
endwith
*******************************************************************************
* _CryptAPI.hProviderHandle needs to be hacked to PROTECTED or PUBLIC
* and also most of the member functions called here
define class CCryptAPIWrapper_ as _CryptAPI of _crypt.vcx
function Init
* declare missing CryptAPI functions
declare long CryptGetHashParam in WIN32API long, long, string@, long@, long
return dodefault()
procedure Destroy
if not empty(this.hProviderHandle)
this.CryptReleaseContext(this.hProviderHandle)
endif
function Hash (cData, nAlgorithmId)
nAlgorithmId = evl(m.nAlgorithmId, dnALG_SID_SHA)
local hHashContext, cHash
hHashContext = 0
cHash = .null.
try
this.CryptCreateHash(this.hProviderHandle, nAlgorithmId, 0, 0, @m.hHashContext)
this.CryptHashData(m.hHashContext, m.cData, len(m.cData), 0)
cHash = this.RetrieveHashFromContext(m.hHashContext)
finally
if not empty(m.hHashContext)
this.CryptDestroyHash(m.hHashContext)
endif
endtry
return m.cHash
function RetrieveHashFromContext (hHashContext)
local cHashSize, nXferSize
cHashSize = replicate(chr(0), 4)
nXferSize = len(m.cHashSize)
CryptGetHashParam(m.hHashContext, dnHP_HASHSIZE, @m.cHashSize, @m.nXferSize, 0)
assert m.nXferSize == 4
local nHashSize, cHashData
nHashSize = extract_UINT32_(m.cHashSize)
nXferSize = m.nHashSize
cHashData = space(m.nHashSize)
CryptGetHashParam(m.hHashContext, dnHP_HASHVAL, @m.cHashData, @m.nXferSize, 0)
assert m.nXferSize == m.nHashSize
return m.cHashData
enddefine
*******************************************************************************
* note: BITOR() and BITLSHIFT() give a signed result -> can't use them here
function extract_UINT32_ (s)
return asc(substr(m.s, 1, 1)) ;
+ asc(substr(m.s, 2, 1)) * 0x100 ;
+ asc(substr(m.s, 3, 1)) * 0x10000 ;
+ asc(substr(m.s, 4, 1)) * 0x1000000
,因为classlib甚至是VFP9。此外,VFP搜索路径需要包含Fox主目录及其子目录FFC。
答案 1 :(得分:1)
我在First Data的Payeezy团队工作。我在你发布的示例代码中看到,你混淆了我们的两个API,我们的REST API(https://api-cert.payeezy.com)和基于SOAP的API(api.demo.globalgatewaye4.firstdata.com)
如果您正在使用REST API,那么这里是用PHP生成HMAC的示例代码。
<?php
$apiKey = "<your api key>";
$apiSecret = "<your consumer secret>";
$nonce = "<Crypographically strong random number>";
$timestamp = "<Epoch timestamp in milli seconds>";
$token = "<Merchant Token>";
$payload = "<For POST - Request body / For GET - empty string>";
$data = $apiKey + $nonce + $timestamp + $token + $payload;
$hashAlgorithm = "sha256";
<!-- Make sure the HMAC hash is in hex -->
$hmac = hash_hmac ( $hashAlgorithm , $data , $apiSecret, false );
<!-- Authorization : base64 of hmac hash -->
$authorization = base64_encode($hmac);
ehco $authorization;
?>
如果您使用的是基于SOAP的API,则可在此处找到示例代码:https://support.payeezy.com/hc/en-us/articles/203731149-API-Security-HMAC-Hash