1 Reply Latest reply: Oct 4, 2013 10:57 AM by Gopinath Ramasamy RSS

    Need a help regarding code understanding?

    f6ff53c9-b1ba-4541-b0b5-888c12c98a86

      I am new to ATG, please clarify the reason for getting the below error via jsp page:

       

      <dsp:droplet name="CyberSourceResponseVerify">

      <dsp:oparam name="output">

      <dsp:getvalueof var="verifiedSign" param="verifiedSignature" vartype="java.lang.String"/>

      <c:choose>

          <c:when test="${verifiedSign eq 'true'}">

          <fmt:message key="stg.interAuth.sbmtMsg"/>

          <dsp:setvalue bean="CommitOrderFormHandler.csResponse" paramvalue="verifiedOP" />

          <dsp:setvalue bean="CommitOrderFormHandler.setCSResponse" value="" />

          </c:when>

      <c:otherwise>

          <fmt:message key="stg.interAuth.errMsg"/>   

      </c:otherwise>

      </c:choose>

      </dsp:oparam>

      </dsp:droplet>

       

      droplet code is here for "CyberSourceResponseVerifyDroplet.java"

       

      public class CyberSourceResponseVerifyDroplet extends DynamoServlet implements Constants {

       

          private static final String CARD_EXPIRATION_YEAR = "card_expirationYear";

          private static final String BILL_TO_COUNTRY       = "billTo_country";

          private static final String MERCHANT_DEFINED_DATA = "merchantDefinedData2";

          public static final String  COUNTRY_PARAM_NAME    = "country";

          private String              mDefaultCountry       = "US";

          private Map<String, String> mSharedSecret;

          private Map<String, String>         responseValues        = new HashMap<String, String>();

       

          public void service( DynamoHttpServletRequest pRequest, DynamoHttpServletResponse pResponse) throws ServletException, IOException {

       

              boolean signatureVerified = false;

       

              signatureVerified = verifySignature(pRequest, responseValues);

       

              pRequest.setParameter(VERIFIED_SIGNATURE, signatureVerified);

              if (signatureVerified) {

                  pRequest.setParameter(VERIFIED_OUTPUT, responseValues);

              }

              pRequest.serviceParameter(OUTPUT, pRequest, pResponse);

          }

       

       

          private boolean verifySignature( DynamoHttpServletRequest pResponseSignature, Map<String, String> pResponseValues) {

              String transactionSignature;

              String[] signedFieldsArr;

              String creditCardNumber;

              try {

       

                  transactionSignature = pResponseSignature.getParameter(TRANSACTION_SIGNATURE);

       

                  if (StringUtils.isEmpty(transactionSignature)) {

                      return false;

                  }

       

                  /**

                   * this cannot be null here since we have transactionSignature . So no need to do null check

                   */

                  signedFieldsArr = pResponseSignature.getParameter(SIGNED_FIELDS).split(COMMA);

                  String subid;

       

                  if (pResponseSignature.getParameter(PAY_SUBSCRIPTION_CREATE_REPLY_SUBSCRIPTION_ID) != null) {

                      subid = pResponseSignature.getParameter(PAY_SUBSCRIPTION_CREATE_REPLY_SUBSCRIPTION_ID).toString();

                  } else {

                      subid = "";

                  }

                  creditCardNumber = pResponseSignature.getParameter(CARD_ACCOUNT_NUMBER);

                  String cardtype = pResponseSignature.getParameter(CARD_CARD_TYPE);

                  int cardType = Integer.valueOf(cardtype).intValue();

                  String cardTypeName;

                  switch (cardType) {

                      case 001:

                          cardTypeName = VISA;

                          break;

                      case 002:

                          cardTypeName = MC;

                          break;

                      case 003:

                          cardTypeName = AMEX;

                          break;

                      case 004:

                          cardTypeName = DISC;

                          break;

                      case 005:

                          cardTypeName = DINR;

                          break;

                      case 007:

                          cardTypeName = JCB;

                          break;

                      default:

                          cardTypeName = UNKNOWN;

                          break;

                  }

       

                  String decision = pResponseSignature.getParameter(DECISION);

                  String reasoncode = pResponseSignature.getParameter(REASONCODE);

                  String authCode = pResponseSignature.getParameter(CC_AUTH_REPLY_AUTHORIZATION_CODE);

                  String authDate = pResponseSignature.getParameter(CC_AUTH_REPLY_AUTHORIZED_DATE_TIME);

                  String responseSignatureID = pResponseSignature.getParameter(REQUEST_ID);

                  String orderId = pResponseSignature.getParameter(MERCHANT_DEFINED_DATA);

       

                  StringBuilder data = new StringBuilder();

                  pResponseSignature.getParameter(ORDERID_PARAM);

                  for ( int i = 0; i < signedFieldsArr.length; i++) {

                      data.append(pResponseSignature.getParameter(signedFieldsArr[i]));

                  }

       

                  byte[] secretKey = data.toString().getBytes(UTF_8);

       

                  String country = pResponseSignature.getParameter(BILL_TO_COUNTRY);

                  if (StringUtils.isEmpty(country)) {

                      country = getDefaultCountry();

                  }

       

                  byte[] secretPublicKey = getConfiguration().getCyberSourceSharedSecret().get(country.toUpperCase()).getBytes(UTF_8);

       

                  SecretKeySpec signingPublicKey = new SecretKeySpec(secretPublicKey, HMAC_SHA1);

       

                  Mac mac = Mac.getInstance(HMAC_SHA1);

                  mac.init(signingPublicKey);

                  byte[] rawHmac = mac.doFinal(secretKey);

                  String result = javax.xml.bind.DatatypeConverter.printBase64Binary(rawHmac);

       

                  if (transactionSignature.equals(result) && decision.equalsIgnoreCase(RESPONSEDECISION)) {

                      pResponseValues.put(DECISION, decision);

                      pResponseValues.put(ORDERID_PARAM, orderId);

                      pResponseValues.put(TRANSACTION_SIGNATURE, transactionSignature);

                      pResponseValues.put(CREDITCARDNUMBER, creditCardNumber);

                      pResponseValues.put(CREDITCARDTYPE, cardTypeName);

                      pResponseValues.put(REASONCODE, reasoncode);

                      pResponseValues.put(AUTHCODE, authCode);

                      pResponseValues.put(AUTHDATE, authDate);

                      pResponseValues.put(SUBSCRIPTIONID, subid);

                      pResponseValues.put(VERIFIED_SIGNATURE, VERIFIED);

                      pResponseValues.put(REQUEST_ID, responseSignatureID);

                      String year = pResponseSignature.getParameter(CARD_EXPIRATION_YEAR);

                      pResponseValues.put(CARD_EXPIRATION_YEAR, year);

       

                      return true;

                  }

              }

       

              catch (Exception e) {

                  return false;

              }

              return false;

       

          }

       

        Please help?

        • 1. Re: Need a help regarding code understanding?
          Gopinath Ramasamy

          Hi,

           

          By looking at your code at the first glance, I believe the below needs to be corrected.

           

          1. signatureVerified is declared and set as boolean inside your droplet. But you are trying to get as a String in your jsp using dsp:getvalueof. Change this to get as boolean.

          2. Change the JSTL tag <c:when test="${verifiedSign eq 'true'}"> to say <c:when test="${verifiedSign}">.


          My assumptions from the code:

          1. CyberSourceResponseVerify.properties has $class points to CyberSourceResponseVerifyDroplet.

          2. Constans.java has VERIFIED_SIGNATURE declared in it.

          3. Your issue is, the code always go into the <c:otherwise> block.


          Hope this helps.

          Keep posting the updates or questions.

           

          Thanks,

          Gopinath Ramasamy