/**
* Fill params and encrypt PCI pre-populate fields.
*
* @param pageName - Page Name specified in HPM configuration file
* @param params - Map of params which will be passed to Z.render. tenantId, id, token, signature,
* key, url and paymentGateway will be filled by this method.
* @param prepopulateFields - Map of pre-populate fields which will be passed to Z.render.
* @throws Exception
*/
public static void prepareParamsAndFields(
String pageName, Map<String, String> params, Map<String, String> prepopulateFields)
throws Exception {
HPMPage page = pages.get(pageName);
if (page == null) {
throw new Exception("Could not find Hosted Page configurations for " + pageName);
}
JSONObject result = generateSignature(page.getPageId());
params.put("tenantId", result.getString("tenantId"));
params.put("id", page.getPageId());
params.put("token", result.getString("token"));
params.put("signature", result.getString("signature"));
params.put("key", publicKeyString);
params.put("url", url);
params.put("paymentGateway", page.getPaymentGateway());
for (Iterator<String> iterator = prepopulateFields.keySet().iterator(); iterator.hasNext(); ) {
String key = iterator.next();
String value = prepopulateFields.get(key);
if (fieldToEncrypt.contains(key)) {
value = RsaEncrypter.encrypt(value, publicKeyString);
if ("1.0.0".equals(jsVersion) || "1.1.0".equals(jsVersion)) {
// For zuora.js version 1.0.0 and 1.1.0, PCI pre-populate fields are in params.
iterator.remove();
params.put("field_" + key, value);
} else {
// For zuora.js version 1.2.0 and later, PCI pre-populate fields are in prepopulateFields.
prepopulateFields.put(key, value);
}
}
}
if ("1.0.0".equals(jsVersion)) {
// For zuora.js version 1.0.0, encode the values in params except url.
for (String key : params.keySet()) {
if (!"url".equals(key)) {
params.put(key, URLEncoder.encode(params.get(key), "UTF-8"));
}
}
}
}
/**
* Validate signature using Hosted Page configuration
*
* @param signature - signature need to validate
* @param expiredAfter - expired time in millisecond after the signature is created
* @throws Exception
*/
public static void validBasicSignature(String signature, long expiredAfter) throws Exception {
// Need to get value from configration page and value from request to construct the
// encryptedString.
// SignatureDecrypter.verifyAdvancedSignature(signature, encryptedString, publicKeyString);
String decryptedSignature = SignatureDecrypter.decryptAsString(signature, publicKeyString);
// Validate signature.
if (StringUtils.isBlank(decryptedSignature)) {
throw new Exception("Signature is empty.");
}
StringTokenizer st = new StringTokenizer(decryptedSignature, "#");
String url_signature = st.nextToken();
String tenanId_signature = st.nextToken();
String token_signature = st.nextToken();
String timestamp_signature = st.nextToken();
String pageId_signature = st.nextToken();
if (StringUtils.isBlank(url_signature)
|| StringUtils.isBlank(tenanId_signature)
|| StringUtils.isBlank(token_signature)
|| StringUtils.isBlank(timestamp_signature)
|| StringUtils.isBlank(pageId_signature)) {
throw new Exception("Signature is not complete.");
}
boolean isPageIdValid = false;
for (HPMPage page : pages.values()) {
if (page.getPageId().equals(pageId_signature)) {
isPageIdValid = true;
break;
}
}
if (!isPageIdValid) {
throw new Exception("Page Id in signature is invalid.");
}
if ((new Date()).getTime() > (Long.parseLong(timestamp_signature) + expiredAfter)) {
throw new Exception("Signature is expired.");
}
}
