/** * Fill params and encrypt PCI pre-populate fields. * * @param pageName - Page Name specified in HPM configuration file * @param params - Map of params which will be passed to Z.render. tenantId, id, token, signature, * key, url and paymentGateway will be filled by this method. * @param prepopulateFields - Map of pre-populate fields which will be passed to Z.render. * @throws Exception */ public static void prepareParamsAndFields( String pageName, Map<String, String> params, Map<String, String> prepopulateFields) throws Exception { HPMPage page = pages.get(pageName); if (page == null) { throw new Exception("Could not find Hosted Page configurations for " + pageName); } JSONObject result = generateSignature(page.getPageId()); params.put("tenantId", result.getString("tenantId")); params.put("id", page.getPageId()); params.put("token", result.getString("token")); params.put("signature", result.getString("signature")); params.put("key", publicKeyString); params.put("url", url); params.put("paymentGateway", page.getPaymentGateway()); for (Iterator<String> iterator = prepopulateFields.keySet().iterator(); iterator.hasNext(); ) { String key = iterator.next(); String value = prepopulateFields.get(key); if (fieldToEncrypt.contains(key)) { value = RsaEncrypter.encrypt(value, publicKeyString); if ("1.0.0".equals(jsVersion) || "1.1.0".equals(jsVersion)) { // For zuora.js version 1.0.0 and 1.1.0, PCI pre-populate fields are in params. iterator.remove(); params.put("field_" + key, value); } else { // For zuora.js version 1.2.0 and later, PCI pre-populate fields are in prepopulateFields. prepopulateFields.put(key, value); } } } if ("1.0.0".equals(jsVersion)) { // For zuora.js version 1.0.0, encode the values in params except url. for (String key : params.keySet()) { if (!"url".equals(key)) { params.put(key, URLEncoder.encode(params.get(key), "UTF-8")); } } } }
/** * Validate signature using Hosted Page configuration * * @param signature - signature need to validate * @param expiredAfter - expired time in millisecond after the signature is created * @throws Exception */ public static void validBasicSignature(String signature, long expiredAfter) throws Exception { // Need to get value from configration page and value from request to construct the // encryptedString. // SignatureDecrypter.verifyAdvancedSignature(signature, encryptedString, publicKeyString); String decryptedSignature = SignatureDecrypter.decryptAsString(signature, publicKeyString); // Validate signature. if (StringUtils.isBlank(decryptedSignature)) { throw new Exception("Signature is empty."); } StringTokenizer st = new StringTokenizer(decryptedSignature, "#"); String url_signature = st.nextToken(); String tenanId_signature = st.nextToken(); String token_signature = st.nextToken(); String timestamp_signature = st.nextToken(); String pageId_signature = st.nextToken(); if (StringUtils.isBlank(url_signature) || StringUtils.isBlank(tenanId_signature) || StringUtils.isBlank(token_signature) || StringUtils.isBlank(timestamp_signature) || StringUtils.isBlank(pageId_signature)) { throw new Exception("Signature is not complete."); } boolean isPageIdValid = false; for (HPMPage page : pages.values()) { if (page.getPageId().equals(pageId_signature)) { isPageIdValid = true; break; } } if (!isPageIdValid) { throw new Exception("Page Id in signature is invalid."); } if ((new Date()).getTime() > (Long.parseLong(timestamp_signature) + expiredAfter)) { throw new Exception("Signature is expired."); } }