/** * Load HPM configuration file. * * @param configFile - the HPM configuration file path * @throws IOException */ public static void loadConfiguration(String configFile) throws IOException { Properties props = new Properties(); props.load(new FileInputStream(configFile)); url = props.getProperty("url"); endPoint = props.getProperty("endPoint"); callbackURL = props.getProperty("callbackURL"); username = props.getProperty("username"); password = props.getProperty("password"); publicKeyString = props.getProperty("publicKey"); jsPath = props.getProperty("jsPath"); Pattern pattern = Pattern.compile(".+hosted/(.+)/zuora.+"); Matcher matcher = pattern.matcher(jsPath); if (matcher.matches()) { jsVersion = matcher.group(1); } pages.clear(); for (Object key : props.keySet()) { pattern = Pattern.compile("page\\.([^\\.]+)\\.([^\\.]+)"); matcher = pattern.matcher((String) key); if (matcher.matches()) { String value = props.getProperty((String) key); String name = matcher.group(1); HPMPage page = pages.get(name); if (page == null) { page = new HPMPage(); pages.put(name, page); } if ("pageId".equals(matcher.group(2))) { page.setPageId(value); } else if ("paymentGateway".equals(matcher.group(2))) { page.setPaymentGateway(value); } else if ("locale".equals(matcher.group(2))) { List<String> locales = new ArrayList<String>(); for (String locale : value.split(",")) { if (!"".equals(locale.trim())) { locales.add(locale.trim()); } } page.setLocales(locales); } } } }
/** * Fill params and encrypt PCI pre-populate fields. * * @param pageName - Page Name specified in HPM configuration file * @param params - Map of params which will be passed to Z.render. tenantId, id, token, signature, * key, url and paymentGateway will be filled by this method. * @param prepopulateFields - Map of pre-populate fields which will be passed to Z.render. * @throws Exception */ public static void prepareParamsAndFields( String pageName, Map<String, String> params, Map<String, String> prepopulateFields) throws Exception { HPMPage page = pages.get(pageName); if (page == null) { throw new Exception("Could not find Hosted Page configurations for " + pageName); } JSONObject result = generateSignature(page.getPageId()); params.put("tenantId", result.getString("tenantId")); params.put("id", page.getPageId()); params.put("token", result.getString("token")); params.put("signature", result.getString("signature")); params.put("key", publicKeyString); params.put("url", url); params.put("paymentGateway", page.getPaymentGateway()); for (Iterator<String> iterator = prepopulateFields.keySet().iterator(); iterator.hasNext(); ) { String key = iterator.next(); String value = prepopulateFields.get(key); if (fieldToEncrypt.contains(key)) { value = RsaEncrypter.encrypt(value, publicKeyString); if ("1.0.0".equals(jsVersion) || "1.1.0".equals(jsVersion)) { // For zuora.js version 1.0.0 and 1.1.0, PCI pre-populate fields are in params. iterator.remove(); params.put("field_" + key, value); } else { // For zuora.js version 1.2.0 and later, PCI pre-populate fields are in prepopulateFields. prepopulateFields.put(key, value); } } } if ("1.0.0".equals(jsVersion)) { // For zuora.js version 1.0.0, encode the values in params except url. for (String key : params.keySet()) { if (!"url".equals(key)) { params.put(key, URLEncoder.encode(params.get(key), "UTF-8")); } } } }
/** * Validate signature using Hosted Page configuration * * @param signature - signature need to validate * @param expiredAfter - expired time in millisecond after the signature is created * @throws Exception */ public static void validBasicSignature(String signature, long expiredAfter) throws Exception { // Need to get value from configration page and value from request to construct the // encryptedString. // SignatureDecrypter.verifyAdvancedSignature(signature, encryptedString, publicKeyString); String decryptedSignature = SignatureDecrypter.decryptAsString(signature, publicKeyString); // Validate signature. if (StringUtils.isBlank(decryptedSignature)) { throw new Exception("Signature is empty."); } StringTokenizer st = new StringTokenizer(decryptedSignature, "#"); String url_signature = st.nextToken(); String tenanId_signature = st.nextToken(); String token_signature = st.nextToken(); String timestamp_signature = st.nextToken(); String pageId_signature = st.nextToken(); if (StringUtils.isBlank(url_signature) || StringUtils.isBlank(tenanId_signature) || StringUtils.isBlank(token_signature) || StringUtils.isBlank(timestamp_signature) || StringUtils.isBlank(pageId_signature)) { throw new Exception("Signature is not complete."); } boolean isPageIdValid = false; for (HPMPage page : pages.values()) { if (page.getPageId().equals(pageId_signature)) { isPageIdValid = true; break; } } if (!isPageIdValid) { throw new Exception("Page Id in signature is invalid."); } if ((new Date()).getTime() > (Long.parseLong(timestamp_signature) + expiredAfter)) { throw new Exception("Signature is expired."); } }