You need to sign in to do that
Don't have an account?
Simulate Cybersource Hosted Order Page in Apex
Hi All,
I have requirement where I have to implement Cybersource payment gateway in Salesforce.com. I am trying to use Cybersource Hosted Order Page approach to implement this functionality.
Cybersource has provided me some sample JSP pages which I can use in any java based web application and implement the payment gateway within that application and I am able to do that.
Now I have to simulate the same functionality in Salesforce.com using Visualforce and Apex. I am able to simulate most of the code in Apex but got stuck while simulating Message Authentication code and secret key. Below is the code written in java which I need to simulate in Apex.
public String getPublicDigest(String customValues) throws Exception{ String pub = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2L8taoXQvBV5xddZp58JE2i3rQauaBe1U1lEQCIYNYlIQSt4J6++F6NBgmCx1vnSCX2s4O0FI3S5b/No7QTfKkO19ofJVYBB6hdlcPStHsnYLV9mDmHuFfiR8Ebk3dUWYVCQX+eyZj99WQmYiTPIEZSAuB54jTMRQwyAE5GsVwIDAQAB"; BASE64Encoder encoder = new BASE64Encoder(); Mac sha1Mac = Mac.getInstance("HmacSHA1"); SecretKeySpec publicKeySpec = new SecretKeySpec(pub.getBytes(), "HmacSHA1"); sha1Mac.init(publicKeySpec); byte[] publicBytes = sha1Mac.doFinal(customValues.getBytes()); String publicDigest = encoder.encodeBuffer(publicBytes); return publicDigest.replaceAll("\n", ""); }
Here is the code which I simulated in Apex but the key generated is still invalid.
public String getPublicDigest(String customValues){ String secretKey = 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2L8taoXQvBV5xddZp58JE2i3rQauaBe1U1lEQCIYNYlIQSt4J6++F6NBgmCx1vnSCX2s4O0FI3S5b/No7QTfKkO19ofJVYBB6hdlcPStHsnYLV9mDmHuFfiR8Ebk3dUWYVCQX+eyZj99WQmYiTPIEZSAuB54jTMRQwyAE5GsVwIDAQAB'; //Blob blobDigest = Crypto.generateDigest('hmacSHA1', Blob.valueOf(pub)); Blob sha1Mac = Crypto.generateMac('hmacSHA1', Blob.valueOf(customValues), EncodingUtil.base64Decode(secretKey)); String publicDigest = Encodingutil.convertToHex(sha1Mac); return publicDigest; }
Any help is appreciated.
Did you ever figure this out?
No, In fact I skipped this approach and redirected user to Cyber source payment page for processing of payment.
Hi, does this require the user to re-enter the payment (card, direct debit etc) details in the cybersource page?
The only thing in your code is that you use HmacSHA1, what i get from all the Cybersource documentation is that you have to use HmacSHA256
Question I have is how does the HTTP request header has to look like, as I get this "invalid security" no wsse header error despite that i use the trans action securtyi keys...
Hi https://cgi-sfdc.atlassian.net/secure/Dashboard.jspa
Has this been solved?
-Frank
I am also using cybersource for payment processing. Can you help me out with the apex code to redirect to the payment gateway page? Also what are the fields we require to fill while going before payment gateway page.
Thanks & regards
Sourabh
your details for cybersource are ideally stored encrypted in custom settings ( use the utility class encoded / decoded to store and retrieve )
the controller looks like
the page look like
for storing the secret details of you cyber connection you could use something like
you nee to create the equivalent custom settings and entries, you can find in the code
(Cybersource__c and fields as stated and one entry 'testcenter' )
hope that helps (working solution)
I also found this in my resources, but might have been atest?
Can you please let me know from where you are getting 'transaction_uuid'. Is it coming from the cybersource?
Thanks & Regards
Sourabh
it is / was working so I don't really spend much attention to the details behind , only important thing was the salesforce contact was able to make a payment and the response from CS was either yes ok or no not ok. this is why we used the silent post as this requires the minimum of signed security for the company ( CSP ) i think its called, as soon you store any credit card details in relation or not you have to go through the highest level as a bank would go through, the chosen way avoids that.
The contact details get encrypted and reflect the signed data ( processed by your server to encryp them, this will then be combined with the entered card details and submitted directly to cybersource (encrypted with the signed data as double protection ( encrypted on top of the encryption which then will be de coded on cybersource end , validated and process if fine, then you get a repsonse inclinding the transaction uuid
which then can be used if you log into cybersource to find the transaction i believe
Helps a lot.
Thanks & Regards
Sourabh
I was trying to replicate the sample code that you have posted. But whenever I am clicking on the confirm, I am being redirected to the Cybersource page: 403 - Unauthorized
You are not authorized to view this page. The transaction has not been processed.
Did I miss any on the code?
Can anyone tell me what URL to add to CSP?
I am getting error 401, can anyone help on that?
Also, you may use this method to generate digest:
public static String generateDigest(String jsonString1) {
String digest = '';
String bodyText = jsonString1; //'{ your JSON payload }';
Blob payloadBlob = Blob.valueOf(bodyText);
Blob hash;
if (Test.isRunningTest()) {
// In a test context, we need to mock the hash value since we can't perform actual hashing.
hash = Blob.valueOf('mockedHashValue');
} else {
// Calculate the actual hash using SHA-256 algorithm
hash = Crypto.generateDigest('SHA-256', payloadBlob);
}
digest = 'SHA-256=' + EncodingUtil.base64Encode(hash);
return digest;
}