Issue #123 support HMAC SHA-512 signatureKey

thephpleague · Jan 20, 2019 · 7e118ad · 7e118ad
1 parent a9738c3
commit 7e118ad
Show file tree

Hide file tree

Showing 6 changed files with 66 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -66,6 +66,21 @@ $request = $gateway->purchase(
 );
 ```
 
+## DPM and SIM Signatures
+
+DPM and SIM used to sign their requests with the `transactionKey` using the mdh HMAC algorithm.
+From early 2019, this algorithm is being removed completely.
+Instead, the SHA-512 HMAC algorithm is used to sign the DPM and SIM requsts,
+and to validate the received  notifications.
+
+To start using the SHA-512 signing, set your `signatureKey` in the gateway:
+
+```php
+$gateway->setSignatureKey('48D2C629E4A...{100}...E7CA3C4E6CD7223D');
+```
+
+The `signatureKey` can be generated in the *API Credentials & Keys* section of your account setings.
+
 ## Support
 
 If you are having general issues with Omnipay, we suggest posting on

diff --git a/src/AIMGateway.php b/src/AIMGateway.php
@@ -24,11 +24,11 @@ public function getName()
     public function getDefaultParameters()
     {
         return array(
-            'apiLoginId'        => '',
-            'transactionKey'    => '',
+            'apiLoginId'        => null,
+            'transactionKey'    => null,
             'testMode'          => false,
             'developerMode'     => false,
-            'hashSecret'        => '',
+            'hashSecret'        => null,
             'liveEndpoint'      => 'https://api2.authorize.net/xml/v1/request.api',
             'developerEndpoint' => 'https://apitest.authorize.net/xml/v1/request.api',
         );
@@ -54,6 +54,16 @@ public function setTransactionKey($value)
         return $this->setParameter('transactionKey', $value);
     }
 
+    public function getSignatureKey()
+    {
+        return $this->getParameter('signatureKey');
+    }
+
+    public function setSignatureKey($value)
+    {
+        return $this->setParameter('signatureKey', $value);
+    }
+
     public function getDeveloperMode()
     {
         return $this->getParameter('developerMode');

diff --git a/src/Message/AIMAbstractRequest.php b/src/Message/AIMAbstractRequest.php
@@ -36,6 +36,20 @@ public function setTransactionKey($value)
         return $this->setParameter('transactionKey', $value);
     }
 
+    // AIM does not use signatureKey, but it is included here just
+    // to get the tests to run. Some structural refactoring will be
+    // needed to work around this.
+
+    public function getSignatureKey()
+    {
+        return $this->getParameter('signatureKey');
+    }
+
+    public function setSignatureKey($value)
+    {
+        return $this->setParameter('signatureKey', $value);
+    }
+
     public function getDeveloperMode()
     {
         return $this->getParameter('developerMode');

diff --git a/src/Message/SIMAbstractRequest.php b/src/Message/SIMAbstractRequest.php
@@ -34,6 +34,16 @@ public function setTransactionKey($value)
         return $this->setParameter('transactionKey', $value);
     }
 
+    public function getSignatureKey()
+    {
+        return $this->getParameter('signatureKey');
+    }
+
+    public function setSignatureKey($value)
+    {
+        return $this->setParameter('signatureKey', $value);
+    }
+
     public function getDeveloperMode()
     {
         return $this->getParameter('developerMode');

diff --git a/src/Message/SIMAuthorizeRequest.php b/src/Message/SIMAuthorizeRequest.php
@@ -78,11 +78,19 @@ public function getHash($data)
         ).'^';
 
         // If x_currency_code is specified, then it must follow the final trailing carat.
+
         if ($this->getCurrency()) {
             $fingerprint .= $this->getCurrency();
         }
 
-        return hash_hmac('md5', $fingerprint, $this->getTransactionKey());
+        // The md5 hash against the transactionKey is being removed 2019 and
+        // replaced with an SHA-512 hash against the signatureKey.
+
+        if ($signatureKey = $this->getSignatureKey()) {
+            return hash_hmac('sha512', $fingerprint, hex2bin($signatureKey));
+        } else {
+            return hash_hmac('md5', $fingerprint, $this->getTransactionKey());
+        }
     }
 
     public function sendData($data)

diff --git a/src/SIMGateway.php b/src/SIMGateway.php
@@ -16,7 +16,7 @@ public function getDefaultParameters()
     {
         $parameters = parent::getDefaultParameters();
         $parameters = array_merge($parameters, array(
-            'hashSecret' => '',
+            'signatureKey' => null,
             'liveEndpoint' => 'https://secure2.authorize.net/gateway/transact.dll',
             'developerEndpoint' => 'https://test.authorize.net/gateway/transact.dll'
         ));
@@ -33,14 +33,14 @@ public function setApiLoginId($value)
         return $this->setParameter('apiLoginId', $value);
     }
 
-    public function getTransactionKey()
+    public function getSignatureKey()
     {
-        return $this->getParameter('transactionKey');
+        return $this->getParameter('signatureKey');
     }
 
-    public function setTransactionKey($value)
+    public function setSignatureKey($value)
     {
-        return $this->setParameter('transactionKey', $value);
+        return $this->setParameter('signatureKey', $value);
     }
 
     public function getDeveloperMode()