php - MIGS 在线支付 SHA256 HMAC 错误

Question

Bendigo Bank 告诉我，我们需要将 md5 更改为 SHA256。我已按照他们的说明进行操作，但出现此错误:

HTTP Status - 400
E5000: Cannot form a matching secure hash based on the merchant's request using either of the two merchant's secrets

他们的示例代码是这样的:

<?php foreach($_POST as $key => $value) {
    if (strlen($value) > 0) { ?>
            <input type="hidden" name="<?php echo($key); ?>" value="<?php echo($value); ?>"/><br>
    <?php           
        if ((strlen($value) > 0) && ((substr($key, 0,4)=="vpc_") || (substr($key,0,5) =="user_"))) {
            $hashinput .= $key . "=" . $value . "&";
        }
    }
}
$hashinput = rtrim($hashinput,"&");
?>
<!-- attach SecureHash -->
<input type="hidden" name="vpc_SecureHash" value="<?php echo(strtoupper(hash_hmac('SHA256', $hashinput, pack('H*',$securesecret)))); ?>"/>
<input type="hidden" name="vpc_SecureHashType" value="SHA256">

这是我的帖子:

Array (
    [AgainLink] => http://fallscreekcountryclub.com.au/make-a-booking/submit-booking.html
    [b_terms] => 1
    [chargetypeid] => 33
    [deposit] => 580.00
    [notes] => 4 Nights - 26/11/2016 to 30/11/2016
    [propertyid] => 2
    [total] => 580.00
    [vpc_AccessCode] => 903876BC
    [vpc_Amount] => 58000
    [vpc_Command] => pay
    [vpc_Locale] => en
    [vpc_MerchTxnRef] => 1479746896
    [vpc_Merchant] => BBL5800396
    [vpc_OrderInfo] => Studio Deluxe
    [vpc_ReturnURL] => http://fallscreekcountryclub.com.au/make-a-booking/booking-complete.html
    [vpc_Version] => 1
)

这是我的代码:

        $appendAmp = 0;
        $isencoded = '';
        $notencoded = '';
        foreach($_POST as $key => $value) {
            if (strlen($value) > 0) {
                if ($appendAmp == 0) :
                    $notencoded     .= $key . '=' . $value;
                    $isencoded      .= urlencode($key) . '=' . urlencode($value);
                    $appendAmp       = 1;
                else :
                    $notencoded     .= '&' . $key . '=' . $value;
                    $isencoded      .= '&' . urlencode($key) . '=' . urlencode($value);
                endif;
            }
        }

        if (strlen($SECURE_SECRET) > 0) {
            #$vpcURL .= "&vpc_SecureHash=" . strtoupper(md5($md5HashData));
            $SecureHash     = strtoupper(hash_hmac('SHA256',$notencoded,pack('H*',$SECURE_SECRET)));
            $SecureHashType = 'SHA256';
        }
        $vpcURL .= $notencoded.'&vpc_SecureHash='.$SecureHash.'&vpc_SecureHashType='.$SecureHashType;

我有“isencoded”和“notencoded”，因为我看到有人说在我构建 vpcURL 之前不要对 vpc_ReturnURL 的字符串进行 urlencode，但两者都不起作用。

vpcURL 的 urlencoded 版本是:

https://migs.mastercard.com.au/vpcpay?AgainLink=http%3A%2F%2Ffallscreekcountryclub.com.au%2Fmake-a-booking%2Fsubmit-booking.html&b_terms=1&chargetypeid=33&deposit=580.00&notes=4+Nights+-+26%2F11%2F2016+to+30%2F11%2F2016&propertyid=2&total=580.00&vpc_AccessCode=903876BC&vpc_Amount=58000&vpc_Command=pay&vpc_Locale=en&vpc_MerchTxnRef=1479746896&vpc_Merchant=BBL5800396&vpc_OrderInfo=Studio+Deluxe&vpc_ReturnURL=http%3A%2F%2Ffallscreekcountryclub.com.au%2Fmake-a-booking%2Fbooking-complete.html&vpc_Version=1&vpc_SecureHash=A5BA6503FC7A169A90C9AAC7039878F45D761180D874789172EB5A58298022E4&vpc_SecureHashType=SHA256 

非 urlencoded 版本是:

https://migs.mastercard.com.au/vpcpay?AgainLink=http://fallscreekcountryclub.com.au/make-a-booking/submit-booking.html&b_terms=1&chargetypeid=33&deposit=580.00&notes=4 Nights - 26/11/2016 to 30/11/2016&propertyid=2&total=580.00&vpc_AccessCode=903876BC&vpc_Amount=58000&vpc_Command=pay&vpc_Locale=en&vpc_MerchTxnRef=1479746896&vpc_Merchant=BBL5800396&vpc_OrderInfo=Studio Deluxe&vpc_ReturnURL=http://fallscreekcountryclub.com.au/make-a-booking/booking-complete.html&vpc_Version=1&vpc_SecureHash=A5BA6503FC7A169A90C9AAC7039878F45D761180D874789172EB5A58298022E4&vpc_SecureHashType=SHA256 

关于我做错了什么的任何想法？我调用银行，他们帮不了我，他们根本不知道我在说什么..

我知道 $SECURE_SECRET 数字是正确的，因为它与我用于原始 md5 哈希的数字相同。所以问题出在 sha256 哈希上，我不确定原因或如何修复它。

Answer 1

您好，我正在与您分享我的工作代码。 享受吧。

   $secretHash="xxxxxx";
    $accessCode='xxxxx';
    $merchantId='xxxxx';    

    $data = array(
        "vpc_AccessCode" => $accessCode,
        "vpc_Amount" => '100',
        "vpc_Command" => 'pay',
        "vpc_Locale" => 'en',
        "vpc_MerchTxnRef" =>  "REF_".time(),
        "vpc_Merchant" => $merchantId,
        "vpc_OrderInfo" => "Order_N_".time(),
        "vpc_ReturnURL" => urlencode("yourReturnUrl"),
        "vpc_Version" => '1',
        'vpc_SecureHashType' => 'SHA256'    
    );

    ksort($data);
    $hash = null;
    foreach ($data as $k => $v) {
        if (in_array($k, array('vpc_SecureHash', 'vpc_SecureHashType'))) {
            continue;
        }
        if ((strlen($v) > 0) && ((substr($k, 0, 4)=="vpc_") || (substr($k, 0, 5) =="user_"))) {
            $hash .= $k . "=" . $v . "&";
        }
    }
    $hash = rtrim($hash, "&");

    $secureHash = strtoupper(hash_hmac('SHA256', $hash, pack('H*', $secretHash)));
    $paraFinale = array_merge($data, array('vpc_SecureHash' => $secureHash));
    $actionurl = 'https://migs.mastercard.com.au/vpcpay?'.http_build_query($paraFinale);

    //print_r($actionurl);
    header("Location:".$actionurl);