omnipay-global-alipay icon indicating copy to clipboard operation
omnipay-global-alipay copied to clipboard

Published 20 hours ago verified publisher icon lokielse

WebGateway doesn't support RSA private keys without tweaking.

Open Rgrable opened this issue 8 years ago • 1 comments

Im unsure if it was meant to be that way, but the WebGateway and the WebPurchaseRequest do not have support for RSA private keys. When signing in the WebPurchaseRequest, the algorithm is hardcoded to only accept MD5. I got around this temporarily by changing the line from this:

$data['sign'] = Helper::sign($data, 'MD5', $this->getKey());

to this:

$data['sign'] = Helper::sign($data, $this->getSignType(), $this->getKey());

Now its able to create the transaction, but Im worried about the notify not being able to process the purchase with a private key.

Rgrable avatar Sep 19 '17 17:09 Rgrable

@Rgrable

I'm sorry to tell you that there is no RSA implemention of omnipay-global-alipay.

The complete purchase process need a alipay_public_key parameter

You should change the code at CompletePurchaseRequest.php#L16

$sign = Helper::sign($data, $signType, $this->getSignKey($signType));

to Signer.php#L240

$res = openssl_pkey_get_public($alipayPublicKey);
$match = (bool) openssl_verify($content, base64_decode($sign), $res, OPENSSL_ALGO_SHA1);

lokielse avatar Sep 20 '17 05:09 lokielse