Solved

signature in coldfusion

Posted on 2009-04-06
7
375 Views
Last Modified: 2013-12-24
I'm trying to do a connectivity test to a third party company called Pacnet (payment processing company).  They're requiring I pass to them a signature.  I'm trying to do this in coldfusion using a test page..

however, I get:

authenticationFailed
This server could not process your request because: Authentication failed due to incorrect user name, password, or signature.

My question is does the hash of the string look correct as well as the utc time?
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html>
<head>
<title>Testing Connectivity to Raven</title>
</head>
<body>
<h2>Testing Connectivity to Raven</h2>
<cfset curDate = Now()>
<cfset utcDate = DateConvert("local2utc", curDate)>
<cfoutput>
<cfset utctime="#DatePart('yyyy', utcDate)#-0#DatePart('m', utcDate)#-0#DatePart('d', utcDate)#T#DatePart('h', utcDate)#:#DatePart('n', utcDate)#:#DatePart('s', utcDate)#Z"><br />
current utc date and time: #utctime#<br /><br />
<cfset hash1 ="#Hash('artis,#utctime#', 'MD5')#">
<cfset hash2 ="#Hash('#hash1#,baseball', 'MD5')#">
</cfoutput> 
<form method="post" action="https://raven.pacnetservices.com/realtime/hello">
<input type="text" name="UserName" value="artis" size="100"><br />
<input type="text" name="Timestamp" value="<cfoutput>#utctime#</cfoutput>" size="100"><br />
<input type="text" name="Signature" value="<cfoutput>#hash2#</cfoutput>" size="100">
<br /><br />
<input type="submit" value="Get Response">
</form>
</body>
</html>

Open in new window

0
Comment
Question by:COwebmaster
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 16

Expert Comment

by:duncancumming
ID: 24079543
Seems like a convoluted method for the hash they require.  

You take a string "artis,#utctime#", then hash it.  
Then you take that hashed string, append ",baseball" to it and hash it again.  
Not sure the value of double-hashing something.  

You got a link to any Pacnet API documentation?

Anyway... another thing you can do is use <cfhttp> to post your form to their server, rather than create a normal form that you manually submit.  You probably know that, I guess you're just using a normal form to test what the values look like.  




0
 

Author Comment

by:COwebmaster
ID: 24097550
Ok, so I'm passing parameters to the server.  Now, how can I return the response?
<cfset curDate = Now()>
<cfset utcDate = DateConvert("local2utc", curDate)>
<cfoutput>
<cfset utctime="#DatePart('yyyy', utcDate)#-#DatePart('m', utcDate)#-#DatePart('d', utcDate)#T#DatePart('h', utcDate)#:#DatePart('n', utcDate)#:#DatePart('s', utcDate)#Z"><br />
current utc date/time: #utctime#<br /><br />
<cfset hash1 ="#Hash('artis,#utctime#', 'MD5')#">
<cfset hash2 ="#Hash('#hash1#,[hidden]', 'MD5')#">
</cfoutput> 
 
<cfparam name="attributes.UserName" default="artis">
<cfparam name="attributes.Amount" default="1">
<cfparam name="attributes.CurrencyCode" default="USD">
<cfparam name="attributes.Timestamp" default="<cfoutput>#utctime#</cfoutput>">
<cfparam name="attributes.Signature" default="<cfoutput>#hash2#</cfoutput>">
<cfparam name="attributes.PaymentType" default="cc_debit">
<cfparam name="attributes.PaymentRoutingNumber" default="[hidden]">
<CFPARAM NAME="attributes.CardNumber" DEFAULT="[hidden]">
<cfparam name="attributes.ExpiryDate" DEFAULT="0510">
<cfparam name="attributes.CVV" default="123">
<cfparam name="attributes.Reference" DEFAULT="12345">
 
<cfhttp url="https://raven.pacnetservices.com/realtime" method="POST">
	
	<cfhttpparam type="FORMFIELD" name="UserName" value="#attributes.UserName#">
	<cfhttpparam type="FORMFIELD" name="Amount" value="#attributes.Amount#">
	<cfhttpparam type="FORMFIELD" name="CurrencyCode" value="#attributes.CurrencyCode#">
	<cfhttpparam type="FORMFIELD" name="Timestamp" value="#attributes.Timestamp#">
	<cfhttpparam type="FORMFIELD" name="Signature" value="#attributes.Signature#">
	<cfhttpparam type="FORMFIELD" name="PaymentType" value="#attributes.PaymentType#">
	<cfhttpparam type="FORMFIELD" name="PaymentRoutingNumber" value="#attributes.PaymentRoutingNumber#">
	<cfhttpparam type="FORMFIELD" name="CardNumber" value="#attributes.CardNumber#">
	<cfhttpparam type="FORMFIELD" name="ExpiryDate" value="#attributes.ExpiryDate#">
	<cfhttpparam type="FORMFIELD" name="CVV" value="#attributes.CVV#">
	<cfhttpparam type="FORMFIELD" name="Reference" value="#attributes.Reference#">
	
</CFHTTP>

Open in new window

0
 
LVL 16

Expert Comment

by:duncancumming
ID: 24110306
#CFHTTP.FileContent#




0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:COwebmaster
ID: 24111211
yea, i tried that and get nothing back, just a white screen.
0
 

Author Comment

by:COwebmaster
ID: 24111245
does this look right..


<cfset curDate = Now()>
<cfset utcDate = DateConvert("local2utc", curDate)>
<cfoutput>
<cfset utctime="#DatePart('yyyy', utcDate)#-#DatePart('m', utcDate)#-#DatePart('d', utcDate)#T#DatePart('h', utcDate)#:#DatePart('n', utcDate)#:#DatePart('s', utcDate)#Z"><br />
current utc date/time: #utctime#<br /><br />
<cfset hash1 ="#Hash('artis,#utctime#', 'MD5')#">
<cfset hash2 ="#Hash('#hash1#,[hidden]', 'MD5')#">
</cfoutput> 
 
<cfparam name="attributes.UserName" default="artis">
<cfparam name="attributes.Amount" default="1">
<cfparam name="attributes.CurrencyCode" default="USD">
<cfparam name="attributes.Timestamp" default="<cfoutput>#utctime#</cfoutput>">
<cfparam name="attributes.Signature" default="<cfoutput>#hash2#</cfoutput>">
<cfparam name="attributes.PaymentType" default="cc_debit">
<cfparam name="attributes.PaymentRoutingNumber" default="[hidden]">
<CFPARAM NAME="attributes.CardNumber" DEFAULT="[hidden]">
<cfparam name="attributes.ExpiryDate" DEFAULT="0510">
<cfparam name="attributes.CVV" default="123">
<cfparam name="attributes.Reference" DEFAULT="12345">
 
	<cfhttp url="https://raven.pacnetservices.com/realtime" method="POST">
	
	<cfhttpparam type="FORMFIELD" name="UserName" value="#attributes.UserName#">
	<cfhttpparam type="FORMFIELD" name="Amount" value="#attributes.Amount#">
	<cfhttpparam type="FORMFIELD" name="CurrencyCode" value="#attributes.CurrencyCode#">
	<cfhttpparam type="FORMFIELD" name="Timestamp" value="#attributes.Timestamp#">
	<cfhttpparam type="FORMFIELD" name="Signature" value="#attributes.Signature#">
	<cfhttpparam type="FORMFIELD" name="PaymentType" value="#attributes.PaymentType#">
	<cfhttpparam type="FORMFIELD" name="PaymentRoutingNumber" value="#attributes.PaymentRoutingNumber#">
	<cfhttpparam type="FORMFIELD" name="CardNumber" value="#attributes.CardNumber#">
	<cfhttpparam type="FORMFIELD" name="ExpiryDate" value="#attributes.ExpiryDate#">
	<cfhttpparam type="FORMFIELD" name="CVV" value="#attributes.CVV#">
	<cfhttpparam type="FORMFIELD" name="Reference" value="#attributes.Reference#">
	
</CFHTTP>

Open in new window

0
 
LVL 16

Accepted Solution

by:
duncancumming earned 500 total points
ID: 24113860
well it seems to, but it depends what the pacnet page is expecting.  

try doing <cfdump var="#cfhttp#"> and see what the headers are.

lines like this:
<cfparam name="attributes.Timestamp" default="<cfoutput>#utctime#</cfoutput>">
you don't need the cfoutput, just do
<cfparam name="attributes.Timestamp" default="#utctime#">

I'm still confused about the requirement for double hashing.
0
 

Author Comment

by:COwebmaster
ID: 24154187
Thanks, that worked.
0

Featured Post

Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question