Solved

signature in coldfusion

Posted on 2009-04-06
7
367 Views
Last Modified: 2013-12-24
I'm trying to do a connectivity test to a third party company called Pacnet (payment processing company).  They're requiring I pass to them a signature.  I'm trying to do this in coldfusion using a test page..

however, I get:

authenticationFailed
This server could not process your request because: Authentication failed due to incorrect user name, password, or signature.

My question is does the hash of the string look correct as well as the utc time?
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html>

<head>

<title>Testing Connectivity to Raven</title>

</head>

<body>

<h2>Testing Connectivity to Raven</h2>

<cfset curDate = Now()>

<cfset utcDate = DateConvert("local2utc", curDate)>

<cfoutput>

<cfset utctime="#DatePart('yyyy', utcDate)#-0#DatePart('m', utcDate)#-0#DatePart('d', utcDate)#T#DatePart('h', utcDate)#:#DatePart('n', utcDate)#:#DatePart('s', utcDate)#Z"><br />

current utc date and time: #utctime#<br /><br />

<cfset hash1 ="#Hash('artis,#utctime#', 'MD5')#">

<cfset hash2 ="#Hash('#hash1#,baseball', 'MD5')#">

</cfoutput> 

<form method="post" action="https://raven.pacnetservices.com/realtime/hello">

<input type="text" name="UserName" value="artis" size="100"><br />

<input type="text" name="Timestamp" value="<cfoutput>#utctime#</cfoutput>" size="100"><br />

<input type="text" name="Signature" value="<cfoutput>#hash2#</cfoutput>" size="100">

<br /><br />

<input type="submit" value="Get Response">

</form>

</body>

</html>

Open in new window

0
Comment
Question by:COwebmaster
  • 4
  • 3
7 Comments
 
LVL 16

Expert Comment

by:duncancumming
ID: 24079543
Seems like a convoluted method for the hash they require.  

You take a string "artis,#utctime#", then hash it.  
Then you take that hashed string, append ",baseball" to it and hash it again.  
Not sure the value of double-hashing something.  

You got a link to any Pacnet API documentation?

Anyway... another thing you can do is use <cfhttp> to post your form to their server, rather than create a normal form that you manually submit.  You probably know that, I guess you're just using a normal form to test what the values look like.  




0
 

Author Comment

by:COwebmaster
ID: 24097550
Ok, so I'm passing parameters to the server.  Now, how can I return the response?
<cfset curDate = Now()>

<cfset utcDate = DateConvert("local2utc", curDate)>

<cfoutput>

<cfset utctime="#DatePart('yyyy', utcDate)#-#DatePart('m', utcDate)#-#DatePart('d', utcDate)#T#DatePart('h', utcDate)#:#DatePart('n', utcDate)#:#DatePart('s', utcDate)#Z"><br />

current utc date/time: #utctime#<br /><br />

<cfset hash1 ="#Hash('artis,#utctime#', 'MD5')#">

<cfset hash2 ="#Hash('#hash1#,[hidden]', 'MD5')#">

</cfoutput> 
 

<cfparam name="attributes.UserName" default="artis">

<cfparam name="attributes.Amount" default="1">

<cfparam name="attributes.CurrencyCode" default="USD">

<cfparam name="attributes.Timestamp" default="<cfoutput>#utctime#</cfoutput>">

<cfparam name="attributes.Signature" default="<cfoutput>#hash2#</cfoutput>">

<cfparam name="attributes.PaymentType" default="cc_debit">

<cfparam name="attributes.PaymentRoutingNumber" default="[hidden]">

<CFPARAM NAME="attributes.CardNumber" DEFAULT="[hidden]">

<cfparam name="attributes.ExpiryDate" DEFAULT="0510">

<cfparam name="attributes.CVV" default="123">

<cfparam name="attributes.Reference" DEFAULT="12345">
 

<cfhttp url="https://raven.pacnetservices.com/realtime" method="POST">

	

	<cfhttpparam type="FORMFIELD" name="UserName" value="#attributes.UserName#">

	<cfhttpparam type="FORMFIELD" name="Amount" value="#attributes.Amount#">

	<cfhttpparam type="FORMFIELD" name="CurrencyCode" value="#attributes.CurrencyCode#">

	<cfhttpparam type="FORMFIELD" name="Timestamp" value="#attributes.Timestamp#">

	<cfhttpparam type="FORMFIELD" name="Signature" value="#attributes.Signature#">

	<cfhttpparam type="FORMFIELD" name="PaymentType" value="#attributes.PaymentType#">

	<cfhttpparam type="FORMFIELD" name="PaymentRoutingNumber" value="#attributes.PaymentRoutingNumber#">

	<cfhttpparam type="FORMFIELD" name="CardNumber" value="#attributes.CardNumber#">

	<cfhttpparam type="FORMFIELD" name="ExpiryDate" value="#attributes.ExpiryDate#">

	<cfhttpparam type="FORMFIELD" name="CVV" value="#attributes.CVV#">

	<cfhttpparam type="FORMFIELD" name="Reference" value="#attributes.Reference#">

	

</CFHTTP>

Open in new window

0
 
LVL 16

Expert Comment

by:duncancumming
ID: 24110306
#CFHTTP.FileContent#




0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:COwebmaster
ID: 24111211
yea, i tried that and get nothing back, just a white screen.
0
 

Author Comment

by:COwebmaster
ID: 24111245
does this look right..


<cfset curDate = Now()>

<cfset utcDate = DateConvert("local2utc", curDate)>

<cfoutput>

<cfset utctime="#DatePart('yyyy', utcDate)#-#DatePart('m', utcDate)#-#DatePart('d', utcDate)#T#DatePart('h', utcDate)#:#DatePart('n', utcDate)#:#DatePart('s', utcDate)#Z"><br />

current utc date/time: #utctime#<br /><br />

<cfset hash1 ="#Hash('artis,#utctime#', 'MD5')#">

<cfset hash2 ="#Hash('#hash1#,[hidden]', 'MD5')#">

</cfoutput> 
 

<cfparam name="attributes.UserName" default="artis">

<cfparam name="attributes.Amount" default="1">

<cfparam name="attributes.CurrencyCode" default="USD">

<cfparam name="attributes.Timestamp" default="<cfoutput>#utctime#</cfoutput>">

<cfparam name="attributes.Signature" default="<cfoutput>#hash2#</cfoutput>">

<cfparam name="attributes.PaymentType" default="cc_debit">

<cfparam name="attributes.PaymentRoutingNumber" default="[hidden]">

<CFPARAM NAME="attributes.CardNumber" DEFAULT="[hidden]">

<cfparam name="attributes.ExpiryDate" DEFAULT="0510">

<cfparam name="attributes.CVV" default="123">

<cfparam name="attributes.Reference" DEFAULT="12345">
 

	<cfhttp url="https://raven.pacnetservices.com/realtime" method="POST">

	

	<cfhttpparam type="FORMFIELD" name="UserName" value="#attributes.UserName#">

	<cfhttpparam type="FORMFIELD" name="Amount" value="#attributes.Amount#">

	<cfhttpparam type="FORMFIELD" name="CurrencyCode" value="#attributes.CurrencyCode#">

	<cfhttpparam type="FORMFIELD" name="Timestamp" value="#attributes.Timestamp#">

	<cfhttpparam type="FORMFIELD" name="Signature" value="#attributes.Signature#">

	<cfhttpparam type="FORMFIELD" name="PaymentType" value="#attributes.PaymentType#">

	<cfhttpparam type="FORMFIELD" name="PaymentRoutingNumber" value="#attributes.PaymentRoutingNumber#">

	<cfhttpparam type="FORMFIELD" name="CardNumber" value="#attributes.CardNumber#">

	<cfhttpparam type="FORMFIELD" name="ExpiryDate" value="#attributes.ExpiryDate#">

	<cfhttpparam type="FORMFIELD" name="CVV" value="#attributes.CVV#">

	<cfhttpparam type="FORMFIELD" name="Reference" value="#attributes.Reference#">

	

</CFHTTP>

Open in new window

0
 
LVL 16

Accepted Solution

by:
duncancumming earned 500 total points
ID: 24113860
well it seems to, but it depends what the pacnet page is expecting.  

try doing <cfdump var="#cfhttp#"> and see what the headers are.

lines like this:
<cfparam name="attributes.Timestamp" default="<cfoutput>#utctime#</cfoutput>">
you don't need the cfoutput, just do
<cfparam name="attributes.Timestamp" default="#utctime#">

I'm still confused about the requirement for double hashing.
0
 

Author Comment

by:COwebmaster
ID: 24154187
Thanks, that worked.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
VPN Dedicated IP address question 7 42
Forbidden errors 5 107
Web Site Hosting 10 68
Autoresponder for Whole Domain in Plesk/Cpanel 2 50
This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now