Coast Line
asked on
trying to run a java code or return value from jsp
Hii have the following code. i had 2 options with me, either i run the java code to convert into ColdFusion or create the java code as jsp and run it thru cfhttp by passing required parameters and accessing thm.
but probem is i do not know either way what to do and where to start
can someone guide me please
if i do call cfhttp, how do i pass and how do i call from that jsp page
Thanks
but probem is i do not know either way what to do and where to start
can someone guide me please
if i do call cfhttp, how do i pass and how do i call from that jsp page
long nonce = Math.abs(SecureRandom.getInstance("SHA1PRNG").nextLong());
returnMap.put(APIResourceConstants.SecurityConstants.NONCE, Long.toString(nonce));
returnMap.put(APIResourceConstants.SecurityConstants.APIKEY, requestOptions.getApiKey());
returnMap.put(APIResourceConstants.SecurityConstants.TIMESTAMP, Long.toString(System.currentTimeMillis()));
returnMap.put(APIResourceConstants.SecurityConstants.TOKEN, requestOptions.getToken());
returnMap.put(APIResourceConstants.SecurityConstants.APISECRET, requestOptions.getSecret());
returnMap.put(APIResourceConstants.SecurityConstants.PAYLOAD, payLoad);
this is the parameters and this is how the data is generated !!!!!!!!!!!!!!!!
Mac mac=Mac.getInstance("HmacSHA256");
String apiSecret= data.get(APIResourceConstants.SecurityConstants.APISECRET);
SecretKeySpec secret_key = new SecretKeySpec(apiSecret.getBytes(), "HmacSHA256");
mac.init(secret_key);
String apikey = data.get(APIResourceConstants.SecurityConstants.APIKEY);
String nonce = data.get(APIResourceConstants.SecurityConstants.NONCE);
String timeStamp = data.get(APIResourceConstants.SecurityConstants.TIMESTAMP);
String token = data.get(APIResourceConstants.SecurityConstants.TOKEN);
String payload = data.get(APIResourceConstants.SecurityConstants.PAYLOAD);
StringBuilder buff=new StringBuilder();
buff.append(apikey)
.append(nonce)
.append(timeStamp);
if(token!=null){
buff.append(token);
}
if(payload != null){
buff.append(payload);
}
String bufferData = buff.toString();
byte[] macHash=mac.doFinal(bufferData.getBytes("UTF-8"));
String authorizeString = new String(Base64.encodeBase64(toHex(macHash)));
return authorizeString;
Thanks
ASKER
architecture is a web based application, so i need to call this file as jsp file and it should return me the authorizeString caculated
so all i want to pass to this page using http is the apikey , apiSecret, payload and it should do from its page is the timestamp, nonce and club all the 5 elements and do its calculation and return me the authorizeString
so all i want to pass to this page using http is the apikey , apiSecret, payload and it should do from its page is the timestamp, nonce and club all the 5 elements and do its calculation and return me the authorizeString
why does it need to be done at the jsp level and what do u want to do with the auth string once retrieved?
ASKER
i said its a web application code, so i am not well versed with JAVA, I Can do Java but not an expert, so this code is working in Authorisation but not in ColdFusion Language, I tried doing same thing but something is wrong on the TImestamp or the Other criteria where I am not able to fix it, ColdFusion is build upon java, i can use direct but it is not supported on shared host if you call java methods directly, so al i am trying is converting the java code to JSP to do the work and return me the authorizeString so i can use it and fix it
So you can't do this using createObject('java')?
>> this code is working in Authorisation but not in ColdFusion Language
Can you post the CF code you tried and explain what's wrong with the result?
>> this code is working in Authorisation but not in ColdFusion Language
Can you post the CF code you tried and explain what's wrong with the result?
I would move your jsp script code into a java bean that the jsp can access.
ASKER
ok here is the coldfusion code
function GetEpochTime() {var datetime = 0;if (ArrayLen(Arguments) is 0) {datetime = Now();}else {if (IsDate(Arguments[1])) {
datetime = Arguments[1];} else {return NULL;}}return DateDiff("s", "January 1 1970 00:00", datetime);}
$apiKey = "#arguments.apiKey#";
$apiSecret = "#arguments.apiSecret#";
$token = "#arguments.token#";
$timestamp = GetEpochTime(now());
$payload = getPayLoad(merchant_ref='#merchant_ref#',amt_charge='#arguments.amt_charge#',cardtype='#arguments.cardtype#',
card_holder_name='#arguments.card_holder_name#',card_number='#arguments.card_number#',card_exp='#arguments.card_exp#',
cvvnumber='#arguments.cvvnumber#');
<cffunction access="public" name="getPayLoad" returntype="any">
<cfargument name="merchant_ref" default="000000000" type="any">
<cfargument name="transactionType" default="authorize" type="any">
<cfargument name="amt_charge" default="" type="any">
<cfargument name="cardtype" default="" type="any">
<cfargument name="card_holder_name" default="" type="any">
<cfargument name="card_exp" default="" type="any">
<cfargument name="cvvnumber" default="" type="any">
<cfargument name="card_number" default="" type="any">
<cfset var str = "">
<cfset cardnumber = reReplace(arguments.card_number, "[[:space:]]", "", "ALL") />
<cfset carholderName = reReplace(arguments.card_holder_name, "[[:space:]]", "", "ALL") />
<cfset st = {}>
<cfset st['method'] = "credit_card">
<cfset st['merchant_ref'] = "#trim(arguments.merchant_ref)#">
<cfset st['transaction_type'] = "#arguments.transactionType#">
<cfset st['amount'] = "#trim(arguments.amt_charge)#">
<cfset st['currency_code'] = "USD">
<cfset st['credit_card'] = {}>
<cfset st['credit_card']['type'] = "#trim(arguments.cardtype)#">
<cfset st['credit_card']['cardholder_name'] = "#trim(carholderName)#">
<cfset st['credit_card']['card_number'] = "#trim(cardnumber)#">
<cfset st['credit_card']['exp_date'] = "#trim(arguments.card_exp)#">
<cfset st['credit_card']['cvv'] = "#trim(arguments.cvvnumber)#">
<cfset results = jsonencode(st)>
<cffile action="write" file="#ExpandPath('response.json')#" output="#results#">
<cfreturn True>
</cffunction>
1. To confirm, you can't use createObject('java') correct?
2. What's different about the CF result vs. the Authorisation result?
2. What's different about the CF result vs. the Authorisation result?
This is the closest you can get IF you can't use createObject('java')
<cfscript>
// Closest equivalent to Math.abs(SecureRandom.getInstance("SHA1PRNG")) without using createObject('java')
seed = randRange(-1000000000,1000000000);
randomize(seed);
nonce = ABS( Rand("SHA1PRNG") );
// Fill in your values here
apiKey = "Your API Key";
// change now() to UTC if needed
timeStamp = DateDiff("s", "January 1 1970 00:00", now());
token = "your Token Value";
apiSecret = "your API Secret";
payLoad = "your Pay Load value";
// Build string to hash. Equivalent of StringBuilder buff=new StringBuilder();, buff.append(apikey)....
stringToHash = apikey & nonce & timeStamp;
if (structKeyExists(variables, "token") && len(token)) {
stringToHash &= token;
}
else {
stringToHash &= payload;
}
// Generate hash and convert to base64 string
// Equivalent of =mac.doFinal(bufferData.getBytes("UTF-8")) ....
binaryKey = charsetDecode(apiSecret, "utf-8");
resultHex = hmac(stringToHash, binaryKey, "HMACSHA256", "UTF-8");
authorizeString = binaryEncode(binaryDecode(resultHex, "hex"), "base64");
writeDump("authorizeString="& authorizeString);
</cfscript>
ASKER
@agx: the stringToHash is the combination of apikey + nonce + timestamp + payload + token
i want to try the createobject java on local, do let me know how?
i want to try the createobject java on local, do let me know how?
if (structKeyExists(variablesChange the ELSE to an IF and append "payload" if it's empty. Just like the "token" code., "token") && len(token)) {
// ...
}
else {
stringToHash &= payload;
}
You don't really need java code for any of it. Except for this part:
long nonce = Math.abs(SecureRandom.getI
CF can't create longs natively. Other than that, the CF code is identical.
Math = createObject('java', 'java.lang.Math');
SecureRandom = createObject('java', 'java.security.SecureRandom');
nonce = Math.abs(SecureRandom.getInstance("SHA1PRNG").nextLong());
ASKER
can you club all of these the way you did in your last comment
binaryKey = charsetDecode(apiSecret, "utf-8");
resultHex = hmac(stringToHash, binaryKey, "HMACSHA256", "UTF-8");
authorizeString = binaryEncode(binaryDecode( resultHex, "hex"), "base64");
all i need is the authorizeString
binaryKey = charsetDecode(apiSecret, "utf-8");
resultHex = hmac(stringToHash, binaryKey, "HMACSHA256", "UTF-8");
authorizeString = binaryEncode(binaryDecode(
all i need is the authorizeString
ASKER
issue also seems to be in timestamp i need to get the epochtime in milliseconds why it always endup with 000 at last and that is in the function
ASKER
i think i had done most
just need this to be generated with createobject java
String bufferData = buff.toString();
byte[] macHash=mac.doFinal(buffer Data.getBy tes("UTF-8 "));
String authorizeString = new String(Base64.encodeBase64 (toHex(mac Hash)));
just need this to be generated with createobject java
String bufferData = buff.toString();
byte[] macHash=mac.doFinal(buffer
String authorizeString = new String(Base64.encodeBase64
Unless you're using a really old version, you don't need java for the hmac part. Just use the hmac() function like in my earlier example.
>> issue also seems to be in timestamp
CF may be rounding the value to an INT. Try using now().getTime() instead , ie
timestamp = now().getTime();
>> issue also seems to be in timestamp
CF may be rounding the value to an INT. Try using now().getTime() instead , ie
timestamp = now().getTime();
ASKER
i agree, but can you check my last comment and see if that can be converted to java the same way you did for nonce
This is pure hackery.
I wouldn't go to production with this sort of design/impl.
I wouldn't go to production with this sort of design/impl.
ASKER
well whatever it is, but sometimes we had to make it work.
@myselfrandhawa - You do not need java code to generate an HMAC. Can you please answer my earlier question and provide an example of "What's different about the CF result vs. the Authorisation result?"?
This is pure hackery.
I wouldn't go to production with this sort of design/impl.
What specifically are you referring to?
ASKER
yes, its hmac authentication failure because the way coldfusion is generating the hmac is totally different from what the api from java is generating
Can you post an example using dummy keys?
ASKER
i cannot post the keys, my apologies for this, but instead if you can help me that portion of authoriseString to java, i think i might be able to fix the issue
Thanks
Thanks
No need to apologize. Never post real keys, no matter who asks! However, you misunderstood me. I asked if you could post an example using dummy keys . In other words, create some fake strings of the appropriate length and encoding (plain string, base64, hex, etc...) that you can share. If you're not sure how to do that
https://www.random.org/bytes/
https://www.random.org/strings/
Edit: Is there a public URL for this API?
https://www.random.org/bytes/
https://www.random.org/strings/
Edit: Is there a public URL for this API?
ASKER
This is what i am doing
the above failed but if i run the java code, it works through a JAR complied file, i want to understand what is wrong with it
response.json is the json file having creditcard information in json string which is correct and i had verified that
<cfscript>
Math = createObject('java', 'java.lang.Math');
SecureRandom = createObject('java', 'java.security.SecureRandom');
nonce = Math.abs(SecureRandom.getInstance("SHA1PRNG").nextLong());
stime = createObject('java','java.time.Instant');
timestamp = stime.now().toEpochMilli();
$apiKey = "#arguments.apiKey#";
$apiSecret = "#arguments.apiSecret#";
$token = "#arguments.token#";
$timestamp = timestamp;
$payload = getPayLoad(merchant_ref='#merchant_ref#',amt_charge='#arguments.amt_charge#',cardtype='#arguments.cardtype#',
card_holder_name='#arguments.card_holder_name#',card_number='#arguments.card_number#',card_exp='#arguments.card_exp#',
cvvnumber='#arguments.cvvnumber#');
httpService = new http();
httpService.setMethod("get");
httpService.setCharset("utf-8");
httpService.setUrl("http://website.in/remote/template.php?_apiKey=#$apiKey#&_token=#$token#&_apiSecret=#$apiSecret#&_timestamp=#$timestamp#&_nonce=#nonce#");
result = httpService.send().getPrefix();
binaryKey = charsetDecode(apiSecret, "utf-8");
resultHex = hmac(result.filecontent, binaryKey, "HMACSHA256", "UTF-8");
authorizeString = binaryEncode(binaryDecode(resultHex, "hex"), "base64");
result = authorizeString;
</cfscript>
the template.php is doing this
<?php
$reqbody = file_get_contents('./response.json', true);
$data = $_GET["_apiKey"] + $_GET["_nonce"] + $_GET["_timestamp"] + $_GET["_token"] + $reqbody;
echo $data;
?>
the above failed but if i run the java code, it works through a JAR complied file, i want to understand what is wrong with it
response.json is the json file having creditcard information in json string which is correct and i had verified that
ASKER
getpayload Function is returning me json which is store i the response.json file
Just plug fake values into the java code and print out the authorizeString. It doesn't need to validate with their API. We just want to compare the string java generates vs. the one CF generates.
>> String authorizeString = new String(Base64.encodeBase64 (toHex(mac Hash)));
What is the java code for toHex() ? Is there a public URL for this API?
>> String authorizeString = new String(Base64.encodeBase64
What is the java code for toHex() ? Is there a public URL for this API?
ASKER
to be honest i seriously do not know what you are asking, i know u are asking about the string value but i do not have an environment to run java code all i can run jar file but that only returns me the success or failure as to what i need
also is there any kind of java fiddle where we can test it, we do have coldfusion fiddle called as trycf.com but kind of java will probably work
also is there any kind of java fiddle where we can test it, we do have coldfusion fiddle called as trycf.com but kind of java will probably work
ASKER
i am giving u the demo keys so u can compare
apiKey = "bfvCs2v0BlGr2GlKn55b5iDeRDcX0AMs";
apiSecret = "4012faf411afc618b77f0703ad1c37be8eff8d8337e8e7571364d35c49edf003";
token = "fdoa-a480ce8951daa73262734cf102641994c1e55e7cdf4c02b6";
What API is this? Please post the URL.
ASKER
its an internal, i cannot post sorry, will not be accessible with the url , its ip restricted
I hope the amount of data i shared, we can do something
I hope the amount of data i shared, we can do something
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This example returns the same result as the java example in the Payeezy API.
I do not have enough information to help you.