HMAC-SHA-256 signature, alphanum keys allowed

thelia-modules · Sep 3, 2020 · 47c08b4 · 47c08b4
1 parent debaff6
commit 47c08b4
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 16 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,8 @@
+# 1.3.2
+
+- Alphanumeric secret keys are now allowed.
+- Signature is now crypted using HMAC-SHA-256 instead of the deprecated SHA-1 algorithm.
+
 # 1.3.1
 
 - Email management fixes

diff --git a/Config/module.xml b/Config/module.xml
@@ -13,7 +13,7 @@
         <language>en_US</language>
         <language>fr_FR</language>
     </languages>
-    <version>1.3.1</version>
+    <version>1.3.2</version>
     <authors>
         <author>
             <name>Franck Allimant</name>

diff --git a/Payzen/PayzenApi.php b/Payzen/PayzenApi.php
@@ -870,11 +870,6 @@ function setRedirectEnabled($enabled)
      */
     function setCertificate($key, $mode)
     {
-        // Check format
-        if (!preg_match('#\d{16}#', $key)) {
-            return false;
-        }
-
         if ($mode == 'TEST') {
             $this->keyTest = $key;
         } elseif ($mode == 'PRODUCTION') {
@@ -1015,18 +1010,24 @@ function _generateSignatureFromFields($fields = null, $hashed = true)
      * @access public
      * @static
      */
-    function sign($parameters, $key, $hashed = true)
+    function sign($params, $key, $hashed = true)
     {
-        $signContent = "";
-        ksort($parameters);
-        foreach ($parameters as $name => $value) {
-            if (substr($name, 0, 5) == 'vads_') {
-                $signContent .= $value . '+';
+        $contenu_signature = "";
+
+        ksort($params);
+
+        foreach ($params as $nom => $valeur) {
+            //Récupération des champs vads_
+            if (substr($nom, 0, 5) === 'vads_') {
+                //Concaténation avec le séparateur "+"
+                $contenu_signature .= $valeur."+";
             }
         }
-        $signContent .= $key;
-        $sign = $hashed ? sha1($signContent) : $signContent;
-        return $sign;
+
+        $contenu_signature .= $key;
+
+        //Encodage base64 de la chaine chiffrée avec l'algorithme HMAC-SHA-256
+        return base64_encode(hash_hmac('sha256', $contenu_signature, $key, true));
     }
 
     // **************************************
@@ -1206,4 +1207,4 @@ function uncharm($potentiallyMagicallyQuotedData)
         }
         return $sane;
     }
-}
+}