topic Re: HMAC_SHA512 using java API in Integration and Testing

HMAC_SHA512 using java API

ashlesha4gsmls — Fri, 25 Jan 2019 16:50:54 GMT

i am changing to code to integrate HMAC_SHA512 using java API

But i get Error code 99 Transaction cannot be accepted after the new change

I am using the TEST https://secure.authorize.net/gateway/transact.dll

As mentioned i am sending the inputstring '^' delimeter

^API LOGIN ID^TransactionID^AMT^

Please let me know what is dong wrong and any more inforemation you want from me

Re: HMAC_SHA512 using java API

RichardH — Fri, 25 Jan 2019 17:32:36 GMT

Hello @ashlesha4gsmls

Are you attempting to change how you submit transactions using the HMAC_SHA512 hash?

The changes for the MD5 hash apply to transaction response validation, not submitting transactions.

Richard

Re: HMAC_SHA512 using java API

ashlesha4gsmls — Fri, 25 Jan 2019 17:53:25 GMT

Oh ! so there is no change when i submit the authorization request that JAVA API stays unchanged which uses MD5 hashing.

We get a response url (php program) where authorize.net sends the response code.

there we colllect the x_MD5_HASH using $x_MD5_Hash = $_POST['x_MD5_Hash'];

so now this value will no more match with ours, or we need to change the HMACSHA512 to match it?

Please correct me if i get it wrong

Re: HMAC_SHA512 using java API

ashlesha4gsmls — Fri, 25 Jan 2019 18:37:13 GMT

The x_fp_hash value send should be using HmacSHA512?

Re: HMAC_SHA512 using java API

ashlesha4gsmls — Fri, 25 Jan 2019 19:45:42 GMT

We neeed your help . The moment we change the hash to HmacSHA512 we get error code 99

Do we need to make any setp on the merchantile setup to mention the Hash?

Re: HMAC_SHA512 using java API

Renaissance — Sun, 27 Jan 2019 16:50:11 GMT

It looks like you are using a SIM or DPM integration method. Is this correct? If so you’re using the wrong delimited string. The delimited string you listed is for modern API integrations, Accept Suite, etc. and AIM.

The values you use are different and are in your SIM/DPM guide. Md5 is going to be gone forever at some point, so you definitely need to replace md5 with sha512. For your integration, you will have one value you submit as a fingerprint, and another one should you choose to verify the response.

I have php code that is tested and works for modern API, and sample php code that I am pretty sure will work for SIM/DPM for the fingerprint piece on the thread I will paste. the delimited string for the validation piece will have 31 carets and several values if my memory serves me correct. The fingerprint will have 4 values or 5 per my memory, delimited by carets as well but without a leading caret and potentially without a terminating caret.

On my php thread there are some java folks who end up getting theirs working. It is a good place to start your homework. Again, the first post I made only works with modern API. I ended up trying to bel SIM/DPM guys down the list.

The delimited string I put in my second code example was taken from the guide, and I believe that if you can make a java version of that it will work. This forum is a hobby for me when I’m waiting on breakfast, and I am not familiar with all of the past integration methods. You sound like DPM/SIM, but if that’s not the case or if you don’t know, don’t go down this or any other rabbit trail until you find out what you are using. That’s step number 1. How you do this is dependent on what integration method you use, and you’ll be pulling your hair out indefinitely if you try to do this without knowing.

https://community.developer.authorize.net/t5/Integration-and-Testing/Working-php-hash-verification/m-p/65774#M39390

Re: HMAC_SHA512 using java API

ashlesha4gsmls — Tue, 29 Jan 2019 14:56:09 GMT

I am using the new Security Key

hashing it using below code.

public String encode(String key, String data) {
try {

Mac sha256_HMAC = Mac.getInstance("HmacSHA512");
SecretKeySpec secret_key = new SecretKeySpec(key.getBytes("UTF-8"), "HmacSHA512");
sha256_HMAC.init(secret_key);

return new String(Hex.encodeHex(sha256_HMAC.doFinal(data.getBytes("UTF-8"))));

} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}

return null;
}

The

I was sending this value in x_fp_hash and submitting to the dll url

The fingerprint will have 4 value hashed using new security key . But i get the error code 99 in return code

Re: HMAC_SHA512 using java API

ashlesha4gsmls — Tue, 29 Jan 2019 15:05:23 GMT

so now i am sending the new hashvalue in x_SHA2_Hash submitting to

https://secure.authorize.net/gateway/transact.dll

along with the x_fp_hash that has the old finger print

Re: HMAC_SHA512 using java API

Renaissance — Tue, 29 Jan 2019 16:32:47 GMT

I am not good with Java syntax. Does this function convert the signature key to binary before it is used in the hash function? You need to convert signature key to binary; it is hex out of the box. Then you hash the delimited string using the binary key version. You want your hash function to output a hex value, not raw binary.

Re: HMAC_SHA512 using java API

ashlesha4gsmls — Tue, 29 Jan 2019 16:41:53 GMT

My concern is x_fp_hash is not accepting the new hashvalue it still validates using MD5 hash.

Re: HMAC_SHA512 using java API

ashlesha4gsmls — Tue, 29 Jan 2019 17:01:53 GMT

I do send the Hexa value Hex.encodeHex() API to get the Hexvalue

Re: HMAC_SHA512 using java API

Renaissance — Tue, 29 Jan 2019 18:31:38 GMT

I’m not understanding. The hash value is submitted in your request as an http post under that name, correct? You are saying that you submit x_fp_hash in your post and the API compares it to md5?

Re: HMAC_SHA512 using java API

ashlesha4gsmls — Tue, 29 Jan 2019 20:09:45 GMT

Originally the value in x_fp_hash(fingerprint generated was using MD5 hash, that used transaction key)

Now i am following the guide to to upgrade to HmacSHA512 that says to use the SecurityKey .

I created a new SecurityKey.

I am creating the new value for finger print using securitykey and HmacSHA512 hashing

This value is set in the x_fp_hash hidden field of paymentform and submitted https://secure2.authorize.net/gateway/transact.dll

The moment i submit i receive erro code 99. That means my fingerprint does not match with that of merchant. However if i revert the code old way it launches payment form.

the java code

key is security key and data is APILOGINID^TransactiodID^timestampe^amt^

Mac sha512_HMAC = Mac.getInstance("HmacSHA512");
SecretKeySpec secret_key = new SecretKeySpec(key.getBytes("UTF-8"), "HmacSHA512");
sha512_HMAC.init(secret_key);

return Hex.encodeHexString(sha512_HMAC.doFinal(data.getBytes("UTF-8")));

Please help let me know what am i doing wrong?

FYI The old way is SIM implementation.

Re: HMAC_SHA512 using java API

ashlesha4gsmls — Tue, 29 Jan 2019 20:56:52 GMT

I got it working with new HASH the issue was conversion of the long key to byte array.

Method to convert the SecurityKey

public static byte[] hex2bin(String hex) throws NumberFormatException {
if (hex.length() % 2 > 0) {
throw new NumberFormatException("Hexadecimal input string must have an even length.");
}
byte[] r = new byte[hex.length() / 2];
for (int i = hex.length(); i > 0;) {
r[i / 2 - 1] = (byte) (digit(hex.charAt(--i)) | (digit(hex.charAt(--i)) << 4));
}
return r;
}

public String encode(byte[] key, String data) {
try {
//String hexaString = Hex.encodeHexString(key.getBytes()) ;
Mac sha512_HMAC = Mac.getInstance("HmacSHA512");
SecretKeySpec secret_key = new SecretKeySpec(key,"HmacSHA512");
sha512_HMAC.init(secret_key);

return Hex.encodeHexString(sha512_HMAC.doFinal(data.getBytes("UTF-8")));

// return new String(Hex.encodeHex(sha512_HMAC.doFinal(data.getBytes("UTF-8"))));

} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}

return null;
}

Thanks for the help

Re: HMAC_SHA512 using java API

sjain7 — Mon, 20 Jun 2022 05:15:34 GMT

Java is an situated third-age programming language that is utilized in application improvement for various stages and turns out practically for portable applications, work area applications, PCs, route frameworks or checking gadgets, and so on.

To comprehend the top to bottom characteristics of Java as a programming language, you should have a fundamental thought of the wording for these 3 highlights for example object-arranged, simultaneous, and autonomous.

Re: HMAC_SHA512 using java API

raavijain — Mon, 27 Jun 2022 11:55:17 GMT

Learn the fundamentals As with one factor, knowing the fundamentals of Java is the only place to start out. this may be one issue you'll begin promptly – looking for the fundamentals online could also be an associate degree large facilitate to kick-start your Java programming. Like several things, it area unit is typically a little amount overwhelming at the beginning. If you're an entire beginner, code will seem to be bunk. Java Classes in Pune