public static function test()
{
$utils = new SignatureUtilsForOutbound();
//Parameters present in return url.
$params["transactionId"] = "14GPH3CZ83RPQ1ZH6J2G85NL1IO3KO8641R";
$params["transactionDate"] = "1254987247";
$params["status"] = "PS";
$params["signatureMethod"] = "RSA-SHA1";
$params["signatureVersion"] = "2";
$params["buyerEmail"] = "*****@*****.**";
$params["recipientEmail"] = "*****@*****.**";
$params["operation"] = "pay";
$params["transactionAmount"] = "USD 1.1";
$params["referenceId"] = "test-reference123";
$params["buyerName"] = "test sender";
$params["recipientName"] = "Test Business";
$params["paymentMethod"] = "Credit Card";
$params["paymentReason"] = "Test Widget";
$params["certificateUrl"] = "https://fps.sandbox.amazonaws.com/certs/090909/PKICert.pem";
$params["signature"] = "VirmnCtqA/A+s+H+SE7Oj8Ku7Lfay6OKkJgP/Q0hyQeaR6evI8Usokg698utW6xzJsiUudXm0KpmqiWM33o1aby3AOxZqWUC//aMZPO9vdw1NWR5fOJ++8AR9BAfcUtTHWc2QOHa1UyJalqeMsHuQj2IqQCMmOAUHPFkHhwAZMS9Ifkkxjqczg4S0vK9FoO39rFYkReYdL9SvuFyj6byAnqd3D7i/lgw+6jXjAlM9MqYiisMLyCGk0IQsrux5VbiQgI9LiGqUThGh7o2XkEFWvmPlKFmdQVnLxN9RNOK4pwrktbjgrBfVKZu1BBBXjfwwy9xzin0Kw5uNlCD2ReoZA==";
$urlEndPoint = "http://yourwebsite.com/return.jsp";
//Your return url end point.
print "Verifying return url signed using signature v2 ....\n";
//return url is sent as a http GET request and hence we specify GET as the http method.
//Signature verification does not require your secret key
print "Is signature correct: " . $utils->validateRequest($params, $urlEndPoint, "GET") . "\n";
}
function validateIPN($data, $urlEndPoint)
{
require_once dirname(__FILE__) . '/lib/IPNAndReturnURLValidation/src/SignatureUtilsForOutbound.php';
$params["transactionId"] = $data['transactionId'];
$params["transactionDate"] = $data['transactionDate'];
$params["status"] = $data['status'];
$params["signatureMethod"] = $data['signatureMethod'];
$params["signatureVersion"] = $data['signatureVersion'];
$params["buyerEmail"] = $data['buyerEmail'];
$params["recipientEmail"] = $data['recipientEmail'];
$params["operation"] = $data['operation'];
$params["transactionAmount"] = $data['transactionAmount'];
$params["referenceId"] = $data['referenceId'];
$params["buyerName"] = $data['buyerName'];
$params["recipientName"] = $data['recipientName'];
$params["paymentMethod"] = $data['paymentMethod'];
$params["paymentReason"] = $data['paymentReason'];
$params["certificateUrl"] = $data['certificateUrl'];
$params["signature"] = $data['signature'];
$utils = new SignatureUtilsForOutbound();
//IPN is sent as a http POST request and hence we specify POST as the http method.
//Signature verification does not require your secret key
try {
$xml = $utils->validateRequest($params, $urlEndPoint, "POST");
} catch (Exception $e) {
$data['error'] = $error = $e;
return false;
}
return $result = (string) $xml->VerifySignatureResult->VerificationStatus;
}
public static function test()
{
$utils = new SignatureUtilsForOutbound();
//Parameters present in ipn.
$params["transactionId"] = "14GPH3CZ83RPQ1ZH6J2G85NL1IO3KO8641R";
$params["transactionDate"] = "1254987247";
$params["status"] = "PS";
$params["signatureMethod"] = "RSA-SHA1";
$params["signatureVersion"] = "2";
$params["buyerEmail"] = "*****@*****.**";
$params["recipientEmail"] = "*****@*****.**";
$params["operation"] = "pay";
$params["transactionAmount"] = "USD 1.100000";
$params["referenceId"] = "test-reference123";
$params["buyerName"] = "test sender";
$params["recipientName"] = "Test Business";
$params["paymentMethod"] = "CC";
$params["paymentReason"] = "Test Widget";
$params["certificateUrl"] = "https://fps.sandbox.amazonaws.com/certs/090909/PKICert.pem";
$params["signature"] = "g2tEn6VVu8VKsxnkWeCPn8M9HABkzkVGbYTozSSKg9Y7B5Xsvq5GSoXkDlaz+izQM56wzvgFCou79un06KI6CeE4lf0SSsonoPInqvTrKoS/XPZqBChtdfciCqSyWBpPZ2YaEbSYEZdk1YZW0W7oeezgQqgzBL/CLN9U128GyFllt3/Yxr6p+XBltBUjh0kGmdAFVuFgwYq7h7cyMwAyseIRU7vDW5qsTreAPBmae9h3v4oZly5CyNDP+4HhExyzakf2r+UBEqj9EwZtek3k9qj956dlG8Dd3QeEF9AqjLp0D+7MyZr0rupNcWNbO1wGX8aEda/FvoWMRxXB3sU9dw==";
$urlEndPoint = "http://yourwebsite.com/ipn.jsp";
//Your url end point receiving the ipn.
print "Verifying IPN signed using signature v2 ....\n";
//IPN is sent as a http POST request and hence we specify POST as the http method.
//Signature verification does not require your secret key
print "Is signature correct: " . $utils->validateRequest($params, $urlEndPoint, "POST") . "\n";
}
public function isIpnValid($data, Payment_Invoice $invoice)
{
$ipn = $data['post'];
$validation = new SignatureUtilsForOutbound();
return $validation->validateRequest($ipn, $this->getParam('notify_url'), 'POST');
}
/**
* Check that this is a valid purchase IPN.
* Checks with Amazon to verify the signature, and also checks the amount
* received against the items purchased.
*
* @uses SignatureUtilsForOutbound
* @return integer Zero on success, positive value on failure
*/
private function Validate()
{
// First, use Amazon's utility to verify the IPN signature.
$utils = new SignatureUtilsForOutbound();
$urlEndPoint = PAYPAL_URL . '/ipn/amazon_ipn.php';
if (TESTING) {
$valid = true;
} else {
$valid = $utils->validateRequest($this->ipn_data, $urlEndPoint, 'POST');
}
if (!$valid) {
$this->Error('Invalid IPN received');
return AMAZON_FAILURE_VERIFY;
}
// Make sure we can figure out what was purchased
if (empty($this->ipn_data['referenceId'])) {
$this->Error('Missing Order or Item ID');
return AMAZON_FAILURE_UNKNOWN;
}
if (!$this->isSufficientFunds()) {
return AMAZON_FAILURE_FUNDS;
}
return 0;
}