/**
* @param $method
* @param $args
* @return bool|mixed
*/
protected function call_ws($method, $args)
{
$this->buildAuthHeader();
$response = $this->__soapCall($method, $args);
/* logs XML*/
spip_log("[Request Header]\n" . htmlspecialchars($this->__getLastRequestHeaders()), "payzen_ws" . _LOG_DEBUG);
spip_log("[Request]\n" . htmlspecialchars($this->__getLastRequest()), "payzen_ws" . _LOG_DEBUG);
spip_log("[Response Header]\n" . htmlspecialchars($this->__getLastResponseHeaders()), "payzen_ws" . _LOG_DEBUG);
spip_log("[Response]\n" . htmlspecialchars($this->__getLastResponse()), "payzen_ws" . _LOG_DEBUG);
//Analyse de la réponse
//Récupération du SOAP Header de la réponse afin de stocker les en-têtes dans un tableau
// (ici $responseHeader)
$dom = new DOMDocument();
$dom->loadXML($this->__getLastResponse(), LIBXML_NOWARNING);
$path = new DOMXPath($dom);
$headers = $path->query('//*[local-name()="Header"]/*');
$responseHeader = array();
foreach ($headers as $headerItem) {
$responseHeader[$headerItem->nodeName] = $headerItem->nodeValue;
}
#var_dump($responseHeader);
#var_dump($response);
#var_dump($response[$method."Result"]);
//Calcul du jeton d'authentification de la réponse
$authTokenResponse = base64_encode(hash_hmac('sha256', $responseHeader['timestamp'] . $responseHeader['requestId'], systempay_key($this->config), true));
if ($authTokenResponse !== $responseHeader['authToken']) {
//Erreur de calcul ou tentative de fraude
spip_log("call_ws:{$method}: Erreur signature reponse", "payzen_ws" . _LOG_ERREUR);
return false;
}
return $response;
}
/**
* Recuperer le POST/GET de la reponse dans un tableau
* en verifiant la signature
*
* @param array $config
* @return array|bool
*/
function systempay_recupere_reponse($config)
{
$reponse = array();
foreach ($_REQUEST as $k => $v) {
if (strncmp($k, 'vads_', 5) == 0) {
$reponse[$k] = $v;
}
}
$reponse['signature'] = isset($_REQUEST['signature']) ? $_REQUEST['signature'] : '';
$ok = systempay_verifie_signature($reponse, systempay_key($config));
// si signature invalide, verifier si
// on rejoue manuellement un call vads_url_check_src=RETRY incomplet
// en lui ajoutant le vads_subscription
if (!$ok and isset($reponse['vads_url_check_src']) and $reponse['vads_url_check_src'] === 'RETRY' and isset($reponse['vads_subscription'])) {
$response_part = $reponse;
unset($response_part['vads_subscription']);
$ok = systempay_verifie_signature($response_part, systempay_key($config));
}
if (!$ok) {
spip_log("recupere_reponse : signature invalide " . var_export($reponse, true), $config['presta'] . _LOG_ERREUR);
return false;
}
return $reponse;
}
