/** * Validate callback response control code * * @param PaymentTransaction $paymentTransaction Payment transaction for control code checking * @param CallbackResponse $callbackResponse Callback for control code checking * * @throws ValidationException Invalid control code */ protected function validateSignature(PaymentTransaction $paymentTransaction, CallbackResponse $callbackResponse) { // This is SHA-1 checksum of the concatenation // status + orderid + client_orderid + merchant-control. $expectedControlCode = sha1($callbackResponse->getStatus() . $callbackResponse->getPaymentPaynetId() . $callbackResponse->getPaymentClientId() . $paymentTransaction->getQueryConfig()->getSigningKey()); if ($expectedControlCode !== $callbackResponse->getControlCode()) { throw new ValidationException("Actual control code '{$callbackResponse->getControlCode()}' does " . "not equal expected '{$expectedControlCode}'"); } }