422 lines
14 KiB
PHP
422 lines
14 KiB
PHP
<?php
|
|
namespace PayWithAmazon;
|
|
|
|
// Exit if accessed directly
|
|
defined( 'ABSPATH' ) || exit;
|
|
|
|
/* Class IPN_Handler
|
|
* Takes headers and body of the IPN message as input in the constructor
|
|
* verifies that the IPN is from the right resource and has the valid data
|
|
*/
|
|
|
|
require_once 'HttpCurl.php';
|
|
require_once 'Interface.php';
|
|
class IpnHandler implements IpnHandlerInterface
|
|
{
|
|
|
|
private $headers = null;
|
|
private $body = null;
|
|
private $snsMessage = null;
|
|
private $fields = array();
|
|
private $signatureFields = array();
|
|
private $certificate = null;
|
|
private $expectedCnName = 'sns.amazonaws.com';
|
|
|
|
private $ipnConfig = array('cabundle_file' => null,
|
|
'proxy_host' => null,
|
|
'proxy_port' => -1,
|
|
'proxy_username' => null,
|
|
'proxy_password' => null);
|
|
|
|
|
|
public function __construct($headers, $body, $ipnConfig = null)
|
|
{
|
|
$this->headers = array_change_key_case($headers, CASE_LOWER);
|
|
$this->body = $body;
|
|
|
|
if ($ipnConfig != null) {
|
|
$this->checkConfigKeys($ipnConfig);
|
|
}
|
|
|
|
// Get the list of fields that we are interested in
|
|
$this->fields = array(
|
|
"Timestamp" => true,
|
|
"Message" => true,
|
|
"MessageId" => true,
|
|
"Subject" => false,
|
|
"TopicArn" => true,
|
|
"Type" => true
|
|
);
|
|
|
|
// Validate the IPN message header [x-amz-sns-message-type]
|
|
$this->validateHeaders();
|
|
|
|
// Converts the IPN [Message] to Notification object
|
|
$this->getMessage();
|
|
|
|
// Checks if the notification [Type] is Notification and constructs the signature fields
|
|
$this->checkForCorrectMessageType();
|
|
|
|
// Verifies the signature against the provided pem file in the IPN
|
|
$this->constructAndVerifySignature();
|
|
}
|
|
|
|
private function checkConfigKeys($ipnConfig)
|
|
{
|
|
$ipnConfig = array_change_key_case($ipnConfig, CASE_LOWER);
|
|
$ipnConfig = trimArray($ipnConfig);
|
|
|
|
foreach ($ipnConfig as $key => $value) {
|
|
if (array_key_exists($key, $this->ipnConfig)) {
|
|
$this->ipnConfig[$key] = $value;
|
|
} else {
|
|
throw new \Exception('Key ' . $key . ' is either not part of the configuration or has incorrect Key name.
|
|
check the ipnConfig array key names to match your key names of your config array ', 1);
|
|
}
|
|
}
|
|
}
|
|
|
|
/* Setter function
|
|
* Sets the value for the key if the key exists in ipnConfig
|
|
*/
|
|
|
|
public function __set($name, $value)
|
|
{
|
|
if (array_key_exists(strtolower($name), $this->ipnConfig)) {
|
|
$this->ipnConfig[$name] = $value;
|
|
} else {
|
|
throw new \Exception("Key " . $name . " is not part of the configuration", 1);
|
|
}
|
|
}
|
|
|
|
/* Getter function
|
|
* Returns the value for the key if the key exists in ipnConfig
|
|
*/
|
|
|
|
public function __get($name)
|
|
{
|
|
if (array_key_exists(strtolower($name), $this->ipnConfig)) {
|
|
return $this->ipnConfig[$name];
|
|
} else {
|
|
throw new \Exception("Key " . $name . " was not found in the configuration", 1);
|
|
}
|
|
}
|
|
|
|
/* Trim the input Array key values */
|
|
|
|
private function trimArray($array)
|
|
{
|
|
foreach ($array as $key => $value)
|
|
{
|
|
$array[$key] = trim($value);
|
|
}
|
|
return $array;
|
|
}
|
|
|
|
private function validateHeaders()
|
|
{
|
|
// Quickly check that this is a sns message
|
|
if (!array_key_exists('x-amz-sns-message-type', $this->headers)) {
|
|
throw new \Exception("Error with message - header " . "does not contain x-amz-sns-message-type header");
|
|
}
|
|
|
|
if ($this->headers['x-amz-sns-message-type'] !== 'Notification') {
|
|
throw new \Exception("Error with message - header x-amz-sns-message-type is not " . "Notification, is " . $this->headers['x-amz-sns-message-type']);
|
|
}
|
|
}
|
|
|
|
private function getMessage()
|
|
{
|
|
$this->snsMessage = json_decode($this->body, true);
|
|
|
|
$json_error = json_last_error();
|
|
|
|
if ($json_error != 0) {
|
|
$errorMsg = "Error with message - content is not in json format" . $this->getErrorMessageForJsonError($json_error) . " " . $this->snsMessage;
|
|
throw new \Exception($errorMsg);
|
|
}
|
|
}
|
|
|
|
/* Convert a json error code to a descriptive error message
|
|
*
|
|
* @param int $json_error message code
|
|
*
|
|
* @return string error message
|
|
*/
|
|
|
|
private function getErrorMessageForJsonError($json_error)
|
|
{
|
|
switch ($json_error) {
|
|
case JSON_ERROR_DEPTH:
|
|
return " - maximum stack depth exceeded.";
|
|
break;
|
|
case JSON_ERROR_STATE_MISMATCH:
|
|
return " - invalid or malformed JSON.";
|
|
break;
|
|
case JSON_ERROR_CTRL_CHAR:
|
|
return " - control character error.";
|
|
break;
|
|
case JSON_ERROR_SYNTAX:
|
|
return " - syntax error.";
|
|
break;
|
|
default:
|
|
return ".";
|
|
break;
|
|
}
|
|
}
|
|
|
|
/* checkForCorrectMessageType()
|
|
*
|
|
* Checks if the Field [Type] is set to ['Notification']
|
|
* Gets the value for the fields marked true in the fields array
|
|
* Constructs the signature string
|
|
*/
|
|
|
|
private function checkForCorrectMessageType()
|
|
{
|
|
$type = $this->getMandatoryField("Type");
|
|
if (strcasecmp($type, "Notification") != 0) {
|
|
throw new \Exception("Error with SNS Notification - unexpected message with Type of " . $type);
|
|
}
|
|
|
|
if (strcmp($this->getMandatoryField("Type"), "Notification") != 0) {
|
|
throw new \Exception("Error with signature verification - unable to verify " . $this->getMandatoryField("Type") . " message");
|
|
} else {
|
|
|
|
// Sort the fields into byte order based on the key name(A-Za-z)
|
|
ksort($this->fields);
|
|
|
|
// Extract the key value pairs and sort in byte order
|
|
$signatureFields = array();
|
|
foreach ($this->fields as $fieldName => $mandatoryField) {
|
|
if ($mandatoryField) {
|
|
$value = $this->getMandatoryField($fieldName);
|
|
} else {
|
|
$value = $this->getField($fieldName);
|
|
}
|
|
|
|
if (!is_null($value)) {
|
|
array_push($signatureFields, $fieldName);
|
|
array_push($signatureFields, $value);
|
|
}
|
|
}
|
|
|
|
/* Create the signature string - key / value in byte order
|
|
* delimited by newline character + ending with a new line character
|
|
*/
|
|
$this->signatureFields = implode("\n", $signatureFields) . "\n";
|
|
|
|
}
|
|
}
|
|
|
|
/* Verify that the signature is correct for the given data and
|
|
* public key
|
|
*
|
|
* @param string $data data to validate
|
|
* @param string $signature decoded signature to compare against
|
|
* @param string $certificatePath path to certificate, can be file or url
|
|
*
|
|
* @throws Exception if there is an error with the call
|
|
*
|
|
* @return bool true if valid
|
|
*/
|
|
|
|
private function constructAndVerifySignature()
|
|
{
|
|
$signature = base64_decode($this->getMandatoryField("Signature"));
|
|
$certificatePath = $this->getMandatoryField("SigningCertURL");
|
|
|
|
$this->certificate = $this->getCertificate($certificatePath);
|
|
|
|
$result = $this->verifySignatureIsCorrectFromCertificate($signature);
|
|
if (!$result) {
|
|
throw new \Exception("Unable to match signature from remote server: signature of " . $this->getCertificate($certificatePath) . " , SigningCertURL of " . $this->getMandatoryField("SigningCertURL") . " , SignatureOf " . $this->getMandatoryField("Signature"));
|
|
}
|
|
}
|
|
|
|
/* getCertificate($certificatePath)
|
|
*
|
|
* gets the certificate from the $certificatePath using Curl
|
|
*/
|
|
|
|
private function getCertificate($certificatePath)
|
|
{
|
|
$httpCurlRequest = new HttpCurl($this->ipnConfig);
|
|
|
|
$response = $httpCurlRequest->httpGet($certificatePath);
|
|
|
|
return $response;
|
|
}
|
|
|
|
/* Verify that the signature is correct for the given data and public key
|
|
*
|
|
* @param string $data data to validate
|
|
* @param string $signature decoded signature to compare against
|
|
* @param string $certificate certificate object defined in Certificate.php
|
|
*/
|
|
|
|
public function verifySignatureIsCorrectFromCertificate($signature)
|
|
{
|
|
$certKey = openssl_get_publickey($this->certificate);
|
|
|
|
if ($certKey === False) {
|
|
throw new \Exception("Unable to extract public key from cert");
|
|
}
|
|
|
|
try {
|
|
$certInfo = openssl_x509_parse($this->certificate, true);
|
|
$certSubject = $certInfo["subject"];
|
|
|
|
if (is_null($certSubject)) {
|
|
throw new \Exception("Error with certificate - subject cannot be found");
|
|
}
|
|
} catch (\Exception $ex) {
|
|
throw new \Exception("Unable to verify certificate - error with the certificate subject", null, $ex);
|
|
}
|
|
|
|
if (strcmp($certSubject["CN"], $this->expectedCnName)) {
|
|
throw new \Exception("Unable to verify certificate issued by Amazon - error with certificate subject");
|
|
}
|
|
|
|
$result = -1;
|
|
try {
|
|
$result = openssl_verify($this->signatureFields, $signature, $certKey, OPENSSL_ALGO_SHA1);
|
|
} catch (\Exception $ex) {
|
|
throw new \Exception("Unable to verify signature - error with the verification algorithm", null, $ex);
|
|
}
|
|
|
|
return ($result > 0);
|
|
}
|
|
|
|
|
|
/* Extract the mandatory field from the message and return the contents
|
|
*
|
|
* @param string $fieldName name of the field to extract
|
|
*
|
|
* @throws Exception if not found
|
|
*
|
|
* @return string field contents if found
|
|
*/
|
|
|
|
private function getMandatoryField($fieldName)
|
|
{
|
|
$value = $this->getField($fieldName);
|
|
if (is_null($value)) {
|
|
throw new \Exception("Error with json message - mandatory field " . $fieldName . " cannot be found");
|
|
}
|
|
return $value;
|
|
}
|
|
|
|
/* Extract the field if present, return null if not defined
|
|
*
|
|
* @param string $fieldName name of the field to extract
|
|
*
|
|
* @return string field contents if found, null otherwise
|
|
*/
|
|
|
|
private function getField($fieldName)
|
|
{
|
|
if (array_key_exists($fieldName, $this->snsMessage)) {
|
|
return $this->snsMessage[$fieldName];
|
|
} else {
|
|
return null;
|
|
}
|
|
}
|
|
|
|
/* returnMessage() - JSON decode the raw [Message] portion of the IPN */
|
|
|
|
public function returnMessage()
|
|
{
|
|
return json_decode($this->snsMessage['Message'], true);
|
|
}
|
|
|
|
/* toJson() - Converts IPN [Message] field to JSON
|
|
*
|
|
* Has child elements
|
|
* ['NotificationData'] [XML] - API call XML notification data
|
|
* @param remainingFields - consists of remaining IPN array fields that are merged
|
|
* Type - Notification
|
|
* MessageId - ID of the Notification
|
|
* Topic ARN - Topic of the IPN
|
|
* @return response in JSON format
|
|
*/
|
|
|
|
public function toJson()
|
|
{
|
|
$response = $this->simpleXmlObject();
|
|
|
|
// Merging the remaining fields with the response
|
|
$remainingFields = $this->getRemainingIpnFields();
|
|
$responseArray = array_merge($remainingFields,(array)$response);
|
|
|
|
// Converting to JSON format
|
|
$response = json_encode($responseArray);
|
|
|
|
return $response;
|
|
}
|
|
|
|
/* toArray() - Converts IPN [Message] field to associative array
|
|
* @return response in array format
|
|
*/
|
|
|
|
public function toArray()
|
|
{
|
|
$response = $this->simpleXmlObject();
|
|
|
|
// Converting the SimpleXMLElement Object to array()
|
|
$response = json_encode($response);
|
|
$response = json_decode($response, true);
|
|
|
|
// Merging the remaining fields with the response array
|
|
$remainingFields = $this->getRemainingIpnFields();
|
|
$response = array_merge($remainingFields,$response);
|
|
|
|
return $response;
|
|
}
|
|
|
|
/* addRemainingFields() - Add remaining fields to the datatype
|
|
*
|
|
* Has child elements
|
|
* ['NotificationData'] [XML] - API call XML response data
|
|
* Convert to SimpleXML element object
|
|
* Type - Notification
|
|
* MessageId - ID of the Notification
|
|
* Topic ARN - Topic of the IPN
|
|
* @return response in array format
|
|
*/
|
|
|
|
private function simpleXmlObject()
|
|
{
|
|
$ipnMessage = $this->returnMessage();
|
|
|
|
// Getting the Simple XML element object of the IPN XML Response Body
|
|
$response = simplexml_load_string((string) $ipnMessage['NotificationData']);
|
|
|
|
// Adding the Type, MessageId, TopicArn details of the IPN to the Simple XML element Object
|
|
$response->addChild('Type', $this->snsMessage['Type']);
|
|
$response->addChild('MessageId', $this->snsMessage['MessageId']);
|
|
$response->addChild('TopicArn', $this->snsMessage['TopicArn']);
|
|
|
|
return $response;
|
|
}
|
|
|
|
/* getRemainingIpnFields()
|
|
* Gets the remaining fields of the IPN to be later appended to the return message
|
|
*/
|
|
|
|
private function getRemainingIpnFields()
|
|
{
|
|
$ipnMessage = $this->returnMessage();
|
|
|
|
$remainingFields = array(
|
|
'NotificationReferenceId' =>$ipnMessage['NotificationReferenceId'],
|
|
'NotificationType' =>$ipnMessage['NotificationType'],
|
|
'IsSample' =>$ipnMessage['IsSample'],
|
|
'SellerId' =>$ipnMessage['SellerId'],
|
|
'ReleaseEnvironment' =>$ipnMessage['ReleaseEnvironment'],
|
|
'Version' =>$ipnMessage['Version']);
|
|
|
|
return $remainingFields;
|
|
}
|
|
}
|