Fixed response sign verification in the GPWebPay driver using DIGEST1

CHANGELOG.md

@@ -1,5 +1,9 @@
 ## Changelog
 
+### v0.23.1: 2022/02/23
+
+Fixed signature verification in GPwebpay response.
+
 ### v0.23.0: 2022/02/11
 
 GPwebpay driver fills `ORDERNUMBER` with the microtime (as int) because this value have to be always unique. For the 

README.md

@@ -30,7 +30,7 @@ The recommended way to install the library is to use [composer](http://getcompos
 
 	{
 	  "require": {
-	    "backbone/chaching": "0.23.0"
+	    "backbone/chaching": "0.23.1"
 	  }
 	}
 

composer.json

@@ -1,7 +1,7 @@
 {
     "name": "backbone/chaching",
     "type": "library",
-    "version": "0.23.0",
+    "version": "0.23.1",
     "license": "MIT",
     "description": "Universal payment library for banking services in Slovakia",
     "keywords": [

src/Chaching/Chaching.php

@@ -16,7 +16,7 @@
 
 class Chaching
 {
-	const VERSION 		= '0.22.1';
+	const VERSION 		= '0.23.1';
 
 	const CARDPAY 		= 'cardpay';
 	const SPOROPAY 		= 'sporopay';

src/Chaching/Drivers/GPwebpay/Response.php

@@ -28,14 +28,20 @@ public function __construct(Array $authorization, Array $attributes, Array $opti
 
 		$this->readonly_fields = [
 			'OPERATION', 'ORDERNUMBER', 'MERORDERNUM', 'MD', 'PRCODE',
-			'SRCODE', 'RESULTTEXT', 'DIGEST', 'DIGEST1'
+			'SRCODE', 'RESULTTEXT', 'DETAILS', 'USERPARAM1', 'ADDINFO',
+			'DIGEST', 'DIGEST1'
 		];
 
 		foreach ($this->readonly_fields as $field)
 		{
-			$this->fields[ $field ] = !empty($attributes[ $field ])
-				? $attributes[ $field ]
-				: NULL;
+			if(array_key_exists($field, $attributes))
+			{
+				$this->fields[ $field ] = $attributes[ $field ];
+			}
+			else
+			{
+				$this->fields[ $field ] = NULL;
+			}
 		}
 
 		$this->set_authorization($authorization);
@@ -54,11 +60,11 @@ public function __construct(Array $authorization, Array $attributes, Array $opti
 	 */
 	protected function validate()
 	{
-		if (!$this->verify($this->fields['DIGEST']))
+		if (!$this->verify($this->fields['DIGEST1']))
 			throw new \Chaching\Exceptions\InvalidResponseException(sprintf(
 				"Signature received as part of the response is incorrect (" .
 				"'%s'). If this persists contact the bank.",
-				$this->fields['DIGEST']
+				$this->fields['DIGEST1']
 			));
 
 		$this->variable_symbol = $this->fields['MERORDERNUM'] != NULL ? $this->fields['MERORDERNUM'] : $this->fields['ORDERNUMBER'];
@@ -73,10 +79,13 @@ protected function validate()
 	protected function verify($given_signature)
 	{
 		$signature_base 	= '';
-		$fields 			= array_slice($this->readonly_fields, 0, 7);
+		$fields 			= array_slice($this->readonly_fields, 0, 10);
 
 		foreach ($fields as $field)
 		{
+			if ($this->fields[ $field ] === NULL)
+				continue;
+
 			if (!empty($signature_base))
 			{
 				$signature_base .= '|';

src/Chaching/Encryption/PemKeys.php

@@ -38,8 +38,8 @@ public function verify($given_signature, $signature_base)
 			file_get_contents($this->authorization[ 1 ]['key'])
 		);
 
-		$signature = base64_encode($signature_base);
-		$result = openssl_verify($given_signature, $signature, $resource_id);
+		$given_signature = base64_decode($given_signature);
+		$result = openssl_verify($signature_base, $given_signature, $resource_id);
 
 		openssl_free_key($resource_id);