Viewing file:  PaytmChecksum.php (3.94 KB) -rwxr-xr-x
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
/**
* Paytm uses checksum signature to ensure that API requests and responses shared between your
* application and Paytm over network have not been tampered with. We use SHA256 hashing and
* AES128 encryption algorithm to ensure the safety of transaction data.
*
* @author Lalit Kumar
* @version 2.0
* @link https://developer.paytm.com/docs/checksum/#php
*/
namespace paytm\paytmchecksum;
class PaytmChecksum{
private static $iv = "@@@@&&&&####$$$$";
static public function encrypt($input, $key) {
$key = html_entity_decode($key);
if(function_exists('openssl_encrypt')){
$data = openssl_encrypt ( $input , "AES-128-CBC" , $key, 0, self::$iv );
} else {
$size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, 'cbc');
$input = self::pkcs5Pad($input, $size);
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', 'cbc', '');
mcrypt_generic_init($td, $key, self::$iv);
$data = mcrypt_generic($td, $input);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
$data = base64_encode($data);
}
return $data;
}
static public function decrypt($encrypted, $key) {
$key = html_entity_decode($key);
if(function_exists('openssl_decrypt')){
$data = openssl_decrypt ( $encrypted , "AES-128-CBC" , $key, 0, self::$iv );
} else {
$encrypted = base64_decode($encrypted);
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', 'cbc', '');
mcrypt_generic_init($td, $key, self::$iv);
$data = mdecrypt_generic($td, $encrypted);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
$data = self::pkcs5Unpad($data);
$data = rtrim($data);
}
return $data;
}
static public function generateSignature($params, $key) {
if(!is_array($params) && !is_string($params)){
throw new Exception("string or array expected, ".gettype($params)." given");
}
if(is_array($params)){
$params = self::getStringByParams($params);
}
return self::generateSignatureByString($params, $key);
}
static public function verifySignature($params, $key, $checksum){
if(!is_array($params) && !is_string($params)){
throw new Exception("string or array expected, ".gettype($params)." given");
}
if(isset($params['CHECKSUMHASH'])){
unset($params['CHECKSUMHASH']);
}
if(is_array($params)){
$params = self::getStringByParams($params);
}
return self::verifySignatureByString($params, $key, $checksum);
}
static private function generateSignatureByString($params, $key){
$salt = self::generateRandomString(4);
return self::calculateChecksum($params, $key, $salt);
}
static private function verifySignatureByString($params, $key, $checksum){
$paytm_hash = self::decrypt($checksum, $key);
$salt = substr($paytm_hash, -4);
return $paytm_hash == self::calculateHash($params, $salt) ? true : false;
}
static private function generateRandomString($length) {
$random = "";
srand((double) microtime() * 1000000);
$data = "9876543210ZYXWVUTSRQPONMLKJIHGFEDCBAabcdefghijklmnopqrstuvwxyz!@#$&_";
for ($i = 0; $i < $length; $i++) {
$random .= substr($data, (rand() % (strlen($data))), 1);
}
return $random;
}
static private function getStringByParams($params) {
ksort($params);
$params = array_map(function ($value){
return ($value !== null && strtolower($value) !== "null") ? $value : "";
}, $params);
return implode("|", $params);
}
static private function calculateHash($params, $salt){
$finalString = $params . "|" . $salt;
$hash = hash("sha256", $finalString);
return $hash . $salt;
}
static private function calculateChecksum($params, $key, $salt){
$hashString = self::calculateHash($params, $salt);
return self::encrypt($hashString, $key);
}
static private function pkcs5Pad($text, $blocksize) {
$pad = $blocksize - (strlen($text) % $blocksize);
return $text . str_repeat(chr($pad), $pad);
}
static private function pkcs5Unpad($text) {
$pad = ord($text[strlen($text) - 1]);
if ($pad > strlen($text))
return false;
return substr($text, 0, -1 * $pad);
}
}
|