implement volume payment API using PHP

Ask Question

Asked 1 year, 2 months ago

Modified 1 year, 2 months ago

Viewed 37 times

Part of PHP Collective

I'm trying to implement a payment using a Volume webhooks. I'm getting some errors on prodution machine:
error:0480006C:PEM routines::no start line
error:02000068:rsa routines::bad signature
error:1C880004:Provider routines::RSA lib

I'm getting some errors on my localhost machine:
error:0909006C:PEM routines:get_name:no start line
error:02000068:rsa routines::bad signature

the test souce of my application:

<?php
    // Load the public key 
    // get info: https://api.sandbox.volumepay.io/.well-known/signature/pem
    $pemContent = file_get_contents("https://api.sandbox.volumepay.io/.well-known/signature/pem");
    if ($pemContent === false) {
        die("Error reading the public key.\n");
    }

    $publicKey = "-----BEGIN PUBLIC KEY-----\n" . trim($pemContent) . "\n-----END PUBLIC KEY-----";

    // Load the payload
    $payload = '{"paymentId":"a08ff808-53bf-4716-8e0d-c1185c8b0b6b","merchantPaymentId":"payment_6705370a441ed9.34887321","paymentStatus":"FAILED","errorDescription":"Failed to create payment authorization - payment provider returned an error","paymentRequest":{"amount":9.99,"currency":"GBP","reference":"Payment Reference"},"paymentRefundData":null,"paymentMetadata":null,"applicationId":"96c1e0da-93ae-407e-aae5-aa02fa314ff9"}';
    if ($payload === false) {
        die("Error reading the payload.\n");
    }

    // Load and decode the signature from Base64
    $signatureBase64 = "dllgtxuoO3SKehfxs02i9PF9i32m//xeEUp2CLFWs9RCjbKSTFCbIdFwjlQKDGUrQcZQVfFQ4XFb6/COMB9pUjWcXX874uWJVZvkzzGDaaqwxb9obkte49o73NlfCrfpk/kKE1MJ3rXxeHJTkh2A2AcE4tDBP8V9M+gWmytLbtpLG6MAF/lvze0wqgy8Kg5eQ3nwcAqqMiz1ruK6XFnzMzURHNPo6kyqaSH/3/dL+j89WiISPOYZ9uUuJmmQGHRbFW6Jor2BjDAav9I6fCIcOgsgwQkXYs+hA42JZUV5adrau4gtHEvxfmt8xualaB15+OenKcM+3CgXRkPSTKNmYQ==";
    $signatureBase64 = str_replace('\/', '/', $signatureBase64);
    //$signatureBase64 = str_replace('//', '/', $signatureBase64);
    if ($signatureBase64 === false) {
        die("Error reading the signature.\n");
    } else {
        echo "Private key: " . $signatureBase64;
    }

    $signature = base64_decode($signatureBase64);

    // Check if the signature was decoded correctly
    if ($signature === false) {
        die("Error decoding the signature.\n");
    }else{
         echo "signature decode: " . $signatureBase64;
    }

    // Compute the SHA-256 hash of the payload
    $hashedPayload = hash('sha256', $payload, true);

    // Set up the public key for verification
    $publicKeyResource = openssl_pkey_get_public($publicKey);
    if ($publicKeyResource === false) {
        die("Error loading the public key resource.\n");
    }

    // Perform the signature verification
    $result = openssl_verify($hashedPayload, $signature, $publicKeyResource, OPENSSL_ALGO_SHA256);
    echo "\n Result: " . $result . "\n";

    // Free the public key resource
    openssl_free_key($publicKeyResource);

    echo "Payload:\n{$payload}\n\n";
    echo "Hashed Payload (SHA-256): " . bin2hex($hashedPayload) . "\n\n";
    echo "Decoded Signature (Hex): " . bin2hex($signature) . "\n\n";

    if ($result === 1) {
        echo "Signature successfully verified.\n"; 
    } elseif ($result === 0) {
        echo "Signature verification failed: Signature does not match.\n";
        while ($error = openssl_error_string()) {
            echo("ERROR OpenSSL verification error: {$error} \n");
        }
        return false;
    } else {
        while ($error = openssl_error_string()) {
            echo("ERROR OpenSSL error during verification: {$error} \n");
        }
        return false;
    }
?>

My output was:

$ php index.php 
Private key: dllgtxuoO3SKehfxs02i9PF9i32m//xeEUp2CLFWs9RCjbKSTFCbIdFwjlQKDGUrQcZQVfFQ4XFb6/COMB9pUjWcXX874uWJVZvkzzGDaaqwxb9obkte49o73NlfCrfpk/kKE1MJ3rXxeHJTkh2A2AcE4tDBP8V9M+gWmytLbtpLG6MAF/lvze0wqgy8Kg5eQ3nwcAqqMiz1ruK6XFnzMzURHNPo6kyqaSH/3/dL+j89WiISPOYZ9uUuJmmQGHRbFW6Jor2BjDAav9I6fCIcOgsgwQkXYs+hA42JZUV5adrau4gtHEvxfmt8xualaB15+OenKcM+3CgXRkPSTKNmYQ==
signature decode: dllgtxuoO3SKehfxs02i9PF9i32m//xeEUp2CLFWs9RCjbKSTFCbIdFwjlQKDGUrQcZQVfFQ4XFb6/COMB9pUjWcXX874uWJVZvkzzGDaaqwxb9obkte49o73NlfCrfpk/kKE1MJ3rXxeHJTkh2A2AcE4tDBP8V9M+gWmytLbtpLG6MAF/lvze0wqgy8Kg5eQ3nwcAqqMiz1ruK6XFnzMzURHNPo6kyqaSH/3/dL+j89WiISPOYZ9uUuJmmQGHRbFW6Jor2BjDAav9I6fCIcOgsgwQkXYs+hA42JZUV5adrau4gtHEvxfmt8xualaB15+OenKcM+3CgXRkPSTKNmYQ==
 Result: 0
Payload:
{"paymentId":"a08ff808-53bf-4716-8e0d-c1185c8b0b6b","merchantPaymentId":"payment_6705370a441ed9.34887321","paymentStatus":"FAILED","errorDescription":"Failed to create payment authorization - payment provider returned an error","paymentRequest":{"amount":9.99,"currency":"GBP","reference":"Payment Reference"},"paymentRefundData":null,"paymentMetadata":null,"applicationId":"96c1e0da-93ae-407e-aae5-aa02fa314ff9"}

Hashed Payload (SHA-256): 4e41719f186a3d94cc54a5e569107ea5901a516980527904affba2b34e1c69c8

Decoded Signature (Hex): 765960b71ba83b748a7a17f1b34da2f4f17d8b7da6fffc5e114a7608b156b3d4428db2924c509b21d1708e540a0c652b41c65055f150e1715bebf08e301f6952359c5d7f3be2e589559be4cf318369aab0c5bf686e4b5ee3da3bdcd95f0ab7e993f90a135309deb5f1787253921d80d80704e2d0c13fc57d33e8169b2b4b6eda4b1ba30017f96fcded30aa0cbc2a0e5e4379f0700aaa322cf5aee2ba5c59f33335111cd3e8ea4caa6921ffdff74bfa3f3d5a22123ce619f6e52e26699018745b156e89a2bd818c301abfd23a7c221c3a0b20c1091762cfa1038d8965457969dadabb882d1c4bf17e6b7cc6e6a5681d79f8e7a729c33edc28174643d24ca36661

Signature verification failed: Signature does not match.
ERROR OpenSSL verification error: error:0480006C:PEM routines::no start line 
ERROR OpenSSL verification error: error:02000068:rsa routines::bad signature 
ERROR OpenSSL verification error: error:1C880004:Provider routines::RSA lib

edited Oct 9, 2024 at 5:37

VLAZ

29.6k9 gold badges65 silver badges88 bronze badges

asked Oct 8, 2024 at 21:16

Cleber Castiglioni

531 silver badge11 bronze badges

Why doesn't the output include either Signature successfully verified. or Signature verification failed: Signature does not match.?

Barmar
– Barmar

2024-10-08 21:24:40 +00:00
Commented Oct 8, 2024 at 21:24
olá @Barmar, thanks for the answer, the out put happens to me, but the stack overflow erased when I post, see: Signature verification failed: Signature does not match.

Cleber Castiglioni
– Cleber Castiglioni

2024-10-08 21:35:21 +00:00
Commented Oct 8, 2024 at 21:35
Paste the output inside triple backtick code fences to preserve the formatting. See how I edited the question.

Barmar
– Barmar

2024-10-08 21:37:42 +00:00
Commented Oct 8, 2024 at 21:37
done! please help me, I have this demand to deliver :(

Cleber Castiglioni
– Cleber Castiglioni

2024-10-08 23:37:13 +00:00
Commented Oct 8, 2024 at 23:37
Sorry, I don't know anything about verifying signatures, I can't help you with that part. All I can do is help you write the question more clearly.

Barmar
– Barmar

2024-10-09 15:05:29 +00:00
Commented Oct 9, 2024 at 15:05

Add a comment |

0 Your Answer

Sign up or log in

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.

Collectives™ on Stack Overflow

implement volume payment API using PHP

0

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

0

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Sign up or log in

Post as a guest