0

我一直在收到带有错误的被拒绝卡的日志:"Execution of Hmac-authentication failed with error:Exception thrown from JavaScript : HMACERROR (hmac_helper#196)"

此处描述的所有内容:http: //developer.payeezy.com/faqs/i-am-getting-403-hmac-validation-failure-response-how-do-i-resolve都很好。

这是同一服务器中的相同代码,但是,它适用于大多数客户端,但对其他人无效。

支付服务位于 .Net Core 3.1 中,如下所示:

...
(removed for brevity)
...
            Random random = new Random();
            string nonce = (random.Next(0, 1000000)).ToString();
            string time = DateTimeOffset.Now.ToUnixTimeMilliseconds().ToString(); // <- EPOCH UTC

            string token = _configOptions.MerchandToken;
            string apiKey = _configOptions.ApiKey; // <- I'm sure it has no spaces and it's the correct key
            string apiSecret = _configOptions.ApiSecret; // <- Again, no spaces and I'm sure it's the correct secret
            string hashData = apiKey + nonce + time + token + payloadJson;
            string base64Hash = Convert.ToBase64String(CalculateHMAC(hashData, apiSecret));
            string url = _configOptions.EndPoint;

            ServicePointManager.SecurityProtocol = (SecurityProtocolType) 3072;
            HttpWebRequest webRequest = (HttpWebRequest) WebRequest.Create(url);

            webRequest.Method = "POST";
            webRequest.Accept = "*/*";
            
            // Now all values that have to go in the header
            webRequest.Headers.Add("timestamp", time);
            webRequest.Headers.Add("nonce", nonce);
            webRequest.Headers.Add("token", token);
            webRequest.Headers.Add("apikey", apiKey);
            webRequest.Headers.Add("Authorization", base64Hash);
            webRequest.ContentLength = payload.Length;
            webRequest.ContentType = "application/json";

            StreamWriter writer = null;
            writer = new StreamWriter(webRequest.GetRequestStream());
            writer.Write(payloadJson);
            writer.Close();
                    
            using (HttpWebResponse webResponse = (HttpWebResponse) webRequest.GetResponse())
            {
                 using (StreamReader responseStream = new StreamReader(webResponse.GetResponseStream()))
                 {
                      responseString = responseStream.ReadToEnd();
                 }
            }
...
(removed for brevity)
...


        private byte[] CalculateHMAC(string data, string secret)
        {
            HMAC hmacSha256 = new HMACSHA256(Encoding.UTF8.GetBytes(secret));
            byte[] dataBytes = Encoding.UTF8.GetBytes(data);
            byte[] hmac2Hex = hmacSha256.ComputeHash(Encoding.UTF8.GetBytes(data));

            string hex = BitConverter.ToString(hmac2Hex);
            hex = hex.Replace("-", "").ToLower();
            byte[] hexArray = Encoding.UTF8.GetBytes(hex);
            return hexArray;
        }

据我了解,有些卡被拒绝的原因有很多。我只是想知道正确的原因。

但是在这种情况下......同一服务器中的相同代码怎么可能对某些客户抛出 Hmac-authentication 错误,但对其他客户却没有?

我的代码有问题吗?你有过这样的经历吗?

4

0 回答 0