implement volume payment API using PHP

Ask Question

Asked 1 year ago

Modified 1 year ago

Viewed 35 times

Part of PHP Collective

I'm trying to implement a payment using a Volume webhooks. I'm getting some errors on prodution machine:
error:0480006C:PEM routines::no start line
error:02000068:rsa routines::bad signature
error:1C880004:Provider routines::RSA lib

I'm getting some errors on my localhost machine:
error:0909006C:PEM routines:get_name:no start line
error:02000068:rsa routines::bad signature

the test souce of my application:

<?php
    // Load the public key 
    // get info: https://api.sandbox.volumepay.io/.well-known/signature/pem
    $pemContent = file_get_contents("https://api.sandbox.volumepay.io/.well-known/signature/pem");
    if ($pemContent === false) {
        die("Error reading the public key.\n");
    }

    $publicKey = "-----BEGIN PUBLIC KEY-----\n" . trim($pemContent) . "\n-----END PUBLIC KEY-----";

    // Load the payload
    $payload = '{"paymentId":"a08ff808-53bf-4716-8e0d-c1185c8b0b6b","merchantPaymentId":"payment_6705370a441ed9.34887321","paymentStatus":"FAILED","errorDescription":"Failed to create payment authorization - payment provider returned an error","paymentRequest":{"amount":9.99,"currency":"GBP","reference":"Payment Reference"},"paymentRefundData":null,"paymentMetadata":null,"applicationId":"96c1e0da-93ae-407e-aae5-aa02fa314ff9"}';
    if ($payload === false) {
        die("Error reading the payload.\n");
    }

    // Load and decode the signature from Base64
    $signatureBase64 = "dllgtxuoO3SKehfxs02i9PF9i32m//xeEUp2CLFWs9RCjbKSTFCbIdFwjlQKDGUrQcZQVfFQ4XFb6/COMB9pUjWcXX874uWJVZvkzzGDaaqwxb9obkte49o73NlfCrfpk/kKE1MJ3rXxeHJTkh2A2AcE4tDBP8V9M+gWmytLbtpLG6MAF/lvze0wqgy8Kg5eQ3nwcAqqMiz1ruK6XFnzMzURHNPo6kyqaSH/3/dL+j89WiISPOYZ9uUuJmmQGHRbFW6Jor2BjDAav9I6fCIcOgsgwQkXYs+hA42JZUV5adrau4gtHEvxfmt8xualaB15+OenKcM+3CgXRkPSTKNmYQ==";
    $signatureBase64 = str_replace('\/', '/', $signatureBase64);
    //$signatureBase64 = str_replace('//', '/', $signatureBase64);
    if ($signatureBase64 === false) {
        die("Error reading the signature.\n");
    } else {
        echo "Private key: " . $signatureBase64;
    }

    $signature = base64_decode($signatureBase64);

    // Check if the signature was decoded correctly
    if ($signature === false) {
        die("Error decoding the signature.\n");
    }else{
         echo "signature decode: " . $signatureBase64;
    }

    // Compute the SHA-256 hash of the payload
    $hashedPayload = hash('sha256', $payload, true);

    // Set up the public key for verification
    $publicKeyResource = openssl_pkey_get_public($publicKey);
    if ($publicKeyResource === false) {
        die("Error loading the public key resource.\n");
    }

    // Perform the signature verification
    $result = openssl_verify($hashedPayload, $signature, $publicKeyResource, OPENSSL_ALGO_SHA256);
    echo "\n Result: " . $result . "\n";

    // Free the public key resource
    openssl_free_key($publicKeyResource);

    echo "Payload:\n{$payload}\n\n";
    echo "Hashed Payload (SHA-256): " . bin2hex($hashedPayload) . "\n\n";
    echo "Decoded Signature (Hex): " . bin2hex($signature) . "\n\n";

    if ($result === 1) {
        echo "Signature successfully verified.\n"; 
    } elseif ($result === 0) {
        echo "Signature verification failed: Signature does not match.\n";
        while ($error = openssl_error_string()) {
            echo("ERROR OpenSSL verification error: {$error} \n");
        }
        return false;
    } else {
        while ($error = openssl_error_string()) {
            echo("ERROR OpenSSL error during verification: {$error} \n");
        }
        return false;
    }
?>

My output was:

$ php index.php 
Private key: dllgtxuoO3SKehfxs02i9PF9i32m//xeEUp2CLFWs9RCjbKSTFCbIdFwjlQKDGUrQcZQVfFQ4XFb6/COMB9pUjWcXX874uWJVZvkzzGDaaqwxb9obkte49o73NlfCrfpk/kKE1MJ3rXxeHJTkh2A2AcE4tDBP8V9M+gWmytLbtpLG6MAF/lvze0wqgy8Kg5eQ3nwcAqqMiz1ruK6XFnzMzURHNPo6kyqaSH/3/dL+j89WiISPOYZ9uUuJmmQGHRbFW6Jor2BjDAav9I6fCIcOgsgwQkXYs+hA42JZUV5adrau4gtHEvxfmt8xualaB15+OenKcM+3CgXRkPSTKNmYQ==
signature decode: dllgtxuoO3SKehfxs02i9PF9i32m//xeEUp2CLFWs9RCjbKSTFCbIdFwjlQKDGUrQcZQVfFQ4XFb6/COMB9pUjWcXX874uWJVZvkzzGDaaqwxb9obkte49o73NlfCrfpk/kKE1MJ3rXxeHJTkh2A2AcE4tDBP8V9M+gWmytLbtpLG6MAF/lvze0wqgy8Kg5eQ3nwcAqqMiz1ruK6XFnzMzURHNPo6kyqaSH/3/dL+j89WiISPOYZ9uUuJmmQGHRbFW6Jor2BjDAav9I6fCIcOgsgwQkXYs+hA42JZUV5adrau4gtHEvxfmt8xualaB15+OenKcM+3CgXRkPSTKNmYQ==
 Result: 0
Payload:
{"paymentId":"a08ff808-53bf-4716-8e0d-c1185c8b0b6b","merchantPaymentId":"payment_6705370a441ed9.34887321","paymentStatus":"FAILED","errorDescription":"Failed to create payment authorization - payment provider returned an error","paymentRequest":{"amount":9.99,"currency":"GBP","reference":"Payment Reference"},"paymentRefundData":null,"paymentMetadata":null,"applicationId":"96c1e0da-93ae-407e-aae5-aa02fa314ff9"}

Hashed Payload (SHA-256): 4e41719f186a3d94cc54a5e569107ea5901a516980527904affba2b34e1c69c8

Decoded Signature (Hex): 765960b71ba83b748a7a17f1b34da2f4f17d8b7da6fffc5e114a7608b156b3d4428db2924c509b21d1708e540a0c652b41c65055f150e1715bebf08e301f6952359c5d7f3be2e589559be4cf318369aab0c5bf686e4b5ee3da3bdcd95f0ab7e993f90a135309deb5f1787253921d80d80704e2d0c13fc57d33e8169b2b4b6eda4b1ba30017f96fcded30aa0cbc2a0e5e4379f0700aaa322cf5aee2ba5c59f33335111cd3e8ea4caa6921ffdff74bfa3f3d5a22123ce619f6e52e26699018745b156e89a2bd818c301abfd23a7c221c3a0b20c1091762cfa1038d8965457969dadabb882d1c4bf17e6b7cc6e6a5681d79f8e7a729c33edc28174643d24ca36661

Signature verification failed: Signature does not match.
ERROR OpenSSL verification error: error:0480006C:PEM routines::no start line 
ERROR OpenSSL verification error: error:02000068:rsa routines::bad signature 
ERROR OpenSSL verification error: error:1C880004:Provider routines::RSA lib

edited Oct 9, 2024 at 5:37

VLAZ

29.6k9 gold badges65 silver badges87 bronze badges

asked Oct 8, 2024 at 21:16

Cleber Castiglioni

531 silver badge11 bronze badges

Why doesn't the output include either Signature successfully verified. or Signature verification failed: Signature does not match.?

Barmar
– Barmar

2024-10-08 21:24:40 +00:00
Commented Oct 8, 2024 at 21:24
olá @Barmar, thanks for the answer, the out put happens to me, but the stack overflow erased when I post, see: Signature verification failed: Signature does not match.

Cleber Castiglioni
– Cleber Castiglioni

2024-10-08 21:35:21 +00:00
Commented Oct 8, 2024 at 21:35
Paste the output inside triple backtick code fences to preserve the formatting. See how I edited the question.

Barmar
– Barmar

2024-10-08 21:37:42 +00:00
Commented Oct 8, 2024 at 21:37
done! please help me, I have this demand to deliver :(

Cleber Castiglioni
– Cleber Castiglioni

2024-10-08 23:37:13 +00:00
Commented Oct 8, 2024 at 23:37
Sorry, I don't know anything about verifying signatures, I can't help you with that part. All I can do is help you write the question more clearly.

Barmar
– Barmar

2024-10-09 15:05:29 +00:00
Commented Oct 9, 2024 at 15:05

Add a comment |

0

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.

Collectives™ on Stack Overflow

implement volume payment API using PHP

0

Hot Network Questions

Collectives™ on Stack Overflow

0

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.