Exemple #1
0
def checkout():
    cart = Cart.get_current()
    oi = cart
    oi.data['total'] = cart.sum_value
    oi = oi.jsonified_data
    merchant_publickey = get_key(CertificateOwner.MERCHANT, CertificateType.MERCHANT)['public_key']
    paymentgateway_publickey = get_key(CertificateOwner.GATEWAY, CertificateType.GATEWAY)['public_key']

    products = cart.products
    return render_template('sites/shop/checkout.html', products=products, cart=cart, oi=oi, kum=merchant_publickey, kupg=paymentgateway_publickey)
Exemple #2
0
def merchant_decrypt_k1(k1_encrypted):
    from services.keys import get_key
    merchant_key = RSA.importKey(
        get_key(CertificateOwner.MERCHANT,
                CertificateType.MERCHANT)['private_key'])
    cipher = PKCS1_OAEP.new(merchant_key)
    k1 = cipher.decrypt(bytes.fromhex(k1_encrypted))
    return k1
Exemple #3
0
def authorization():
    data = request.form.to_dict()

    session_id = data.get('session_id')
    kuis = get_key(CertificateOwner.VPB_BANK,
                   CertificateType.BANK)['public_key']
    b64_kuis = base64.b64encode(kuis)

    authdata = data.get('authdata')
    if authdata == Messages.AUTH_REQUEST:
        pi = data.get('pi')
        pi = json.loads(pi)
        try:
            card_id = pi.get('card_id')
            card = VPBBank.objects.get(pk=card_id)
            if card:
                bank_session = BankSession(id=session_id)
                bank_session.data = pi
                bank_session.save()

                return make_response(
                    custom_json({
                        'authresponse': Messages.AUTH_RESPONSE,
                        'bankcertificate': BankCertificates.VPB,
                        'b64_kuis': b64_kuis.decode()
                    }))
        except DoesNotExist:
            return make_response(
                custom_json({
                    'authresponse': ErrorMessages.INVALID_CARD,
                    'bankcertificate': BankCertificates.VPB,
                    'b64_kuis': b64_kuis.decode()
                }))

    return make_response(
        custom_json({
            'authresponse': ErrorMessages.INVALID_AUTH_REQUEST,
            'bankcertificate': BankCertificates.VPB,
            'b64_kuis': b64_kuis.decode()
        }))
Exemple #4
0
def password():
    data = request.form.to_dict()
    session_id = data.get('session_id')

    # Fetch Data
    b64_authdata = data.get('b64_authdata')
    b64_pwd_kuisencrypted = data.get('b64_pwd_kuisencrypted')

    # Decode base64
    authdata = base64.b64decode(b64_authdata)
    pwd_kuisencrypted = base64.b64decode(b64_pwd_kuisencrypted)

    # Decrypt pwd_kuisencrypted
    kris = RSA.importKey(
        get_key(CertificateOwner.VPB_BANK,
                CertificateType.BANK)['private_key'])
    pwd = decrypt_rsa(kris, pwd_kuisencrypted)

    bank_session = BankSession.objects.get(pk=session_id)
    card_id = bank_session.data.get('card_id')
    total_amount = bank_session.data.get('total_amount', 0)

    try:
        card = VPBBank.objects.get(pk=card_id, password=pwd.decode())
        if total_amount < card.money:
            card.money -= total_amount
            card.save()
        else:
            return make_response(
                custom_json(
                    {'payment_response': ErrorMessages.NOT_ENOUGH_MONEY}))
    except DoesNotExist:
        return make_response(
            custom_json(
                {'payment_response': ErrorMessages.FAILED_VERIFY_TRANSACTION}))

    return make_response(
        custom_json({'payment_response': Messages.TRANSACTION_VERIFIED}))
Exemple #5
0
def make_purchase_request():
    data = request.form.to_dict()

    pimd = data.get('pimd')

    # Decrypt k1 and k2
    k1_encrypted = data['k1_encrypted']
    k1 = merchant_decrypt_k1(k1_encrypted)

    merchant_part = data.get('merchant_part')
    merchant_part = JSON.loads(merchant_part)

    # Decrypt DS
    iv1 = data['iv1']
    ds = merchant_part['ds']
    oi = merchant_part['oi']

    if ds_check(pimd, oi, ds, k1, iv1, True):
        auth_request = Messages.AUTH_REQUEST

        # Encrypt Authdata
        k3 = Random.get_random_bytes(16)
        aes = AESCipher(k3)
        authdata_encrypted = aes.encrypt(auth_request)

        # Encrypt K3
        kupg = RSA.importKey(get_key(CertificateOwner.GATEWAY, CertificateType.GATEWAY)['public_key'])
        k3_encrypted = encrypt_rsa(kupg, k3)

        # Sign hash_authdata
        krm = RSA.importKey(get_key(CertificateOwner.MERCHANT, CertificateType.MERCHANT)['private_key'])
        authdata_signature = sign_message(krm, auth_request.encode())

        # encrypt k1 with kupg
        k1_encrypted = encrypt_rsa(kupg, k1)

        # Base64 Encode
        b64_authdata_encrypted = base64.b64encode(authdata_encrypted)
        b64_k3_encrypted = base64.b64encode(k3_encrypted)
        b64_authdata_signature = base64.b64encode(authdata_signature)
        b64_k1_encrypted = base64.b64encode(k1_encrypted)

        gateway_part_encrypted = data.get('gateway_part_encrypted')
        k2_encrypted = data.get('k2_encrypted')
        iv2 = data.get('iv2')

        gateway_response = requests.post("http://0.0.0.0:8002/send-payment-info",
                                         data={'b64_authdata_encrypted': b64_authdata_encrypted,
                                               'b64_k3_encrypted': b64_k3_encrypted,
                                               'b64_authdata_signature': b64_authdata_signature,
                                               'gateway_part_encrypted': gateway_part_encrypted,
                                               'k2_encrypted': k2_encrypted,
                                               'iv2': iv2,
                                               'iv1': iv1,
                                               'b64_k1_encrypted': b64_k1_encrypted,
                                               'session_id': request.cookies.get(SESSION_KEY)})

        if gateway_response.status_code != 200:
            msg = ErrorMessages.FAILED_CONNECT_GATEWAY
            response = make_response(json({'status': 'NO', 'message': msg}))
            return response

        gateway_response = gateway_response.json()['data']

        if 'b64_bankcertificate' not in gateway_response:
            msg = ErrorMessages.FAILED_BANKING_AUTHORIZE
            response = make_response(json({'status': 'NO', 'message': msg}))
            return response

        # Fetch Data
        b64_authresponse_encrypted = gateway_response.get('b64_authresponse_encrypted').encode()
        b64_k4_encrypted = gateway_response.get('b64_k4_encrypted').encode()
        b64_authresponse_signature = gateway_response.get('b64_authresponse_signature').encode()
        b64_bankcertificate = gateway_response.get('b64_bankcertificate').encode()
        b64_kuis = gateway_response.get('b64_kuis').encode()

        # Decode b64
        authresponse_encrypted = base64.b64decode(b64_authresponse_encrypted)
        k4_encrypted = base64.b64decode(b64_k4_encrypted)
        authresponse_signature = base64.b64decode(b64_authresponse_signature)
        bankcertificate = base64.b64decode(b64_bankcertificate)

        # Decrypt K4
        k4 = decrypt_rsa(krm, k4_encrypted)

        # Decrypt authresponse
        authresponse = AESCipher(k4).decrypt(authresponse_encrypted)

        # Verify Signature
        if not verify_rsa(kupg, authresponse, authresponse_signature):
            msg = ErrorMessages.FAILED_VERIFY_DATA
            make_response(json({'status': 'NO', 'message': msg}))

        if authresponse.decode() == Messages.AUTH_RESPONSE:
            auth_request = Messages.AUTH_DATA

            # Encrypt auth_request
            k5 = Random.get_random_bytes(16)
            authdata_encrypted = encrypt_aes(k5, auth_request)

            # Encrypt K5 with Krm and K1
            k5_b64 = base64.b64encode(k5)
            k5_b64_encrypted = encrypt_aes(k1, k5_b64.decode())

            # sign authdata_hash
            authdata_signature = sign_message(krm, auth_request.encode())

            # Base64 Encode
            b64_authdata_encrypted = base64.b64encode(authdata_encrypted)
            b64_k5_b64_encrypted = base64.b64encode(k5_b64_encrypted)
            b64_authdata_signature = base64.b64encode(authdata_signature)
            b64_bankcertificate = base64.b64encode(bankcertificate)

            response = make_response(json({'status': 'OK',
                                           'action': 'password',
                                           'b64_authdata_encrypted': b64_authdata_encrypted.decode(),
                                           'b64_k5_b64_encrypted': b64_k5_b64_encrypted.decode(),
                                           'b64_authdata_signature': b64_authdata_signature.decode(),
                                           'b64_bankcertificate': b64_bankcertificate.decode(),
                                           'b64_kuis': b64_kuis.decode()}))
            session = request.session
            session.data = JSON.loads(oi)
            session.save()
        else:
            response = make_response(json({'status': 'NO', 'message': authresponse.decode()}))
        return response
    else:
        msg = ErrorMessages.MISMATCH_DIGEST
        response = make_response(json({'status': 'NO', 'message': msg}))

    return response
Exemple #6
0
def password():
    data = request.form.to_dict()
    # Fetch Data
    k6_encrypted_kum = data.get('k6_encrypted_kum')
    k6_encrypted_kupg = data.get('k6_encrypted_kupg')
    iv6 = data.get('iv6')
    authdata_and_hashed_k6encrypted = data.get('authdata_and_hashed_k6encrypted')
    pwd_kuisencrypted_and_hashed_k6encrypted = data.get('pwd_kuisencrypted_and_hashed_k6encrypted')
    bank_name = data.get('bank_name', None)

    # Decrypt K6
    krm = RSA.importKey(get_key(CertificateOwner.MERCHANT, CertificateType.MERCHANT)['private_key'])
    k6 = merchant_decrypt_k1(k6_encrypted_kum)

    # Decrypt Authdata
    authdata_and_hashed = decrypt_aes(k6, iv6, authdata_and_hashed_k6encrypted)
    authdata = authdata_and_hashed[:-32]
    hashed = authdata_and_hashed[len(authdata):]

    # Hash authdata
    authdata_hashed = SHA256.new(authdata).hexdigest()
    authdata_hashed = bytes.fromhex(authdata_hashed)

    if not authdata_hashed == hashed:
        msg = ErrorMessages.MISMATCH_DIGEST
        return make_response(json({'status': 'NO', 'message': msg}))

    # Encrypt AuthData with k7
    k7 = Random.get_random_bytes(16)
    authdata_encrypted_k7 = encrypt_aes(k7, authdata.decode())

    # Encrypt K7 with Kupg
    kupg = RSA.importKey(get_key(CertificateOwner.GATEWAY, CertificateType.GATEWAY)['public_key'])
    k7_encrypted_kupg = encrypt_rsa(kupg, k7)

    # Sign authdata_encrypted_k7 with Krm
    authdata_signature = sign_message(krm, authdata)

    # Base64 Encode
    b64_pwd_kuisencrypted_and_hashed_k6encrypted = base64.b64encode(pwd_kuisencrypted_and_hashed_k6encrypted.encode())
    b64_k7_encrypted_kupg = base64.b64encode(k7_encrypted_kupg)
    b64_authdata_signature = base64.b64encode(authdata_signature)
    b64_authdata_encrypted_k7 = base64.b64encode(authdata_encrypted_k7)
    b64_k6_encrypted_kupg = base64.b64encode(k6_encrypted_kupg.encode())
    b64_iv6 = base64.b64encode(iv6.encode())

    gateway_response = requests.post(Api.SEND_GATEWAY_PASSWORD,
                                     data={
                                         'b64_pwd_kuisencrypted_and_hashed_k6encrypted': b64_pwd_kuisencrypted_and_hashed_k6encrypted.decode(),
                                         'b64_k7_encrypted_kupg': b64_k7_encrypted_kupg,
                                         'b64_authdata_signature': b64_authdata_signature,
                                         'b64_authdata_encrypted_k7': b64_authdata_encrypted_k7,
                                         'b64_k6_encrypted_kupg': b64_k6_encrypted_kupg,
                                         'b64_iv6': b64_iv6,
                                         'session_id': request.cookies.get(SESSION_KEY),
                                         'bank_name': bank_name})

    if gateway_response.status_code != 200:
        msg = ErrorMessages.FAILED_CONNECT_GATEWAY
        return make_response(json({'status': 'NO', 'message': msg}))

    gateway_response = gateway_response.json()['data']

    if gateway_response.get('status') != 'YES':
        msg = ErrorMessages.TRANSACTION_FAILED
        return make_response(json({'status': 'NO', 'message': msg}))

    # Fetch Data
    b64_payment_response_encrypted = gateway_response.get('b64_payment_response_encrypted')
    b64_k8_encrypted_kum = gateway_response.get('b64_k8_encrypted_kum')
    b64_payment_response_signature = gateway_response.get('b64_payment_response_signature')

    # Decode base64
    payment_response_encrypted = base64.b64decode(b64_payment_response_encrypted)
    k8_encrypted_kum = base64.b64decode(b64_k8_encrypted_kum)
    payment_response_signature = base64.b64decode(b64_payment_response_signature)

    # Decrypt K8_KUM
    k8 = decrypt_rsa(krm, k8_encrypted_kum)

    # Decrypt payment_response_encrypted
    payment_response = AESCipher(k8).decrypt(payment_response_encrypted)

    if verify_rsa(kupg, payment_response, payment_response_signature):
        if payment_response.decode() == Messages.TRANSACTION_VERIFIED:
            cart = Cart.get_current()
            products = cart.products
            msg = render_template('mail_order.html', products=products, cart=cart)
            user = request.session.user
            from app import mail

            message = Message(subject="Mua Hàng Thành Công",
                              html=msg,
                              sender=("Anh Thu Shop", "*****@*****.**"),
                              recipients=[user.email])
            mail.send(message)
            cart = Cart.get_current()
            cart.data = {}
            response = make_response(json(
                {'status': 'YES', 'payment_response': payment_response.decode(), 'url': url_for('home.index')}))
            response.set_cookie('cart', cart.jsonified_data)
            return response
        elif payment_response.decode() == ErrorMessages.NOT_ENOUGH_MONEY:
            msg = ErrorMessages.NOT_ENOUGH_MONEY
        else:
            msg = ErrorMessages.FAILED_VERIFY_TRANSACTION
        return make_response(json({'status': 'NO', 'message': msg}))