Saltar al contenido principal

Validación de firma

El propósito de este valor es salvaguardar la integridad de la respuesta recibida. Se trata de una cadena codificada en formato base 64 y se encuentra en el campo "signature" de la respuesta generada por la librería. En la representación en formato JSON del objeto de respuesta, se puede observar este campo de la siguiente manera:

Es importante tener en cuenta este proceso de validación de firma únicamente cuando el valor del campo "paymentResult.code" no sea igual a "021" ni a "COMMUNICATION_ERROR".

{
    "code": "00",
    "message": "OK",
    "messageUser": "Operación exitosa",
    "messageUserEng": "Successful",
    "response": {
      "payMethod": "CARD",
      "order": [
        {
          "payMethodAuthorization": "CARD",
          "codeAuth": "S93925",
          "currency": "PEN",
          "amount": "1.00",
          "installment": "00",
          "deferred": "0",
          "orderNumber": "7676794",
          "stateMessage": "Autorizado",
          "dateTransaction": "20240307",
          "timeTransaction": "111451",
          "uniqueId": "1286134",
          "referenceNumber": "7000000"
        }
      ],
      "card": {
        "brand": "VS",
        "pan": "497010******0055",
        "save": "false"
      },
      "billing": {
        "firstName": "Juan",
        "lastName": "Wick Quispe",
        "email": "jwickq@izi.com",
        "phoneNumber": "989339999",
        "street": "calle el demo sdk",
        "city": "lima",
        "state": "lima",
        "country": "PE",
        "postalCode": "00001",
        "documentType": "DNI",
        "document": "12345678",
        "companyName": ""
      },
      "merchant": {
        "merchantCode": "4075169",
        "facilitatorCode": ""
      },
      "token": {
        "merchantBuyerId": "enriquepariascauser",
        "cardToken": "",
        "alias": ""
      },
      "authentication": {
        "result": ""
      },
      "customFields": [
        "",
        "",
        "",
        "",
        "",
        "",
        "",
        "",
        "",
        ""
      ],
    },
    "payloadHttp": "{\"code\":\"00\",\"message\":\"OK\",\"messageUser\":\"Operación exitosa\",\"messageUserEng\":\"Successful\",\"transactionId\":\"557763479\",\"response\":{\"payMethod\":\"CARD\",\"order\":[{\"payMethodAuthorization\":\"CARD\",\"codeAuth\":\"S93925\",\"currency\":\"PEN\",\"amount\":\"1.00\",\"installment\":\"00\",\"deferred\":\"0\",\"orderNumber\":\"7676794\",\"stateMessage\":\"Autorizado\",\"dateTransaction\":\"20240307\",\"timeTransaction\":\"111451\",\"uniqueId\":\"1286134\",\"referenceNumber\":\"7000000\"}],\"card\":{\"brand\":\"VS\",\"pan\":\"497010******0055\",\"save\":\"false\"},\"billing\":{\"firstName\":\"Juan\",\"lastName\":\"Wick Quispe\",\"email\":\"jwickq@izi.com\",\"phoneNumber\":\"989339999\",\"street\":\"calle el demo sdk\",\"city\":\"lima\",\"state\":\"lima\",\"country\":\"PE\",\"postalCode\":\"00001\",\"documentType\":\"DNI\",\"document\":\"12345678\",\"companyName\":\"\"},\"merchant\":{\"merchantCode\":\"4075169\",\"facilitatorCode\":\"\"},\"token\":{\"merchantBuyerId\":\"enriquepariascauser\",\"cardToken\":\"\",\"alias\":\"\"},\"authentication\":{\"result\":\"\"},\"customFields\":[\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\"]}}",
    "signature": "0rlf7ASjgBBfVu1XB1PcnvMPvV6wFVEL/P8BgbbtRSY=",
    "transactionId": "557763479"
  }

Para validar la firma realizar los siguientes pasos:

  • Acceder al valor del payload mediante el atributo paymentResult.response.payloadHttp (revisar el paso 5 de la sección Integración con iOS).
  • Utilizar HMAC-SHA256 para generar un Hash del valor del payload utilizando como secretKey la claveHash (en la sección Definición de parámetros).
  • Comparar el resultado con el signature, de resultar iguales se habrá garantizado la integridad del mensaje.

Aquí te mostramos un ejemplo de como realizar la validación de firma a través de JavaScript:

import Foundation
import CommonCrypto

func checkSignature(payload: String, keyHash: String, signature: String) -> Bool {

    if keyHash.isEmpty {
        return false
    }

    let messageData = payload.data(using: .utf8)!
    let keyData = keyHash.data(using: .utf8)!
    var digest = [UInt8](repeating: 0, count: Int(CC_SHA256_DIGEST_LENGTH))

    CCHmac(CCHmacAlgorithm(kCCHmacAlgSHA256), keyData.bytes, keyData.count, messageData.bytes, messageData.count, &digest)

    let computedSignature = Data(digest).base64EncodedString()
    return signature == computedSignature

}
// Ejemplo de uso

let payload = "{\"code\":\"00\",\"message\":\"OK\",\"messageUser\":\"Operación exitosa\",\"messageUserEng\":\"Successful\",\"transactionId\":\"557763479\",\"response\":{\"payMethod\":\"CARD\",\"order\":[{\"payMethodAuthorization\":\"CARD\",\"codeAuth\":\"S93925\",\"currency\":\"PEN\",\"amount\":\"1.00\",\"installment\":\"00\",\"deferred\":\"0\",\"orderNumber\":\"7676794\",\"stateMessage\":\"Autorizado\",\"dateTransaction\":\"20240307\",\"timeTransaction\":\"111451\",\"uniqueId\":\"1286134\",\"referenceNumber\":\"7000000\"}],\"card\":{\"brand\":\"VS\",\"pan\":\"497010******0055\",\"save\":\"false\"},\"billing\":{\"firstName\":\"enrique\",\"lastName\":\"pariasca\",\"email\":\"enrique.pariasca@izitest.pe\",\"phoneNumber\":\"989339999\",\"street\":\"calle el demo sdk\",\"city\":\"lima\",\"state\":\"lima\",\"country\":\"PE\",\"postalCode\":\"00001\",\"documentType\":\"DNI\",\"document\":\"12345678\",\"companyName\":\"\"},\"merchant\":{\"merchantCode\":\"4075169\",\"facilitatorCode\":\"\"},\"token\":{\"merchantBuyerId\":\"enriquepariascauser\",\"cardToken\":\"\",\"alias\":\"\"},\"authentication\":{\"result\":\"\"},\"customFields\":[\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\"]}}"
let keyHash = "Xom5Hlt9eSWoylYuBrenIbOsTljEdefR"
let signature = "0rlf7ASjgBBfVu1XB1PcnvMPvV6wFVEL/P8BgbbtRSY="
let isValid = checkSignature(payload: payload, keyHash: keyHash, signature: signature)
print("La firma es válida:", isValid)