Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hybris Payment Integration

Published byBarrie Lambert Jenkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Hybris Payment Integration"— Presentation transcript:

1 Hybris Payment Integration
Integrate with China Union Pay

2 Hybris INTRODUCE Full description and documentation can be found here:
orders channel platform Full description and documentation can be found here: wiki.hybris.com/display/release5/Release+5+Documentation+Home content commerce

3 Hybris Sample

4 China Union pay INTRODUCE
UnionPay International (UPI) is a subsidiary of China UnionPay focused on the growth and support of UnionPay’s global business. In partnership with more than 1000 institutions worldwide, UnionPay International has enabled card acceptance in over 150 countries and regions with issuance in more than 40 countries and regions. UnionPay International provides high quality, cost effective and secure cross-border payment services to the world’s largest cardholder base and ensures convenient local services to a growing number of global UnionPay cardholders and merchants.  China Union pay INTRODUCE

5 China Union pay INTRODUCE
Online Support: Test Front Trans URL:  Test Bank Card: Card Num: Phone: Password: ID: SMS Verify Code: China Union pay INTRODUCE

6 China pay: api&utils Secure API com/unionpay/sdk/SecureUtil.java
Sign Utils com/unionpay/sdk/SDKUtil.java CertUtil Tool com/unionpay/sdk/CertUtil.java Constants com/unionpay/sdk/SDKConstants.java Config com/unionpay/sdk/SDKConfig.java Date Util com/unionpay/sdk/UtilDate.java

7 Union pay GaTeway WORKFLOW

8 Integration overview Step1.Prepare payment info
Step2.Collect order information Step3.Organize Payment request Step4.Handle Chinapay response

9 Step 1: prepare payment info
Select payment method with AJAX Create the payment info model for current order

10 UI Part: Select Payment method

11 sequence Chart

12 Step 2: Collect order information
Create Order data and convert order Populate the payment transition

13 UI Part: Order dATA

14 Sequence Chart

15 2.1 Create order data SummaryCheckoutStepController:
orderData = getCheckoutFacade().placeOrder(); EpamSubmitOrderStrategy : @Override public void submitOrder(final OrderModel order) { getEpamPaymentService().initiate(order); } DefaultEpamPaymentService public boolean initiate(final OrderModel order) { if (paymentInfoModel instanceof EpamPaymentInfoModel) { ProcessingRequestData requestData = getRequestDataConverter().convert(order); getPaymentTransactionPopulator().populate(requestData, order);} } …….} 2.1 Create order data

16 IMPLEMENT: 2.2 CONVERT ORDER DATA TO REQUEST DATA
ChinapayPaymentTransactionPopulator : public void populate(ProcessingRequestData requestData, OrderModel order) throws ConversionException { /* * Setting up EpamPaymentInfoModel * */ EpamPaymentInfoModel paymentInfo = (EpamPaymentInfoModel) order.getPaymentInfo(); BaseRequestData baseData = requestData.getBaseRequestData(); paymentInfo.setOutTradeNo(baseData.getRequestId()); ……. getModelService().save(paymentInfo); getModelService().save(order); ……} IMPLEMENT: 2.2 CONVERT ORDER DATA TO REQUEST DATA

17 Step 3: Organize Payment request
Prepare the request field with sign data Fill the automation request form Send the request

18 3.1 Prepare the request field With Sign data
DefaultEpamPaymentService: public String getRedirectPostFormString(OrderModel orderModel) ; public String initiateHiddenPostForm(orderModel, requestData ); DefaultChinapayCoreService: public Map<String, String> signData(Map<String, ?> contentData) { … SDKUtil.sign(submitFromData, encoding); return submitFromData; …… } 3.1 Prepare the request field With Sign data

19 IMPLEMENT: 3.2 FILL THE automation REQUEST FORM
Automatic request Utils: public static String createHiddenPostHtml(String action, Map<String, String> hiddens) { StringBuffer sf = new StringBuffer(); sf.append("<html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\"/></head><body>"); sf.append("<form id = \"pay_form\" action=\"" + action "\" method=\"post\">"); if (null != hiddens && 0 != hiddens.size()) { Set<Map.Entry<String, String>> set = hiddens.entrySet(); Iterator<Map.Entry<String, String>> it = set.iterator(); while (it.hasNext()) { Map.Entry<String, String> ey = it.next(); String key = ey.getKey(); String value = ey.getValue(); sf.append("<input type=\"hidden\" name=\"" + key + "\" id=\"" key + "\" value=\"" + value + "\"/>"); } } sf.append("</form>"); sf.append("</body>"); sf.append("<script type=\"text/javascript\">"); sf.append("document.all.pay_form.submit();"); sf.append("</script>"); sf.append("</html>"); return sf.toString(); } IMPLEMENT: 3.2 FILL THE automation REQUEST FORM

20 Request data: Order fIELDS

21 China pay: User payment process

22 Payment result: Succeed

23 Step 4: Handle China pay response
Receive the response data Validate the sign data Update the payment transition status Execute order process action

24 Sequence Chart

25 IMPLEMENT: 4.1 receive china pay response
DefaultChinapayCoreService public String doChinaPayBackendNotify( try{ ((EpamOrderFacade)getOrderFacade()) .handleResponse(notifyData,request.getParameter Map()); response.getWriter().print("success"); }catch (final Exception e){ LOG.error(e.getMessage(),e); response.getWriter().print("error"); } return null; }

26 IMPLEMENT: 4.2 Encrypt Validation
DefaultChinapayCoreService public boolean verify(final Map<String, String> resData, String encoding) { LogUtil.writeLog("Start to verify"); if (StringUtils.isEmpty(encoding)) { encoding = "UTF-8"; } String stringSign = resData.get(SDKConstants.param_signature); // 从返回报文中获取certId ,然后去证书静态Map中查询对应验签证书对象 String certId = resData.get(SDKConstants.param_certId); //对返回报文串验签使用的验签公钥序列号 LogUtil.writeLog("public certId:["+certId+"]"); // 将Map信息转换成key1=value1&key2=value2的形式 String stringData = SDKUtil.coverMap2String(resData); LOG.info("Sign data:[" + stringData + "]"); try { // 验证签名需要用银联发给商户的公钥证书 return SecureUtil.validateSignBySoft(CertUtil getValidateKey(certId), SecureUtil.base64Decode(stringSign getBytes(encoding)), SecureUtil.sha1X16(stringData, encoding)); } catch (UnsupportedEncodingException e) { LogUtil.writeErrorLog(e.getMessage(), e); } catch (Exception e) { LogUtil.writeErrorLog(e.getMessage(), e); } return false; }  

27 IMPLEMENT: 4.3 UPDATE THE TRANSITION STATUS
DefaultEpamPaymentService private EpamTradeStatus updatePaymentTransaction(OrderModel order, PaymentNotifyInfoData notifyData, String type) { …… EpampayTransaction.setLatestTradeStatus(notifyData.getRespCode()); EpampayTransaction.setTradeEpamNo(notifyData.getOrderId()); getModelService().save(EpampayTransaction); getPaymentTransactionEntryPopulator().populate(notifyData, transaction); …… }

28 IMPLEMENT: 4.4 Execute order process action
EpamNotifyServiceImpl public void executeAction(final OrderModel order) { final String result = checkPaymentTransaction(order); if ("OK".equals(result)) { setOrderStatusAction(order, OrderStatus.PAYMENT_CAPTURED); order.setPaymentStatus(PaymentStatus.PAID); } else { setOrderStatusAction(order, OrderStatus.CANCELLED); final OrderProcessModel orderProcessModel = (OrderProcessModel)businessProcessService.createProcess( "sendOrderCancelled Process-" + order.getCode() + "-" + System.currentTimeMillis(), "sendOrderCancelled Process"); orderProcessModel.setOrder(order); modelService.save(orderProcessModel); businessProcessService.startProcess(orderProcessModel); } orderService.saveOrder(order); }

29 TipS: How to store the certification files About CSRF allowed URL

30 For encryption certification files, It is not safe to upload the files with source code together
The certification files should be easy to use without code changes It should work with different OS level Define the system environment variables for the path CERT_CHINAPAY_ENV_ENCRYPTCERT_PATH CERT_CHINAPAY_ENV_SIGNCERT_PATH CERT_CHINAPAY_ENV_VALIDATECERT_DIR TIPS 1 env Variables

31 TIPS 2 CSRF Allow URL PATTERN
The hybris provide CSRF protection For Chinapay gateway, we need to add our controller URL in the url pattern Modify URL in project.properties in the Storefront extension csrf.allowed.url.patterns=/[^/]+(/[^?]*)+(sop-response)$,/[^/]+(/[^?]*)+(merchant_callback)$,/[^/]+(/[^?]*)+(hop-response)$,/[^/]+(/[^?]*)+( language)$,/[^/]+(/[^?]*)+(currency)$,/+[(alipay)|(chinapay)]+/(.)*$ TIPS 2 CSRF Allow URL PATTERN

32 Q&A

33

Download ppt "Hybris Payment Integration"

Similar presentations

Presented by: Your Firm Name. Your Firm Name Presented by: Secure Client Portals With NetClient CS secure portals, you can work with us any time, from.

Presented by: Your Firm Name. Your Firm Name Presented by: Secure Client Portals With NetClient CS secure portals, you can work with us any time, from.
Connecting to Databases. relational databases tables and relations accessed using SQL database -specific functionality –transaction processing commit.

Connecting to Databases. relational databases tables and relations accessed using SQL database -specific functionality –transaction processing commit.
Recruitment Booster.

Recruitment Booster.
Problem Solving 5 Using Java API for Searching and Sorting Applications ICS-201 Introduction to Computing II Semester 071.

Problem Solving 5 Using Java API for Searching and Sorting Applications ICS-201 Introduction to Computing II Semester 071.
1.  Understanding about How to Working with Server Side Scripting using PHP Framework (CodeIgniter) 2.

1.  Understanding about How to Working with Server Side Scripting using PHP Framework (CodeIgniter) 2.
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
1 Chapter 5 – Handling HTML Controls in Web Pages spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information Science.

1 Chapter 5 – Handling HTML Controls in Web Pages spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information Science.
Adviser’s Control Panel. Explanation of our “My Tracer” Control Panel for ABSA Advisers Let’s have a look at the Functionality.

Adviser’s Control Panel. Explanation of our “My Tracer” Control Panel for ABSA Advisers Let’s have a look at the Functionality.
“Electronic Payment System”

“Electronic Payment System”
Train The Trainer Employee Central Administration

Train The Trainer Employee Central Administration
Our Internet Gateway and Mobile Payment Solutions will increase your revenue by enhancing your payment flexibility. Powered By.

Our Internet Gateway and Mobile Payment Solutions will increase your revenue by enhancing your payment flexibility. Powered By.
Virtual Terminal Point-Of-Sale Check Processing American Payment E x change.

Virtual Terminal Point-Of-Sale Check Processing American Payment E x change.
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.

Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.
Web Proxy Server. Proxy Server Introduction Returns status and error messages. Handles http CGI requests. –For more information about CGI please refer.

Web Proxy Server. Proxy Server Introduction Returns status and error messages. Handles http CGI requests. –For more information about CGI please refer.
InterSwyft Technology presentation. Introduction InterSwyft brings secured encrypted transmission of SMS messages for internal and external devices such.

InterSwyft Technology presentation. Introduction InterSwyft brings secured encrypted transmission of SMS messages for internal and external devices such.
1 Google Checkout API Jingsong Wang Arpril 2, 2007.

1 Google Checkout API Jingsong Wang Arpril 2, 2007.
MIS 3090 IT for Financial Services Digital Cash September 4, 2015.

MIS 3090 IT for Financial Services Digital Cash September 4, 2015.
May 28, 2002Mårten Trolin1 Protocols for e-commerce Traditional credit cards SET SPA/UCAF 3D-Secure Temporary card numbers Direct Payments.

May 28, 2002Mårten Trolin1 Protocols for e-commerce Traditional credit cards SET SPA/UCAF 3D-Secure Temporary card numbers Direct Payments.
Confidential and proprietary to U.S. Bank 1 Corporate Payment Systems Adwebportal Training.

Confidential and proprietary to U.S. Bank 1 Corporate Payment Systems Adwebportal Training.
1 Operator Overloading in C++ Copyright Kip Irvine, 2003. All rights reserved. Only students enrolled in COP 4338 at Florida International University may.

1 Operator Overloading in C++ Copyright Kip Irvine, All rights reserved. Only students enrolled in COP 4338 at Florida International University may.

Similar presentations

Ads by Google