Skip to content

Commit 1a793e4

Browse files
Manual fixes for defects.
1 parent c6d24f7 commit 1a793e4

21 files changed

+239
-133
lines changed

Authorize.NET/AIM/Gateway.cs

Lines changed: 24 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,8 @@ public class Gateway : AuthorizeNet.IGateway {
2323

2424
public const string TEST_URL = "https://test.authorize.net/gateway/transact.dll";
2525
public const string LIVE_URL = "https://secure2.authorize.net/gateway/transact.dll";
26-
26+
//Max response size allowed: 64 MB
27+
private const int MaxResponseLength = 67108864;
2728

2829
public string ApiLogin { get; set;}
2930
public string TransactionKey { get; set;}
@@ -49,7 +50,7 @@ protected void LoadAuthorization(IGatewayRequest request) {
4950
protected string SendRequest(string serviceUrl, IGatewayRequest request) {
5051

5152
var postData = request.ToPostString();
52-
var result = "";
53+
var result = new StringBuilder();
5354

5455
//override the local cert policy - this is for Mono ONLY
5556
//ServicePointManager.CertificatePolicy = new PolicyOverride();
@@ -75,14 +76,31 @@ protected string SendRequest(string serviceUrl, IGatewayRequest request) {
7576

7677
// returned values are returned as a stream, then read into a string
7778
var response = (HttpWebResponse)webRequest.GetResponse();
78-
using (StreamReader responseStream = new StreamReader(response.GetResponseStream())) {
79-
result = responseStream.ReadToEnd();
80-
responseStream.Close();
79+
80+
if (response != null)
81+
{
82+
var stream = response.GetResponseStream();
83+
84+
if (stream == null) return result.ToString();
85+
86+
using (var responseStream = new StreamReader(stream))
87+
{
88+
while (!responseStream.EndOfStream)
89+
{
90+
result.Append((char)responseStream.Read());
91+
if (result.Length >= MaxResponseLength)
92+
{
93+
throw new Exception("response is too long.");
94+
}
95+
}
96+
97+
responseStream.Close();
98+
}
8199
}
82100

83101
// the response string is broken into an array
84102
// The split character specified here must match the delimiting character specified above
85-
return result;
103+
return result.ToString();
86104
}
87105

88106
public virtual IGatewayResponse Send (IGatewayRequest request, string description)

Authorize.NET/AIM/Responses/SIMResponse.cs

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -17,10 +17,10 @@ public SIMResponse(NameValueCollection post) {
1717
/// <summary>
1818
/// Validates that what was passed by Auth.net is valid
1919
/// </summary>
20-
public bool Validate(string merchantHash, string apiLogin) {
21-
return Crypto.IsMatch(merchantHash, apiLogin, this.TransactionID, this.Amount, this.MD5Hash);
20+
//public bool Validate(string merchantHash, string apiLogin) {
21+
// return Crypto.IsMatch(merchantHash, apiLogin, this.TransactionID, this.Amount, this.MD5Hash);
2222

23-
}
23+
//}
2424

2525

2626
public SIMResponse() : this(HttpContext.Current.Request.Form) { }

Authorize.NET/Api/Controllers/Bases/ApiOperationBase.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -180,14 +180,14 @@ private void Validate() {
180180
//TODO
181181
/*
182182
if ( null != merchantAuthenticationType.Item.GetType(). sessionToken) throw new IllegalArgumentException("SessionToken needs to be null");
183-
if ( null != merchantAuthenticationType.getPassword()) throw new IllegalArgumentException("Password needs to be null");
183+
if ( null != merchantAuthenticationType.getPass_word()) throw new IllegalArgumentException("Pass_word needs to be null");
184184
if ( null != merchantAuthenticationType.getMobileDeviceId()) throw new IllegalArgumentException("MobileDeviceId needs to be null");
185185
186186
187187
var impersonationAuthenticationType = merchantAuthenticationType.impersonationAuthentication;
188188
if ( null != impersonationAuthenticationType) throw new IllegalArgumentException("ImpersonationAuthenticationType needs to be null");
189189
*/
190-
// impersonationAuthenticationType.setPartnerLoginId(CnpApiLoginIdKey);
190+
// impersonationAuthenticationType.setPartnerLoginId(CnpApiLoginIdKey);
191191
// impersonationAuthenticationType.setPartnerTransactionKey(CnpTransactionKey);
192192
// merchantAuthenticationType.setImpersonationAuthentication(impersonationAuthenticationType);
193193

Authorize.NET/AuthorizeNET.csproj

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -96,6 +96,7 @@
9696
<Compile Include="Api\Controllers\updateSplitTenderGroupController.cs" />
9797
<Compile Include="Api\Controllers\validateCustomerPaymentProfileController.cs" />
9898
<Compile Include="Api\Controllers\Bases\*.cs" />
99+
<Compile Include="Utility\AnetRandom.cs" />
99100
<Compile Include="Util\*.cs" />
100101
<Compile Include="AIM\Gateway.cs" />
101102
<Compile Include="AIM\IGateway.cs" />

Authorize.NET/Util/HttpUtility.cs

Lines changed: 18 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@ namespace AuthorizeNet.Util
1212
#pragma warning disable 1591
1313
public static class HttpUtility {
1414

15+
//Max response size allowed: 64 MB
16+
private const int MaxResponseLength = 67108864;
1517
private static readonly Log Logger = LogFactory.getLog(typeof(HttpUtility));
1618
private static bool _proxySet;// = false;
1719

@@ -72,9 +74,21 @@ public static ANetApiResponse PostData<TQ, TS>(AuthorizeNet.Environment env, TQ
7274
{
7375
if (null != responseStream)
7476
{
77+
var result = new StringBuilder();
78+
7579
using (var reader = new StreamReader(responseStream))
7680
{
77-
responseAsString = reader.ReadToEnd();
81+
while (!reader.EndOfStream)
82+
{
83+
result.Append((char)reader.Read());
84+
85+
if (result.Length >= MaxResponseLength)
86+
{
87+
throw new Exception("response is too long.");
88+
}
89+
}
90+
91+
responseAsString = result.Length > 0 ? result.ToString() : null;
7892
}
7993
Logger.debug(string.Format("Response from Stream: '{0}'", responseAsString));
8094
}
@@ -140,11 +154,9 @@ public static IWebProxy SetProxyIfRequested(IWebProxy proxy)
140154
{
141155
newProxy = new WebProxy(proxyUri);
142156
}
143-
//if (null != newProxy)
144-
{
145-
newProxy.UseDefaultCredentials = true;
146-
newProxy.BypassProxyOnLocal = true;
147-
}
157+
158+
newProxy.UseDefaultCredentials = true;
159+
newProxy.BypassProxyOnLocal = true;
148160
}
149161
return (newProxy ?? proxy);
150162
}

Authorize.NET/Utility/AnetRandom.cs

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
using System;
2+
using System.Collections.Generic;
3+
using System.Linq;
4+
using System.Security.Cryptography;
5+
using System.Text;
6+
7+
namespace AuthorizeNet.Utility
8+
{
9+
public class AnetRandom
10+
{
11+
private const int BufferSize = 1024; // must be a multiple of 4
12+
private readonly byte[] RandomBuffer;
13+
private int BufferOffset;
14+
private readonly RNGCryptoServiceProvider rngCryptoServiceProvider;
15+
private int seed;
16+
17+
public AnetRandom() : this(0)
18+
{
19+
}
20+
21+
public AnetRandom(int seed)
22+
{
23+
this.seed = seed;
24+
RandomBuffer = new byte[BufferSize];
25+
rngCryptoServiceProvider = new RNGCryptoServiceProvider();
26+
BufferOffset = RandomBuffer.Length;
27+
}
28+
private void FillBuffer()
29+
{
30+
rngCryptoServiceProvider.GetBytes(RandomBuffer);
31+
BufferOffset = 0;
32+
}
33+
private int Next()
34+
{
35+
if (BufferOffset >= RandomBuffer.Length)
36+
{
37+
FillBuffer();
38+
}
39+
int val = BitConverter.ToInt32(RandomBuffer, BufferOffset) & 0x7fffffff;
40+
BufferOffset += sizeof(int);
41+
return val;
42+
}
43+
public int Next(int maxValue)
44+
{
45+
return seed >= maxValue ? Next() % maxValue : Next() % (maxValue - seed) + seed;
46+
}
47+
48+
public int Next(int minValue, int maxValue)
49+
{
50+
if (maxValue < minValue)
51+
{
52+
throw new ArgumentOutOfRangeException("maxValue must be greater than or equal to minValue");
53+
}
54+
55+
int range = maxValue - minValue;
56+
return minValue + Next(range);
57+
}
58+
}
59+
}

Authorize.NET/Utility/Crypto.cs

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -32,17 +32,17 @@ public static string GenerateFingerprint(string transactionKey, string login, de
3232
/// <param name="amount">amount </param>
3333
/// <param name="expected">expected string</param>
3434
/// <returns>string</returns>
35-
public static bool IsMatch(string key, string apiLogin, string transactionID,decimal amount, string expected) {
35+
//public static bool IsMatch(string key, string apiLogin, string transactionID,decimal amount, string expected) {
3636

37-
var unencrypted = string.Format("{0}{1}{2}{3}", key, apiLogin, transactionID, amount.ToString());
37+
// var unencrypted = string.Format("{0}{1}{2}{3}", key, apiLogin, transactionID, amount.ToString());
3838

39-
var md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
40-
var hashed = Regex.Replace(BitConverter.ToString(md5.ComputeHash(ASCIIEncoding.Default.GetBytes(unencrypted))), "-", "");
39+
// var md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
40+
// var hashed = Regex.Replace(BitConverter.ToString(md5.ComputeHash(ASCIIEncoding.Default.GetBytes(unencrypted))), "-", "");
4141

42-
// And return it
43-
return hashed.Equals(expected);
42+
// // And return it
43+
// return hashed.Equals(expected);
4444

45-
}
45+
//}
4646

4747
/// <summary>
4848
/// Encrypts the key/value pair supplied using HMAC-MD5

Authorize.NET/Utility/HttpXmlUtility.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,7 @@ public ANetApiResponse Send(ANetApiRequest apiRequest) {
8080

8181
// Load the response from the API server into an XmlDocument.
8282
_xmlDoc = new XmlDocument();
83-
_xmlDoc.Load(XmlReader.Create(webResponse.GetResponseStream()));
83+
_xmlDoc.Load(XmlReader.Create(webResponse.GetResponseStream(), new XmlReaderSettings()));
8484

8585

8686
var response = DecideResponse(_xmlDoc);

AuthorizeNETtest/Api/Controllers/MockTest/ARBGetSubscriptionControllerTest.cs

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
using AuthorizeNet.Utility;
2+
13
namespace AuthorizeNet.Api.Controllers.MockTest
24
{
35
using System;
@@ -52,7 +54,7 @@ public void MockARBGetSubscriptionTest()
5254
customerPaymentProfileId = "1234",
5355
};
5456

55-
Random rnd = new Random(DateTime.Now.Millisecond);
57+
var rnd = new AnetRandom(DateTime.Now.Millisecond);
5658
var SubscriptionMaskedType = new ARBSubscriptionMaskedType()
5759
{
5860
name = "Test",

AuthorizeNETtest/Api/Controllers/SampleTest/CreateTransactionSampleTest.cs

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
1-
namespace AuthorizeNet.Api.Controllers.SampleTest
1+
using AuthorizeNet.Utility;
2+
3+
namespace AuthorizeNet.Api.Controllers.SampleTest
24
{
35
using System;
46
using AuthorizeNet.Api.Contracts.V1;
@@ -159,7 +161,7 @@ private Boolean createProfile(out String customerProfileId, out String paymentPr
159161
ApiOperationBase<ANetApiRequest, ANetApiResponse>.MerchantAuthentication = CustomMerchantAuthenticationType;
160162
ApiOperationBase<ANetApiRequest, ANetApiResponse>.RunEnvironment = TestEnvironment;
161163

162-
Random rnd = new Random(DateTime.Now.Millisecond);
164+
var rnd = new AnetRandom(DateTime.Now.Millisecond);
163165
string custIndx = rnd.Next(99999).ToString();
164166

165167
var creditCard = new creditCardType { cardNumber = "4111111111111111", expirationDate = "0622" };
@@ -349,7 +351,7 @@ public void SampleCodeCreateTransactionWithPayPal()
349351
[Ignore("Requires user to specify settled transaction")]
350352
public void SampleCodeCreateCreditRequestForSettledTransaction()
351353
{
352-
Random rnd = new Random(DateTime.Now.Millisecond);
354+
var rnd = new AnetRandom(DateTime.Now.Millisecond);
353355

354356

355357
ApiOperationBase<ANetApiRequest, ANetApiResponse>.MerchantAuthentication = CustomMerchantAuthenticationType;

0 commit comments

Comments
 (0)