From a7b2bd4e50caeedafd30b9f3111a1a097101b398 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Danyi=20D=C3=A1vid?= Date: Sun, 18 Mar 2018 15:57:29 +0100 Subject: [PATCH] * payload is no AES encrypted as in the mobile app * async+poll query changed to sync+parse --- data/.gitignore | 1 + data/soap-xmls/SZEP_getWorkflowState.xml | 13 ---- data/soap-xmls/SZEP_queryCard.xml | 12 +-- ...rkflow.xml => SZEP_startWorkflowSynch.xml} | 4 +- src/App/Service/SZEPManagerService.php | 76 ++++++++++--------- 5 files changed, 49 insertions(+), 57 deletions(-) delete mode 100644 data/soap-xmls/SZEP_getWorkflowState.xml rename data/soap-xmls/{SZEP_startWorkflow.xml => SZEP_startWorkflowSynch.xml} (75%) diff --git a/data/.gitignore b/data/.gitignore index 98e6ef6..3b83889 100644 --- a/data/.gitignore +++ b/data/.gitignore @@ -1 +1,2 @@ *.db +config-cache.php diff --git a/data/soap-xmls/SZEP_getWorkflowState.xml b/data/soap-xmls/SZEP_getWorkflowState.xml deleted file mode 100644 index f44341f..0000000 --- a/data/soap-xmls/SZEP_getWorkflowState.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - %s - - - \ No newline at end of file diff --git a/data/soap-xmls/SZEP_queryCard.xml b/data/soap-xmls/SZEP_queryCard.xml index 92c7cc8..260abd1 100644 --- a/data/soap-xmls/SZEP_queryCard.xml +++ b/data/soap-xmls/SZEP_queryCard.xml @@ -1,8 +1,8 @@ - BANKKARTYASZAMLAEGYENLEGLEKERDEZES - BANKKARTYASUGYFEL - %s - %s - %s - %s +BANKKARTYASZAMLAEGYENLEGLEKERDEZES +BANKKARTYASUGYFEL +%s +%s +%s +%s \ No newline at end of file diff --git a/data/soap-xmls/SZEP_startWorkflow.xml b/data/soap-xmls/SZEP_startWorkflowSynch.xml similarity index 75% rename from data/soap-xmls/SZEP_startWorkflow.xml rename to data/soap-xmls/SZEP_startWorkflowSynch.xml index 5ca656a..ab15cee 100644 --- a/data/soap-xmls/SZEP_startWorkflow.xml +++ b/data/soap-xmls/SZEP_startWorkflowSynch.xml @@ -4,9 +4,9 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> - + SZEPKARTYASZAMLATORTENET - + diff --git a/src/App/Service/SZEPManagerService.php b/src/App/Service/SZEPManagerService.php index a528bcc..2bbcbe9 100644 --- a/src/App/Service/SZEPManagerService.php +++ b/src/App/Service/SZEPManagerService.php @@ -8,8 +8,7 @@ use GuzzleHttp\Client; class SZEPManagerService { - const TEMPLATE_WORKFLOW_START = "data/soap-xmls/SZEP_startWorkflow.xml"; - const TEMPLATE_WORKFLOW_STATE = "data/soap-xmls/SZEP_getWorkflowState.xml"; + const TEMPLATE_WORKFLOW = "data/soap-xmls/SZEP_startWorkflowSynch.xml"; const TEMPLATE_QUERY_CARD = "data/soap-xmls/SZEP_queryCard.xml"; const CERTIFICATE_WEB_PATH = "https://www.otpbankdirekt.hu/homebank/mobilalkalmazas/certificate"; @@ -23,6 +22,19 @@ class SZEPManagerService const TAG_POCKET_FOOD = 'SZÉP kártya'; const TAG_POCKET_SPORT = 'SZÉP kártya - szabadidő'; + const AES_KEY = [ + 11, 67, -99,-119,-110, -76, 76, -86, + -105, -40, -7, 73,-113, 126, -53,-100, + 29, 52, 43, 98,-101, 41, 121, -68, + 122, 40, 67,-123, -85, -61, 79,-107 + ]; + const IV_PARAM = [ + 45, 84, 55, 96, + 22,-119, 113, -64, + 116, -64, 106, 56, + -100, 114,-123, -81 + ]; + /** @var array */ private $config; @@ -54,17 +66,16 @@ class SZEPManagerService */ public function pollRecent() { - $workflowResult = $this->startWorkflow(); - $pollResult = $this->pollResult($workflowResult); - $this->parseResult($pollResult); + if (null !== ($pollResult = $this->getRecentXml())) { + $this->parseResult($pollResult); + } } /** - * Init the soap workflow * @return string * @throws \Exception */ - private function startWorkflow(): string + private function getRecentXml(): ?string { $certificate = $this->getCertificate(); openssl_public_encrypt($this->config['szep.card'], $cryptCardId, $certificate, OPENSSL_PKCS1_PADDING); @@ -81,41 +92,20 @@ class SZEPManagerService $endDate->format("Y.m.d") ); - $soapXml = sprintf(file_get_contents(self::TEMPLATE_WORKFLOW_START), $query); - $soapResponseXml = $this->doSoapRequest($soapXml); + $soapXml = sprintf(file_get_contents(self::TEMPLATE_WORKFLOW), $this->encryptPayload($query)); + try{ + $soapResponseXml = $this->doSoapRequest($soapXml); + } catch (\Exception $e) { + return null; + } $domDocument = new \DOMDocument(); $domDocument->loadXML($soapResponseXml); $documentXpath = new \DOMXPath($domDocument); /** @var \DOMElement $returnElement */ - $returnElement = $documentXpath->query('//return')->item(0); - return $returnElement->textContent; - } - - /** - * Poll until the result is ready - * @param string $workflowResult - * @return string - */ - private function pollResult(string $workflowResult): string - { - $soapXml = sprintf(file_get_contents(self::TEMPLATE_WORKFLOW_STATE), $workflowResult); - do { - sleep(1); - $soapResponseXml = $this->doSoapRequest($soapXml); - - $domDocument = new \DOMDocument(); - $domDocument->loadXML($soapResponseXml); - - $documentXpath = new \DOMXPath($domDocument); - /** @var \DOMElement $completedElement */ - $completedElement = $documentXpath->query('//completed')->item(0); - } while ($completedElement->textContent != "true"); - - /** @var \DOMElement $resultElement */ - $resultElement = $documentXpath->query('//result')->item(0); - return base64_decode($resultElement->textContent); + $returnElement = $documentXpath->query('//return/result')->item(0); + return base64_decode($returnElement->textContent); } /** @@ -226,6 +216,20 @@ class SZEPManagerService return $tags; } + /** + * Returns AES encrypted base64 encoded $payload + * @param string $payload + * @param array $key + * @param array $iv + * @return string + */ + private function encryptPayload(string $payload, $key = self::AES_KEY, $iv = self::IV_PARAM): string + { + $aesKeyString = call_user_func_array("pack", array_merge(array("c*"), $key)); + $ivParamStr = call_user_func_array("pack", array_merge(array("c*"), $iv)); + return openssl_encrypt($payload, "AES-256-CBC", $aesKeyString, 0, $ivParamStr); + } + /** * @param string $soapXml * @return string