yvan/sms-store
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* payload is no AES encrypted as in the mobile app

Browse Source 
* async+poll query changed to sync+parse
This commit is contained in:
Danyi Dávid 2018-03-18 15:57:29 +01:00
parent b6ff7bae5c
commit a7b2bd4e50
5 changed files with 49 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
data/.gitignore vendored
View File

@ -1 +1,2 @@
*.db *.db
config-cache.php

13
data/soap-xmls/SZEP_getWorkflowState.xml
View File

@ -1,13 +0,0 @@
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Body>
<m:getWorkflowState
xmlns:m="urn:MWAccess"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<arg0 xsi:type="xsd:string">%s</arg0>
</m:getWorkflowState>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

12
data/soap-xmls/SZEP_queryCard.xml
View File

@ -1,8 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?><StartWorkflow> <?xml version="1.0" encoding="UTF-8"?><StartWorkflow>
<TemplateName>BANKKARTYASZAMLAEGYENLEGLEKERDEZES</TemplateName><Variables> <TemplateName>BANKKARTYASZAMLAEGYENLEGLEKERDEZES</TemplateName><Variables>
<isClientCode>BANKKARTYASUGYFEL</isClientCode> <isClientCode>BANKKARTYASUGYFEL</isClientCode>
<isIdentificationData>%s</isIdentificationData> <isIdentificationData>%s</isIdentificationData>
<isSecretData>%s</isSecretData> <isSecretData>%s</isSecretData>
<isStartDate>%s</isStartDate> <isStartDate>%s</isStartDate>
<isEndDate>%s</isEndDate> <isEndDate>%s</isEndDate>
</Variables></StartWorkflow> </Variables></StartWorkflow>

4
data/soap-xmls/SZEP_startWorkflow.xml → data/soap-xmls/SZEP_startWorkflowSynch.xml
View File

@ -4,9 +4,9 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"> xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Body> <SOAP-ENV:Body>
<m:startWorkflow xmlns:m="urn:MWAccess" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <m:startWorkflowSynch xmlns:m="urn:MWAccess" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<arg0 xsi:type="xsd:string">SZEPKARTYASZAMLATORTENET</arg0> <arg0 xsi:type="xsd:string">SZEPKARTYASZAMLATORTENET</arg0>
<arg1 xsi:type="xsd:string"><![CDATA[%s]]></arg1> <arg1 xsi:type="xsd:string"><![CDATA[%s]]></arg1>
</m:startWorkflow> </m:startWorkflowSynch>
</SOAP-ENV:Body> </SOAP-ENV:Body>
</SOAP-ENV:Envelope> </SOAP-ENV:Envelope>

76
src/App/Service/SZEPManagerService.php
View File

@ -8,8 +8,7 @@ use GuzzleHttp\Client;
class SZEPManagerService class SZEPManagerService
{ {
const TEMPLATE_WORKFLOW_START = "data/soap-xmls/SZEP_startWorkflow.xml"; const TEMPLATE_WORKFLOW = "data/soap-xmls/SZEP_startWorkflowSynch.xml";
const TEMPLATE_WORKFLOW_STATE = "data/soap-xmls/SZEP_getWorkflowState.xml";
const TEMPLATE_QUERY_CARD = "data/soap-xmls/SZEP_queryCard.xml"; const TEMPLATE_QUERY_CARD = "data/soap-xmls/SZEP_queryCard.xml";
const CERTIFICATE_WEB_PATH = "https://www.otpbankdirekt.hu/homebank/mobilalkalmazas/certificate"; const CERTIFICATE_WEB_PATH = "https://www.otpbankdirekt.hu/homebank/mobilalkalmazas/certificate";
@ -23,6 +22,19 @@ class SZEPManagerService
const TAG_POCKET_FOOD = 'SZÉP kártya'; const TAG_POCKET_FOOD = 'SZÉP kártya';
const TAG_POCKET_SPORT = 'SZÉP kártya - szabadidő'; const TAG_POCKET_SPORT = 'SZÉP kártya - szabadidő';
const AES_KEY = [
11, 67, -99,-119,-110, -76, 76, -86,
-105, -40, -7, 73,-113, 126, -53,-100,
29, 52, 43, 98,-101, 41, 121, -68,
122, 40, 67,-123, -85, -61, 79,-107
];
const IV_PARAM = [
45, 84, 55, 96,
22,-119, 113, -64,
116, -64, 106, 56,
-100, 114,-123, -81
];
/** @var array */ /** @var array */
private $config; private $config;
@ -54,17 +66,16 @@ class SZEPManagerService
*/ */
public function pollRecent() public function pollRecent()
{ {
$workflowResult = $this->startWorkflow(); if (null !== ($pollResult = $this->getRecentXml())) {
$pollResult = $this->pollResult($workflowResult); $this->parseResult($pollResult);
$this->parseResult($pollResult); }
} }
/** /**
* Init the soap workflow
* @return string * @return string
* @throws \Exception * @throws \Exception
*/ */
private function startWorkflow(): string private function getRecentXml(): ?string
{ {
$certificate = $this->getCertificate(); $certificate = $this->getCertificate();
openssl_public_encrypt($this->config['szep.card'], $cryptCardId, $certificate, OPENSSL_PKCS1_PADDING); openssl_public_encrypt($this->config['szep.card'], $cryptCardId, $certificate, OPENSSL_PKCS1_PADDING);
@ -81,41 +92,20 @@ class SZEPManagerService
$endDate->format("Y.m.d") $endDate->format("Y.m.d")
); );
$soapXml = sprintf(file_get_contents(self::TEMPLATE_WORKFLOW_START), $query); $soapXml = sprintf(file_get_contents(self::TEMPLATE_WORKFLOW), $this->encryptPayload($query));
$soapResponseXml = $this->doSoapRequest($soapXml); try{
$soapResponseXml = $this->doSoapRequest($soapXml);
} catch (\Exception $e) {
return null;
}
$domDocument = new \DOMDocument(); $domDocument = new \DOMDocument();
$domDocument->loadXML($soapResponseXml); $domDocument->loadXML($soapResponseXml);
$documentXpath = new \DOMXPath($domDocument); $documentXpath = new \DOMXPath($domDocument);
/** @var \DOMElement $returnElement */ /** @var \DOMElement $returnElement */
$returnElement = $documentXpath->query('//return')->item(0); $returnElement = $documentXpath->query('//return/result')->item(0);
return $returnElement->textContent; return base64_decode($returnElement->textContent);
}
/**
* Poll until the result is ready
* @param string $workflowResult
* @return string
*/
private function pollResult(string $workflowResult): string
{
$soapXml = sprintf(file_get_contents(self::TEMPLATE_WORKFLOW_STATE), $workflowResult);
do {
sleep(1);
$soapResponseXml = $this->doSoapRequest($soapXml);
$domDocument = new \DOMDocument();
$domDocument->loadXML($soapResponseXml);
$documentXpath = new \DOMXPath($domDocument);
/** @var \DOMElement $completedElement */
$completedElement = $documentXpath->query('//completed')->item(0);
} while ($completedElement->textContent != "true");
/** @var \DOMElement $resultElement */
$resultElement = $documentXpath->query('//result')->item(0);
return base64_decode($resultElement->textContent);
} }
/** /**
@ -226,6 +216,20 @@ class SZEPManagerService
return $tags; return $tags;
} }
/**
* Returns AES encrypted base64 encoded $payload
* @param string $payload
* @param array $key
* @param array $iv
* @return string
*/
private function encryptPayload(string $payload, $key = self::AES_KEY, $iv = self::IV_PARAM): string
{
$aesKeyString = call_user_func_array("pack", array_merge(array("c*"), $key));
$ivParamStr = call_user_func_array("pack", array_merge(array("c*"), $iv));
return openssl_encrypt($payload, "AES-256-CBC", $aesKeyString, 0, $ivParamStr);
}
/** /**
* @param string $soapXml * @param string $soapXml
* @return string * @return string