active_accountability_merchant 1.97.1

data/lib/active_merchant/billing/gateways/nmi.rb

@@ -0,0 +1,324 @@
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    class NmiGateway < Gateway
+      include Empty
+
+      DUP_WINDOW_DEPRECATION_MESSAGE = 'The class-level duplicate_window variable is deprecated. Please use the :dup_seconds transaction option instead.'
+
+      self.test_url = self.live_url = 'https://secure.nmi.com/api/transact.php'
+      self.default_currency = 'USD'
+      self.money_format = :dollars
+      self.supported_countries = ['US']
+      self.supported_cardtypes = [:visa, :master, :american_express, :discover]
+      self.homepage_url = 'http://nmi.com/'
+      self.display_name = 'NMI'
+
+      def self.duplicate_window=(seconds)
+        ActiveMerchant.deprecated(DUP_WINDOW_DEPRECATION_MESSAGE)
+        @dup_seconds = seconds
+      end
+
+      def self.duplicate_window
+        instance_variable_defined?(:@dup_seconds) ? @dup_seconds : nil
+      end
+
+      def initialize(options = {})
+        requires!(options, :login, :password)
+        super
+      end
+
+      def purchase(amount, payment_method, options={})
+        post = {}
+        add_invoice(post, amount, options)
+        add_payment_method(post, payment_method, options)
+        add_stored_credential(post, options)
+        add_customer_data(post, options)
+        add_vendor_data(post, options)
+        add_merchant_defined_fields(post, options)
+        add_level3_fields(post, options)
+
+        commit('sale', post)
+      end
+
+      def authorize(amount, payment_method, options={})
+        post = {}
+        add_invoice(post, amount, options)
+        add_payment_method(post, payment_method, options)
+        add_stored_credential(post, options)
+        add_customer_data(post, options)
+        add_vendor_data(post, options)
+        add_merchant_defined_fields(post, options)
+        add_level3_fields(post, options)
+
+        commit('auth', post)
+      end
+
+      def capture(amount, authorization, options={})
+        post = {}
+        add_invoice(post, amount, options)
+        add_reference(post, authorization)
+        add_merchant_defined_fields(post, options)
+
+        commit('capture', post)
+      end
+
+      def void(authorization, options={})
+        post = {}
+        add_reference(post, authorization)
+        add_payment_type(post, authorization)
+
+        commit('void', post)
+      end
+
+      def refund(amount, authorization, options={})
+        post = {}
+        add_invoice(post, amount, options)
+        add_reference(post, authorization)
+        add_payment_type(post, authorization)
+
+        commit('refund', post)
+      end
+
+      def credit(amount, payment_method, options={})
+        post = {}
+        add_invoice(post, amount, options)
+        add_payment_method(post, payment_method, options)
+        add_customer_data(post, options)
+        add_vendor_data(post, options)
+        add_level3_fields(post, options)
+
+        commit('credit', post)
+      end
+
+      def verify(payment_method, options={})
+        post = {}
+        add_payment_method(post, payment_method, options)
+        add_customer_data(post, options)
+        add_vendor_data(post, options)
+        add_merchant_defined_fields(post, options)
+        add_level3_fields(post, options)
+
+        commit('validate', post)
+      end
+
+      def store(payment_method, options = {})
+        post = {}
+        add_invoice(post, nil, options)
+        add_payment_method(post, payment_method, options)
+        add_customer_data(post, options)
+        add_vendor_data(post, options)
+        add_merchant_defined_fields(post, options)
+
+        commit('add_customer', post)
+      end
+
+      def verify_credentials
+        response = void('0')
+        response.message != 'Authentication Failed'
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((password=)[^&\n]*), '\1[FILTERED]').
+          gsub(%r((ccnumber=)\d+), '\1[FILTERED]').
+          gsub(%r((cvv=)\d+), '\1[FILTERED]').
+          gsub(%r((checkaba=)\d+), '\1[FILTERED]').
+          gsub(%r((checkaccount=)\d+), '\1[FILTERED]').
+          gsub(%r((cryptogram=)[^&]+(&?)), '\1[FILTERED]\2')
+      end
+
+      def supports_network_tokenization?
+        true
+      end
+
+      private
+
+      def add_level3_fields(post, options)
+        add_fields_to_post_if_present(post, options, [:tax, :shipping, :ponumber])
+      end
+
+      def add_invoice(post, money, options)
+        post[:amount] = amount(money)
+        post[:orderid] = options[:order_id]
+        post[:orderdescription] = options[:description]
+        post[:currency] = options[:currency] || currency(money)
+        post[:billing_method] = 'recurring' if options[:recurring]
+        if (dup_seconds = (options[:dup_seconds] || self.class.duplicate_window))
+          post[:dup_seconds] = dup_seconds
+        end
+      end
+
+      def add_payment_method(post, payment_method, options)
+        if(payment_method.is_a?(String))
+          customer_vault_id, _ = split_authorization(payment_method)
+          post[:customer_vault_id] = customer_vault_id
+        elsif payment_method.is_a?(NetworkTokenizationCreditCard)
+          post[:ccnumber] = payment_method.number
+          post[:ccexp] = exp_date(payment_method)
+          post[:token_cryptogram] = payment_method.payment_cryptogram
+        elsif(card_brand(payment_method) == 'check')
+          post[:payment] = 'check'
+          post[:firstname] = payment_method.first_name
+          post[:lastname] = payment_method.last_name
+          post[:checkname] = payment_method.name
+          post[:checkaba] = payment_method.routing_number
+          post[:checkaccount] = payment_method.account_number
+          post[:account_holder_type] = payment_method.account_holder_type
+          post[:account_type] = payment_method.account_type
+          post[:sec_code] = options[:sec_code] || 'WEB'
+        else
+          post[:payment] = 'creditcard'
+          post[:firstname] = payment_method.first_name
+          post[:lastname] = payment_method.last_name
+          post[:ccnumber] = payment_method.number
+          post[:cvv] = payment_method.verification_value unless empty?(payment_method.verification_value)
+          post[:ccexp] = exp_date(payment_method)
+        end
+      end
+
+      def add_stored_credential(post, options)
+        return unless (stored_credential = options[:stored_credential])
+
+        if stored_credential[:initiator] == 'cardholder'
+          post[:initiated_by] = 'customer'
+        else
+          post[:initiated_by] = 'merchant'
+        end
+
+        # :reason_type, when provided, overrides anything previously set in
+        # post[:billing_method] (see `add_invoice` and the :recurring) option
+        case stored_credential[:reason_type]
+        when 'recurring'
+          post[:billing_method] = 'recurring'
+        when 'installment'
+          post[:billing_method] = 'installment'
+        when 'unscheduled'
+          post.delete(:billing_method)
+        end
+
+        if stored_credential[:initial_transaction]
+          post[:stored_credential_indicator] = 'stored'
+        else
+          post[:stored_credential_indicator] = 'used'
+          post[:initial_transaction_id] = stored_credential[:network_transaction_id]
+        end
+      end
+
+      def add_customer_data(post, options)
+        post[:email] = options[:email]
+        post[:ipaddress] = options[:ip]
+        post[:customer_id] = options[:customer_id] || options[:customer]
+
+        if(billing_address = options[:billing_address] || options[:address])
+          post[:company] = billing_address[:company]
+          post[:address1] = billing_address[:address1]
+          post[:address2] = billing_address[:address2]
+          post[:city] = billing_address[:city]
+          post[:state] = billing_address[:state]
+          post[:country] = billing_address[:country]
+          post[:zip]    = billing_address[:zip]
+          post[:phone] = billing_address[:phone]
+        end
+
+        if(shipping_address = options[:shipping_address])
+          post[:shipping_company] = shipping_address[:company]
+          post[:shipping_address1] = shipping_address[:address1]
+          post[:shipping_address2] = shipping_address[:address2]
+          post[:shipping_city] = shipping_address[:city]
+          post[:shipping_state] = shipping_address[:state]
+          post[:shipping_country] = shipping_address[:country]
+          post[:shipping_zip]    = shipping_address[:zip]
+          post[:shipping_phone] = shipping_address[:phone]
+        end
+      end
+
+      def add_vendor_data(post, options)
+        post[:vendor_id] = options[:vendor_id] if options[:vendor_id]
+        post[:processor_id] = options[:processor_id] if options[:processor_id]
+      end
+
+      def add_merchant_defined_fields(post, options)
+        (1..20).each do |each|
+          key = "merchant_defined_field_#{each}".to_sym
+          post[key] = options[key] if options[key]
+        end
+      end
+
+      def add_reference(post, authorization)
+        transaction_id, _ = split_authorization(authorization)
+        post[:transactionid] = transaction_id
+      end
+
+      def add_payment_type(post, authorization)
+        _, payment_type = split_authorization(authorization)
+        post[:payment] = payment_type if payment_type
+      end
+
+      def exp_date(payment_method)
+        "#{format(payment_method.month, :two_digits)}#{format(payment_method.year, :two_digits)}"
+      end
+
+      def commit(action, params)
+        params[action == 'add_customer' ? :customer_vault : :type] = action
+        params[:username] = @options[:login]
+        params[:password] = @options[:password]
+
+        raw_response = ssl_post(url, post_data(action, params), headers)
+        response = parse(raw_response)
+        succeeded = success_from(response)
+
+        Response.new(
+          succeeded,
+          message_from(succeeded, response),
+          response,
+          authorization: authorization_from(response, params[:payment], action),
+          avs_result: AVSResult.new(code: response[:avsresponse]),
+          cvv_result: CVVResult.new(response[:cvvresponse]),
+          test: test?
+        )
+      end
+
+      def authorization_from(response, payment_type, action)
+        authorization = (action == 'add_customer' ? response[:customer_vault_id] : response[:transactionid])
+        [ authorization, payment_type ].join('#')
+      end
+
+      def split_authorization(authorization)
+        authorization.split('#')
+      end
+
+      def headers
+        { 'Content-Type'  => 'application/x-www-form-urlencoded;charset=UTF-8' }
+      end
+
+      def post_data(action, params)
+        params.map { |k, v| "#{k}=#{CGI.escape(v.to_s)}" }.join('&')
+      end
+
+      def url
+        test? ? test_url : live_url
+      end
+
+      def parse(body)
+        Hash[CGI::parse(body).map { |k, v| [k.intern, v.first] }]
+      end
+
+      def success_from(response)
+        response[:response] == '1'
+      end
+
+      def message_from(succeeded, response)
+        if succeeded
+          'Succeeded'
+        else
+          response[:responsetext]
+        end
+      end
+
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/ogone.rb

@@ -0,0 +1,478 @@
+# coding: utf-8
+
+require 'rexml/document'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    # = Ogone DirectLink Gateway
+    #
+    # DirectLink is the API version of the Ogone Payment Platform. It allows server to server
+    # communication between Ogone systems and your e-commerce website.
+    #
+    # This implementation follows the specification provided in the DirectLink integration
+    # guide version 4.3.0 (25 April 2012), available here:
+    # https://secure.ogone.com/ncol/Ogone_DirectLink_EN.pdf
+    #
+    # It also features aliases, which allow to store/unstore credit cards, as specified in
+    # the Alias Manager Option guide version 3.2.1 (25 April 2012) available here:
+    # https://secure.ogone.com/ncol/Ogone_Alias_EN.pdf
+    #
+    # It also implements the 3-D Secure feature, as specified in the DirectLink with
+    # 3-D Secure guide version 3.0 (25 April 2012) available here:
+    # https://secure.ogone.com/ncol/Ogone_DirectLink-3-D_EN.pdf
+    #
+    # It was last tested on Release 4.92 of Ogone DirectLink + AliasManager + Direct Link 3D
+    # (25 April 2012).
+    #
+    # For any questions or comments, please contact one of the following:
+    # - Joel Cogen (joel.cogen@belighted.com)
+    # - Nicolas Jacobeus (nicolas.jacobeus@belighted.com),
+    # - Sébastien Grosjean (public@zencocoon.com),
+    # - Rémy Coutable (remy@jilion.com).
+    #
+    # == Usage
+    #
+    #   gateway = ActiveMerchant::Billing::OgoneGateway.new(
+    #     :login               => "my_ogone_psp_id",
+    #     :user                => "my_ogone_user_id",
+    #     :password            => "my_ogone_pswd",
+    #     :signature           => "my_ogone_sha_signature", # Only if you configured your Ogone environment so.
+    #     :signature_encryptor => "sha512"                  # Can be "none" (default), "sha1", "sha256" or "sha512".
+    #                                                       # Must be the same as the one configured in your Ogone account.
+    #   )
+    #
+    #   # set up credit card object as in main ActiveMerchant example
+    #   creditcard = ActiveMerchant::Billing::CreditCard.new(
+    #     :type       => 'visa',
+    #     :number     => '4242424242424242',
+    #     :month      => 8,
+    #     :year       => 2009,
+    #     :first_name => 'Bob',
+    #     :last_name  => 'Bobsen'
+    #   )
+    #
+    #   # run request
+    #   response = gateway.purchase(1000, creditcard, :order_id => "1") # charge 10 EUR
+    #
+    #   If you don't provide an :order_id, the gateway will generate a random one for you.
+    #
+    #   puts response.success?      # Check whether the transaction was successful
+    #   puts response.message       # Retrieve the message returned by Ogone
+    #   puts response.authorization # Retrieve the unique transaction ID returned by Ogone
+    #   puts response.order_id      # Retrieve the order ID
+    #
+    # == Alias feature
+    #
+    #   To use the alias feature, simply add :billing_id in the options hash:
+    #
+    #   # Associate the alias to that credit card
+    #   gateway.purchase(1000, creditcard, :order_id => "1", :billing_id => "myawesomecustomer")
+    #
+    #   # You can use the alias instead of the credit card for subsequent orders
+    #   gateway.purchase(2000, "myawesomecustomer", :order_id => "2")
+    #
+    #   # You can also create an alias without making a purchase using store
+    #   gateway.store(creditcard, :billing_id => "myawesomecustomer")
+    #
+    #   # When using store, you can also let Ogone generate the alias for you
+    #   response = gateway.store(creditcard)
+    #   puts response.billing_id # Retrieve the generated alias
+    #
+    #   # By default, Ogone tries to authorize 0.01 EUR but you can change this
+    #   # amount using the :store_amount option when creating the gateway object:
+    #   gateway = ActiveMerchant::Billing::OgoneGateway.new(
+    #     :login               => "my_ogone_psp_id",
+    #     :user                => "my_ogone_user_id",
+    #     :password            => "my_ogone_pswd",
+    #     :signature           => "my_ogone_sha_signature",
+    #     :signature_encryptor => "sha512",
+    #     :store_amount        => 100 # The store method will try to authorize 1 EUR instead of 0.01 EUR
+    #   )
+    #   response = gateway.store(creditcard) # authorize 1 EUR and void the authorization right away
+    #
+    # == 3-D Secure feature
+    #
+    #   To use the 3-D Secure feature, simply add :d3d => true in the options hash:
+    #   gateway.purchase(2000, "myawesomecustomer", :order_id => "2", :d3d => true)
+    #
+    #   Specific 3-D Secure request options are (please refer to the documentation for more infos about these options):
+    #     :win_3ds         => :main_window (default), :pop_up or :pop_ix.
+    #     :http_accept     => "*/*" (default), or any other HTTP_ACCEPT header value.
+    #     :http_user_agent => The cardholder's User-Agent string
+    #     :accept_url      => URL of the web page to show the customer when the payment is authorized.
+    #                         (or waiting to be authorized).
+    #     :decline_url     => URL of the web page to show the customer when the acquirer rejects the authorization
+    #                         more than the maximum permitted number of authorization attempts (10 by default, but can
+    #                         be changed in the "Global transaction parameters" tab, "Payment retry" section of the
+    #                         Technical Information page).
+    #     :exception_url   => URL of the web page to show the customer when the payment result is uncertain.
+    #     :paramplus       => Field to submit the miscellaneous parameters and their values that you wish to be
+    #                         returned in the post sale request or final redirection.
+    #     :complus         => Field to submit a value you wish to be returned in the post sale request or output.
+    #     :language        => Customer's language, for example: "en_EN"
+    #
+    class OgoneGateway < Gateway
+      CVV_MAPPING = { 'OK' => 'M',
+                      'KO' => 'N',
+                      'NO' => 'P' }
+
+      AVS_MAPPING = { 'OK' => 'M',
+                      'KO' => 'N',
+                      'NO' => 'R' }
+
+      SUCCESS_MESSAGE = 'The transaction was successful'
+
+      THREE_D_SECURE_DISPLAY_WAYS = { :main_window => 'MAINW',  # display the identification page in the main window (default value).
+
+                                      :pop_up      => 'POPUP',  # display the identification page in a pop-up window and return to the main window at the end.
+                                      :pop_ix      => 'POPIX' } # display the identification page in a pop-up window and remain in the pop-up window.
+
+      OGONE_NO_SIGNATURE_DEPRECATION_MESSAGE   = 'Signature usage will be the default for a future release of ActiveMerchant. You should either begin using it, or update your configuration to explicitly disable it (signature_encryptor: none)'
+      OGONE_STORE_OPTION_DEPRECATION_MESSAGE   = "The 'store' option has been renamed to 'billing_id', and its usage is deprecated."
+
+      self.test_url = 'https://secure.ogone.com/ncol/test/'
+      self.live_url = 'https://secure.ogone.com/ncol/prod/'
+
+      self.supported_countries = ['BE', 'DE', 'FR', 'NL', 'AT', 'CH']
+      # also supports Airplus and UATP
+      self.supported_cardtypes = [:visa, :master, :american_express, :diners_club, :discover, :jcb, :maestro]
+      self.homepage_url = 'http://www.ogone.com/'
+      self.display_name = 'Ogone'
+      self.default_currency = 'EUR'
+      self.money_format = :cents
+
+      def initialize(options = {})
+        requires!(options, :login, :user, :password)
+        super
+      end
+
+      # Verify and reserve the specified amount on the account, without actually doing the transaction.
+      def authorize(money, payment_source, options = {})
+        post = {}
+        action = payment_source.brand == 'mastercard' ? 'PAU' : 'RES'
+        add_invoice(post, options)
+        add_payment_source(post, payment_source, options)
+        add_address(post, payment_source, options)
+        add_customer_data(post, options)
+        add_money(post, money, options)
+        commit(action, post)
+      end
+
+      # Verify and transfer the specified amount.
+      def purchase(money, payment_source, options = {})
+        post   = {}
+        action = options[:action] || 'SAL'
+        add_invoice(post, options)
+        add_payment_source(post, payment_source, options)
+        add_address(post, payment_source, options)
+        add_customer_data(post, options)
+        add_money(post, money, options)
+        commit(action, post)
+      end
+
+      # Complete a previously authorized transaction.
+      def capture(money, authorization, options = {})
+        post   = {}
+        action = options[:action] || 'SAL'
+        add_authorization(post, reference_from(authorization))
+        add_invoice(post, options)
+        add_customer_data(post, options)
+        add_money(post, money, options)
+        commit(action, post)
+      end
+
+      # Cancels a previously authorized transaction.
+      def void(identification, options = {})
+        post = {}
+        add_authorization(post, reference_from(identification))
+        commit('DES', post)
+      end
+
+      # Credit the specified account by a specific amount.
+      def credit(money, identification_or_credit_card, options = {})
+        if reference_transaction?(identification_or_credit_card)
+          ActiveMerchant.deprecated CREDIT_DEPRECATION_MESSAGE
+          # Referenced credit: refund of a settled transaction
+          refund(money, identification_or_credit_card, options)
+        else # must be a credit card or card reference
+          perform_non_referenced_credit(money, identification_or_credit_card, options)
+        end
+      end
+
+      # Refund of a settled transaction
+      def refund(money, reference, options = {})
+        perform_reference_credit(money, reference, options)
+      end
+
+      def verify(credit_card, options={})
+        MultiResponse.run(:use_first_response) do |r|
+          r.process { authorize(100, credit_card, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
+
+      # Store a credit card by creating an Ogone Alias
+      def store(payment_source, options = {})
+        options[:alias_operation] = 'BYPSP' unless(options.has_key?(:billing_id) || options.has_key?(:store))
+        response = authorize(@options[:store_amount] || 1, payment_source, options)
+        void(response.authorization) if response.success?
+        response
+      end
+
+      def supports_scrubbing?
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
+          gsub(%r((&?cardno=)[^&]*)i, '\1[FILTERED]').
+          gsub(%r((&?cvc=)[^&]*)i, '\1[FILTERED]').
+          gsub(%r((&?pswd=)[^&]*)i, '\1[FILTERED]')
+      end
+
+      private
+
+      def reference_from(authorization)
+        authorization.split(';').first
+      end
+
+      def reference_transaction?(identifier)
+        return false unless identifier.is_a?(String)
+        _, action = identifier.split(';')
+        !action.nil?
+      end
+
+      def perform_reference_credit(money, payment_target, options = {})
+        post = {}
+        add_authorization(post, reference_from(payment_target))
+        add_money(post, money, options)
+        commit('RFD', post)
+      end
+
+      def perform_non_referenced_credit(money, payment_target, options = {})
+        # Non-referenced credit: acts like a reverse purchase
+        post = {}
+        add_invoice(post, options)
+        add_payment_source(post, payment_target, options)
+        add_address(post, payment_target, options)
+        add_customer_data(post, options)
+        add_money(post, money, options)
+        commit('RFD', post)
+      end
+
+      def add_payment_source(post, payment_source, options)
+        add_d3d(post, options) if options[:d3d]
+
+        if payment_source.is_a?(String)
+          add_alias(post, payment_source, options[:alias_operation])
+          add_eci(post, options[:eci] || '9')
+        else
+          if options.has_key?(:store)
+            ActiveMerchant.deprecated OGONE_STORE_OPTION_DEPRECATION_MESSAGE
+            options[:billing_id] ||= options[:store]
+          end
+          add_alias(post, options[:billing_id], options[:alias_operation])
+          add_eci(post, options[:eci] || '7')
+          add_creditcard(post, payment_source)
+        end
+      end
+
+      def add_d3d(post, options)
+        add_pair post, 'FLAG3D', 'Y'
+        win_3ds = THREE_D_SECURE_DISPLAY_WAYS.key?(options[:win_3ds]) ?
+          THREE_D_SECURE_DISPLAY_WAYS[options[:win_3ds]] :
+          THREE_D_SECURE_DISPLAY_WAYS[:main_window]
+        add_pair post, 'WIN3DS', win_3ds
+
+        add_pair post, 'HTTP_ACCEPT',     options[:http_accept] || '*/*'
+        add_pair post, 'HTTP_USER_AGENT', options[:http_user_agent] if options[:http_user_agent]
+        add_pair post, 'ACCEPTURL',       options[:accept_url]      if options[:accept_url]
+        add_pair post, 'DECLINEURL',      options[:decline_url]     if options[:decline_url]
+        add_pair post, 'EXCEPTIONURL',    options[:exception_url]   if options[:exception_url]
+        add_pair post, 'CANCELURL',       options[:cancel_url]      if options[:cancel_url]
+        add_pair post, 'PARAMVAR',        options[:paramvar]       if options[:paramvar]
+        add_pair post, 'PARAMPLUS',       options[:paramplus]       if options[:paramplus]
+        add_pair post, 'COMPLUS',         options[:complus]         if options[:complus]
+        add_pair post, 'LANGUAGE',        options[:language]        if options[:language]
+      end
+
+      def add_eci(post, eci)
+        add_pair post, 'ECI', eci.to_s
+      end
+
+      def add_alias(post, alias_name, alias_operation = nil)
+        add_pair post, 'ALIAS', alias_name
+        add_pair post, 'ALIASOPERATION', alias_operation unless alias_operation.nil?
+      end
+
+      def add_authorization(post, authorization)
+        add_pair post, 'PAYID', authorization
+      end
+
+      def add_money(post, money, options)
+        add_pair post, 'currency', options[:currency] || @options[:currency] || currency(money)
+        add_pair post, 'amount',   amount(money)
+      end
+
+      def add_customer_data(post, options)
+        add_pair post, 'EMAIL',       options[:email]
+        add_pair post, 'REMOTE_ADDR', options[:ip]
+      end
+
+      def add_address(post, creditcard, options)
+        return unless options[:billing_address]
+        add_pair post, 'Owneraddress', options[:billing_address][:address1]
+        add_pair post, 'OwnerZip',     options[:billing_address][:zip]
+        add_pair post, 'ownertown',    options[:billing_address][:city]
+        add_pair post, 'ownercty',     options[:billing_address][:country]
+        add_pair post, 'ownertelno',   options[:billing_address][:phone]
+      end
+
+      def add_invoice(post, options)
+        add_pair post, 'orderID', options[:order_id] || generate_unique_id[0...30]
+        add_pair post, 'COM',     options[:description]
+        add_pair post, 'ORIG',    options[:origin] if options[:origin]
+      end
+
+      def add_creditcard(post, creditcard)
+        add_pair post, 'CN',     creditcard.name
+        add_pair post, 'CARDNO', creditcard.number
+        add_pair post, 'ED',     '%02d%02s' % [creditcard.month, creditcard.year.to_s[-2..-1]]
+        add_pair post, 'CVC',    creditcard.verification_value
+      end
+
+      def parse(body)
+        xml_root = REXML::Document.new(body).root
+        response = convert_attributes_to_hash(xml_root.attributes)
+
+        # Add HTML_ANSWER element (3-D Secure specific to the response's params)
+        # Note: HTML_ANSWER is not an attribute so we add it "by hand" to the response
+        if html_answer = REXML::XPath.first(xml_root, '//HTML_ANSWER')
+          response['HTML_ANSWER'] = html_answer.text
+        end
+
+        response
+      end
+
+      def commit(action, parameters)
+        add_pair parameters, 'RTIMEOUT', @options[:timeout] if @options[:timeout]
+        add_pair parameters, 'PSPID',  @options[:login]
+        add_pair parameters, 'USERID', @options[:user]
+        add_pair parameters, 'PSWD',   @options[:password]
+
+        response = parse(ssl_post(url(parameters['PAYID']), post_data(action, parameters)))
+
+        options = {
+          :authorization => [response['PAYID'], action].join(';'),
+          :test          => test?,
+          :avs_result    => { :code => AVS_MAPPING[response['AAVCheck']] },
+          :cvv_result    => CVV_MAPPING[response['CVCCheck']]
+        }
+        OgoneResponse.new(successful?(response), message_from(response), response, options)
+      end
+
+      def url(payid)
+        (test? ? test_url : live_url) + (payid ? 'maintenancedirect.asp' : 'orderdirect.asp')
+      end
+
+      def successful?(response)
+        response['NCERROR'] == '0'
+      end
+
+      def message_from(response)
+        if successful?(response)
+          SUCCESS_MESSAGE
+        else
+          format_error_message(response['NCERRORPLUS'])
+        end
+      end
+
+      def format_error_message(message)
+        raw_message = message.to_s.strip
+        case raw_message
+        when /\|/
+          raw_message.split('|').join(', ').capitalize
+        when /\//
+          raw_message.split('/').first.to_s.capitalize
+        else
+          raw_message.to_s.capitalize
+        end
+      end
+
+      def post_data(action, parameters = {})
+        add_pair parameters, 'Operation', action
+        add_signature(parameters)
+        parameters.to_query
+      end
+
+      def add_signature(parameters)
+        if @options[:signature].blank?
+          ActiveMerchant.deprecated(OGONE_NO_SIGNATURE_DEPRECATION_MESSAGE) unless(@options[:signature_encryptor] == 'none')
+          return
+        end
+
+        add_pair parameters, 'SHASign', calculate_signature(parameters, @options[:signature_encryptor], @options[:signature])
+      end
+
+      def calculate_signature(signed_parameters, algorithm, secret)
+        return legacy_calculate_signature(signed_parameters, secret) unless algorithm
+
+        sha_encryptor = case algorithm
+        when 'sha256'
+          Digest::SHA256
+        when 'sha512'
+          Digest::SHA512
+        when 'sha1'
+          Digest::SHA1
+        else
+          raise "Unknown signature algorithm #{algorithm}"
+        end
+
+        filtered_params = signed_parameters.select { |k, v| !v.blank? }
+        sha_encryptor.hexdigest(
+          filtered_params.sort_by { |k, v| k.upcase }.map { |k, v| "#{k.upcase}=#{v}#{secret}" }.join('')
+        ).upcase
+      end
+
+      def legacy_calculate_signature(parameters, secret)
+        Digest::SHA1.hexdigest(
+          (
+            %w(
+              orderID
+              amount
+              currency
+              CARDNO
+              PSPID
+              Operation
+              ALIAS
+            ).map { |key| parameters[key] } +
+            [secret]
+          ).join('')
+        ).upcase
+      end
+
+      def add_pair(post, key, value)
+        post[key] = value if !value.blank?
+      end
+
+      def convert_attributes_to_hash(rexml_attributes)
+        response_hash = {}
+        rexml_attributes.each do |key, value|
+          response_hash[key] = value
+        end
+        response_hash
+      end
+    end
+
+    class OgoneResponse < Response
+      def order_id
+        @params['orderID']
+      end
+
+      def billing_id
+        @params['ALIAS']
+      end
+    end
+  end
+end