active_accountability_merchant 1.97.1

data/lib/active_merchant/billing/gateways/realex.rb

@@ -0,0 +1,374 @@
+require 'nokogiri'
+require 'digest/sha1'
+
+module ActiveMerchant
+  module Billing
+    # Realex is the leading CC gateway in Ireland
+    # see http://www.realexpayments.com
+    # Contributed by John Ward (john@ward.name)
+    # see http://thinedgeofthewedge.blogspot.com
+    #
+    # Realex works using the following
+    # login - The unique id of the merchant
+    # password - The secret is used to digitally sign the request
+    # account - This is an optional third part of the authentication process
+    # and is used if the merchant wishes do distinguish cc traffic from the different sources
+    # by using a different account. This must be created in advance
+    #
+    # the Realex team decided to make the orderid unique per request,
+    # so if validation fails you can not correct and resend using the
+    # same order id
+    class RealexGateway < Gateway
+      self.live_url = self.test_url = 'https://epage.payandshop.com/epage-remote.cgi'
+
+      CARD_MAPPING = {
+        'master'            => 'MC',
+        'visa'              => 'VISA',
+        'american_express'  => 'AMEX',
+        'diners_club'       => 'DINERS',
+        'maestro'           => 'MC'
+      }
+
+      self.money_format = :cents
+      self.default_currency = 'EUR'
+      self.supported_cardtypes = [ :visa, :master, :american_express, :diners_club ]
+      self.supported_countries = %w(IE GB FR BE NL LU IT US CA ES)
+      self.homepage_url = 'http://www.realexpayments.com/'
+      self.display_name = 'Realex'
+
+      SUCCESS, DECLINED          = 'Successful', 'Declined'
+      BANK_ERROR = REALEX_ERROR  = 'Gateway is in maintenance. Please try again later.'
+      ERROR = CLIENT_DEACTIVATED = 'Gateway Error'
+
+      def initialize(options = {})
+        requires!(options, :login, :password)
+        options[:refund_hash] = Digest::SHA1.hexdigest(options[:rebate_secret]) if options[:rebate_secret].present?
+        options[:credit_hash] = Digest::SHA1.hexdigest(options[:refund_secret]) if options[:refund_secret].present?
+        super
+      end
+
+      def purchase(money, credit_card, options = {})
+        requires!(options, :order_id)
+
+        request = build_purchase_or_authorization_request(:purchase, money, credit_card, options)
+        commit(request)
+      end
+
+      def authorize(money, creditcard, options = {})
+        requires!(options, :order_id)
+
+        request = build_purchase_or_authorization_request(:authorization, money, creditcard, options)
+        commit(request)
+      end
+
+      def capture(money, authorization, options = {})
+        request = build_capture_request(money, authorization, options)
+        commit(request)
+      end
+
+      def refund(money, authorization, options = {})
+        request = build_refund_request(money, authorization, options)
+        commit(request)
+      end
+
+      def credit(money, creditcard, options = {})
+        request = build_credit_request(money, creditcard, options)
+        commit(request)
+      end
+
+      def void(authorization, options = {})
+        request = build_void_request(authorization, options)
+        commit(request)
+      end
+
+      def verify(credit_card, options = {})
+        requires!(options, :order_id)
+
+        request = build_verify_request(credit_card, options)
+        commit(request)
+      end
+
+      def supports_scrubbing
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
+          gsub(%r((<number>)\d+(</number>))i, '\1[FILTERED]\2')
+      end
+
+      private
+
+      def commit(request)
+        response = parse(ssl_post(self.live_url, request))
+
+        Response.new(
+          (response[:result] == '00'),
+          message_from(response),
+          response,
+          :test => (response[:message] =~ %r{\[ test system \]}),
+          :authorization => authorization_from(response),
+          avs_result: AVSResult.new(code: response[:avspostcoderesponse]),
+          cvv_result: CVVResult.new(response[:cvnresult])
+        )
+      end
+
+      def parse(xml)
+        response = {}
+
+        doc = Nokogiri::XML(xml)
+        doc.xpath('//response/*').each do |node|
+          if node.elements.size == 0
+            response[node.name.downcase.to_sym] = normalize(node.text)
+          else
+            node.elements.each do |childnode|
+              name = "#{node.name.downcase}_#{childnode.name.downcase}"
+              response[name.to_sym] = normalize(childnode.text)
+            end
+          end
+        end unless doc.root.nil?
+
+        response
+      end
+
+      def authorization_from(parsed)
+        [parsed[:orderid], parsed[:pasref], parsed[:authcode]].join(';')
+      end
+
+      def build_purchase_or_authorization_request(action, money, credit_card, options)
+        timestamp = new_timestamp
+        xml = Builder::XmlMarkup.new :indent => 2
+        xml.tag! 'request', 'timestamp' => timestamp, 'type' => 'auth' do
+          add_merchant_details(xml, options)
+          xml.tag! 'orderid', sanitize_order_id(options[:order_id])
+          add_amount(xml, money, options)
+          add_card(xml, credit_card)
+          xml.tag! 'autosettle', 'flag' => auto_settle_flag(action)
+          add_signed_digest(xml, timestamp, @options[:login], sanitize_order_id(options[:order_id]), amount(money), (options[:currency] || currency(money)), credit_card.number)
+          if credit_card.is_a?(NetworkTokenizationCreditCard)
+            add_network_tokenization_card(xml, credit_card)
+          else
+            add_three_d_secure(xml, options)
+          end
+          add_comments(xml, options)
+          add_address_and_customer_info(xml, options)
+        end
+        xml.target!
+      end
+
+      def build_capture_request(money, authorization, options)
+        timestamp = new_timestamp
+        xml = Builder::XmlMarkup.new :indent => 2
+        xml.tag! 'request', 'timestamp' => timestamp, 'type' => 'settle' do
+          add_merchant_details(xml, options)
+          add_amount(xml, money, options)
+          add_transaction_identifiers(xml, authorization, options)
+          add_comments(xml, options)
+          add_signed_digest(xml, timestamp, @options[:login], sanitize_order_id(options[:order_id]), amount(money), (options[:currency] || currency(money)), nil)
+        end
+        xml.target!
+      end
+
+      def build_refund_request(money, authorization, options)
+        timestamp = new_timestamp
+        xml = Builder::XmlMarkup.new :indent => 2
+        xml.tag! 'request', 'timestamp' => timestamp, 'type' => 'rebate' do
+          add_merchant_details(xml, options)
+          add_transaction_identifiers(xml, authorization, options)
+          xml.tag! 'amount', amount(money), 'currency' => options[:currency] || currency(money)
+          xml.tag! 'refundhash', @options[:refund_hash] if @options[:refund_hash]
+          xml.tag! 'autosettle', 'flag' => 1
+          add_comments(xml, options)
+          add_signed_digest(xml, timestamp, @options[:login], sanitize_order_id(options[:order_id]), amount(money), (options[:currency] || currency(money)), nil)
+        end
+        xml.target!
+      end
+
+      def build_credit_request(money, credit_card, options)
+        timestamp = new_timestamp
+        xml = Builder::XmlMarkup.new :indent => 2
+        xml.tag! 'request', 'timestamp' => timestamp, 'type' => 'credit' do
+          add_merchant_details(xml, options)
+          xml.tag! 'orderid', sanitize_order_id(options[:order_id])
+          add_amount(xml, money, options)
+          add_card(xml, credit_card)
+          xml.tag! 'refundhash', @options[:credit_hash] if @options[:credit_hash]
+          xml.tag! 'autosettle', 'flag' => 1
+          add_comments(xml, options)
+          add_signed_digest(xml, timestamp, @options[:login], sanitize_order_id(options[:order_id]), amount(money), (options[:currency] || currency(money)), credit_card.number)
+        end
+        xml.target!
+      end
+
+      def build_void_request(authorization, options)
+        timestamp = new_timestamp
+        xml = Builder::XmlMarkup.new :indent => 2
+        xml.tag! 'request', 'timestamp' => timestamp, 'type' => 'void' do
+          add_merchant_details(xml, options)
+          add_transaction_identifiers(xml, authorization, options)
+          add_comments(xml, options)
+          add_signed_digest(xml, timestamp, @options[:login], sanitize_order_id(options[:order_id]), nil, nil, nil)
+        end
+        xml.target!
+      end
+
+      # Verify initiates an OTB (Open To Buy) request
+      def build_verify_request(credit_card, options)
+        timestamp = new_timestamp
+        xml = Builder::XmlMarkup.new :indent => 2
+        xml.tag! 'request', 'timestamp' => timestamp, 'type' => 'otb' do
+          add_merchant_details(xml, options)
+          xml.tag! 'orderid', sanitize_order_id(options[:order_id])
+          add_card(xml, credit_card)
+          add_comments(xml, options)
+          add_signed_digest(xml, timestamp, @options[:login], sanitize_order_id(options[:order_id]), credit_card.number)
+        end
+        xml.target!
+      end
+
+      def add_address_and_customer_info(xml, options)
+        billing_address = options[:billing_address] || options[:address]
+        shipping_address = options[:shipping_address]
+
+        return unless billing_address || shipping_address || options[:customer] || options[:invoice] || options[:ip]
+
+        xml.tag! 'tssinfo' do
+          xml.tag! 'custnum', options[:customer] if options[:customer]
+          xml.tag! 'prodid', options[:invoice] if options[:invoice]
+          xml.tag! 'custipaddress', options[:ip] if options[:ip]
+
+          if billing_address
+            xml.tag! 'address', 'type' => 'billing' do
+              xml.tag! 'code', format_address_code(billing_address)
+              xml.tag! 'country', billing_address[:country]
+            end
+          end
+
+          if shipping_address
+            xml.tag! 'address', 'type' => 'shipping' do
+              xml.tag! 'code', format_address_code(shipping_address)
+              xml.tag! 'country', shipping_address[:country]
+            end
+          end
+        end
+      end
+
+      def add_merchant_details(xml, options)
+        xml.tag! 'merchantid', @options[:login]
+        if options[:account] || @options[:account]
+          xml.tag! 'account', (options[:account] || @options[:account])
+        end
+      end
+
+      def add_transaction_identifiers(xml, authorization, options)
+        options[:order_id], pasref, authcode = authorization.split(';')
+        xml.tag! 'orderid', sanitize_order_id(options[:order_id])
+        xml.tag! 'pasref', pasref
+        xml.tag! 'authcode', authcode
+      end
+
+      def add_comments(xml, options)
+        return unless options[:description]
+        xml.tag! 'comments' do
+          xml.tag! 'comment', options[:description], 'id' => 1
+        end
+      end
+
+      def add_amount(xml, money, options)
+        xml.tag! 'amount', amount(money), 'currency' => options[:currency] || currency(money)
+      end
+
+      def add_card(xml, credit_card)
+        xml.tag! 'card' do
+          xml.tag! 'number', credit_card.number
+          xml.tag! 'expdate', expiry_date(credit_card)
+          xml.tag! 'chname', credit_card.name
+          xml.tag! 'type', CARD_MAPPING[card_brand(credit_card).to_s]
+          xml.tag! 'issueno', ''
+          xml.tag! 'cvn' do
+            xml.tag! 'number', credit_card.verification_value
+            xml.tag! 'presind', (options['presind'] || (credit_card.verification_value? ? 1 : nil))
+          end
+        end
+      end
+
+      def add_network_tokenization_card(xml, payment)
+        xml.tag! 'mpi' do
+          xml.tag! 'cavv', payment.payment_cryptogram
+          xml.tag! 'eci', payment.eci
+        end
+        xml.tag! 'supplementarydata' do
+          xml.tag! 'item', 'type' => 'mobile' do
+            xml.tag! 'field01', payment.source.to_s.gsub('_', '-')
+          end
+        end
+      end
+
+      def add_three_d_secure(xml, options)
+        return unless three_d_secure = options[:three_d_secure]
+        version = three_d_secure.fetch(:version, '')
+        xml.tag! 'mpi' do
+          if version =~ /^2/
+            xml.tag! 'authentication_value', three_d_secure[:cavv]
+            xml.tag! 'ds_trans_id', three_d_secure[:ds_transaction_id]
+          else
+            xml.tag! 'cavv', three_d_secure[:cavv]
+            xml.tag! 'xid', three_d_secure[:xid]
+          end
+          xml.tag! 'eci', three_d_secure[:eci]
+          xml.tag! 'message_version', version
+        end
+      end
+
+      def format_address_code(address)
+        code = [address[:zip].to_s, address[:address1].to_s + address[:address2].to_s]
+        code.collect { |e| e.gsub(/\D/, '') }.reject(&:empty?).join('|')
+      end
+
+      def new_timestamp
+        Time.now.strftime('%Y%m%d%H%M%S')
+      end
+
+      def add_signed_digest(xml, *values)
+        string = Digest::SHA1.hexdigest(values.join('.'))
+        xml.tag! 'sha1hash', Digest::SHA1.hexdigest([string, @options[:password]].join('.'))
+      end
+
+      def auto_settle_flag(action)
+        action == :authorization ? '0' : '1'
+      end
+
+      def expiry_date(credit_card)
+        "#{format(credit_card.month, :two_digits)}#{format(credit_card.year, :two_digits)}"
+      end
+
+      def message_from(response)
+        case response[:result]
+        when '00'
+          SUCCESS
+        when '101'
+          response[:message]
+        when '102', '103'
+          DECLINED
+        when /^2[0-9][0-9]/
+          BANK_ERROR
+        when /^3[0-9][0-9]/
+          REALEX_ERROR
+        when /^5[0-9][0-9]/
+          response[:message]
+        when '600', '601', '603'
+          ERROR
+        when '666'
+          CLIENT_DEACTIVATED
+        else
+          DECLINED
+        end
+      end
+
+      def sanitize_order_id(order_id)
+        order_id.to_s.gsub(/[^a-zA-Z0-9\-_]/, '')
+      end
+    end
+  end
+end

data/lib/active_merchant/billing/gateways/redsys.rb

@@ -0,0 +1,534 @@
+# coding: utf-8
+
+require 'nokogiri'
+
+module ActiveMerchant #:nodoc:
+  module Billing #:nodoc:
+    # = Redsys Merchant Gateway
+    #
+    # Gateway support for the Spanish "Redsys" payment gateway system. This is
+    # used by many banks in Spain and is particularly well supported by
+    # Catalunya Caixa's ecommerce department.
+    #
+    # Redsys requires an order_id be provided with each transaction and it must
+    # follow a specific format. The rules are as follows:
+    #
+    #  * First 4 digits must be numerical
+    #  * Remaining 8 digits may be alphanumeric
+    #  * Max length: 12
+    #
+    #  If an invalid order_id is provided, we do our best to clean it up.
+    #
+    # Much of the code for this library is based on the active_merchant_sermepa
+    # integration gateway which uses essentially the same API but with the
+    # banks own payment screen.
+    #
+    # Written by Samuel Lown for Cabify. For implementation questions, or
+    # test access details please get in touch: sam@cabify.com.
+    #
+    # *** SHA256 Authentication Update ***
+    #
+    # Redsys is dropping support for the SHA1 authentication method. This
+    # adapter has been updated to work with the new SHA256 authentication
+    # method, however in your initialization options hash you will need to
+    # specify the key/value :signature_algorithm => "sha256" to use the
+    # SHA256 method. Otherwise it will default to using the SHA1.
+    #
+    #
+    class RedsysGateway < Gateway
+      self.live_url = 'https://sis.sermepa.es/sis/operaciones'
+      self.test_url = 'https://sis-t.redsys.es:25443/sis/operaciones'
+
+      self.supported_countries = ['ES']
+      self.default_currency    = 'EUR'
+      self.money_format        = :cents
+
+      # Not all card types may be activated by the bank!
+      self.supported_cardtypes = [:visa, :master, :american_express, :jcb, :diners_club]
+      self.homepage_url        = 'http://www.redsys.es/'
+      self.display_name        = 'Redsys'
+
+      CURRENCY_CODES = {
+        'AED' => '784',
+        'ARS' => '32',
+        'AUD' => '36',
+        'BRL' => '986',
+        'BOB' => '68',
+        'CAD' => '124',
+        'CHF' => '756',
+        'CLP' => '152',
+        'CNY' => '156',
+        'COP' => '170',
+        'CRC' => '188',
+        'CZK' => '203',
+        'DKK' => '208',
+        'DOP' => '214',
+        'EUR' => '978',
+        'GBP' => '826',
+        'GTQ' => '320',
+        'HUF' => '348',
+        'IDR' => '360',
+        'INR' => '356',
+        'JPY' => '392',
+        'KRW' => '410',
+        'MYR' => '458',
+        'MXN' => '484',
+        'NOK' => '578',
+        'NZD' => '554',
+        'PEN' => '604',
+        'PLN' => '985',
+        'RUB' => '643',
+        'SAR' => '682',
+        'SEK' => '752',
+        'SGD' => '702',
+        'THB' => '764',
+        'TWD' => '901',
+        'USD' => '840',
+        'UYU' => '858'
+      }
+
+      # The set of supported transactions for this gateway.
+      # More operations are supported by the gateway itself, but
+      # are not supported in this library.
+      SUPPORTED_TRANSACTIONS = {
+        :purchase   => 'A',
+        :authorize  => '1',
+        :capture    => '2',
+        :refund     => '3',
+        :cancel     => '9'
+      }
+
+      # These are the text meanings sent back by the acquirer when
+      # a card has been rejected. Syntax or general request errors
+      # are not covered here.
+      RESPONSE_TEXTS = {
+        0 => 'Transaction Approved',
+        400 => 'Cancellation Accepted',
+        481 => 'Cancellation Accepted',
+        500 => 'Reconciliation Accepted',
+        900 => 'Refund / Confirmation approved',
+
+        101 => 'Card expired',
+        102 => 'Card blocked temporarily or under susciption of fraud',
+        104 => 'Transaction not permitted',
+        107 => 'Contact the card issuer',
+        109 => 'Invalid identification by merchant or POS terminal',
+        110 => 'Invalid amount',
+        114 => 'Card cannot be used to the requested transaction',
+        116 => 'Insufficient credit',
+        118 => 'Non-registered card',
+        125 => 'Card not effective',
+        129 => 'CVV2/CVC2 Error',
+        167 => 'Contact the card issuer: suspected fraud',
+        180 => 'Card out of service',
+        181 => 'Card with credit or debit restrictions',
+        182 => 'Card with credit or debit restrictions',
+        184 => 'Authentication error',
+        190 => 'Refusal with no specific reason',
+        191 => 'Expiry date incorrect',
+
+        201 => 'Card expired',
+        202 => 'Card blocked temporarily or under suspicion of fraud',
+        204 => 'Transaction not permitted',
+        207 => 'Contact the card issuer',
+        208 => 'Lost or stolen card',
+        209 => 'Lost or stolen card',
+        280 => 'CVV2/CVC2 Error',
+        290 => 'Declined with no specific reason',
+
+        480 => 'Original transaction not located, or time-out exceeded',
+        501 => 'Original transaction not located, or time-out exceeded',
+        502 => 'Original transaction not located, or time-out exceeded',
+        503 => 'Original transaction not located, or time-out exceeded',
+
+        904 => 'Merchant not registered at FUC',
+        909 => 'System error',
+        912 => 'Issuer not available',
+        913 => 'Duplicate transmission',
+        916 => 'Amount too low',
+        928 => 'Time-out exceeded',
+        940 => 'Transaction cancelled previously',
+        941 => 'Authorization operation already cancelled',
+        942 => 'Original authorization declined',
+        943 => 'Different details from origin transaction',
+        944 => 'Session error',
+        945 => 'Duplicate transmission',
+        946 => 'Cancellation of transaction while in progress',
+        947 => 'Duplicate tranmission while in progress',
+        949 => 'POS Inoperative',
+        950 => 'Refund not possible',
+        9064 => 'Card number incorrect',
+        9078 => 'No payment method available',
+        9093 => 'Non-existent card',
+        9218 => 'Recursive transaction in bad gateway',
+        9253 => 'Check-digit incorrect',
+        9256 => 'Preauth not allowed for merchant',
+        9257 => 'Preauth not allowed for card',
+        9261 => 'Operating limit exceeded',
+        9912 => 'Issuer not available',
+        9913 => 'Confirmation error',
+        9914 => 'KO Confirmation'
+      }
+
+      # Creates a new instance
+      #
+      # Redsys requires a login and secret_key, and optionally also accepts a
+      # non-default terminal.
+      #
+      # ==== Options
+      #
+      # * <tt>:login</tt> -- The Redsys Merchant ID (REQUIRED)
+      # * <tt>:secret_key</tt> -- The Redsys Secret Key. (REQUIRED)
+      # * <tt>:terminal</tt> -- The Redsys Terminal. Defaults to 1. (OPTIONAL)
+      # * <tt>:test</tt> -- +true+ or +false+. Defaults to +false+. (OPTIONAL)
+      # * <tt>:signature_algorithm</tt> -- +"sha256"+ Defaults to +"sha1"+. (OPTIONAL)
+      def initialize(options = {})
+        requires!(options, :login, :secret_key)
+        options[:terminal] ||= 1
+        options[:signature_algorithm] ||= 'sha1'
+        super
+      end
+
+      def purchase(money, payment, options = {})
+        requires!(options, :order_id)
+
+        data = {}
+        add_action(data, :purchase)
+        add_amount(data, money, options)
+        add_order(data, options[:order_id])
+        add_payment(data, payment)
+        data[:description] = options[:description]
+        data[:store_in_vault] = options[:store]
+
+        commit data
+      end
+
+      def authorize(money, payment, options = {})
+        requires!(options, :order_id)
+
+        data = {}
+        add_action(data, :authorize)
+        add_amount(data, money, options)
+        add_order(data, options[:order_id])
+        add_payment(data, payment)
+        data[:description] = options[:description]
+        data[:store_in_vault] = options[:store]
+
+        commit data
+      end
+
+      def capture(money, authorization, options = {})
+        data = {}
+        add_action(data, :capture)
+        add_amount(data, money, options)
+        order_id, _, _ = split_authorization(authorization)
+        add_order(data, order_id)
+        data[:description] = options[:description]
+
+        commit data
+      end
+
+      def void(authorization, options = {})
+        data = {}
+        add_action(data, :cancel)
+        order_id, amount, currency = split_authorization(authorization)
+        add_amount(data, amount, :currency => currency)
+        add_order(data, order_id)
+        data[:description] = options[:description]
+
+        commit data
+      end
+
+      def refund(money, authorization, options = {})
+        data = {}
+        add_action(data, :refund)
+        add_amount(data, money, options)
+        order_id, _, _ = split_authorization(authorization)
+        add_order(data, order_id)
+        data[:description] = options[:description]
+
+        commit data
+      end
+
+      def verify(creditcard, options = {})
+        MultiResponse.run(:use_first_response) do |r|
+          r.process { authorize(100, creditcard, options) }
+          r.process(:ignore_result) { void(r.authorization, options) }
+        end
+      end
+
+      def supports_scrubbing
+        true
+      end
+
+      def scrub(transcript)
+        transcript.
+          gsub(%r((Authorization: Basic )\w+), '\1[FILTERED]').
+          gsub(%r((%3CDS_MERCHANT_PAN%3E)\d+(%3C%2FDS_MERCHANT_PAN%3E))i, '\1[FILTERED]\2').
+          gsub(%r((%3CDS_MERCHANT_CVV2%3E)\d+(%3C%2FDS_MERCHANT_CVV2%3E))i, '\1[FILTERED]\2').
+          gsub(%r((<DS_MERCHANT_PAN>)\d+(</DS_MERCHANT_PAN>))i, '\1[FILTERED]\2').
+          gsub(%r((<DS_MERCHANT_CVV2>)\d+(</DS_MERCHANT_CVV2>))i, '\1[FILTERED]\2').
+          gsub(%r((DS_MERCHANT_CVV2)%2F%3E%0A%3C%2F)i, '\1[BLANK]').
+          gsub(%r((DS_MERCHANT_CVV2)%2F%3E%3C)i, '\1[BLANK]').
+          gsub(%r((DS_MERCHANT_CVV2%3E)(%3C%2FDS_MERCHANT_CVV2))i, '\1[BLANK]\2').
+          gsub(%r((<DS_MERCHANT_CVV2>)(</DS_MERCHANT_CVV2>))i, '\1[BLANK]\2').
+          gsub(%r((DS_MERCHANT_CVV2%3E)\++(%3C%2FDS_MERCHANT_CVV2))i, '\1[BLANK]\2').
+          gsub(%r((<DS_MERCHANT_CVV2>)\s+(</DS_MERCHANT_CVV2>))i, '\1[BLANK]\2')
+      end
+
+      private
+
+      def add_action(data, action)
+        data[:action] = transaction_code(action)
+      end
+
+      def add_amount(data, money, options)
+        data[:amount] = amount(money).to_s
+        data[:currency] = currency_code(options[:currency] || currency(money))
+      end
+
+      def add_order(data, order_id)
+        data[:order_id] = clean_order_id(order_id)
+      end
+
+      def url
+        test? ? test_url : live_url
+      end
+
+      def add_payment(data, card)
+        if card.is_a?(String)
+          data[:credit_card_token] = card
+        else
+          name  = [card.first_name, card.last_name].join(' ').slice(0, 60)
+          year  = sprintf('%.4i', card.year)
+          month = sprintf('%.2i', card.month)
+          data[:card] = {
+            :name => name,
+            :pan  => card.number,
+            :date => "#{year[2..3]}#{month}",
+            :cvv  => card.verification_value
+          }
+        end
+      end
+
+      def commit(data)
+        parse(ssl_post(url, "entrada=#{CGI.escape(xml_request_from(data))}", headers))
+      end
+
+      def headers
+        {
+          'Content-Type' => 'application/x-www-form-urlencoded'
+        }
+      end
+
+      def xml_request_from(data)
+        if sha256_authentication?
+          build_sha256_xml_request(data)
+        else
+          build_sha1_xml_request(data)
+        end
+      end
+
+      def build_signature(data)
+        str = data[:amount] +
+          data[:order_id].to_s +
+          @options[:login].to_s +
+          data[:currency]
+
+        if card = data[:card]
+          str << card[:pan]
+          str << card[:cvv] if card[:cvv]
+        end
+
+        str << data[:action]
+        if data[:store_in_vault]
+          str << 'REQUIRED'
+        elsif data[:credit_card_token]
+          str << data[:credit_card_token]
+        end
+        str << @options[:secret_key]
+
+        Digest::SHA1.hexdigest(str)
+      end
+
+      def build_sha256_xml_request(data)
+        xml = Builder::XmlMarkup.new
+        xml.instruct!
+        xml.REQUEST do
+          build_merchant_data(xml, data)
+          xml.DS_SIGNATUREVERSION 'HMAC_SHA256_V1'
+          xml.DS_SIGNATURE sign_request(merchant_data_xml(data), data[:order_id])
+        end
+        xml.target!
+      end
+
+      def build_sha1_xml_request(data)
+        xml = Builder::XmlMarkup.new :indent => 2
+        build_merchant_data(xml, data)
+        xml.target!
+      end
+
+      def merchant_data_xml(data)
+        xml = Builder::XmlMarkup.new
+        build_merchant_data(xml, data)
+        xml.target!
+      end
+
+      def build_merchant_data(xml, data)
+        xml.DATOSENTRADA do
+          # Basic elements
+          xml.DS_Version 0.1
+          xml.DS_MERCHANT_CURRENCY           data[:currency]
+          xml.DS_MERCHANT_AMOUNT             data[:amount]
+          xml.DS_MERCHANT_ORDER              data[:order_id]
+          xml.DS_MERCHANT_TRANSACTIONTYPE    data[:action]
+          xml.DS_MERCHANT_PRODUCTDESCRIPTION data[:description]
+          xml.DS_MERCHANT_TERMINAL           @options[:terminal]
+          xml.DS_MERCHANT_MERCHANTCODE       @options[:login]
+          xml.DS_MERCHANT_MERCHANTSIGNATURE  build_signature(data) unless sha256_authentication?
+
+          # Only when card is present
+          if data[:card]
+            xml.DS_MERCHANT_TITULAR    data[:card][:name]
+            xml.DS_MERCHANT_PAN        data[:card][:pan]
+            xml.DS_MERCHANT_EXPIRYDATE data[:card][:date]
+            xml.DS_MERCHANT_CVV2       data[:card][:cvv]
+            xml.DS_MERCHANT_IDENTIFIER 'REQUIRED' if data[:store_in_vault]
+          elsif data[:credit_card_token]
+            xml.DS_MERCHANT_IDENTIFIER data[:credit_card_token]
+            xml.DS_MERCHANT_DIRECTPAYMENT 'true'
+          end
+        end
+      end
+
+      def parse(data)
+        params  = {}
+        success = false
+        message = ''
+        options = @options.merge(:test => test?)
+        xml     = Nokogiri::XML(data)
+        code    = xml.xpath('//RETORNOXML/CODIGO').text
+        if code == '0'
+          op = xml.xpath('//RETORNOXML/OPERACION')
+          op.children.each do |element|
+            params[element.name.downcase.to_sym] = element.text
+          end
+
+          if validate_signature(params)
+            message = response_text(params[:ds_response])
+            options[:authorization] = build_authorization(params)
+            success = is_success_response?(params[:ds_response])
+          else
+            message = 'Response failed validation check'
+          end
+        else
+          # Some kind of programmer error with the request!
+          message = "#{code} ERROR"
+        end
+
+        Response.new(success, message, params, options)
+      end
+
+      def validate_signature(data)
+        if sha256_authentication?
+          sig = Base64.strict_encode64(mac256(get_key(data[:ds_order].to_s), xml_signed_fields(data)))
+          sig.casecmp(data[:ds_signature].to_s).zero?
+        else
+          str = data[:ds_amount] +
+            data[:ds_order].to_s +
+            data[:ds_merchantcode] +
+            data[:ds_currency] +
+            data[:ds_response] +
+            data[:ds_cardnumber].to_s +
+            data[:ds_transactiontype].to_s +
+            data[:ds_securepayment].to_s +
+            @options[:secret_key]
+
+          sig = Digest::SHA1.hexdigest(str)
+          data[:ds_signature].to_s.downcase == sig
+        end
+      end
+
+      def build_authorization(params)
+        [params[:ds_order], params[:ds_amount], params[:ds_currency]].join('|')
+      end
+
+      def split_authorization(authorization)
+        order_id, amount, currency = authorization.split('|')
+        [order_id, amount.to_i, currency]
+      end
+
+      def currency_code(currency)
+        return currency if currency =~ /^\d+$/
+        raise ArgumentError, "Unknown currency #{currency}" unless CURRENCY_CODES[currency]
+        CURRENCY_CODES[currency]
+      end
+
+      def transaction_code(type)
+        SUPPORTED_TRANSACTIONS[type]
+      end
+
+      def response_text(code)
+        code = code.to_i
+        code = 0 if code < 100
+        RESPONSE_TEXTS[code] || 'Unkown code, please check in manual'
+      end
+
+      def is_success_response?(code)
+        (code.to_i < 100) || [400, 481, 500, 900].include?(code.to_i)
+      end
+
+      def clean_order_id(order_id)
+        cleansed = order_id.gsub(/[^\da-zA-Z]/, '')
+        if cleansed =~ /^\d{4}/
+          cleansed[0..11]
+        else
+          '%04d%s' % [rand(0..9999), cleansed[0...8]]
+        end
+      end
+
+      def sha256_authentication?
+        @options[:signature_algorithm] == 'sha256'
+      end
+
+      def sign_request(xml_request_string, order_id)
+        key = encrypt(@options[:secret_key], order_id)
+        Base64.strict_encode64(mac256(key, xml_request_string))
+      end
+
+      def encrypt(key, order_id)
+        block_length = 8
+        cipher = OpenSSL::Cipher.new('DES3')
+        cipher.encrypt
+
+        cipher.key = Base64.strict_decode64(key)
+        # The OpenSSL default of an all-zeroes ("\\0") IV is used.
+        cipher.padding = 0
+
+        order_id += "\0" until order_id.bytesize % block_length == 0 # Pad with zeros
+
+        output = cipher.update(order_id) + cipher.final
+        output
+      end
+
+      def mac256(key, data)
+        OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), key, data)
+      end
+
+      def xml_signed_fields(data)
+        xml_signed_fields = data[:ds_amount] + data[:ds_order] + data[:ds_merchantcode] +
+          data[:ds_currency] + data[:ds_response]
+
+        if data[:ds_cardnumber]
+          xml_signed_fields += data[:ds_cardnumber]
+        end
+
+        xml_signed_fields + data[:ds_transactiontype] + data[:ds_securepayment]
+      end
+
+      def get_key(order_id)
+        encrypt(@options[:secret_key], order_id)
+      end
+    end
+  end
+end