paiement_cic 0.2

data/.gitignore

@@ -0,0 +1 @@
+*.gem

data/MIT-LICENSE

@@ -0,0 +1,83 @@
+Copyright (c) 2009 Novelys
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+#==============================================================================
+#
+# "Open source" kit for P@iement CM-CIC(TM).
+# Integration sample in a merchant site for Ruby
+#
+# Author   : Euro-Information/e-Commerce (contact: centrecom@e-i.com)
+# Version  : 1.0
+# Date     : 01/01/2009
+#
+# Copyright: (c) 2009 Euro-Information. All rights reserved.
+#
+#==============================================================================
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+  - Redistributions of source code must retain the above copyright
+    notice and the following disclaimer.
+  - Redistributions in binary form must reproduce the above copyright
+    notice and the following disclaimer in the documentation and/or
+    other materials provided with the distribution.
+  - Neither the name of Euro-Information nor the names of its
+    contributors may be used to endorse or promote products derived
+    from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Note: Euro-Information does not provide person-to-person technical
+      support for tryout of CM-CIC P@iement examples. We do however
+      welcome your feedback which can be sent to <centrecom@e-i.com>.
+
+#------------------------------------------------------------------------------
+
+This software uses RSA Data Security, Inc. MD5 Message-Digest Algorithm.
+
+License to copy and use this software is granted provided that it is
+identified as the "RSA Data Security, Inc. MD5 Message-Digest
+Algorithm" in all material mentioning or referencing this software or
+this function.
+License is also granted to make and use derivative works provided that
+such works are identified as "derived from the RSA Data Security,
+Inc. MD5 Message-Digest Algorithm" in all material mentioning or
+referencing the derived work.
+RSA Data Security, Inc. makes no representations concerning either the
+merchantability of this software or the suitability of this software
+for any particular purpose. It is provided "as is" without express or
+implied warranty of any kind.
+These notices must be retained in any copies of any part of this
+documentation and/or software.
+
+#==============================================================================

data/README.markdown

@@ -0,0 +1,105 @@
+# Paiement CIC
+
+Paiement CIC is a plugin to ease credit card payment with the CIC / Crédit Mutuel banks system version 3.0.
+It's a Ruby on Rails port of the connexion kits published by the bank.
+
+* The Plugin [site](http://github.com/novelys/cicpayment)
+* The banks payment [site](http://www.cmcicpaiement.fr)
+
+
+## INSTALL
+
+    script/plugin install git://github.com/novelys/paiementcic.git
+
+or, in your Gemfile
+
+    gem 'paiement_cic'
+
+## USAGE
+
+### in environment.rb :
+
+    # here the hmac key calculated with the js calculator given by CIC
+    PaiementCic.hmac_key = "########################################"
+    # Here the TPE number
+    PaiementCic.tpe = "#######"
+    # Here the Merchant name
+    PaiementCic.societe = "xxxxxxxxxxxxx"
+
+### in development.rb :
+
+    PaiementCic.target_url = "https://ssl.paiement.cic-banques.fr/test/paiement.cgi" # or https://paiement.creditmutuel.fr/test/paiement.cgi
+
+### in production.rb :
+
+    PaiementCic.target_url = "https://ssl.paiement.cic-banques.fr/paiement.cgi" # or https://paiement.creditmutuel.fr/paiement.cgi
+
+### in order controller :
+
+    helper :'paiement_cic/form'
+
+### in the payment by card view :
+
+    - form_tag PaiementCic.target_url do
+      = paiement_cic_hidden_fields(@order, @order_transaction, :url_retour => edit_order_url(order), :url_retour_ok => bank_ok_order_transaction_url(order_transaction), :url_retour_err => bank_err_order_transaction_url(order_transaction))
+      = submit_tag "Accéder au site de la banque", :style => "font-weight: bold;"
+      = image_tag "reassuring_pictograms.jpg", :alt => "Pictogrammes rassurants", :style => "width: 157px;"
+
+### in a controller for call back from the bank :
+
+    class OrderTransactionsController < ApplicationController
+
+      protect_from_forgery :except => [:bank_callback]
+
+      def bank_callback
+        if PaiementCic.verify_hmac(params)
+          order_transaction = OrderTransaction.find_by_reference params[:reference], :last
+          order = order_transaction.order
+
+          code_retour = params['code-retour']
+
+          if code_retour == "Annulation"
+            order.cancel!
+            order.update_attribute :description, "Paiement refusé par la banque."
+
+          elsif code_retour == "payetest"
+            order.pay!
+            order.update_attribute :description, "TEST accepté par la banque."
+            order_transaction.update_attribute :test, true
+
+          elsif code_retour == "paiement"
+            order.pay!
+            order.update_attribute :description, "Paiement accepté par la banque."
+            order_transaction.update_attribute :test, false
+          end
+
+          order_transaction.update_attribute :success, true
+      
+          receipt = "0"
+        else
+          order.transaction_declined!
+          order.update_attribute :description, "Document Falsifie."
+          order_transaction.update_attribute :success, false
+
+          receipt = "1\n#{PaiementCic.mac_string}"
+        end
+        render :text => "Pragma: no-cache\nContent-type: text/plain\n\nversion=2\ncdr=#{receipt}"
+      end
+
+      def bank_ok
+        @order_transaction = OrderTransaction.find params[:id]
+        @order = @order_transaction.order
+        @order.pay!
+      end
+
+      def bank_err
+        order_transaction = OrderTransaction.find params[:id]
+        order = order_transaction.order
+        order.cancel!
+      end
+    end
+
+
+
+## License
+Copyright (c) 2008-2012 Novelys Team, released under the MIT license

data/init.rb

@@ -0,0 +1,2 @@
+require "paiement_cic"
+require "paiement_cic/form_helper"

data/lib/paiement_cic.rb

@@ -0,0 +1,114 @@
+require 'digest/sha1'
+require 'openssl'
+
+class String
+
+  def ^(other)
+    raise ArgumentError, "Can't bitwise-XOR a String with a non-String" \
+      unless other.kind_of? String
+    raise ArgumentError, "Can't bitwise-XOR strings of different length" \
+      unless self.length == other.length
+    result = (0..self.length-1).collect { |i| self[i].ord ^ other[i].ord }
+    result.pack("C*")
+  end
+end
+
+class PaiementCic
+  autoload :FormHelper, "paiement_cic/form_helper"
+
+  @@version = "3.0" # clé extraite grâce à extract2HmacSha1.html fourni par le Crédit Mutuel
+  cattr_accessor :version
+
+  @@hmac_key = "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ" # clé extraite grâce à extract2HmacSha1.html fourni par le Crédit Mutuel
+  cattr_accessor :hmac_key
+  
+  @@target_url = "https://paiement.creditmutuel.fr/test/paiement.cgi" # "https://ssl.paiement.cic-banques.fr/paiement.cgi"
+  cattr_accessor :target_url
+  
+  @@tpe = "123456"
+  cattr_accessor :tpe
+  
+  @@societe = "masociete"
+  cattr_accessor :societe
+  
+  @@url_ok = ""
+  cattr_accessor :url_ok
+
+  def self.date_format
+    "%d/%m/%Y:%H:%M:%S"
+  end
+
+  def self.config(amount_in_cents, reference)
+    oa = ActiveSupport::OrderedHash.new
+    oa["version"]     = "3.0"
+    oa["TPE"]         = tpe
+    oa["date"]        = Time.now.strftime(date_format)
+    oa["montant"]     =  ("%.2f" % amount_in_cents) + "EUR"
+    oa["reference"]   = reference
+    oa["texte-libre"] = ""
+    oa["lgue"]      = "FR"
+    oa["societe"]     = societe
+    oa["mail"]        = ""
+    oa
+  end
+
+  def self.mac_string params
+    hmac_key = PaiementCic.new
+    mac_string = [hmac_key.tpe, params["date"], params['montant'], params['reference'], params['texte-libre'], hmac_key.version, params['code-retour'], params['cvx'], params['vld'], params['brand'], params['status3ds'], params['numauto'], params['motifrefus'], params['originecb'], params['bincb'], params['hpancb'], params['ipclient'], params['originetr'], params['veres'], params['pares']].join('*') + "*"
+  end
+
+  def self.verify_hmac params
+    hmac_key = PaiementCic.new
+    mac_string = [hmac_key.tpe, params["date"], params['montant'], params['reference'], params['texte-libre'], hmac_key.version, params['code-retour'], params['cvx'], params['vld'], params['brand'], params['status3ds'], params['numauto'], params['motifrefus'], params['originecb'], params['bincb'], params['hpancb'], params['ipclient'], params['originetr'], params['veres'], params['pares']].join('*') + "*"
+
+    hmac_key.valid_hmac?(mac_string, params['MAC'])
+  end
+	
+  # Check if the HMAC matches the HMAC of the data string
+	def valid_hmac?(mac_string, sent_mac)
+		computeHMACSHA1(mac_string) == sent_mac.downcase
+	end
+	
+  # Return the HMAC for a data string
+	def computeHMACSHA1(data)
+		hmac_sha1(usable_key(self), data).downcase
+	end
+  
+  def hmac_sha1(key, data)
+		length = 64
+
+		if (key.length > length) 
+			key = [Digest::SHA1.hexdigest(key)].pack("H*")
+		end
+
+		key  = key.ljust(length, 0.chr)
+		ipad = ''.ljust(length, 54.chr)
+		opad = ''.ljust(length, 92.chr)
+
+		k_ipad = key ^ ipad
+		k_opad = key ^ opad
+
+		#Digest::SHA1.hexdigest(k_opad + [Digest::SHA1.hexdigest(k_ipad + sData)].pack("H*"))
+	  OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new("sha1"), key, data)
+	end
+
+  private
+	# Return the key to be used in the hmac function
+	def usable_key(payement)
+
+		hex_string_key  = payement.hmac_key[0..37]
+		hex_final   = payement.hmac_key[38..40] + "00";
+
+		cca0 = hex_final[0].ord
+
+		if cca0 > 70 && cca0 < 97
+			hex_string_key += (cca0 - 23).chr + hex_final[1..2]
+		elsif hex_final[1..2] == "M" 
+			hex_string_key += hex_final[0..1] + "0" 
+		else 
+			hex_string_key += hex_final[0..2]
+		end
+
+		[hex_string_key].pack("H*")
+	end
+end

data/lib/paiement_cic/form_helper.rb

@@ -0,0 +1,32 @@
+## refactor this
+module PaiementCic::FormHelper
+  def paiement_cic_hidden_fields(order, price, order_transaction, options = {})
+    oa = PaiementCic.config(price, order_transaction.reference)
+
+    oMac = PaiementCic.new
+    sDate = Time.now.strftime("%d/%m/%Y:%H:%M:%S")
+    chaine = [oMac.tpe, sDate, oa["montant"], oa["reference"].to_s, oa["texte-libre"], oMac.version, "FR", oMac.societe, "", "", "", "", "", "", "", "", "", "", ""].join("*")
+    chaineMAC = oMac.computeHMACSHA1(chaine)
+    
+    url_retour      = options[:url_retour] || bank_callback_order_transactions_url
+    url_retour_ok   = options[:url_retour_ok] || bank_callback_order_transactions_url(order)
+    url_retour_err  = options[:url_retour_err] || bank_err_order_transaction_url(order)
+    
+    html = '
+        <input type="hidden" name="version"           id="version"        value="' + oa["version"] + '" />
+        <input type="hidden" name="TPE"               id="TPE"            value="' + oa["TPE"] + '" />
+        <input type="hidden" name="date"              id="date"           value="' + oa["date"] + '" />
+        <input type="hidden" name="montant"           id="montant"        value="' + oa["montant"] + '" />
+        <input type="hidden" name="reference"         id="reference"      value="' + oa["reference"].to_s + '" />
+        <input type="hidden" name="MAC"               id="MAC"            value="' + chaineMAC + '" />
+        <input type="hidden" name="url_retour"        id="url_retour"     value="' + url_retour + '" />
+        <input type="hidden" name="url_retour_ok"     id="url_retour_ok"  value="' + url_retour_ok + '" />
+        <input type="hidden" name="url_retour_err"    id="url_retour_err" value="' + url_retour_err + '" />
+        <input type="hidden" name="lgue"              id="lgue"           value="' + oa["lgue"] + '" />
+        <input type="hidden" name="societe"           id="societe"        value="' + oa["societe"] + '" />
+        <input type="hidden" name="texte-libre"       id="texte-libre"    value="' + oa["texte-libre"] + '" />
+        <input type="hidden" name="mail"              id="mail"	          value="''" />'
+
+    html.respond_to?(:html_safe) ? html.html_safe : html
+  end
+end

data/lib/paiement_cic/version.rb

@@ -0,0 +1,3 @@
+class PaiementCic
+  VERSION = "0.2"
+end

data/paiement_cic.gemspec

@@ -0,0 +1,16 @@
+# encoding: utf-8
+$:.push File.expand_path("../lib", __FILE__)
+require "paiement_cic/version"
+
+Gem::Specification.new do |s|
+  s.name        = "paiement_cic"
+  s.version     = PaiementCic::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ["Novelys Team"]
+  s.homepage    = "https://github.com/novelys/paiementcic"
+  s.summary     = %q{CIC / Crédit Mutuel credit card payment toolbox}
+  s.description = %q{Paiement CIC is a gem to ease credit card payment with the CIC / Crédit Mutuel banks system. It's a Ruby on Rails port of the connexion kits published by the bank.}
+
+  s.files         = `git ls-files`.split("\n")
+  s.require_paths = ["lib"]
+end

metadata

@@ -0,0 +1,71 @@
+--- !ruby/object:Gem::Specification 
+name: paiement_cic
+version: !ruby/object:Gem::Version 
+  hash: 15
+  prerelease: 
+  segments: 
+  - 0
+  - 2
+  version: "0.2"
+platform: ruby
+authors: 
+- Novelys Team
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2012-01-30 00:00:00 Z
+dependencies: []
+
+description: "Paiement CIC is a gem to ease credit card payment with the CIC / Cr\xC3\xA9dit Mutuel banks system. It's a Ruby on Rails port of the connexion kits published by the bank."
+email: 
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gitignore
+- MIT-LICENSE
+- README.markdown
+- init.rb
+- lib/paiement_cic.rb
+- lib/paiement_cic/form_helper.rb
+- lib/paiement_cic/version.rb
+- paiement_cic.gemspec
+homepage: https://github.com/novelys/paiementcic
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.8.15
+signing_key: 
+specification_version: 3
+summary: "CIC / Cr\xC3\xA9dit Mutuel credit card payment toolbox"
+test_files: []
+