I am having problems getting PayPal Encrypted Website payments to work on a Rails site.
I am getting two different error messages when posting to the PayPal URL - on my staging site, which uses the sandbox, I am getting:
The certificate has been removed. Please use a valid certificate.
Whereas on the production site, I get:
We were unable to decrypt the certificate id.
As far as I can tell they are set up identically, except that one uses the PayPal Sandbox public key, and the other uses the normal PayPal public key. I must be overlooking some detail but I have banging my head against this for a couple of days now.
I used the following commands to generate public and private keys:
openssl genrsa -out app_key.pem 1024
openssl req -new -key app_key.pem -x509 -days 365 -out app_cert.pem
Then I uploaded app_cert.pem
to PayPal and put my cert ID into a file like this:
development:
user: seller_1259814545_biz@somedomain.com
action_url: https://www.sandbox.paypal.com/cgi-bin/webscr
paypal_cert_file: certs/paypal_sandbox_cert.pem
app_cert_file: certs/app_cert.pem
app_key_file: certs/app_key.pem
cert_id: CBDFN7JXBM2ZQ
secret: dfasdkjh3453
test:
user: seller_1259814545_biz@somedomain.com
action_url: https://www.sandbox.paypal.com/cgi-bin/webscr
paypal_cert_file: certs/paypal_sandbox_cert.pem
app_cert_file: certs/app_cert.pem
app_key_file: certs/app_key.pem
cert_id: CBDFN7JXBM2ZQ
secret: dfasdkjh3453
staging:
user: seller_1259814545_biz@somedomain.com
action_url: https://www.sandbox.paypal.com/cgi-bin/webscr
paypal_cert_file: certs/paypal_sandbox_cert.pem
app_cert_file: certs/app_cert.pem
app_key_file: certs/app_key.pem
cert_id: CBDFN7JXBM2ZQ
secret: dfasdkjh3453
production:
user: business@somedomain.com
action_url: https://www.paypal.com/cgi-bin/webscr
paypal_cert_file: certs/paypal_cert.pem
app_cert_file: certs/app_cert.pem
app_key_file: certs/app_key.pem
cert_id: QG2TTZZM9DUH6
secret: dfasdkjh3453
Then I use the following code in my Cart model to encrypt the data:
class Cart < ActiveRecord::Base
has_many :line_items, :dependent => :destroy
PAYPAL_CERT_PEM = File.read("#{Rails.root}/#{PAYPAL_CONFIG[:paypal_cert_file]}")
APP_CERT_PEM = File.read("#{Rails.root}/#{PAYPAL_CONFIG[:app_cert_file]}")
APP_KEY_PEM = File.read("#{Rails.root}/#{PAYPAL_CONFIG[:app_key_file]}")
...
def paypal_data(return_url, notify_url)
values = {
:business => PAYPAL_CONFIG[:user],
:cert_id => PAYPAL_CONFIG[:cert_id],
:custom => PAYPAL_CONFIG[:secret],
:cmd => '_cart',
:upload => 1,
:return => return_url,
:notify_url => notify_url,
:invoice => id,
:currency_code => 'AUD'
}
line_items.each_with_index do |item, i|
values.merge!({
"amount_#{i+1}" => "%.2f" % item.unit_price_ex_gst,
"tax_#{i+1}" => "%.2f" % item.unit_gst,
"item_name_#{i+1}" => item.product.full_name,
"item_number_#{i+1}" => item.id,
"quantity_#{i+1}" => item.quantity
})
end
encrypt_for_paypal(values)
end
def encrypt_for_paypal(values)
signed = OpenSSL::PKCS7::sign(OpenSSL::X509::Certificate.new(APP_CERT_PEM),
OpenSSL::PKey::RSA.new(APP_KEY_PEM, ''),
values.map { |key, value| "#{key}=#{value}" }.join("\n"), [], OpenSSL::PKCS7::BINARY)
OpenSSL::PKCS7::encrypt([OpenSSL::X509::Certificate.new(PAYPAL_CERT_PEM)],
signed.to_der,
OpenSSL::Cipher::Cipher::new("DES3"),
OpenSSL::PKCS7::BINARY).to_s.gsub("\n", '')
end
end
Then I use the following code in the view:
- form_tag PAYPAL_CONFIG[:action_url] do
%div
= hidden_field_tag :cmd, '_s-xclick'
= hidden_field_tag :encrypted, cart.paypal_data(thanks_payments_url, payments_url)
= image_submit_tag 'paypal-checkout.gif', :alt => 'Check out with PayPal: The safer, easier way to pay'
There don't seem to be any newlines or other characters in the output which I am aware can stuff up the process.
I have checked and double-checked that I am using all the right certificates and certificate ids, and that what has been uploaded to PayPal matches what is in my certs
directory.
I have completely run out of ideas to try. Any help or ideas would be greatly appreciated.
Everything is working in staging and production now.
The only thing I can think of is that there was some sort of problem or delay with PayPal and the certificates on their side.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.