Securepay payment gateway integration issue

Question

I am working on Securepay Integration with my ASP.NET web page, as per their documentation I am generating SHA1 from following information:

The Fingerprint is a SHA1 hash of the above fields plus the SecurePay Transaction Password in this order with a pipe separator “|”:

1. EPS_MERCHANTID
2. Transaction Password (supplied by SecurePay Support)
3. EPS_TXNTYPE (as 0)
4. EPS_REFERENCEID (for testing purpose 123)
5. EPS_AMOUNT (for testing purpose 100.00)
6. EPS_TIMESTAMP (for testing purpose 20120910203805)

Though I have followed above given instruction but whenever I am doing payment it says " Invalid Fingerprint ". Example code:

FormsAuthentication
  .HashPasswordForStoringInConfigFile("xxx|xxx|0|123|100.00|201‌20910203805","sha1")
  .ToLower();`

Answer 1

Check that you are ending the line correctly, either with a trailing '|' or removing unnecessary trailing '|'.

Also check that the method you are using doesn't add anything else inside the method that would distort what you are expecting. (I am thinking a salt based upon the particular machine you are on don't know if it does this or not)

I have been attempting to generate a hash here http://shagenerator.com/ using this:

ABC|password|1|Te‌​st Reference|1.00|20120912123421

gives:

25a1804285bafc078f45e41056bcdc42e0508b6f

Can you get the same key with your code using my input?

Update:

Can you try this method instead of HashPasswordForStoringInConfigFile() and see if you get closer:

private string GetSHA1String(string text)
{
    var UE = new UnicodeEncoding();
    var message = UE.GetBytes(text);

    var hashString = new SHA1Managed(); 
    var hex = string.Empty;

    var hashValue = hashString.ComputeHash(message); 
    foreach (byte b in hashValue)
    { 
        hex += String.Format("{0:x2}", b);
    } 

    return hex;
}

UPDATE 2:

Check your encoding, I discovered that I can match the hash output with:

var UE = new UTF8Encoding();

UPDATE 3:

The following code worked for me in a console app, I was seeing the hashes generate the same value and I was able to compare the output to http://shagenerator.com/ also:

using System;
using System.Security.Cryptography;
using System.Text;
using System.Web.Security;

namespace SecurepayPaymentGatewayIntegrationIssue
{
    class Program
    {
        static void Main(string[] args)
        {
            var text = @"ABC|password|1|Te‌​st Reference|1.00|20120912123421";
            Console.WriteLine(GetSHA1String(text));

            Console.WriteLine(FormsAuthentication.HashPasswordForStoringInConfigFile(text, "sha1").ToLower());

            Console.ReadKey();
        }

        private static string GetSHA1String(string text)
        {
            var UE = new UTF8Encoding();// ASCIIEncoding(); // UnicodeEncoding();
            var message = UE.GetBytes(text);

            var hashString = new SHA1Managed();
            var hex = string.Empty;

            var hashValue = hashString.ComputeHash(message);
            foreach (byte b in hashValue)
            {
                hex += String.Format("{0:x2}", b);
            }

            return hex;
        }
    }
}

Answer 2

I had same problem and i solved this using below method:

 private string GetSHA1HashData(string data)
        {   

            SHA1 sha1 = new SHA1CryptoServiceProvider();

            //convert the input text to array of bytes
            byte[] hashData = sha1.ComputeHash(Encoding.Default.GetBytes(data));

            //create new instance of StringBuilder to save hashed data
            StringBuilder returnValue = new StringBuilder();

            //loop for each byte and add it to StringBuilder
            for (int i = 0; i < hashData.Length; i++)
            {                
                returnValue.Append(hashData[i].ToString("x2"));
            }

            // return hexadecimal string
            return returnValue.ToString();
        }

In page load I Converted this return value into lower case. because the above method return value with upper case

string VAL="ABC|password|1|Te‌​st Reference|1.00|20120912123421";
fingerPrint = GetSHA1HashData(VAL);

Answer 3

use the time as UTC Now: string epsTimestamp = DateTime.UtcNow.ToString(@"yyyyMMddHHmmss");

And also make sure you have used sha1 for encryption:

string data = EpsMerchant + "|" + EpsPassword + "|" + EpsTxnType + "|" + 
EpsReferenceId + "|" + EpsAmount + "|" + epsTimestamp;
string epsFingerprint = GetSha1String(data);

And below is the code for getting sha1

string GetSha1String(string input)
        {
            StringBuilder stringBuilder = new StringBuilder();
            foreach (byte b in GetHash(input))
                stringBuilder.Append(b.ToString("X2"));
            return stringBuilder.ToString();
        }

    public static byte[] GetHash(string inputString)
    {
        HashAlgorithm obj = SHA1.Create();
        return obj.ComputeHash(Encoding.UTF8.GetBytes(inputString));
    }