cargando carrito desde backend

2026-01-13 00:48:49 +00:00 · 2025-10-29 23:30:33 +01:00
parent ae2904aa71
commit feff9ee94a
23 changed files with 848 additions and 183 deletions
--- a/src/main/java/com/imprimelibros/erp/redsys/RedsysService.java
+++ b/src/main/java/com/imprimelibros/erp/redsys/RedsysService.java
@ -1,89 +1,155 @@
 package com.imprimelibros.erp.redsys;

-import java.util.HashMap;
-import java.util.Map;
-import java.util.Objects;
-
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;

+import sis.redsys.api.Signature;
+import sis.redsys.api.Utils;
+
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.util.Base64;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Objects;
+
@Service
 public class RedsysService {

+    // ---------- CONFIG ----------
    @Value("${redsys.merchant-code}") private String merchantCode;
    @Value("${redsys.terminal}") private String terminal;
    @Value("${redsys.currency}") private String currency;
    @Value("${redsys.transaction-type}") private String txType;
-    @Value("${redsys.secret-key}") private String secretKey;
+    @Value("${redsys.secret-key}") private String secretKeyBase64;
    @Value("${redsys.urls.ok}") private String urlOk;
    @Value("${redsys.urls.ko}") private String urlKo;
    @Value("${redsys.urls.notify}") private String urlNotify;
    @Value("${redsys.environment}") private String env;

+    // ---------- RECORDS ----------
    public record PaymentRequest(String order, long amountCents, String description) {}
-
    public record FormPayload(String action, String signatureVersion, String merchantParameters, String signature) {}

-    public FormPayload buildRedirectForm(PaymentRequest req) {
-        // RedsysAPI proviene del JAR oficial
-        com.redsys.api.RedsysAPI api = new com.redsys.api.RedsysAPI();
+    // ---------- MÉTODO PRINCIPAL ----------
+    public FormPayload buildRedirectForm(PaymentRequest req) throws Exception {
+        Map<String, Object> params = new HashMap<>();
+        params.put("DS_MERCHANT_AMOUNT", String.valueOf(req.amountCents()));
+        params.put("DS_MERCHANT_ORDER",  req.order());
+        params.put("DS_MERCHANT_MERCHANTCODE", merchantCode);
+        params.put("DS_MERCHANT_CURRENCY", currency);
+        params.put("DS_MERCHANT_TRANSACTIONTYPE", txType);
+        params.put("DS_MERCHANT_TERMINAL", terminal);
+        params.put("DS_MERCHANT_MERCHANTNAME", "ImprimeLibros");
+        params.put("DS_MERCHANT_PRODUCTDESCRIPTION", req.description());
+        params.put("DS_MERCHANT_URLOK", urlOk);
+        params.put("DS_MERCHANT_URLKO", urlKo);
+        params.put("DS_MERCHANT_MERCHANTURL", urlNotify);

-        Map<String, String> mp = new HashMap<>();
-        mp.put("DS_MERCHANT_AMOUNT", String.valueOf(req.amountCents()));
-        mp.put("DS_MERCHANT_ORDER",  req.order());
-        mp.put("DS_MERCHANT_MERCHANTCODE", merchantCode);
-        mp.put("DS_MERCHANT_CURRENCY", currency);
-        mp.put("DS_MERCHANT_TRANSACTIONTYPE", txType);
-        mp.put("DS_MERCHANT_TERMINAL", terminal);
-        mp.put("DS_MERCHANT_MERCHANTNAME", "Tu Comercio");
-        mp.put("DS_MERCHANT_PRODUCTDESCRIPTION", req.description());
-        mp.put("DS_MERCHANT_URLOK", urlOk);
-        mp.put("DS_MERCHANT_URLKO", urlKo);
-        mp.put("DS_MERCHANT_MERCHANTURL", urlNotify);
+        // JSON -> Base64
+        String json = new ObjectMapper().writeValueAsString(params);
+        String merchantParametersB64 = Base64.getEncoder()
+                .encodeToString(json.getBytes(StandardCharsets.UTF_8));

-        String merchantParameters = api.createMerchantParameters(mp);
-        String signature = api.createMerchantSignature(secretKey);
+        // Firma SHA-512 (tu JAR)
+        String signature = Signature.createMerchantSignature(secretKeyBase64, req.order(), merchantParametersB64);

        String action = "test".equalsIgnoreCase(env)
                ? "https://sis-t.redsys.es:25443/sis/realizarPago"
                : "https://sis.redsys.es/sis/realizarPago";

-        return new FormPayload(action, "HMAC_SHA256_V1", merchantParameters, signature);
+        return new FormPayload(action, "HMAC_SHA512_V1", merchantParametersB64, signature);
    }

-    // Validación de la notificación on-line (webhook). 
-    public RedsysNotification validateAndParse(String dsSignature, String dsSignatureVersion, String dsMerchantParametersB64) {
-        com.redsys.api.RedsysAPI api = new com.redsys.api.RedsysAPI();
+    // ---------- STEP 3: Decodificar Ds_MerchantParameters ----------
+    private static final ObjectMapper MAPPER = new ObjectMapper();

-        // 1) Validar firma
-        String calc = api.createMerchantSignatureNotif(secretKey, dsMerchantParametersB64);
-        if (!Objects.equals(calc, dsSignature)) {
-            throw new IllegalArgumentException("Firma Redsys no válida");
+    public Map<String, Object> decodeMerchantParametersToMap(String dsMerchantParametersB64) throws Exception {
+        try {
+            String json = Utils.decodeB64UrlSafeString(
+                    dsMerchantParametersB64.getBytes(StandardCharsets.UTF_8)
+            );
+            return MAPPER.readValue(json, new TypeReference<Map<String, Object>>() {});
+        } catch (Exception ignore) {
+            byte[] decoded = Base64.getDecoder().decode(dsMerchantParametersB64);
+            String json = new String(decoded, StandardCharsets.UTF_8);
+            return MAPPER.readValue(json, new TypeReference<Map<String, Object>>() {});
        }
-
-        // 2) Decodificar parámetros
-        String json = api.decodeMerchantParameters(dsMerchantParametersB64);
-        Map<String, Object> params = new com.fasterxml.jackson.databind.ObjectMapper()
-                .readValue(json, new com.fasterxml.jackson.core.type.TypeReference<>() {});
-        // Campos típicos: Ds_Order, Ds_Amount, Ds_Currency, Ds_Response, etc.
-        return RedsysNotification.from(params);
    }

-    public static record RedsysNotification(String order, String dsResponse, long amountCents, String currency) {
-        static RedsysNotification from(Map<String, Object> p) {
-            String order = (String) p.get("Ds_Order");
-            String resp  = String.valueOf(p.get("Ds_Response"));
-            long amount  = Long.parseLong((String) p.get("Ds_Amount"));
-            String curr  = String.valueOf(p.get("Ds_Currency"));
-            return new RedsysNotification(order, resp, amount, curr);
+    // ---------- STEP 4: Validar notificación ----------
+    public RedsysNotification validateAndParseNotification(String dsSignature, String dsMerchantParametersB64) throws Exception {
+        Map<String, Object> mp = decodeMerchantParametersToMap(dsMerchantParametersB64);
+        RedsysNotification notif = new RedsysNotification(mp);
+
+        if (notif.order == null || notif.order.isBlank()) {
+            throw new IllegalArgumentException("Falta Ds_Order en Ds_MerchantParameters");
        }
-        // Éxito si 0–99.
+
+        String expected = Signature.createMerchantSignature(
+                secretKeyBase64, notif.order, dsMerchantParametersB64
+        );
+
+        if (!safeEqualsB64(dsSignature, expected)) {
+            throw new SecurityException("Firma Redsys no válida");
+        }
+
+        return notif;
+    }
+
+    // ---------- HELPERS ----------
+    private static boolean safeEqualsB64(String a, String b) {
+        if (Objects.equals(a, b)) return true;
+        try {
+            String na = normalizeB64(a);
+            String nb = normalizeB64(b);
+            byte[] da = Base64.getDecoder().decode(na);
+            byte[] db = Base64.getDecoder().decode(nb);
+            return MessageDigest.isEqual(da, db);
+        } catch (Exception e) {
+            return false;
+        }
+    }
+
+    private static String normalizeB64(String s) {
+        if (s == null) return "";
+        String n = s.replace('-', '+').replace('_', '/');
+        int mod = n.length() % 4;
+        if (mod == 2) n += "==";
+        else if (mod == 3) n += "=";
+        else if (mod == 1) n += "===";
+        return n;
+    }
+
+    // ---------- MODELO DE NOTIFICACIÓN ----------
+    public static final class RedsysNotification {
+        public final Map<String, Object> raw;
+        public final String order;
+        public final String response;
+        public final long amountCents;
+        public final String currency;
+
+        public RedsysNotification(Map<String, Object> raw) {
+            this.raw = raw;
+            this.order = str(raw.get("Ds_Order"));
+            this.response = str(raw.get("Ds_Response"));
+            this.currency = str(raw.get("Ds_Currency"));
+            this.amountCents = parseLongSafe(raw.get("Ds_Amount"));
+        }
+
        public boolean authorized() {
            try {
-                int r = Integer.parseInt(dsResponse);
+                int r = Integer.parseInt(response);
                return r >= 0 && r <= 99;
            } catch (Exception e) { return false; }
        }
+
+        private static String str(Object o) { return o == null ? null : String.valueOf(o); }
+        private static long parseLongSafe(Object o) {
+            try { return Long.parseLong(String.valueOf(o)); } catch (Exception e) { return 0L; }
+        }
    }
-    
 }