sms verification code encryption for verify endpoint complete

iyzico · Mar 25, 2024 · 56b85d5 · 56b85d5
1 parent 8486c3f
commit 56b85d5
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 2 deletions.
diff --git a/samples/verify_c2c_sub_merchant.php b/samples/verify_c2c_sub_merchant.php
@@ -3,11 +3,19 @@
 require_once('config.php');
 
 function verifyC2CSubMerchant(): void {
+    $credentials = new \Iyzipay\Model\C2CSubMerchantApiCredentials();
+    $credentials->setSalt('Merchant onboarding salt');
+    $credentials->setSecretKey('Merchant onboarding secret key');
+
+    $encryptedVerificationCode = \Iyzipay\Model\C2CSubMerchantSmsVerificationCodeEncrypter::encrypt($credentials, '123456');
+
     $request = new \Iyzipay\Request\VerifyC2CSubMerchantRequest();
     $request->setLocale(\Iyzipay\Model\Locale::TR);
     $request->setConversationId('422117402');
-    $request->setTxId('4973f734-e946-40dc-b3a9-34e0efb330d5');
-    $request->setSmsVerificationCode('HZ87equxm70klGxX1nZX7A==');
+    $request->setTxId('txId obtained from create subMerchant');
+
+//    Encrypted code won't work in Sandbox
+    $request->setSmsVerificationCode($encryptedVerificationCode);
 
     $c2cSubMerchant = \Iyzipay\Model\C2CSubMerchant::verify($request, Config::options());
     print_r($c2cSubMerchant);

diff --git a/src/Iyzipay/Model/C2CSubMerchantApiCredentials.php b/src/Iyzipay/Model/C2CSubMerchantApiCredentials.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace Iyzipay\Model;
+
+class C2CSubMerchantApiCredentials {
+    private string $salt;
+    private string $secretKey;
+
+    public function getSalt(): ?string {
+        return $this->salt ?? null;
+    }
+
+    public function setSalt(string $salt): void {
+        $this->salt = $salt;
+    }
+
+    public function getSecretKey(): ?string {
+        return $this->secretKey ?? null;
+    }
+
+    public function setSecretKey(string $secretKey): void {
+        $this->secretKey = $secretKey;
+    }
+}
diff --git a/src/Iyzipay/Model/C2CSubMerchantSmsVerificationCodeEncrypter.php b/src/Iyzipay/Model/C2CSubMerchantSmsVerificationCodeEncrypter.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace Iyzipay\Model;
+
+class C2CSubMerchantSmsVerificationCodeEncrypter {
+    public static function encrypt(C2CSubMerchantApiCredentials $credentials, string $smsVerificationCode): string {
+        $salt = $credentials->getSalt();
+        $secretKey = $credentials->getSecretKey();
+
+        if (is_null($salt) || is_null($secretKey)) {
+            throw new \InvalidArgumentException('Please setup credentials!');
+        }
+
+        $data = hash_pbkdf2('sha256', $smsVerificationCode, $salt, 65536, 0, true);
+        $initVector = openssl_random_pseudo_bytes(16, $crypto_strong);
+        $ciphertext = openssl_encrypt($data, 'aes-256-cbc-hmac-sha256', $secretKey, OPENSSL_RAW_DATA, $initVector);
+        return base64_encode($ciphertext);
+    }
+}