Amazon FPS and Simple Pay Migration from Signature Version 1 to 2 in C#

Sample Code & Libraries>Amazon FPS>Amazon FPS and Simple Pay Migration from Signature Version 1 to 2 in C#
Community Contributed Software

  • Amazon Web Services provides links to these packages as a convenience for our customers, but software not authored by an "@AWS" account has not been reviewed or screened by AWS.
  • Please review this software to ensure it meets your needs before using it.

Sample code to aid you migrate your application built on Amazon FPS or Amazon Simple Pay from Signature Version 1 to Signature Version 2.

Details

Submitted By: Abhay@AWS
AWS Products Used: Amazon FPS
Language(s): C#
License: Apache License 2.0
Created On: November 4, 2009 9:50 PM GMT
Last Updated: September 22, 2010 6:56 PM GMT
Download

About this Sample

  • Sample code to aid you migrate your application built on Amazon FPS or Amazon Simple Pay from Signature Version 1 to Signature Version 2.
  • Sample Code Version 1.0
  • Release Date : 2009-11-05

Prerequisites

  • Visual Studio 2005, .NET 2.5

Making ASP/CBUI/FPS requests using Signature Version2

Summary of Changes

There are few changes in signature version 2 compared to signature version 1:

  • The algorithm to create the string to sign is different as described in the documentation
  • For enhanced security, you can use HMAC-SHA256 while signing (Although we recommend HMAC-SHA256, we still support HMAC-SHA1)
  • We have introduced two new mandatory parameters — SignatureMethod (can take values HmacSHA256 or HmacSHA1) and SignatureVersion (can take values 1 or 2)

Verifying IPNs and ReturnUrl requests using Signature Version2

Summary of Changes

There are few changes in signature version 2 compared to signature version 1:

  • The algorithm to create the string to sign is different as described in the documentation.
  • For enhanced security, signature version 2 uses server side validation approach instead of symmetric key approach of signature version 1.
  • Once opted for signature version 2 in amazon payments website, IPNs and ReturnUrl requests will have three new mandatory parameters - signatureMethod (currently can be only RSA-SHA1) and signatureVersion (can be either 1 or 2) and certificateUrl

Contents of the migration sample code:

This package contains the following files for helping you migrate from signature version 1 to version 2.

  1. SignatureUtils.cs - This class contains the following helper functions for calculating signature.
    • signParameters - Takes a map of all the request parameters, aws secret key and returns base64 encoded signature. Takes additional parameters like httpMethod, (GET or POST), host (e.g. authorize.payments-sandbox.amazon.com) and requestURI (e.g. /pba/paypipeline) for signature version 2. The input map should contain signature version parameter depending on which it computes the signature.
  2. SignatureUtilsForOutbound.cs - This class contains the following helper functions for verifying signature.
    • validateRequest - Returns whether the signature specified in IPN or return url is correct or not. Takes a map of all the IPN/return url parameters. Takes additional parameters like httpMethod, (GET or POST), url end point recieving the IPN or return url request (e.g. www.mysite.com/handle_ipn.jsp) for signature version 2.
  3. FPSCBUISampleCode.cs - Calculates a sample FPS payment authorization request for signature versions 1 and 2
  4. FPSAPISampleCode.cs - Calculates a sample FPS API request for signature versions 1 and 2
  5. ASPPayNowSampleCode.cs - Calculates a sample ASP payment request for signature versions 1 and 2
  6. IPNVerificationSampleCode.cs - Verifies a sample IPN request for signature versions 1 and 2
  7. ReturnUrlVerificationSampleCode.cs - Verifies a sample return url redirected request for signature versions 1 and 2
©2014, Amazon Web Services, Inc. or its affiliates. All rights reserved.