From e7323d32ad421ee3addc5d61f31842bc1bf06506 Mon Sep 17 00:00:00 2001
From: Martin Naumann <martin.naumann@centralway.com>
Date: Mon, 19 Nov 2012 17:27:14 +0100
Subject: [PATCH 1/5] Added convertHexStringToByteString to fix the stupid
 DataTrans sign HMAC stuff.

---
 PaymentDatatrans.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/PaymentDatatrans.php b/PaymentDatatrans.php
index 737a5ed..48d03da 100644
--- a/PaymentDatatrans.php
+++ b/PaymentDatatrans.php
@@ -173,7 +173,7 @@ public function checkoutForm()
 		);
 		
 		// Security signature (see Security Level 2)
-		$arrParams['sign'] = hash_hmac('md5', $arrParams['merchantId'].$arrParams['amount'].$arrParams['currency'].$arrParams['refno'], $this->datatrans_sign);
+		$arrParams['sign'] = hash_hmac('md5', $arrParams['merchantId'].$arrParams['amount'].$arrParams['currency'].$arrParams['refno'], convertHexStringToByteString($this->datatrans_sign));
 
 		$objTemplate = new FrontendTemplate('iso_payment_datatrans');
 		$objTemplate->id = $this->id;
@@ -187,6 +187,12 @@ public function checkoutForm()
 	}
 	
 	
+	private function convertHexStringToByteString($hexString) {
+		$result = "";
+		for($i=0;$i<strlen($hexString);$i += 2) $result .= chr(hexdec($hexString.substr(i,2)));
+		return $result;
+	}
+	
 	/**
 	 * Validate array of post parameter agains required values
 	 * @param array

From 4774a45db40f45be45d7720b48b152fca40abe8d Mon Sep 17 00:00:00 2001
From: Martin Naumann <martin.naumann@centralway.com>
Date: Fri, 14 Dec 2012 13:13:10 +0100
Subject: [PATCH 2/5] Made it actual PHP code.

---
 PaymentDatatrans.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/PaymentDatatrans.php b/PaymentDatatrans.php
index 48d03da..9383e3a 100644
--- a/PaymentDatatrans.php
+++ b/PaymentDatatrans.php
@@ -189,7 +189,7 @@ public function checkoutForm()
 	
 	private function convertHexStringToByteString($hexString) {
 		$result = "";
-		for($i=0;$i<strlen($hexString);$i += 2) $result .= chr(hexdec($hexString.substr(i,2)));
+		for($i=0;$i<strlen($hexString);$i += 2) $result .= chr(hexdec($hexString[$i].$hexString[$i+1]));
 		return $result;
 	}
 	

From 07330daf6292f3769d40a872a5700b34f9522fc5 Mon Sep 17 00:00:00 2001
From: Martin Naumann <martin.naumann@centralway.com>
Date: Mon, 17 Dec 2012 08:58:25 +0100
Subject: [PATCH 3/5] The converted hash is also needed in the postSale checks

---
 PaymentDatatrans.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/PaymentDatatrans.php b/PaymentDatatrans.php
index 9383e3a..6722746 100644
--- a/PaymentDatatrans.php
+++ b/PaymentDatatrans.php
@@ -63,8 +63,8 @@ public function processPostSale()
 		}
 
 		// Validate HMAC sign
-		if ($this->Input->post('sign2') != hash_hmac('md5', $this->datatrans_id.$this->Input->post('amount').$this->Input->post('currency').$this->Input->post('uppTransactionId'), $this->datatrans_sign))
-		{
+        if ($this->Input->post('sign2') != hash_hmac('md5', $this->datatrans_id.$this->Input->post('amount').$this->Input->post('currency').$this->Input->post('uppTransactionId'), $this->convertHexStringToByteString($this->datatrans_sign)))
+        {
 			$this->log('Invalid HMAC signature for Order ID ' . $this->Input->post('refno'), __METHOD__, TL_ERROR);
 			return false;
 		}

From 265ef250624fd72fcce1b5f786d4be3989cf84fa Mon Sep 17 00:00:00 2001
From: Martin Naumann <martin.naumann@centralway.com>
Date: Mon, 17 Dec 2012 14:52:17 +0100
Subject: [PATCH 4/5] Fixed a little glitch from backporting. Added docblock
 comment

---
 PaymentDatatrans.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/PaymentDatatrans.php b/PaymentDatatrans.php
index 6722746..568ad96 100644
--- a/PaymentDatatrans.php
+++ b/PaymentDatatrans.php
@@ -173,7 +173,7 @@ public function checkoutForm()
 		);
 		
 		// Security signature (see Security Level 2)
-		$arrParams['sign'] = hash_hmac('md5', $arrParams['merchantId'].$arrParams['amount'].$arrParams['currency'].$arrParams['refno'], convertHexStringToByteString($this->datatrans_sign));
+		$arrParams['sign'] = hash_hmac('md5', $arrParams['merchantId'].$arrParams['amount'].$arrParams['currency'].$arrParams['refno'], $this->convertHexStringToByteString($this->datatrans_sign));
 
 		$objTemplate = new FrontendTemplate('iso_payment_datatrans');
 		$objTemplate->id = $this->id;
@@ -185,8 +185,12 @@ public function checkoutForm()
 
 		return $objTemplate->parse();
 	}
-	
-	
+
+	/**
+	 * Converts the sign key from the hex format you get from the Datatrans interface to the byte format that is needed to actually hash transaction requests
+	 * @param $hexString String The sign key from the datatrans interface
+	 * @return string The byte-formatted sign key needed as the key to hash the request parameters
+	 */
 	private function convertHexStringToByteString($hexString) {
 		$result = "";
 		for($i=0;$i<strlen($hexString);$i += 2) $result .= chr(hexdec($hexString[$i].$hexString[$i+1]));

From 94e8e8216477f1c841b703473aa44ea6431d0d4b Mon Sep 17 00:00:00 2001
From: Martin Naumann <martin.naumann@centralway.com>
Date: Mon, 17 Dec 2012 16:23:56 +0100
Subject: [PATCH 5/5] Let there be light. And there was light.

---
 README.txt                              | 4 ++++
 languages/de/tl_iso_payment_modules.php | 2 +-
 languages/en/tl_iso_payment_modules.php | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/README.txt b/README.txt
index 91b97ba..1c361b3 100644
--- a/README.txt
+++ b/README.txt
@@ -13,3 +13,7 @@ After this please log in your datatrans admin panel and insert the correct url's
 
 For more security please activate the sign parameter security. Only with this your payment
 process is 100% secured. You can generate the sign parameter in the datatrans admin panel.
+
+Note:
+	If you use the sign parameter, it is automatically converted to byte format for you.
+	Just copy it from the DataTrans control panel and isotope-datatrans converts it for you.
diff --git a/languages/de/tl_iso_payment_modules.php b/languages/de/tl_iso_payment_modules.php
index dafe142..4d64e15 100644
--- a/languages/de/tl_iso_payment_modules.php
+++ b/languages/de/tl_iso_payment_modules.php
@@ -33,5 +33,5 @@
  * Fields
  */
 $GLOBALS['TL_LANG']['tl_iso_payment_modules']['datatrans_id']	= array('Merchant-ID', 'Bitte geben Sie ihre Datatrans Merchant-ID ein.');
-$GLOBALS['TL_LANG']['tl_iso_payment_modules']['datatrans_sign']	= array('HMAC-Schlüssel', 'Bitte geben Sie den HMAC-Schlüssel aus Ihrem Datatrans Control Panel ein.');
+$GLOBALS['TL_LANG']['tl_iso_payment_modules']['datatrans_sign']	= array('HMAC-Schlüssel', 'Bitte geben Sie den HMAC-Schlüssel aus Ihrem Datatrans Control Panel ein (wie dort angezeigt, er wird automatisch konvertiert).');
 
diff --git a/languages/en/tl_iso_payment_modules.php b/languages/en/tl_iso_payment_modules.php
index 99047e2..368727e 100644
--- a/languages/en/tl_iso_payment_modules.php
+++ b/languages/en/tl_iso_payment_modules.php
@@ -33,5 +33,5 @@
  * Fields
  */
 $GLOBALS['TL_LANG']['tl_iso_payment_modules']['datatrans_id']	= array('Merchant-ID', 'Please enter your merchant ID.');
-$GLOBALS['TL_LANG']['tl_iso_payment_modules']['datatrans_sign']	= array('HMAC Key', 'Please enter your HMAC key from the Datatrans control panel.');
+$GLOBALS['TL_LANG']['tl_iso_payment_modules']['datatrans_sign']	= array('HMAC Key', 'Please enter your HMAC key from the Datatrans control panel (as seen there in hex format, it is automatically converted).');