Regular Contributor
Posts: 63
Registered: ‎05-29-2015

Re: Coldfusion SIM HMAC-SHA512 Update

FYI. Also you can use compound concat in CF.



<cfset delim = "^">
<cfset stringToHash = delim & form.x_trans_id>
<cfset stringToHash &= delim & form.x_test_request>
<cfset stringToHash &= delim & form.x_auth_code>

<cfset stringToHash &= delim & form.x_invoice_num & delim>

Posts: 1
Registered: ‎07-02-2020

Re: Coldfusion SIM HMAC-SHA512 Update


Just a quick note on a follow-up to anyone else using CF to check the hmacSHA2 hash, the following works for me.  Just plug in your own values using CFSCRIPT below.


Be advised that the amount must not include $ or , which could be a factor in not matching, so there is a REReplace() added.


Like the AuthNet docs say, if you do not have a Signature Key created, it will be a null response.


data = deserializeJSON(AuthNetResponse) // this value assigned from CFHTTP response
amount = REReplace(TOTAL, "\$|,", "", "ALL")
transResp = data.transactionResponse;
hmacVal = "^#authNetAPI.LoginId#^#transResp.transId#^#amount#^"
hmacKey = binaryDecode(authNetAPI.SigKey, "hex");
transHash512 = hmac(hmacVal, hmacKey, "HMACSHA512", "iso-8859-1")
signatureMatch = false
if (transResp.transHashSha2 eq transHash512) {
signatureMatch = true