Is there any way to encrypt & decrypt credit card details with custom key using ColdFusion?
I have tried with JAVA file (Should i post the code?).
there is the code in which am getting error.
<cfdump var="#CreateObject('JAVA','StrongAES')#"><cfabort>
I am getting Server Error 500
Thanks
You can use encrypt and decrypt methods to perform encryption and decryption. You can either user generate secret key or use your custom key to do that.
Here is what i will do.
<!--- To generate secret key (you can also use your custom key) --->
<cfset secretKey = generateSecretKey("AES") />
<!--- to encrypt --->
<cfset encryptedDetails = encrypt(cardDetails, secretKey , "AES/CBC/PKCS5Padding", "HEX") />
<!--- to decrypt --->
<cfset cardDetails= decrypt(encryptedDetails , secretKey , "AES/CBC/PKCS5Padding", "HEX") />
For more details see Encrypt and decrypt
Related
I have gone through a number of other related posts on this subject and have been able to replicate them with no problems. However, I cannot get the expected signature result using my own data, no matter what I try to do. I would greatly appreciate any assistance. Here are the API requirements:
Convert the data to sign from an ASCII string to a byte array
Convert your Secret Access Key from a Base64 string to a byte array
Use the byte array created in step 1 as the key for a HMAC-SHA1 signer
Calculate the HMAC-SHA1 hash of the byte array created in step 2. The result will be a byte array
Convert the byte array created in step 3 to a Base64 encoded string
According to the documentation:
Assuming your Secret Access Key is “AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==”
Assuming data to sign is
“http://membersuite.com/contracts/IConciergeAPIService/WhoAmI00000000-0000-0000-0000-00000000000011111111-1111-1111-1111-111111111111"
Signature should be “2zsMYdHb/MJUeTjv5cQl5pBuIqU=”
I have been unable to get that signature, despite trying a variety of methods from the other posts. For example:
<cffunction name="hmacEncrypt" returntype="binary" access="public" output="false">
<cfargument name="base64Key" type="string" required="true" default="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==">
<cfargument name="signMessage" type="string" required="true" default="http://membersuite.com/contracts/IConciergeAPIService/WhoAmI00000000-0000-0000-0000-00000000000011111111-1111-1111-1111-111111111111">
<cfargument name="encoding" type="string" default="UTF-8">
<cfset var messageBytes = JavaCast("string",arguments.signMessage).getBytes(arguments.encoding)>
<cfset var keyBytes = binaryDecode(arguments.base64Key, "base64")>
<cfset var key = createObject("java","javax.crypto.spec.SecretKeySpec")>
<cfset var mac = createObject("java","javax.crypto.Mac")>
<cfset key = key.init(keyBytes,"HmacSHA512")>
<cfset mac = mac.getInstance(key.getAlgorithm())>
<cfset mac.init(key)>
<cfset mac.update(messageBytes)>
<cfreturn mac.doFinal()>
</cffunction>
Dumping the output of that function does not give me any errors, but neither does it match the expected output. Again, I would greatly appreciate any assistance or nudges in the right direction. I think part of my trouble lies in how I am encoding the key and URL string, but I am not sure. Thank you all in advance!
key.init(keyBytes,"HmacSHA512")
Almost. That UDF is hard coded to use "HmacSHA512". Change it to "HmacSHA1", or better yet, make it a function parameter like "encoding".
Example:
<cfset action = "http://membersuite.com/contracts/IConciergeAPIService/WhoAmI">
<cfset associationId = "00000000-0000-0000-0000-000000000000">
<cfset sessionId = "11111111-1111-1111-1111-111111111111">
<cfset stringToSign = action & associationId & sessionId>
<cfset key = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==">
<cfset result = binaryEncode(hmacEncrypt(key, stringToSign, "US-ASCII"), "base64")>
<cfset writeDump(result)>
Result:
2zsMYdHb/MJUeTjv5cQl5pBuIqU=
NB: As of CF10+, HMAC is a now core function:
<cfset resultAsHex = hmac(stringToSign, binaryDecode(key, "base64"), "hmacsha1", "us-ascii")>
<cfset resultAsBase64 = binaryEncode(binaryDecode(resultAsHex, "hex"), "base64")>
<cfset writeDump(resultAsBase64)>
I'm able to get all the values that I want from cfldap.
But when I try to update the user image I don't know how to send the correct value for the binary image attribute.
I tried getting the image variable from the cffile upload
<cffile action="UPLOAD" filefield="file" destination="c:\inetpub\wwwroot\test" nameconflict="OVERWRITE" result="image" />
Also tried using cfimage with a static image -
<cfimage action="read" source="c:\inetpub\wwwroot\test\image.png" name="anotherImage">
Or even with
<cffile action="READBINARY" file="c:\inetpub\wwwroot\test\image.png" variable="BinaryImageContent">
But in any case, when I call
<cfldap action="modify"
DN="#results.dn#"
attributes="thumbnailPhoto=#obj.image#"
modifytype="replace"
server="myserver"
username="mydomain\myuser"
password="mypass">
The #results.dn# is the DN from the user that I get before (Everything ok on that)
I created the #obj.image# to be able to try all types of variables
Also tried these params:
<cfset obj.test1 = BinaryImageContent />
<cfdump var="#imageGetBlob(anotherImage)#" />
<cfdump var="#toString(obj.test1)#" />
By the way, the error that I get its
One or more of the required attributes may be missing or incorrect or
you do not have permissions to execute this operation on the server.
The problem is that I'm using the domain administrator account to update that
(THIS ERROR IS SOLVED - The network guys hadn't given me this permission... now I have it).
Now what I'm using is the following:
<cffile action="UPLOAD" filefield="file" destination="c:\inetpub\wwwroot\test" nameconflict="OVERWRITE" result="imagem" />
<cfset filename = "C:\inetpub\wwwroot\test\#imagem.serverFile#">
<cffile action="readbinary" file="#filename#" variable="img">
<cfset imgStr = BinaryEncode(img, "hex")>
<cfset imgStr2 = REReplace(imgStr, "..", "\\\0", "ALL")>
<cfldap
action="modify"
DN="#results.dn#"
attributes="thumbnailPhoto=#imgStr2#"
modifytype="replace"
server="myserver"
username="mydomain\myuser"
password="mypass"
>
but I get this binary code
Whats strange, is that before I had a binary code like -1-41 and now, nothing similar...
and when I try to show the pic
And this is one correct image....
EDIT: The original code sample below shows how it could work if ColdFusion wouldn't have a bug (or "very unfortunate design decision") in CFLDAP.
CFLDAP encodes the parameter values you pass to it before sending them to the server. This is nice because you don't have to worry about value encoding. But... it is also not helpful because it means you can't send encoded values yourself anymore, since CF invariably encodes them again.
Bottom line: As far as LDAP is concerned, encoding a file into a hex-string is correct, but CFLDAP mangles that string before sending it to the server. Combined with the fact that CFLDAP does not accept raw binary data this means that you can't use it to update binary attributes.
The comments contain a suggestion for a 3rd-party command line tool that can easily substitute CFLDAP for this task.
You need to send an encoded string to the server as the attribute value. The encoding scheme for binary data in LDAP queries has the form of attribute=\01\02\03\ab\af\cd.
Read your image into a byte array, encode that array into a hex string and prefix every encoded byte with a backslash.
<cffile action="readbinary" file="#filename#" variable="img">
<cfset imgStr = BinaryEncode(img, "hex")>
<cfset imgStr = REReplace(imgStr, "..", "\\\0", "ALL")>
<cfldap
action="modify"
DN="#results.dn#"
attributes="thumbnailPhoto=#imgStr#"
modifytype="replace"
server="myserver"
username="mydomain\myuser"
password="mypass"
>
Also don't forget what the documentation has to say about modifyType.
I am trying to setup my CF server with Amazon's SES but I guess I am doing something wrong...
This is what I did so far
• Created credentials from my AWS console
• Added the necessary settings (server, port, user/pass) in my CF admin
• Created a test script
• No errors of any sort appeared
• No emails received and based on my AWS SES console nothing was sent out.
Anyone ever used this service before with CF and can point me to the right direction I will appreciate it.
The below code does not use the CFMail tag. It allows for sending raw formatted emails, calendar invites, etc... using a CFHTTP POST to AWS SES without the constraints of the CFMAIL tag. If you want to use the CFMail TAG, see the AWS instructions for configuring an SMTP server.
Grab the following before implementing the below code:
Refer to <cfLove/> Sending emails with Amazon SES API SendRawEmail in ColdFusion to construct raw email message
Reference to Leigh Sv4Util.cfc for AWS v4 Signing
NOTE: in the V4 Signing cfc -- CF16 returns the AMZDate as +0000
for zulu. Find AMZDate (2 places) change to LEFT(AMZDate, 15) & "Z" to force
the to end in Z -- 20200930T222905+0000 -> 0200930T222905Z.
Refer to AWS for Sample SES Post
The sample code below assumes that attributes.mail was formatted from the sample code from CFLove and you are using the Sv4Util.cfc for signing.
<!--- This is sample code for send to AWS SES as Raw Data Send post --->
<!--- Init Signing CFC --->
<cfset LocalVar.s4 = CreateObject('component', 'Sv4Util.cfc').init(
accessKeyId = attributes.AWSKey
, secretAccessKey = attributes.AWSSecretKey
, defaultRegionName = attributes.AWSRegion
, defaultServiceName = "ses"
)>
<!---
Refer to https://docs.aws.amazon.com/ses/latest/DeveloperGuide/using-ses-api-requests.html
AWS Post Example Requirements
- Action
- Destinations.members.?
- Source
- RawMessage.Data
--->
<cfset PL = {}>
<cfset PL['Action'] = "SendRawEmail">
<!--- List of Email Addresses --->
<cfset count = 1>
<cfloop list="#attributes.deliverto#" index="i">
<cfset PL["Destinations.members.#count#"] = i>
<cfset count = count + 1>
</cfloop>
<!--- From --->
<cfset PL["Source"] = trim(attributes.from)>
<!--- The RAW MESSAGE -- Must be encoded due to BASE64 ending with an = --->
<cfset PL["RawMessage.Data"] = URLEncodedFormat(ToBase64(trim(ArrayToList(attributes.mail,chr(10)))))>
<!--- Build URL format string for posting the above struct (PLS) --->
<cfset PLS = ''>
<cfloop list="#ListSort(structKeyList(PL), 'text', 'asc')#" index="i" >
<cfset PLS = ListAppend(PLS, i & "=" & PL[i], "&")>
</cfloop>
<!--- Sign Request --->
<cfset LocalVar.Signing = LocalVar.s4.generateSignatureData(
requestMethod = 'POST' <!--- UPPER CASE --->
, hostName = 'email.#attributes.AWSRegion#.amazonaws.com'
, requestURI = ''
, requestBody = PLS
, requestHeaders = {"content-type":"application/x-www-form-urlencoded"}
, requestParams = {}
)>
<!--- Do POST to AWS --->
<!--- Required in POST
- x-amz-content-sha256
- Authorization
- x-amz-date
- content-type
- body
--->
<cfhttp url="https://email.#attributes.AWSRegion#.amazonaws.com" method="post" result="result">
<cfhttpparam type="header" name="x-amz-content-sha256" value="#LocalVar.Signing.RequestPayLoad#" />
<cfhttpparam type="header" name="Authorization" value="#LocalVar.Signing.authorizationHeader#" />
<cfhttpparam type="header" name="x-amz-date" value="#LocalVar.Signing.AMZDate#" />
<cfhttpparam type="header" name="content-type" value="application/x-www-form-urlencoded" />
<cfhttpparam type="body" value="#PLS#" />
</cfhttp>
I have a URL which when run in the browser, displays JSON data, since I am new to coldfusion, I am wondering, what would be a good way to
grab the data from the web browser? Later on I will be storing the individial JSON data into MySQL database, but I need to figure out step 1
which is grabbing the data.
Please advise.
Thanks
You'll want to do a cfhttp request to load the external content.
Then you can use deserializeJSON to convert the JSON object into the appropriate cfml struct.
See the example Adobe gives in the deserializeJSON documentation.
Here is quick example:
<!--- Set the URL address. --->
<cfset urlAddress="http://ip.jsontest.com/">
<!--- Generate http request from cf --->
<cfhttp url="#urlAddress#" method="GET" resolveurl="Yes" throwOnError="Yes"/>
<!--- handle the response from the server --->
<cfoutput>
This is just a string:<br />
#CFHTTP.FileContent#<br />
</cfoutput>
<cfset cfData=DeserializeJSON(CFHTTP.FileContent)>
This is object:<br />
<cfdump var="#cfData#">
Now you can do something like this:<br />
<cfoutput>#cfData.ip#</cfoutput>
Execute this source here http://cflive.net/
If I am using integration authentication in IIS, how can I determine if the current user is part of a specific active directory role, using ColdFusion.
This would be analogous to using the IsInRole() method of the User object in .net - how can it be done in ColdFusion
the only way to do this is to use cflap and query the active directory server to get a list of groups. after you've gotten the list, you will need to parse it to see if that user belongs to the group in question. below is some code i wrote with some comments for the people at work. values have been changed to protect the innocent.
<!--- getting the user login id --->
<cfset variables.thisuser = ListLast(cgi.AUTH_USER, "\")>
<!--- this is the group they must be a memberof --->
<cfset variables.groupname = "CN=<the group to search for>">
<!--- list of all groups that the user belongs to, will be populated later --->
<cfset variables.grouplist = "">
<cftry>
<cfldap action="query"
name="myldap"
attributes="memberOf"
start="OU=<your ou>,DC=<your dc>,DC=<your dc>"
scope="subtree"
filter="(sAMAccountName=#variables.thisuser#)"
server="<your AD server ip>"
port="<your AD server port>"
username="<network login if required>"
password="<network password if required>">
<cfset variables.grouplist = myldap.memberOf>
<cfcatch>
</cfcatch>
</cftry>
<cfif FindNoCase(variables.groupname, variables.grouplist)>
<cfcookie name="SecurityCookieName" value="">
</cfif>
In coldfusion to check a users role you would use IsUserInRole()
http://cfquickdocs.com/#IsUserInRole
Edit - And actually I hope I understood correctly, I don't know anything about IIS or active directory. As I understood the question you wanted to check a users role in Coldfusion.
I think you may be looking for something more like this: http://vincentcollins.wordpress.com/2008/08/20/active-directory-ldap-authentication/ or this: http://coldfusion.sys-con.com/node/154225
Just as a follow up, SQL server has ADSI providers that allow you to create a linked server to your LDAP servers.
From there you can do ldap queries to your AD and it returns like any other record set.
I find it a little easier to do complex ldap query then via CF.