-
Notifications
You must be signed in to change notification settings - Fork 3
/
RefundServlet.java
127 lines (106 loc) · 5.8 KB
/
RefundServlet.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
/*
* Copyright 2015-2020 WebPKI.org (http://webpki.org).
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.webpki.saturn.merchant;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.webpki.json.JSONObjectReader;
import org.webpki.json.JSONObjectWriter;
import org.webpki.saturn.common.AuthorizationRequest;
import org.webpki.saturn.common.HttpSupport;
import org.webpki.saturn.common.KnownExtensions;
import org.webpki.saturn.common.PayeeAuthority;
import org.webpki.saturn.common.ProviderAuthority;
import org.webpki.saturn.common.RefundRequest;
import org.webpki.saturn.common.RefundResponse;
import org.webpki.saturn.common.UrlHolder;
//////////////////////////////////////////////////////////////////////////
// This servlet initiates a refund and shows the result. //
// Note: authorization of refunds are supposed to be carried out by the //
// Payee. This would typically involve user authentication and logging. //
//////////////////////////////////////////////////////////////////////////
public class RefundServlet extends HttpServlet implements MerchantProperties {
private static final long serialVersionUID = 1L;
static Logger logger = Logger.getLogger(RefundServlet.class.getCanonicalName());
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
UrlHolder urlHolder = new UrlHolder(request);
try {
HttpSession session = request.getSession(false);
if (session == null) {
ErrorServlet.sessionTimeout(response);
return;
}
ResultData resultData = (ResultData) session.getAttribute(RESULT_DATA_SESSION_ATTR);
if (resultData == null) {
ErrorServlet.systemFail(response, "Missing result data");
return;
}
boolean debug = HomeServlet.getOption(session, DEBUG_MODE_SESSION_ATTR);
AuthorizationRequest authorizationRequest = resultData.optionalRefund.getAuthorizationRequest();
logger.info("Trying to refund Amount=" + resultData.amount.toString() +
" " + resultData.currency.toString() +
", Account=" + resultData.accountReference +
", Method=" + resultData.paymentMethod.getPaymentMethodUrl());
PayeeAuthority payeeAuthority =
MerchantService.externalCalls.getPayeeAuthority(urlHolder, authorizationRequest.getAuthorityUrl());
ProviderAuthority providerAuthority =
MerchantService.externalCalls.getProviderAuthority(urlHolder, payeeAuthority.getProviderAuthorityUrl());
String refundUrl = providerAuthority.getExtensions() == null ? null :
providerAuthority.getExtensions().getStringConditional(KnownExtensions.REFUND_REQUEST);
if (refundUrl == null) {
ErrorServlet.systemFail(response, "Selected payment method doesn't support refund!");
return;
}
// We do the assumption here that SEPA is always useful for receiving and sending money
String context = new org.payments.sepa.SEPAAccountDataDecoder().getContext();
JSONObjectWriter refundRequestData =
RefundRequest.encode(resultData.optionalRefund,
refundUrl,
resultData.amount,
MerchantService.sourceAccounts.get(context),
MerchantService.getReferenceId(),
MerchantService.paymentNetworks.get(
authorizationRequest
.getPaymentMethod()
.getPaymentMethodUrl()).signer);
JSONObjectReader refundResponseData =
MerchantService.externalCalls.postJsonData(urlHolder, refundUrl, refundRequestData);
if (debug) {
DebugData debugData = (DebugData) session.getAttribute(DEBUG_DATA_SESSION_ATTR);
debugData.refundRequest = new JSONObjectReader(refundRequestData);
debugData.refundResponse = refundResponseData;
}
RefundResponse refundResponse = new RefundResponse(refundResponseData);
refundResponse.getSignatureDecoder().verify(
authorizationRequest.getPaymentMethod().isCardPayment() ?
MerchantService.acquirerRoot : MerchantService.paymentRoot);
HTML.refundResultPage(response,
debug,
resultData);
} catch (Exception e) {
String message = (urlHolder.getUrl() == null ? "" : "URL=" + urlHolder.getUrl() + "\n") + e.getMessage();
logger.log(Level.SEVERE, HttpSupport.getStackTrace(e, message));
ErrorServlet.systemFail(response, message);
}
}
}