void CISO8583AcquirerGatewayFEServerSession::OnNetworkManagementRequest(CMultiXAppMsg &Msg)
{
CISO8583Msg ISOMsg;
CISO8583Msg::TValidationError Error = ISOMsg.FromISO((const byte_t *)Msg.AppData(),Msg.AppDataSize());
if(Error != CISO8583Msg::NoError)
{
Msg.Reply(Error);
return;
}
/*
Since Network Management messages include the destination gateway ID, we use it to find the link associated with this gateway.
*/
int ReplyError = ErrUnableToForwardMsg;
CISO8583AcquirerGatewayFELink *Link = Owner()->FindReadyLink(ISOMsg.TransactionDestinationInstitutionIdentificationCode());
if(Link)
{
std::string MsgKey = ISOMsg.STAN() + ISOMsg.DateTimeLocal() + ISOMsg.TransactionOriginatorInstitutionIdentificationCode();
ReplyError = Link->Forward(Msg,MsgKey);
}
if(ReplyError == 0)
{
Msg.Keep();
} else
{
Msg.Reply(ReplyError);
}
}
bool CMultiXWSStream::CallServiceNoWait(CMultiXAppMsg &Msg)
{
if(!IsRunning())
if(!Start())
return false;
CMultiXWSStreamEvent *Ev = new CMultiXWSStreamEvent(CMultiXWSStreamEvent::CallServiceFromMessage);
Msg.Keep();
Ev->m_MsgID = Msg.ID();
QueueEvent(Ev);
return true;
}
void CISO8583AuthorizerServerSession::ForwardToIssuer(int CreditAccountAtIssuer,CMultiXAppMsg &Msg,CISO8583Msg &ISOMsg)
{
/*
we get here if we need someone else to authorize the request. In that case we need to forward the request to our Acquirer Gateway Front End.
To do that we need to forward it with a different message code, so MultiXTpm will not forward it back to us. The way we do it,
the message code change is by setting the MTI version field to CISO8583Msg::ISO8583_Private. When the message is received by our
Gateway process, it will revert back to CISO8583Msg::ISO8583_2_1993 and forward it on.
When we forward a request, we do not block for a response, when a response arrives, we get it thru
the event "OnDataReplyReceived". in order to be able to associate the response with the original msg,
we pass a pointer to the original message in the "Context" parameter of the "Send" function, and when
"OnDataReplyReceived" is called, we retrieve this pointer by using "SavedContext()" in the Original msg we sent.
Since MultiX automatically destroys messages it forwards to the application, we must call "Keep()" on
the received message, to prevent it from being destroyed, in that case, when the reply is received, we need
to destroy the original message ourselves.
When we play the role of an acquirer gateway, usualy get the request from the POS terminal, do validation required
and maybe modify some data, and then forward the message to the issuer gateway, in our case, the forward will be to a process
in our system, that will decide to which issuer to forward to, based on that, will use a specific connection to the spcific
issuer gateway.
*/
/*
Before we forward the request, we need to set 3 fields to identify the message as a one sent from this process :
BMP 11 - STAN,
BMP 12 - Times,
BMP 32 - Our Acquirer ID
BMP 42 - our account within the issuer
When we receive the response from the remote gateway/issuer, we must replace these fields again to the orignal values
that the sender set before sending the request to us
*/
ISOMsg.SetTimes(time(NULL));
ISOMsg.SetSTAN(Owner()->GetNextSTAN());
ISOMsg.SetAcquiringInstitutionIdentificationCode(Owner()->MyAcquirerID());
CISO8583ElementValue Value(CISO8583Utilities::ToString(CreditAccountAtIssuer),CISO8583ElementValue::ISO8583ElementTypeNumeric);
ISOMsg.SetCardAcceptorIdentificationCode(Value);
ISOMsg.ToISO();
if(Send(CISO8583Msg::VersionDependentMTI(CISO8583Msg::ISO8583_Private,Msg.MsgCode()),ISOMsg.ISOBuffer(),ISOMsg.ISOBufferSize(),CMultiXAppMsg::FlagNotifyAll,0,0,&Msg))
Msg.Keep();
else
Msg.Reply(ErrUnableToForwardMsg);
}
void CMultiplexerServerFEServerSession::OnNewMsg(CMultiXAppMsg &Msg)
{
DebugPrint(1,"New Message Received\n");
int ReplyError = ErrUnableToForwardMsg;
CMultiplexerServerFELink *Link = Owner()->FindReadyLink(Msg.MsgCode());
if(Link)
{
ReplyError = Link->Forward(Msg);
}
if(ReplyError == 0)
{
Msg.Keep();
} else
{
Msg.Reply(ReplyError);
}
}
void CISO8583AcquirerGatewayFEServerSession::OnTransactionRequest(CMultiXAppMsg &Msg)
{
CISO8583Msg ISOMsg;
CISO8583Msg::TValidationError Error = ISOMsg.FromISO((const byte_t *)Msg.AppData(),Msg.AppDataSize());
if(Error != CISO8583Msg::NoError)
{
Msg.Reply(Error);
return;
}
if(Owner()->DebugLevel() >= 5)
{
std::string S;
ISOMsg.Dump(S);
DebugPrint(2,"New ISO 8583 Message\n%s\n",S.c_str());
}
/*
When we receive a transaction for forwarding, we have no indication within the message, to which gateway we should forward the message.
It is assumed that there is some mechanism to use the PAN and/or Track2 in order to decide to which gateway we should forward the request.
In this application, we do not use any logic to derive the Gateway ID from these details. We just use a stub routine that gets PAN
as input and returns the gateway ID of the issuer. Using the gateway ID, we look for a link that its RemoteGatewayID() is equal to
the value returned. If we find one and it is signed in, we forward the request to it, otherwise we reply with an error.
*/
int ReplyError = ErrUnableToForwardMsg;
std::string RemoteGatewayID = PANToGatewayID(ISOMsg.PAN());
CISO8583AcquirerGatewayFELink *Link = Owner()->FindReadyLink(RemoteGatewayID);
if(Link)
{
std::string MsgKey = ISOMsg.STAN() + ISOMsg.DateTimeLocal() + ISOMsg.AcquiringInstitutionIdentificationCode();
ReplyError = Link->Forward(Msg,MsgKey);
}
if(ReplyError == 0)
{
Msg.Keep();
} else
{
Msg.Reply(ReplyError);
}
}
void CISO8583BackEndServerSession::OnReversalAdvice(CMultiXAppMsg &Msg,CISO8583Msg &ISOMsg)
{
std::string Temp;
byte_t ElementIDs[] = {2,3,4,6,7,10,11,24,25,30,32,37,38,43,49,51,53,54,56,58,64};
// We make sure that no extra elements are found in the request
CISO8583Msg::TValidationError Error = ISOMsg.EnsureOnlyElementIDs(ElementIDs,sizeof(ElementIDs));
if(Error != CISO8583Msg::NoError)
{
Msg.Reply(Error);
return;
}
// Check that we have PAN
Temp = ISOMsg.PAN();
if(Temp == "")
{
Msg.Reply(CISO8583Msg::PANIsMissing);
return;
}
// Check that Processing Code exists and is valid.
Temp = ISOMsg.ProcessingCode();
if(Temp == "")
{
Msg.Reply(CISO8583Msg::ProcessingCodeIsMissing);
return;
}
if(!(Temp == "000000" || Temp == "010000" || Temp == "090000"))
{
Msg.Reply(CISO8583Msg::InvalidProcessingCode);
return;
}
// Check the transaction amount for existance and that it does not exceede some Maximum
Temp = ISOMsg.TransactionAmount();
if(Temp == "")
{
Msg.Reply(CISO8583Msg::TransactionAmountIsMissing);
return;
}
if(CISO8583Utilities::ToInt64(Temp) > 99999999)
{
Msg.Reply(CISO8583Msg::TransactionAmountAboveMaximum);
return;
}
// check Transaction Currency.
Temp = ISOMsg.TransactionCurrencyCode();
if(Temp == "")
{
Msg.Reply(CISO8583Msg::TransactionCurrencyIsMissing);
return;
}
if(Temp != "978") // Transaction amount is not in Euro
{
if(ISOMsg.CardholderBillingAmount() == "")
{
Msg.Reply(CISO8583Msg::CardholderBillingAmountIsMissing);
return;
}
if(ISOMsg.CardholderBillingCurrencyCode() != "978")
{
Msg.Reply(CISO8583Msg::CardholderBillingCurrencyIsNotEuro);
return;
}
if(ISOMsg.CardholderBillingConversionRate() == "")
{
Msg.Reply(CISO8583Msg::CardholderBillingConversionRateIsMissing);
return;
}
// Lets validate that the conversion to Euro is done correctly.
int64_t TRAmount = CISO8583Utilities::ToInt64(ISOMsg.TransactionAmount());
int64_t BLAmount = CISO8583Utilities::ToInt64(ISOMsg.CardholderBillingAmount());
int64_t CRate = CISO8583Utilities::ToInt64(ISOMsg.CardholderBillingConversionRate());
int64_t Divisor = CISO8583Utilities::PowerOf10((unsigned int)(CRate / 10000000));
TRAmount *= (CRate % 10000000);
TRAmount /= Divisor;
if(TRAmount != BLAmount)
{
Msg.Reply(CISO8583Msg::CardholderBillingAmountWrong);
return;
}
TRAmount *= CRate;
} else // we must make sure that IDs 6,10,51 are not there
{
if(!(ISOMsg.CardholderBillingAmount() == "" ||
ISOMsg.CardholderBillingCurrencyCode() == "" ||
ISOMsg.CardholderBillingConversionRate() == ""))
{
Msg.Reply(CISO8583Msg::ExtraElementsFound);
return;
}
}
// Check that we got STAN
if(ISOMsg.STAN() == "")
{
Msg.Reply(CISO8583Msg::STANIsMissing);
return;
}
// Check that we got Function Code
if(ISOMsg.FunctionCode() == "")
{
Msg.Reply(CISO8583Msg::FunctionCodeIsMissing);
return;
}
// Check that we have Message Reason Code
if(ISOMsg.MessageReasonCode() == "")
{
Msg.Reply(CISO8583Msg::MessageReasonCodeIsMissing);
return;
}
// Check that we Original Amounts on Partail Reversal
if(ISOMsg.OriginalAmounts() == "" && ISOMsg.FunctionCode() == "401")
{
Msg.Reply(CISO8583Msg::OriginalAmountsIsMissing);
return;
} else
if(ISOMsg.OriginalAmounts() != "" && ISOMsg.FunctionCode() != "401")
{
Msg.Reply(CISO8583Msg::ExtraElementsFound);
return;
}
// Check that we got Acquiring Institution Identification Code
if(ISOMsg.AcquiringInstitutionIdentificationCode() == "")
{
Msg.Reply(CISO8583Msg::AcquiringInstitutionIdentificationCodeIsMissing);
return;
}
// Check that we have Retrieval Reference Number
if(ISOMsg.RRN() == "")
{
Msg.Reply(CISO8583Msg::RRNIsMissing);
return;
}
// Check that we have Approval Code
if(ISOMsg.ApprovalCode() == "")
{
Msg.Reply(CISO8583Msg::ApprovalCodeIsMissing);
return;
}
// check that we have Card Acceptor Name/Location
if(ISOMsg.CardAcceptorNameLocation().Size() == 0)
{
Msg.Reply(CISO8583Msg::CardAcceptorNameLocationIsMissing);
return;
}
// check that we have Security Related Control Information, we do not check the values because we do not have the Keys
// in this implementation.
if(ISOMsg.SecurityRelatedControlInformation() == "")
{
Msg.Reply(CISO8583Msg::SecurityRelatedControlInformationIsMissing);
return;
}
// check that we have Additional amounts when processing code is "090000"
if(ISOMsg.ProcessingCode() == "090000")
{
if(ISOMsg.AdditionalAmounts().Size() == 0)
{
Msg.Reply(CISO8583Msg::AdditionalAmountsIsMissing);
return;
}
} else if(ISOMsg.AdditionalAmounts().Size() != 0)
{
Msg.Reply(CISO8583Msg::ExtraElementsFound);
return;
}
// check that we have Original Data Elements
if(ISOMsg.OriginalDataElements().Size() == 0)
{
Msg.Reply(CISO8583Msg::OriginalDataElementsIsMissing);
return;
}
// check that we have Authorizing Agent Institution Identification Code
if(ISOMsg.AuthorizingAgentInstitutionIdentificationCode().Size() == 0)
{
Msg.Reply(CISO8583Msg::AuthorizingAgentInstitutionIdentificationCodeIsMissing);
return;
}
// check that we have MAC, we do not check the values because we do not have the Keys
// in this implementation.
if(ISOMsg.MAC1() == "")
{
Msg.Reply(CISO8583Msg::MAC1IsMissing);
return;
}
/*
After we finished validating the request, we need to decide if we authorize locally or we forward it to
the issuer for authorization
*/
if(AuthorizeLocally(ISOMsg)) // in this example it is always true
{
// We create a new ISO Message
// we will decline this message
CISO8583Msg Rsp;
// We will Dup field from the original message and add/ change the ones that are relevant for the response
Rsp.SetMTI(CISO8583Msg::VersionDependentMTI(CISO8583Msg::ISO8583_2_1993,CISO8583Msg::MTIReversalMessageAdviceResponse)); // this is a response
Rsp.SetPAN(ISOMsg.PAN());
Rsp.SetProcessingCode(ISOMsg.ProcessingCode());
Rsp.SetTransactionAmount(ISOMsg.TransactionAmount());
Rsp.SetCardholderBillingAmount(ISOMsg.CardholderBillingAmount());
Rsp.SetTimes(time(NULL),true); // This will set transmission time
Rsp.SetDateTimeLocal(ISOMsg.DateTimeLocal());
Rsp.SetCardholderBillingConversionRate(ISOMsg.CardholderBillingConversionRate());
Rsp.SetSTAN(ISOMsg.STAN());
Rsp.SetAcquiringInstitutionIdentificationCode(ISOMsg.AcquiringInstitutionIdentificationCode());
Rsp.SetRRN(ISOMsg.RRN());
Rsp.SetActionCode(std::string("909")); // System Mulfunction
Rsp.SetTransactionCurrencyCode(ISOMsg.TransactionCurrencyCode());
Rsp.SetCardholderBillingCurrencyCode(ISOMsg.CardholderBillingCurrencyCode());
Rsp.SetSecurityRelatedControlInformation(std::string("00000007000001FFFF")); // this is a dummy value, real value should be set based on Keys.
Rsp.SetOriginalDataElements(ISOMsg.OriginalDataElements());
Rsp.SetMAC1(std::string("0123456789ABCDEF")); // dummy value, should be based on keys
CISO8583Msg::TValidationError Error = Rsp.ToISO();
if(Error != CISO8583Msg::NoError)
Throw();
// we are done preparing the response, we reply with an MTI = CISO8583Msg::MTIAuthorizationMessageResponse
// and the handling is complete.
Msg.Reply(Rsp.MTI(),Rsp.ISOBuffer(),Rsp.ISOBufferSize());
} else
{
/*
we get here if we need some external processing on behalf of this request, so we forward the request
with a different message code (so MultiXTpm will not forward it back to us). In this case we just set
the msg code to the same MTI but with CISO8583Msg::ISO8583_Private version (in MultiXTpm we must configure this message code !!!).
When we forward a request, we do not block for a response, when a response arrives, we get it thru
the event "OnDataReplyReceived". in order to be able to associate the response with the original msg,
we pass a pointer to the original message in the "Context" parameter of the "Send" function, and when
"OnDataReplyReceived" is called, we retrieve this pointer by using "SavedContext()" in the Original msg.
Since MultiX automatically destroys messages it forwards to the application, we must call "Keep()" on
the received message, to prevent it from being destroyed, in that case, when the reply is received, we need
to destroy the original message ourselves.
When we play the role of an acquirer gateway, we usualy get the request from the POS terminal, do validation required
and maybe modify some data, and then forward the message to the issuer gateway, in our case, the forward will be to a process
in our system, that will decide to which issuer to forward to, based on that, will use a specific connection to the spcific
issuer gateway.
*/
if(Owner()->MyAcquirerID().length() == 0)
Msg.Reply(ErrUnableToForwardMsg);
/*
Before we forward the request, we need to set 3 fields to identify the message as a one sent from this process :
BMP 11 - STAN,BMP 12 - Times, BMP 32 - Our Acquirer ID
When we receive the response from the remote gateway/issuer, we must replace these fields again to the orignal values
that the sender set before sending the request to us
*/
ISOMsg.SetTimes(time(NULL));
ISOMsg.SetSTAN(Owner()->GetNextSTAN());
ISOMsg.SetAcquiringInstitutionIdentificationCode(Owner()->MyAcquirerID());
ISOMsg.ToISO();
if(Send(CISO8583Msg::VersionDependentMTI(CISO8583Msg::ISO8583_Private,Msg.MsgCode()),ISOMsg.ISOBuffer(),ISOMsg.ISOBufferSize(),CMultiXAppMsg::FlagNotifyAll,0,0,&Msg))
Msg.Keep();
else
Msg.Reply(ErrUnableToForwardMsg);
}
}
/*!
This function is called when an authorization request is received from an acquirer gateway or from POS terminal.
When we receive such a message, we do all syntax checking, and if everything is OK, we might process the request locally
or we might forward it to remote Issuer Gateway for authorization.
In this implementation we assume local processing, so we reply we with a fixed response, but the logic
to forward the request and handling the response is there.
*/
void CISO8583BackEndServerSession::OnAuthorizationRequest(CMultiXAppMsg &Msg,CISO8583Msg &ISOMsg)
{
std::string Temp;
byte_t ElementIDs[] = {2,3,4,6,7,10,11,12,14,22,23,24,26,32,35,37,41,42,43,49,51,52,53,54,55,59,64};
// We make sure that no extra elements are found in the request
CISO8583Msg::TValidationError Error = ISOMsg.EnsureOnlyElementIDs(ElementIDs,sizeof(ElementIDs));
if(Error != CISO8583Msg::NoError)
{
Msg.Reply(Error);
return;
}
// Check that we have PAN
Temp = ISOMsg.PAN();
if(Temp == "")
{
Msg.Reply(CISO8583Msg::PANIsMissing);
return;
}
// Check that Processing Code exists and is valid.
Temp = ISOMsg.ProcessingCode();
if(Temp == "")
{
Msg.Reply(CISO8583Msg::ProcessingCodeIsMissing);
return;
}
if(!(Temp == "000000" || Temp == "010000" || Temp == "090000"))
{
Msg.Reply(CISO8583Msg::InvalidProcessingCode);
return;
}
// Check the transaction amount for existance and that it does not exceede some Maximum
Temp = ISOMsg.TransactionAmount();
if(Temp == "")
{
Msg.Reply(CISO8583Msg::TransactionAmountIsMissing);
return;
}
if(CISO8583Utilities::ToInt64(Temp) > 99999999)
{
Msg.Reply(CISO8583Msg::TransactionAmountAboveMaximum);
return;
}
// check Transaction Currency.
Temp = ISOMsg.TransactionCurrencyCode();
if(Temp == "")
{
Msg.Reply(CISO8583Msg::TransactionCurrencyIsMissing);
return;
}
if(Temp != "978") // Transaction amount is not in Euro
{
if(ISOMsg.CardholderBillingAmount() == "")
{
Msg.Reply(CISO8583Msg::CardholderBillingAmountIsMissing);
return;
}
if(ISOMsg.CardholderBillingCurrencyCode() != "978")
{
Msg.Reply(CISO8583Msg::CardholderBillingCurrencyIsNotEuro);
return;
}
if(ISOMsg.CardholderBillingConversionRate() == "")
{
Msg.Reply(CISO8583Msg::CardholderBillingConversionRateIsMissing);
return;
}
// Lets validate that the conversion to Euro is done correctly.
int64_t TRAmount = CISO8583Utilities::ToInt64(ISOMsg.TransactionAmount());
int64_t BLAmount = CISO8583Utilities::ToInt64(ISOMsg.CardholderBillingAmount());
int64_t CRate = CISO8583Utilities::ToInt64(ISOMsg.CardholderBillingConversionRate());
int64_t Divisor = CISO8583Utilities::PowerOf10((unsigned int)(CRate / 10000000));
TRAmount *= (CRate % 10000000);
TRAmount /= Divisor;
if(TRAmount != BLAmount)
{
Msg.Reply(CISO8583Msg::CardholderBillingAmountWrong);
return;
}
TRAmount *= CRate;
} else // we must make sure that IDs 6,10,51 are not there
{
if(!(ISOMsg.CardholderBillingAmount() == "" ||
ISOMsg.CardholderBillingCurrencyCode() == "" ||
ISOMsg.CardholderBillingConversionRate() == ""))
{
Msg.Reply(CISO8583Msg::ExtraElementsFound);
return;
}
}
// Check that we got STAN
if(ISOMsg.STAN() == "")
{
Msg.Reply(CISO8583Msg::STANIsMissing);
return;
}
// Check that we got Local Date and Time
if(ISOMsg.DateTimeLocal() == "")
{
Msg.Reply(CISO8583Msg::DateTimeLocalIsMissing);
return;
}
// Check that we got Expiration Date when track 2 is missing
if(ISOMsg.ExpirationDate() == "" && ISOMsg.Track2Data() == "")
{
Msg.Reply(CISO8583Msg::ExpirationDateIsMissing);
return;
}
// Check that we got POS Data Code
if(ISOMsg.POSDataCode() == "")
{
Msg.Reply(CISO8583Msg::POSDataCodeIsMissing);
return;
}
CISO8583ElementValue ICCData = ISOMsg.ICCData();
if(ISOMsg.CardSequenceNumber() == "")
{
// lets make sure that it is not an ICC transaction and if it is, lets make sure we do not have tag 0x5f34
if(ISOMsg.POSDataCode()[6] == '5') // ICC Transaction
{
if(ICCData.Size() > 0 && CISO8583Utilities::TLVDataHasTag((const byte_t *)ICCData.RawData(),ICCData.Size(),0x5f34))
{
Msg.Reply(CISO8583Msg::CardSequenceNumberIsMissing);
return;
}
}
} else
{
// lets make sure that IT IS an ICC transaction and we have tag 0x5f34
if(!(ISOMsg.POSDataCode()[6] == '5' && ICCData.Size() > 0 && CISO8583Utilities::TLVDataHasTag((const byte_t *)ICCData.RawData(),ICCData.Size(),0x5f34)))
{
Msg.Reply(CISO8583Msg::ExtraElementsFound);
return;
}
}
// Check that we got Function Code
if(ISOMsg.FunctionCode() == "")
{
Msg.Reply(CISO8583Msg::FunctionCodeIsMissing);
return;
}
// Check that we got Card Acceptor Business Code
if(ISOMsg.CardAcceptorBusinessCode() == "")
{
Msg.Reply(CISO8583Msg::CardAcceptorBusinessCodeIsMissing);
return;
}
// Check that we got Acquiring Institution Identification Code
if(ISOMsg.AcquiringInstitutionIdentificationCode() == "")
{
Msg.Reply(CISO8583Msg::AcquiringInstitutionIdentificationCodeIsMissing);
return;
}
// Check that we have Track2 if not E Commerce
if(ISOMsg.Track2Data() == "" && ISOMsg.POSDataCode()[7] != 'U')
{
Msg.Reply(CISO8583Msg::Track2DataIsMissing);
return;
}
// Check that we have Retrieval Reference Number
if(ISOMsg.RRN() == "")
{
Msg.Reply(CISO8583Msg::RRNIsMissing);
return;
}
// check that we have Card Acceptor Terminal Identification
if(ISOMsg.CardAcceptorTerminalIdentification().Size() == 0)
{
Msg.Reply(CISO8583Msg::TerminalIDIsMissing);
return;
}
// check that we have Card Acceptor Identification Code
if(ISOMsg.CardAcceptorIdentificationCode().Size() == 0)
{
Msg.Reply(CISO8583Msg::CardAcceptorIdentificationCodeIsMissing);
return;
}
// check that we have Card Acceptor Name/Location
if(ISOMsg.CardAcceptorNameLocation().Size() == 0)
{
Msg.Reply(CISO8583Msg::CardAcceptorNameLocationIsMissing);
return;
}
// check that we have PIN , if required
if((ISOMsg.POSDataCode()[6] == '2' && ISOMsg.POSDataCode()[7] != '5') || // magnetic stripe + PIN
(ISOMsg.POSDataCode()[6] == '5' && ISOMsg.POSDataCode()[7] == '1')) // chip + PIN
{
if(ISOMsg.PIN() == "")
{
Msg.Reply(CISO8583Msg::PINIsMissing);
return;
}
} else if(ISOMsg.PIN() != "")
{
Msg.Reply(CISO8583Msg::ExtraElementsFound);
return;
}
// check that we have Security Related Control Information, we do not check the values because we do not have the Keys
// in this implementation.
if(ISOMsg.SecurityRelatedControlInformation() == "")
{
Msg.Reply(CISO8583Msg::SecurityRelatedControlInformationIsMissing);
return;
}
// check that we have Additional amounts when processing code is "090000"
if(ISOMsg.ProcessingCode() == "090000")
{
if(ISOMsg.AdditionalAmounts().Size() == 0)
{
Msg.Reply(CISO8583Msg::AdditionalAmountsIsMissing);
return;
}
} else if(ISOMsg.AdditionalAmounts().Size() != 0)
{
Msg.Reply(CISO8583Msg::ExtraElementsFound);
return;
}
// check that we have ICC Data for chip transactions
if(ISOMsg.POSDataCode()[6] == '5')
{
if(ICCData.Size() == 0)
{
Msg.Reply(CISO8583Msg::ICCDataIsMissing);
return;
}
} else if(ICCData.Size() != 0)
{
Msg.Reply(CISO8583Msg::ExtraElementsFound);
return;
}
// check that we have Additional Private Data when E-Commerce transaction
if(ISOMsg.POSDataCode()[7] == 'U')
{
if(ISOMsg.AdditionalPrivateData().Size() == 0)
{
Msg.Reply(CISO8583Msg::AdditionalPrivateDataIsMissing);
return;
}
} else if(ISOMsg.AdditionalPrivateData().Size() != 0)
{
Msg.Reply(CISO8583Msg::ExtraElementsFound);
return;
}
// check that we have MAC, we do not check the values because we do not have the Keys
// in this implementation.
if(ISOMsg.MAC1() == "")
{
Msg.Reply(CISO8583Msg::MAC1IsMissing);
return;
}
/*
After we finished validating the request, we need to decide if we authorize locally or we forward it to
the issuer for authorization
*/
if(AuthorizeLocally(ISOMsg)) // in this example it is always true
{
// We create a new ISO Message
// we will decline this message
CISO8583Msg Rsp;
// We will Dup field from the original message and add/ change the ones that are relevant for the response
Rsp.SetMTI(ISOMsg.MTI() + 10); // this is a response
Rsp.SetPAN(ISOMsg.PAN());
Rsp.SetProcessingCode(ISOMsg.ProcessingCode());
Rsp.SetTransactionAmount(ISOMsg.TransactionAmount());
Rsp.SetCardholderBillingAmount(ISOMsg.CardholderBillingAmount());
Rsp.SetTimes(time(NULL),true); // This will set, transmission times
Rsp.SetDateTimeLocal(ISOMsg.DateTimeLocal());
Rsp.SetCardholderBillingConversionRate(ISOMsg.CardholderBillingConversionRate());
Rsp.SetSTAN(ISOMsg.STAN());
Rsp.SetOriginalAmounts(ISOMsg.TransactionAmount()+"000000000000"); // this is adecline response, we include the original amounts
Rsp.SetAcquiringInstitutionIdentificationCode(ISOMsg.AcquiringInstitutionIdentificationCode());
Rsp.SetRRN(ISOMsg.RRN());
Rsp.SetActionCode(std::string("909")); // System Mulfunction
Rsp.SetCardAcceptorTerminalIdentification(ISOMsg.CardAcceptorTerminalIdentification());
Rsp.SetCardAcceptorIdentificationCode(ISOMsg.CardAcceptorIdentificationCode());
Rsp.SetTransactionCurrencyCode(ISOMsg.TransactionCurrencyCode());
Rsp.SetCardholderBillingCurrencyCode(ISOMsg.CardholderBillingCurrencyCode());
Rsp.SetSecurityRelatedControlInformation(std::string("00000007000001FFFF")); // this is a dummy value, real value should be set based on Keys.
Rsp.SetICCData(ISOMsg.ICCData()); // not mandatory
Rsp.SetAuthorizingAgentInstitutionIdentificationCode(CISO8583ElementValue("12345678901",CISO8583ElementValue::ISO8583ElementTypeNumeric)); // dummy value
Rsp.SetMAC1(std::string("0123456789ABCDEF")); // dummy value, should be based on keys
CISO8583Msg::TValidationError Error = Rsp.ToISO();
if(Error != CISO8583Msg::NoError)
Throw();
/*
we are done preparing the response, we reply with an MTI = CISO8583Msg::MTIAuthorizationMessageResponse
and the handling is complete.
*/
Msg.Reply(Rsp.MTI(),Rsp.ISOBuffer(),Rsp.ISOBufferSize());
} else
{
/*
we get here if we need someone else to authorize the request. In that case we need to forward the request to our Acquirer Gateway Front End.
To do that we need to forward it with a different message code, so MultiXTpm will not forward it back to us. The way we do the message code change
is by setting the MTI version field to CISO8583Msg::ISO8583_Private. When the message is received by our Gateway process, it will revert back
to CISO8583Msg::ISO8583_2_1993 and forward it on.
When we forward a request, we do not block for a response, when a response arrives, we get it thru
the event "OnDataReplyReceived". in order to be able to associate the response with the original msg,
we pass a pointer to the original message in the "Context" parameter of the "Send" function, and when
"OnDataReplyReceived" is called, we retrieve this pointer by using "SavedContext()" in the Original msg we sent.
Since MultiX automatically destroys messages it forwards to the application, we must call "Keep()" on
the received message, to prevent it from being destroyed, in that case, when the reply is received, we need
to destroy the original message ourselves.
When we play the role of an acquirer gateway, usualy we get the request from the POS terminal, do validation required
and maybe modify some data, and then forward the message to the issuer gateway, in our case, the forward will be to a process
in our system, that will decide to which issuer to forward to, based on that, will use a specific connection to the spcific
issuer gateway.
*/
/*
Before we forward the request, we need to set 3 fields to identify the message as a one sent from this process :
BMP 11 - STAN,
BMP 12 - Times,
BMP 32 - Our Acquirer ID
When we receive the response from the remote gateway/issuer, we must replace these fields again to the orignal values
that the sender set before sending the request to us
*/
ISOMsg.SetTimes(time(NULL));
ISOMsg.SetSTAN(Owner()->GetNextSTAN());
ISOMsg.SetAcquiringInstitutionIdentificationCode(Owner()->MyAcquirerID());
ISOMsg.ToISO();
if(Send(CISO8583Msg::VersionDependentMTI(CISO8583Msg::ISO8583_Private,Msg.MsgCode()),ISOMsg.ISOBuffer(),ISOMsg.ISOBufferSize(),CMultiXAppMsg::FlagNotifyAll,0,0,&Msg))
Msg.Keep();
else
Msg.Reply(ErrUnableToForwardMsg);
}
}