Ir para o conteúdo

SupervisorPasswordCheck()

This method performs authentication of the supervisor’s password, aims to allow third-party applications to have access to the supervisor’s password, registered during terminal credential. This functionality should allow supervisor authentication, being an extra form of security for applications that use the payment API. Importantly, for secure password communication, this method follows encryption rules for password authentication. Thus, authentication will only occur if the third-party application is following these rules.

Method

Signature Description
void supervisorPasswordCheck(SupervisorPasswordRequest supervisorPassword, PaymentCallback paymentCallback) Performs the supervisor authentication process

Parameters

Name Type Required Description
supervisorPassword String Yes Contraseña del supervisor registrada durante la acreditación del terminal. Se espera que se envíe el hash MD5 de la contraseña para autentificación.
ApplicationInfo.credentials Credentials Yes Credentials of the application that is requesting the operation, as registered in PayStore. Basically, it is the identification of the application and the access token.
ApplicationInfo.softwareVersion String Yes Version of the application that is requesting the supervisor password check
Details of parameters.

The supervisorPassword parameter must be in String format. Important details, the sending of the supervisor’s password, should be the same one that was informed during terminal credential. Formatting, a String containing the MD5 hash must be sent to be validated. If the password is sent in open, the password will not be authenticated, even if it corresponds to the one that was registered during the accreditation. If the password has not been registered during the accreditation or the terminal has not been accredited to the PayStore portal, authentication will not occur successfully, a corresponding error will be returned.

Result: Returns true if the password is equal to the correct formatting and value.

The parameter ApplicationInfo.credentials should be sent containing third application credentials, these credentials should always be sent. If they are not sent, a related error will be returned.

Result: If the credentials are informed, the authentication will occur successfully, if it is not sent, it will return corresponding error.

The parameter ApplicationInfo.softwareVersion must be sent containing the third-party application’s softwareVersion, these credentials should always be sent. If not sent, will be returned error related

Result: If the credentials are informed, the authentication will occur successfully, if not sent, it will be returning corresponding error.

callback (PaymentCallback)

Name Type Required Description
onSuccess Boolean Method returns true if the authentication is successful, if the reported password is different from the credential return will be false.
onError String Will be returned error in some cases, some errors may be related to some of these points, password not configured during accreditation, terminal not accredited, password empty/ null and missing some information of the mandatory third application, such as the fields referring to ApplicationInfo.credentials and ApplicationInfo.softwareVersion.
Example of supervisor password authentication flow
import android.os.Bundle;
import android.view.View;
import android.widget.CheckBox;
import android.widget.EditText;
import android.widget.Toast;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import androidx.appcompat.app.AppCompatActivity;
import br.com.phoebus.android.payments.api.ApplicationInfo;
import br.com.phoebus.android.payments.api.Credentials;
import br.com.phoebus.android.payments.api.ErrorData;
import br.com.phoebus.android.payments.api.PaymentClient;
import br.com.phoebus.android.payments.api.SupervisorPasswordRequest;
import br.com.phoebus.android.payments.api.exception.ClientException;

public void validatePassword() {
        SupervisorPasswordRequest supervisorPasswordRequest = new SupervisorPasswordRequest();
        ApplicationInfo applicationInfo = new ApplicationInfo();
        Credentials credentials = new Credentials();
        applicationInfo.setCredentials(credentials);
        supervisorPasswordRequest.setApplicationInfo(applicationInfo);

        if (this.setSupervisorPasswordEdt.getText() != null && !"".equals(this.setSupervisorPasswordEdt.getText().toString()) && MD5Check.isChecked() && !sendPasswordNullCheck.isChecked()) {
            supervisorPasswordRequest.setSupervisorPasswordCheck(generateMD5Hash(setSupervisorPasswordEdt.getText().toString()));
        }else if (sendPasswordNullCheck.isChecked()){
            supervisorPasswordRequest.setSupervisorPasswordCheck(null);
        } else {
            supervisorPasswordRequest.setSupervisorPasswordCheck(setSupervisorPasswordEdt.getText().toString());
        }

        if (this.setSoftwareVersionEdt.getText() != null && !"".equals(this.setSoftwareVersionEdt.getText().toString())) {
            applicationInfo.setSoftwareVersion(setSoftwareVersionEdt.getText().toString());
        }
        if (this.setApplicationIdEdt.getText() != null && !"".equals(this.setApplicationIdEdt.getText().toString())) {
            credentials.setApplicationId(setApplicationIdEdt.getText().toString());
        }
        if (this.setSecretTokenEdt.getText().length() <= 23 ) {
            Toast.makeText(this, getString(R.string.diag_token_label), Toast.LENGTH_SHORT).show();
        }
        else if (this.setSecretTokenEdt.getText() != null && !"".equals(this.setSecretTokenEdt.getText().toString())) {
            credentials.setSecretToken(setSecretTokenEdt.getText().toString());
        }


        try {
            this.paymentClient.supervisorPasswordCheck(supervisorPasswordRequest, new PaymentClient.PaymentCallback<>() {
                @Override
                public void onSuccess(Boolean aBoolean) {
                    Toast.makeText(getApplicationContext(), getString(R.string.diag_validation_SDK) + aBoolean.toString().toUpperCase(), Toast.LENGTH_LONG).show();
                }

                @Override
                public void onError(ErrorData errorData) {
                    Toast.makeText(getApplicationContext(), getString(R.string.diag_error_validation_SDK) + errorData.getPaymentsResponseCode() +
                            " = " + errorData.getResponseMessage(), Toast.LENGTH_SHORT).show();
                }
            });
        } catch (ClientException e){
            e.printStackTrace();
            Toast.makeText(getApplicationContext(), getString(R.string.serviceCallFailed) +": " + e.getMessage(), Toast.LENGTH_LONG).show();
        }
    }
Example of supervisor password hash generation flow
public static String generateMD5Hash(String input) {
        byte[] hashBytes = generateMD5HashBinary(input);

        StringBuilder hexString = new StringBuilder();
        for (byte b : hashBytes) {
            hexString.append(String.format("%02x", b));
        }

        return hexString.toString();
    }

    public static byte[] generateMD5HashBinary(String input) {
        try {
            MessageDigest md5Digest = MessageDigest.getInstance("MD5");
            return md5Digest.digest(input.getBytes(StandardCharsets.UTF_8));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Erro ao gerar hash MD5", e);
        }
    }