Updated NAB test gateway endpoints

[cbotman]

Hi there,

Thanks for your work on this library.

As of 29th May 2017, NAB have changed the test gateway endpoints. This commit simply provides the new values.

The API endpoint was: https://transact.nab.com.au/test/xmlapi/payment And is now: https://demo.transact.nab.com.au/xmlapi/payment

The Direct Post endpost was: https://transact.nab.com.au/test/directpostv2/authorise And is now: https://demo.transact.nab.com.au/directpostv2/authorise

Here's some documentation from NAB on the change: url v2.pdf

And an email NAB sent:

What’s changing?

To ensure that the security of our systems adhere to industry best practices, we’re upgrading the NAB Transact Demo site (https://transact.nab.com.au/demonabtransact/ . The upgrade will be completed in 2 phases.

Phase 1 - We'll migrate the demo site to a PCI compliant environment: Effective 9 May 2017

Phase 2 - We'll upgrade the Demo site to support Transport Layer Security version 1.2 (TLS 1.2) from the existing Transport Layer Security versions of 1.0 and 1.1. : Effective 29 May 2017

We’re also standardising the NAB Transact demo site URL naming convention to match the NAB Transact production site URLs. The table in the attached PDF provides the new and current URL details.

What you need to do?

For Phase 1 you don't need to do anything.

For Phase 2 you’ll need to update your browsers to the latest versions and remove TLS 1.0 and 1.1 from your integration's across all environments before 29 May 2017.

You’ll also need to use the new demo site URLs to conduct any application based testing from this date.

I've ensured the tests pass with the new endpoints, and they do with a but...

When I run the tests as-is, they actually fail with a curl error that NAB's Certificate Authority cannot be verified. I'm on a Mac running MAMP so I am pretty sure everything around curl, SSL, PHP, CA's and such in baked into that. When I visit the API endpoint in a browser it's fine, and my Mac Keychain has the required CA so I am relatively confident this is more to do with my set-up than a code issue.

I haven't committed it, but when I update the tests like so, they do pass fine:

class SecureXMLAuthorizeRequestTest extends TestCase
{
    public function setUp()
    {
        $httpClient = $this->getHttpClient();
        $httpClient->setSslVerification(false);
        $this->request = new SecureXMLAuthorizeRequest($httpClient, $this->getHttpRequest());

That further suggests the issue was just my set up.

If you are happy to merge this in, could you please push a new version to Packagist?

Thanks again.

Regards, Chris

[cbotman]

Hmm, actually we might need to bump the version of Guzzle used. I see the CI test failed, and it references the CA file used by Guzzle in the project. I just updated the file (/vendor/guzzle/guzzle/src/Guzzle/Http/Resources/cacert.pem) with the latest from https://curl.haxx.se/docs/caextract.html and the tests pass.

To update that properly, I guess you would need to update the omnipay/common dependency so that in turn updates guzzle to bring in an updated list of CAs...

Unfortunately that's not going to fly (just tried) because even the latest 2.x version of Omnipay (2.5.2) doesn't update the cacert.pem sufficiently. Meaning the only way I can see this working is either:

• port the library to Omnipay 3, which is still in dev, or
• patch in the latest cacert.pem, or
• update the tests, but the library could still fail outside the tests

Thoughts?

[cbotman]

Have added a patch file and plugin to automatically apply the patch. The patch simply updates the cacert.pem file included by the old guzzle library used. The updated cacert.pem includes the certificate authority used by NAB for their test gateway.

[sudiptpa]

@cbotman Thanks for the PR and apologies for late response, work was going crazy so i was much busy. I will have a look at it tonight and will let you know.

[sudiptpa]

@cbotman closed and reopened to fix - Waiting for status to be reported.

[sudiptpa]

@cbotman Omnipay 3 is just at Alpha release for Omnipay v3, may be lets look at it later.

[sudiptpa]

Finally tagged v2.2.3

[cbotman]

@sudiptpa No worries! Thanks for that. :)