---
tags: Mercury, Phoenix, AT su autorizzativo
---
# l'AT più lungo e complesso mai visto: `HostedPaymentForCallCenterTerminalsAcceptanceTest#paresStatusY`
l'AT chiama metodo `performInitPayment` => `HostedInitPaymentController` che risponde con
```
128076787812701279:https://local.monetaonline.it/monetaweb/hosted/page
```
l'AT chiama performHostedPaymentWith
Usa url `https://local.monetaonline.it/monetaweb/hosted/page` per recuperare l'html della HostedPage
```
<?xml version="1.0" encoding="UTF-8"?>
<html>
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8"/>
<link rel="shortcut icon" href="/monetaweb/static/favicon.ico"/>
<title>
Payment
</title>
<link href="/monetaweb/static/stylesheets/phoenix.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="/monetaweb/static/javascript/jquery.min.js">
</script>
<script type="text/javascript" src="/monetaweb/static/javascript/jquery.validate.min.js">
</script>
<script type="text/javascript" src="/monetaweb/static/javascript/phoenix-localizator.js">
</script>
<script type="text/javascript" src="/monetaweb/static/javascript/analytics.js">
</script>
<script type="text/javascript" src="/monetaweb/static/javascript/analytics-bridge.js">
</script>
<script type="text/javascript">
//<![CDATA[
var isCardHolderEmailRequired = false;
//]]>
</script>
<script type="text/javascript">
//<![CDATA[
var isCardHolderNameRequired = true;
//]]>
</script>
<script type="text/javascript">
//<![CDATA[
var isCVV2Required = false;
//]]>
</script>
<script type="text/javascript" src="/monetaweb/static/javascript/phoenix-validators.js">
</script>
<script type="text/javascript">
//<![CDATA[
var brands = [{ "brandName": "AMEX", "min": "34000000", "max": "34999999"},{ "brandName": "AMEX", "min": "37000000", "max": "37305408"},{ "brandName": "AMEX", "min": "37305410", "max": "37598699"},{ "brandName": "AMEX", "min": "37598701", "max": "37999999"},{ "brandName": "AMXCTL", "min": "37598700", "max": "37598700"},{ "brandName": "DINERS", "min": "30000000", "max": "30599999"},{ "brandName": "DINERS", "min": "30950000", "max": "30959999"},{ "brandName": "DINERS", "min": "36000000", "max": "36999999"},{ "brandName": "DINERS", "min": "38000000", "max": "39999999"},{ "brandName": "MC", "min": "51000000", "max": "55338908"},{ "brandName": "MC", "min": "55338910", "max": "55999999"},{ "brandName": "MC", "min": "22210000", "max": "27209999"},{ "brandName": "VISA", "min": "41000000", "max": "48305408"},{ "brandName": "VISA", "min": "48305410", "max": "49999999"}];
$(document).ready(function(){
analytics('hosted-view');
$("#label-cancel").on('click', function(){ analytics('hosted-cancel-proceed') });
attachValidationTo("#payment_form");
updateLanguage('ITA');
jQuery('a.popup').click(function(){
var windowWidth = $(window).width();
var windowHeight = $(window).height();
var popupWidth = 750;
var popupHeight = 550;
var popupX = window.screenX + (windowWidth - popupWidth)/2;
var popupY = window.screenY + (windowHeight - popupHeight)/2;
var popupOptions = 'resizable=1, toolbar=no, scrollbars=0, height='+popupHeight+', width='+popupWidth+', left='+popupX+', top='+popupY;
var popupWindow = window.open('/monetaweb/static/hosted-page-resources/CVV2_CVC2_4DBC_help.html', 'cvv2_help', popupOptions);
});
});
function updateLanguage(lang) {
localizePage(lang);
$('#languageId').val(lang);
$('label[generated="true"]').hide();
}
//]]>
</script>
</head>
<body>
<div id="page">
<div class="header">
<div id="firstMenu">
<ul class="nav">
</ul>
</div>
<div id="header-right">
<div class="logo-ISP">
<img id="intesa_logo" src="/monetaweb/static/images/logo_intesaSpaolo.png" alt="Intesa Sanpaolo" title="Intesa Sanpaolo"/>
</div>
</div>
<div class="clearfloat">
</div>
</div>
<div class="content-login-merchant">
<div class="merchant-logo">
<img id="merchant_logo" src="/monetaweb/resources?id=3" alt="TML TEST ECOMM 2"/>
</div>
<!-- Flag icons by http://www.famfamfam.com/ via http://www.veryicon.com/[http://www.veryicon.com/icons/flag/all-free-flags/] --> <div id="flags">
<a href="#" onclick="updateLanguage('DEU');">
<img src="/monetaweb/static/images/flags/DEU.png" alt="DEU"/>
</a>
<a href="#" onclick="updateLanguage('FRA');">
<img src="/monetaweb/static/images/flags/FRA.png" alt="FRA"/>
</a>
<a href="#" onclick="updateLanguage('ITA');">
<img src="/monetaweb/static/images/flags/ITA.png" alt="ITA"/>
</a>
<a href="#" onclick="updateLanguage('POR');">
<img src="/monetaweb/static/images/flags/POR.png" alt="POR"/>
</a>
<a href="#" onclick="updateLanguage('RUS');">
<img src="/monetaweb/static/images/flags/RUS.png" alt="RUS"/>
</a>
<a href="#" onclick="updateLanguage('SPA');">
<img src="/monetaweb/static/images/flags/SPA.png" alt="SPA"/>
</a>
<a href="#" onclick="updateLanguage('USA');">
<img src="/monetaweb/static/images/flags/USA.png" alt="USA"/>
</a>
</div>
</div>
<div class="content-box-dettagliacquisto">
<h2 id="label-payment-information">
Dati Acquisto
</h2>
<table>
<tbody>
<tr id="merchantNameRow">
<td id="label-merchant-name">
Commerciante
</td>
<td id="merchantName">
TML TEST ECOMM 2
</td>
</tr>
<tr id="merchantNameRow">
<td id="label-merchant-country">
Paese
</td>
<td id="merchantCountry">
IT
</td>
</tr>
<tr id="merchantWebSiteRow">
<td id="label-merchant">
Sito web
</td>
<td id="merchantWebsite">
http://www.example.org
</td>
</tr>
<tr id="amountRow">
<td id="label-transaction-amount">
Importo
</td>
<td id="amount">
EUR 0,02
</td>
</tr>
<tr id="trackIdRow">
<td id="label-track">
Riferimento operazione
</td>
<td id="trackid">
2011IVR4189718
</td>
</tr>
<tr id="paymentDescriptionRow">
<td id="label-description">
Descrizione
</td>
<td id="paymentDescription">
udf1
</td>
</tr>
</tbody>
</table>
</div>
<div class="clearfloat">
</div>
<div class="content-box-dettaglipagamento">
<h2 id="label-billing-information">
Dati Pagamento
</h2>
<form id="payment_form" action="https://local.monetaonline.it/monetaweb/hosted/page/confirm" method="post" autocomplete="off">
<input name="paymentid" value="571893200262101279" type="hidden"/>
<input id="languageId" name="languageId" value="ITA" type="hidden"/>
<table class="three-columns">
<tbody>
<tr>
<td>
<label for="input-card" id="label-card-number">
Numero carta
</label>
*
</td>
<td>
<input id="input-card" name="card" type="text" pattern="[0-9]*" value="" autocomplete="off"/>
</td>
<td id="error-column-card" class="error-column"/>
</tr>
<tr>
<td>
<a class="popup" href="#">
<label for="input-cvv2" id="label-card-verification">
CVV2/CVC2/4DBC
</label>
</a>
</td>
<td>
<input id="input-cvv2" name="cvv2" value="" autocomplete="off" maxlength="4" type="text"/>
</td>
<td id="error-column-cvv2" class="error-column"/>
</tr>
<tr>
<td>
<label id="label-payment-card-expdate">
Data di scadenza
</label>
*
</td>
<td>
<select id="expmonth" name="expmonth">
<option value="empty" selected="selected">
--
</option>
<option value="01">
1
</option>
<option value="02">
2
</option>
<option value="03">
3
</option>
<option value="04">
4
</option>
<option value="05">
5
</option>
<option value="06">
6
</option>
<option value="07">
7
</option>
<option value="08">
8
</option>
<option value="09">
9
</option>
<option value="10">
10
</option>
<option value="11">
11
</option>
<option value="12">
12
</option>
</select>
<select id="expyear" name="expyear">
<option value="empty" selected="selected">
----
</option>
<option value="2020">
2020
</option>
<option value="2021">
2021
</option>
<option value="2022">
2022
</option>
<option value="2023">
2023
</option>
<option value="2024">
2024
</option>
<option value="2025">
2025
</option>
<option value="2026">
2026
</option>
<option value="2027">
2027
</option>
<option value="2028">
2028
</option>
<option value="2029">
2029
</option>
<option value="2030">
2030
</option>
<option value="2031">
2031
</option>
<option value="2032">
2032
</option>
<option value="2033">
2033
</option>
<option value="2034">
2034
</option>
<option value="2035">
2035
</option>
</select>
</td>
<td id="error-column-expyear" class="error-column"/>
</tr>
<tr>
<td>
<label for="input-member" id="label-payment-card-name">
Titolare carta
</label>
*
</td>
<td>
<input id="input-member" name="member" value="udf2" type="text" maxlength="255"/>
</td>
<td id="error-column-member" class="error-column"/>
</tr>
<tr>
<td>
<label for="input-cardHolderEmail" id="label-notification-consumer-email">
Email per conferma
</label>
</td>
<td>
<input id="input-cardHolderEmail" name="cardHolderEmail" value="" type="text" maxlength="200"/>
</td>
<td id="error-column-cardHolderEmail" class="error-column"/>
</tr>
<tr id="privacy-policy-tr">
<td colspan="2">
<input id="input-privacy-policy" type="checkbox" name="privacy-policy" value="Y"/>
<label for="input-privacy-policy" id="label-privacy-policy">
Acconsento al trattamento dei dati
</label>
*
<br/>
<a id="url-policy" href="http://www.mercurypayments.it/PortaleIstituzionale/file/WEB_Informativa_commercio_elettronico.pdf" target="_blank">
<span id="label-link-policy">
Informativa sulla Privacy
</span>
</a>
</td>
<td id="error-column-privacy-policy" class="error-column"/>
</tr>
<tr>
<td/>
<td id="action-tablecell">
<input class="rounded-red-button" id="input-confirm-hosted-page" name="confirm" value="Procedi" type="submit"/>
<a id="label-cancel" href="/monetaweb/hosted/cancel?paymentid=571893200262101279">
Annulla Transazione
</a>
</td>
</tr>
</tbody>
</table>
</form>
<div class="legenda-asterisco">
<span id="label-legenda-asterisco">
* Campo obbligatorio
</span>
</div>
</div>
<div class="clearfloat">
</div>
<div id="footer">
<img src="/monetaweb/static/images/brand_logos/logo_visa.png" alt="visa supported"/>
<img src="/monetaweb/static/images/brand_logos/logo_visa_3ds1.png" alt="visa_3ds1 supported"/>
<img src="/monetaweb/static/images/brand_logos/logo_visa_3ds2.png" alt="visa_3ds2 supported"/>
<img src="/monetaweb/static/images/brand_logos/logo_amex.png" alt="amex supported"/>
<img src="/monetaweb/static/images/brand_logos/logo_diners.png" alt="diners supported"/>
<img src="/monetaweb/static/images/brand_logos/logo_mc.png" alt="mc supported"/>
<img src="/monetaweb/static/images/brand_logos/logo_mc_3ds1.png" alt="mc_3ds1 supported"/>
<img src="/monetaweb/static/images/brand_logos/logo_mc_3ds2.png" alt="mc_3ds2 supported"/>
<img src="/monetaweb/static/images/brand_logos/logo_amxctl.png" alt="amxctl supported"/>
</div>
<div class="clearfloat">
</div>
<div class="link_footer">
<a id="url-cookie-policy" href="http://www.mercurypayments.it/PortaleIstituzionale/file/Cookie_Policy.pdf" target="_blank">
Cookie Policy
</a>
</div>
<div class="clearfloat">
</div>
</div>
</body>
</html>
```
dall'html della hostedPage recupera l'url associato a `payment_form`, cioè `https://local.monetaonline.it/monetaweb/hosted/page/confirm`
fa una post a `https://local.monetaonline.it/monetaweb/hosted/page/confirm`, che punta a `HostedConfirmationPageController` e restituisce una HostedConfirmationPage
```
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8"/>
<link rel="shortcut icon" href="/monetaweb/static/favicon.ico" />
<title>Confirm Payment</title>
<link href="/monetaweb/static/stylesheets/phoenix.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="/monetaweb/static/javascript/jquery.min.js"></script>
<script type="text/javascript" src="/monetaweb/static/javascript/jquery.validate.min.js"></script>
<script type="text/javascript" src="/monetaweb/static/javascript/phoenix-localizator.js"></script>
<script type="text/javascript" src="/monetaweb/static/javascript/analytics.js"></script>
<script type="text/javascript" src="/monetaweb/static/javascript/analytics-bridge.js"></script> <script type="text/javascript">
$(document).ready(function () {
localizePage('ITA');
$("#input-confirm-confirmation-page").on('click', function () {
analytics('hosted-pay')
});
$("#label-cancel").on('click', function () {
analytics('hosted-cancel-pay')
});
});
</script>
</head>
<body>
<div id="page">
<div class="header">
<div id="firstMenu">
<ul class="nav">
</ul>
</div>
<div id="header-right">
<div class="logo-ISP">
<img id="intesa_logo" src="/monetaweb/static/images/logo_intesaSpaolo.png" alt="Intesa Sanpaolo" title="Intesa Sanpaolo" />
</div>
</div>
<div class="clearfloat"></div>
</div>
<div class="content-login-merchant">
<div class="merchant-logo">
<img id="merchant_logo" src="/monetaweb/resources?id=3" alt="TML TEST ECOMM 2"/>
</div>
</div>
<div class="content-box-dettagliacquisto">
<h2 id="label-payment-information">Dati Acquisto</h2>
<table>
<tr id="merchantNameRow">
<td id="label-merchant-name">Commerciante</td><td id="merchantName">TML TEST ECOMM 2</td>
</tr>
<tr id="merchantNameRow">
<td id="label-merchant-country">Paese</td><td id="merchantCountry">IT</td>
</tr>
<tr id="merchantWebSiteRow">
<td id="label-merchant">Sito web</td><td id="merchantWebsite">http://www.example.org</td>
</tr>
<tr id="amountRow">
<td id="label-transaction-amount">Importo</td><td id="amount">EUR 0,02</td>
</tr>
<tr id="trackIdRow">
<td id="label-track">Riferimento operazione</td><td id="trackid">2011IVR4189718</td>
</tr>
<tr id="paymentDescriptionRow">
<td id="label-description">Descrizione</td><td id="paymentDescription">udf1</td>
</tr>
</table>
</div>
<div class="content-box-dettagliacquisto">
<h2 id="label-billing-information">Dettagli Pagamento</h2>
<table>
<tr>
<td><label id="label-card-number">Numero carta</label></td>
<td id="pan">437863******1534</td>
</tr>
<tr>
<td><label id="label-card-verification">CVV2/CVC2/4DBC</label></td>
<td id="cvv2">851</td>
</tr>
<tr>
<td><label id="label-payment-card-expdate">Data di scadenza</label></td>
<td id="expiryDate">01/2021</td>
</tr>
<tr>
<td><label id="label-payment-card-name">Intestatario carta</label></td>
<td id="cardHolderName">Robert Cecil Martin</td>
</tr>
<tr>
<td><label id="label-notification-consumer-email">Indirizzo Email per conferma</label></td>
<td id="cardHolderEmail">cardholdermonetaweb@gmail.com</td>
</tr>
<tr>
<td> </td>
<td id="action-tablecell">
<form id="payment_form" action="https://local.monetaonline.it/monetaweb/hosted/payment" method="post" autocomplete="off">
<input name="paymentid" value="171763194826601279" type="hidden"/>
<input id="input-confirm-confirmation-page" type="submit" class="rounded-red-button" name="pay" value="Paga"
onclick="this.disabled=true;this.form.submit();"/>
<a id="label-cancel" href="/monetaweb/hosted/cancel?paymentid=171763194826601279">Annulla
Transazione</a>
</form>
</td>
</tr>
</table>
</div>
<div class="clearfloat"></div>
<div id="footer">
<img src="/monetaweb/static/images/brand_logos/logo_visa.png" alt="visa supported"/>
<img src="/monetaweb/static/images/brand_logos/logo_visa_3ds1.png" alt="visa_3ds1 supported"/>
<img src="/monetaweb/static/images/brand_logos/logo_visa_3ds2.png" alt="visa_3ds2 supported"/>
<img src="/monetaweb/static/images/brand_logos/logo_amex.png" alt="amex supported"/>
<img src="/monetaweb/static/images/brand_logos/logo_diners.png" alt="diners supported"/>
<img src="/monetaweb/static/images/brand_logos/logo_mc.png" alt="mc supported"/>
<img src="/monetaweb/static/images/brand_logos/logo_mc_3ds1.png" alt="mc_3ds1 supported"/>
<img src="/monetaweb/static/images/brand_logos/logo_mc_3ds2.png" alt="mc_3ds2 supported"/>
<img src="/monetaweb/static/images/brand_logos/logo_amxctl.png" alt="amxctl supported"/>
</div> <div class="clearfloat"></div>
<div class="link_footer">
<a id="url-cookie-policy" href="http://www.mercurypayments.it/PortaleIstituzionale/file/Cookie_Policy.pdf" target="_blank">Cookie Policy</a>
</div> <div class="clearfloat"></div>
</div>
</body>
</html>
```
dall'html della HostedConfirmationPzge legge url della form `payment_form`, cioè `https://local.monetaonline.it/monetaweb/hosted/payment`
chiama la https://local.monetaonline.it/monetaweb/hosted/payment con parametri
{
cvv2=851,
paymentid=132081393571101279,
expmonth=01,
expyear=2021,
languageId=ITA,
member=Robert Cecil Martin,
cardHolderEmail=cardholdermonetaweb@gmail.com,
card=4378638099991534
}
che punta a `HostedPaymentController` => `ThreeDS1HostedPaymentFlow#redirectToACS` che restituisce la autopostPage, che nell'AT viene salvato nella var `automaticPostPage`
```
<!DOCTYPE html>
<html>
<head>
<script type="text/javascript">
function autoPost() { document.autopostform.submit(); }
</script>
</head>
<body onload="autoPost()">
<form name="autopostform" action="http://192.168.30.25/acs/payerAuthentication?brand=Visa" method="post">
<noscript>
<br><br>
<center>
<h1>Processa la transazione 3-D</h1>
<h2>JavaScript è attualmente disabilitato o non è supportato dal browser.</h2><br>
<h3>Premi 'Ok' per continuare la transazione 3-D.</h3>
<input type="submit" value="Ok">
</center>
</noscript>
<input id="TermUrl" name="TermUrl" value="https://local.monetaonline.it/monetaweb/hosted/pares" type="hidden"/>
<input id="PaReq" name="PaReq" value="eJxVUl1vmzAU/Ssor9OwDaaY6MZSl7Ct09jShKjS3iy4a1DLR40ZyX79bJIsKU/33I9zD+ca8r1G
XG2xGDRKyLDv1TN6VbmYMRFETMQ05rFIKAviZCZhfb/BNwl/UPdV20jmUz8AcoF2Xhd71RgJqnj7
9PBD8pDzJAJyhlCjflhJaskEo0z0aPB39TGJLT+LOZBTHRpVo8yz716ebnMvXf7MMs/umdJQtENj
9FGGggK5ABj0q9wb080JGcfRx4Oqu1f0W/0MxNWAXMWtBxf1lutQlfJxZXj+1NVFLXSWfv5bvvz6
sAl2/DFMF0BcB5TKoAxoQGlE7zzG51E4j6ygKQ+qdiJkuttQn9rsGUPn1tyfgE3fQrB+a2yKo0xi
Yf/iggAPXdvgaeB/DOSqePnVmVsYa5MawvxLOR6/LYeE3n48TJzlU5NjrKxBgfV7onQAiKMh52ta
Z6az2+jdc/gHh2atww==" type="hidden"/>
<input id="MD" name="MD" value="182518707478901279" type="hidden"/>
</form>
</body>
</html>
```
nell'AT chiama metodo `contactACSRedirectingToHostedPares()`
fa una post su `http://192.168.30.25/acs/payerAuthentication?brand=Visa`, l'url della form `autopostform`, e ottiene la pagina di challenge dell'ACS 1 associata alla carta `4349940199997007` (`getVisaExpiredEnrolled`), cioè una pagina di challenge con password statica
```
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="cache-control" content="no-cache" />
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Verified by Visa</title>
<link rel="stylesheet" type="text/css" href="/acs/static/css/bootstrap.min.css" />
<link rel="stylesheet" type="text/css" href="/acs/static/css/minos.css" />
</head>
<body>
<div class="container-fluid">
<div id="content">
<div id="header" class="centered">
<img src="/acs/static/images/logo_intesaSpaolo.png" />
</div>
<img id="logoCardIssuer" src="/acs/static/images/verified-by-visa-trans.png">
<div id="details">
<form method="POST" action="http://192.168.30.25/acs/verifyPassword?brand=Visa" id="payerAuthenticationForm" autocomplete="off"
class="form-horizontal textAlignCenter">
<input type="hidden" value="payerauthentication" name="pageid">
<input type="hidden" value="cancel" name="submittype">
<input type="hidden" name="MD" value="339515318946101279">
<input type="hidden" name="PaReq" value="eJxVkt1uozAQhV8F9b7Y5idANbHENvRnG9ooYTfqJSXThG4w1ECgb187kCaLuJhvbB8fzgDJTiLOVpi1EjnEWNfpFo18M72y7cBlrs38wJkwyiwvuOKwCJf4yeGAss5LwZlJTQvICdV5me1S0XBIs89fj8/csR0ncIGMCAXKxxmnSsxXmn6NDb7n14Gn9JnnABnWQaQF8iSeG0m0Sozo9iWODXXPsQ1Z2YpGfnHbp0BOAK3c813TVDeEdF1nYp8W1R7NUm6B6DUgZ3OLVle10urzDX8q/rL1+p+Y37HwTTCxvmf9UnRlEoVTIHoHbNIGuUUtSl06MSx6w1z1Ajn2IS20CR79WVKTKpsjQ6WvCQdQ7UsElbdEkX3xwPPVV5wIsK9KgcOBnxrI2fHtgw43a1RMH3b3cLg7FK/F7xm9fJyJdjFs0oq5Coj52toIQLQMGaepkjmOXVX//Q7fu0GuGA==">
<input type="hidden" name="TermUrl" value="https://local.monetaonline.it/monetaweb/hosted/pares">
<span class="fieldname">Commerciante:</span> TML TEST ECOMM 2<br/>
<span class="fieldname">Importo:</span> EUR 0,02<br/>
<span class="fieldname">Data:</span> 06/05/2020 20:15:15<br/>
<span class="fieldname">Numero Carta:</span> ************7007<br/>
<br/>
<div class="passwordInsert">Inserire la password Verified by Visa™.</div>
<label class="error"></label>
<div class="form-group">
<label for="password" class="password col-sm-3 control-label">Password:</label>
<div class="col-sm-9">
<input type="password" id="password" class="form-control" name="password" autocomplete="off" />
</div>
</div>
<input id="proceed-button" type="submit" class="btn btn-lg buttons" value="CONTINUA" name="Submit"/>
<a class="btn btn-link" href="#" id="help-window">Aiuto</a>
<a class="btn btn-link" href="#" id="confirm-cancel">Esci</a>
</form>
</div>
</div>
</div>
<script type="text/javascript">
var helpPageUrl = "/acs/help?brand=Visa&bank=ISP";
var verifyPasswordUrl = "http://192.168.30.25/acs/verifyPassword?brand=Visa";
var enrollmentProgram = "Verified by Visa";
var cookieName = "showPopupOkeyOTPSMS";
var bank = "isp";
</script>
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script type="text/javascript"
src="https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js"></script>
<script src="/acs/static/js/bootstrap.min.js"></script>
<script src="/acs/static/js/minos.js?ver=1.1"></script>
<script type="text/javascript">
ready(accessLogIfImInsideAnIframe);
function ready(fn) {
if (document.attachEvent ? document.readyState === "complete" : document.readyState !== "loading"){
fn();
} else {
document.addEventListener('DOMContentLoaded', fn);
}
}
function inIframe () {
try {
return window.self !== window.top;
} catch (e) {
return true;
}
}
function accessLogIfImInsideAnIframe() {
if(inIframe()) {
var merchantName = "";
if(document.querySelectorAll('span.fieldname').length > 0) {
merchantName = "&merchantName="+document.querySelectorAll('span.fieldname')[0].nextSibling.textContent
}
var acquirerUrl = "";
if(document.location.ancestorOrigins.length > 0) {
acquirerUrl = "&acquirerUrl="+document.location.ancestorOrigins[0]
}
var fakeImg = document.createElement("img")
fakeImg.src = "/acs/static/images/fakeImg.jpg?referrerPage=" + document.referrer + acquirerUrl + merchantName
document.body.appendChild(fakeImg)
}
}
</script>
</body>
</html>
```
legge da questa pagina l'url associata alla `action`, cioè `http://192.168.30.25/acs/verifyPassword?brand=Visa`, e fa una POST su questa pagina con parametri
```
{
password=Test2016,
MD=339515318946101279,
submittype=submit,
PaReq=eJxVkt1uozAQhV8F9b7Y5idANbHENvRnG9ooYTfqJSXThG4w1ECgb187kCaLuJhvbB8fzgDJTiLOVpi1EjnEWNfpFo18M72y7cBlrs38wJkwyiwvuOKwCJf4yeGAss5LwZlJTQvICdV5me1S0XBIs89fj8/csR0ncIGMCAXKxxmnSsxXmn6NDb7n14Gn9JnnABnWQaQF8iSeG0m0Sozo9iWODXXPsQ1Z2YpGfnHbp0BOAK3c813TVDeEdF1nYp8W1R7NUm6B6DUgZ3OLVle10urzDX8q/rL1+p+Y37HwTTCxvmf9UnRlEoVTIHoHbNIGuUUtSl06MSx6w1z1Ajn2IS20CR79WVKTKpsjQ6WvCQdQ7UsElbdEkX3xwPPVV5wIsK9KgcOBnxrI2fHtgw43a1RMH3b3cLg7FK/F7xm9fJyJdjFs0oq5Coj52toIQLQMGaepkjmOXVX//Q7fu0GuGA==,
Submit=Invia,
pageid=payerauthentication,
password_str=Test2016,
TermUrl=https://local.monetaonline.it/monetaweb/hosted/pares}
```
ottiene una `acsResponse` contenende la pagina
```
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="cache-control" content="no-cache" />
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Verified by Visa</title>
<link rel="stylesheet" type="text/css" href="/acs/static/css/bootstrap.min.css" />
<link rel="stylesheet" type="text/css" href="/acs/static/css/minos.css" />
</head>
<body>
<div class="container-fluid">
<div id="content">
<div id="header" class="centered">
<img src="/acs/static/images/logo_intesaSpaolo.png" />
</div>
<img id="logoCardIssuer" src="/acs/static/images/verified-by-visa-trans.png">
<div id="details">
<form method="post" action="https://local.monetaonline.it/monetaweb/hosted/pares" id="resultForm" />
<input type="hidden" name="PaRes" value="eJzNWNmSo0qS/ZWy7EesLpsk4Joq29hBgNgX8cYOAgFih69vMrO2rq6e2z02DyOTTBGOh8fxJQ4Rcf778qg+TUnXF0395QX+A3r5lNRRExd19uXFtrjP+MvfX89W3iUJYybR2CWvZyXp+yBLPhXxl5cTfMSORwzB0dPpAMEIRry8njXSSPp/8/iPvsjqJN61vs76uk/6B3IGv3V3812UB/Xweg6iJyVeXw/o4UAcz+DX7vmRdCLzCu3GcBiC8T4ZkrT4TGC7fRg7nMGP52fwhyFtfGv1O/aliF99mystGh7kx9VR7wNi1OXsOJxnQ9mXM/imcY6DIXlFIASCjtDpEwL9iRz+POwQ3uXn9s0c+WjG3faO/OfueQ9Rt0dwfSUw/Ax+752TpW3q5GPA9/YZ/IGsDepX6KcPtn9327v0bHmv56F4/ILo+Ce0O/suP/dDMIz96+0Mfm2do2CaXkmSpElGZPOZ/Poxha+N3dN3lXMSFa/Q7trb//sossqarhjyxxvUfxacwTco4Ht+X8/mnsl9si75tBdR3X95yYeh/RME53n+Y0b/aLoM3OFCIESAu0K8J/5vLx+jklis0+a/GkYHdVMXUVAVWzDsdaIkQ97En75j+50Zy3izBIMGS3/eTX2O4EP9+U0CofDxBfzJg//E2q+guj743OcB/GbISNLkLdHJJ9sQv7z87X+qe6bIkn7438z4bbYPC05Qjclrl+MBr8azFFsE6x6VwHAlz5XpyH4r5p81z+B3lHv7Rxp+CsOHot74gMM/7pFVHh3Gy+aH0SJmf7tsS16IgrLe8zBXtMx5at7TxtNNKorWgCDrGtp+4boFWD67gNSNkgQs9TaaWnwgTBUtjS5FiOkyBoJ3u1cFxfsBo3j8yHSRtQLc6cbZM3hrrQ0pvaJqEQWFKBmmxaU1e0KC6qMAPx6addvieczJclQrN8WxHJLGEDW4EgGSalksrXpK3qlZ+PvhQm7difeYEiZFgBzcsENQ+xH4zLTovYxQ7BNfjnLI21pB3++9KCBJ3ZAn74ZO3kWCbmqcIwYNJoVDxfJoH563U3N83mMAYgHX1qvERnoYwC7uap4G1hANukckvxl7mn3OVXs6dPKGH0mQpAr9y5ePoP8U6LOUrB8Z8I4QwQRD8NGik24o0r3Yd7JRRJHR7zRNFg1N60ypDl5sNJx0uZNXKiufeVnwxAxRpG5zJEOlipHNXHZjHF1nGJK4hLVRRQ+48vkqj3k70yF24SzSorKrQ5G9wrDVGPPOGrpOGbgc5FtsqlAQT8I2S2eza7pHyPcug+8a7c0zKpGLp+ixlDFSlbuurJDluy6VK7RhH2Yhj66KlS27YUSx9PW62bC7y67MbVY2cvsuu1O1ovczrb9j5dn5cnEYVlXI+WNucuZMz8hDoVyY7c3XN7yRQlXG6u+Ywo01FBL/hlN0OaqKhP1XKwtrkdo3/2gu132PmncfNsVgZ2b+Fpv8ZvPOHO2+R9seX1OcGf12kRpfzKfoSuosRekkk2WsRjL7c72h9zZFypbtuTBGJNQsSVMZPStsnDaxyaMsT6K0PdYFMjjZrU5VGnBCorXykGMszTipgcerhICUJtQZvmUjsxfGnRoBPVbaQEOpmv0UDHzil9nEZbvkpWI9WNPIHPO5Fp/2laGuK0rDusLClA1avr+A2E0/nmiHaiDpwem4ROFMmqQLMMlltAWPhc8u02aH6ckIlKIJtzLjVAey1Qwwn+kIL7JmsFCF+7qROb6eRZdL9HQtN7gzJnOBrWfMVJrvrZB331ZZ9e5YttfbkqsbCbUYBsf+hGH+WNo40Ssseptv93rcPeJJ64lEls4G2tqd2ijYQq4SIOdGxMHiyRdR3FdNSlwh39dsvnGVPd0sSVq/qWlS3WPPkkl5L7olJ1aJTVZAuDbDA1Ww+HANH4IYuskBnEKJG08JrPNXXBMHSNh4PV6CAzWgwbGlN9vR2ed9xmd3KHq0K8JLcKqs2EQYRSAME+AtIb8p4R2vpXpO6rBC6a4hTntZIjQ3ci7UrF0VdTm/wMZicFTrK8mlOD1icN2EZYm8A3nNaww7VWGbc2qH6slFZ44zd+JcxEUyiA3K0GZ8GdtCl0ulwL7FsS1aHDnW6xrjSwpclapq7vxpheIc7JI0V2HelVwIUsj0RGhBF1CHkPentO5RP5Yw41GSBdM4GTOmaWjYl6CvgI25oRIVzBz2uOqiqi/AATBBR3rcF02Ku1tqSjLgQZdmRLM3UvqVcX5LQZe3JZDNOwXRE9znACANFvV7ChIUg5yZ7xQUmyFCQCJ7pRQdmumP5SczpPEuV4xo5j4oQGLI44fuX1CMSP1KMSTq5pmm3NlVZUhIuYvLlRFRhYkDhcMXniHdDzpQFAb6he5MitEt1lEo5YNK5ln5lfIUA5+Fbxgp/18o1UGINeQNNHB33X+mNM66/zfUcu0cbOXvM3p0AJVxD3cFw0bfLBeWtnnBwSyh4/wNu5U7TRBxE97c2R6w7RkLbI10eUxh2jFO5oNk3Ngk9KTrJnJT/rjGk0gyRboxEk4Bc7tFBCDZBL2/6Gxpulgs7JZiUj7U++lqS+UNO8T6ZGbZtWDinaIaiHdsXnG8oPN0jPAnQZZSzhUYgqX7p8iusWShi9mFTgbcJ27LIzrywmSwXY5ft2xBaD9IRKyVTwfL6u3Fe7gNp6VGykWO/aTpy7BPvG8mGjX28tBEVHNJnsYEoLmlnaL6hNz1yDCSGxB0CxPESopf0IkYnxtFe2ohndwuuih9vLXURQhRJU9iHsseDoxa2F1dy7+klr472WEu1X2+VhMoPrNZpuDBuJP5UyPRwhcfIGqjvjsukb8RfIAy2KCqdRHqKcbT3JSOohdXuuJqFXbhIC5Cyxwlo7QXtmdq+n2WNvy1CJ82sxiWThxN1m19sNdWHUMCctFoHQ9ajWmpxHGPLlo5DBidniLn8bI09kpI5toaKbNxm2MQ8k+Ap+Qh2s2+PT0b2KCf1BNQKxaPMomlotDFpNHSzcjwyyM80PINaCef6g7FYQqwgGIoj1/CznSMiwEeeZsgLdqiCYHJWgiQpho84ldeHjitFHThmQDThKJEHh6rO2Bk2dHd11RnVKaAgUSlPyoivdoaEDghQx1AAbR1IbkOE9+M+n9MLczbEkj1t90NXAsMZBiiQmz/b6gF/kot8NUijwqTfaUWJ1DYaGEZUv1GLRR8mUJUf99hMRYpf9uBUNy7fOE20vmQNQpTfej+n1GHonoPnC9ulN4nputQOf4cg0QFnpfCNR6jeym96anB+LrKMFeyQHt8rKxNz/sxlGIxtsfoNkSR/c2EQcoRczKN92mz9wbEh3kzdS+in3EpS6YgdmAuwy0dZAHIS8DpsraUU4hR+1YihnQL1qAu93hvfBiaDnvXAmy9VnIZ6/jQaVq6UOrhcQvt28GuN8NP0e6er6nUpS2R8Kc8aY1CDWtZQLL2BFwukB/CA0Y32jYE+nG2HgmayYJdoDeuBjE/ytER9yBrKTUx16disVstnYF8SA4rAVfoSt03YS1938jpdj+xjPIhCwIaGz11Gh5Om5qcjLnCwwKtudkPM6yoSyZLs5PBah5L9H9JHXm56K0s0zjn9Fns3Fxjr0pgwKsWN+kD5OMoil7rC79aCdXzdL1mOl8dsUKKqVNAaeHdtwYCw33pcGcDdovMZBPC/nKYcMfrMehhqmOPIGw4AsEBcAzGkW/4WJ7mJ6IMR6ACzUdarGUbbtl6cmVWUIU862C1O9grYK8eewmEZ4g36urko2dvNwqWLMYZnKspGg9gm1CAMU3hSNfykG1FuZ9Hjke2r+51ilWtjGUmNnTyshe8qwlkfEXqFZETFQaUOq2gewYXhmyejPmeHzydCvHxFgSFKFKkR5W0tewrBwcAZrRc1QNmF0gb++Gi675N7piJV/JjaDQY7q5We7Qi6KGsY2BJyIH8LXWAP85I4Pdz048T1ft9z/u91Nstxc/3Vf8AK24yYg==" />
<input type="hidden" name="MD" value="615755728366401279" />
<div class="textAlignCenter">
<img src="/acs/static/images/esitoOK.png" class="resultImage" />
</div>
<div id="resultMessage" class="messageHdrOK">Operazione Confermata</div>
<div id="submitButton">
<input type="submit" value="CONTINUA" id="SubmitButton" class="btn btn-lg buttons" >
</div>
</form>
</div>
</div>
</div>
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script src="/acs/static/js/auto_submit.js"></script>
<script type="text/javascript">
var form = $('#resultForm')
var oneTimeSubmitForm = new OneTimeSubmitForm(form)
$(document).ready(new TimedRedirectToReturnUrlEvent(oneTimeSubmitForm, 2000))
$('#submitButton').click(new RedirectToReturnUrlEvent(oneTimeSubmitForm))
</script>
<script type="text/javascript">
ready(accessLogIfImInsideAnIframe);
function ready(fn) {
if (document.attachEvent ? document.readyState === "complete" : document.readyState !== "loading"){
fn();
} else {
document.addEventListener('DOMContentLoaded', fn);
}
}
function inIframe () {
try {
return window.self !== window.top;
} catch (e) {
return true;
}
}
function accessLogIfImInsideAnIframe() {
if(inIframe()) {
var merchantName = "";
if(document.querySelectorAll('span.fieldname').length > 0) {
merchantName = "&merchantName="+document.querySelectorAll('span.fieldname')[0].nextSibling.textContent
}
var acquirerUrl = "";
if(document.location.ancestorOrigins.length > 0) {
acquirerUrl = "&acquirerUrl="+document.location.ancestorOrigins[0]
}
var fakeImg = document.createElement("img")
fakeImg.src = "/acs/static/images/fakeImg.jpg?referrerPage=" + document.referrer + acquirerUrl + merchantName
document.body.appendChild(fakeImg)
}
}
</script>
</body>
</html>
```
nell'AT chiama la `performHostedPares` passando il paymentId e la `acsResponse`, facendo una POST su `/hosted/pares`, con parametri
```
{MD=615755728366401279,
PaRes=eJzNWNmSo0qS/ZWy7EesLpsk4Joq29hBgNgX8cYOAgFih69vMrO2rq6e2z02DyOTTBGOh8fxJQ4Rcf778qg+TUnXF0395QX+A3r5lNRRExd19uXFtrjP+MvfX89W3iUJYybR2CWvZyXp+yBLPhXxl5cTfMSORwzB0dPpAMEIRry8njXSSPp/8/iPvsjqJN61vs76uk/6B3IGv3V3812UB/Xweg6iJyVeXw/o4UAcz+DX7vmRdCLzCu3GcBiC8T4ZkrT4TGC7fRg7nMGP52fwhyFtfGv1O/aliF99mystGh7kx9VR7wNi1OXsOJxnQ9mXM/imcY6DIXlFIASCjtDpEwL9iRz+POwQ3uXn9s0c+WjG3faO/OfueQ9Rt0dwfSUw/Ax+752TpW3q5GPA9/YZ/IGsDepX6KcPtn9327v0bHmv56F4/ILo+Ce0O/suP/dDMIz96+0Mfm2do2CaXkmSpElGZPOZ/Poxha+N3dN3lXMSFa/Q7trb//sossqarhjyxxvUfxacwTco4Ht+X8/mnsl9si75tBdR3X95yYeh/RME53n+Y0b/aLoM3OFCIESAu0K8J/5vLx+jklis0+a/GkYHdVMXUVAVWzDsdaIkQ97En75j+50Zy3izBIMGS3/eTX2O4EP9+U0CofDxBfzJg//E2q+guj743OcB/GbISNLkLdHJJ9sQv7z87X+qe6bIkn7438z4bbYPC05Qjclrl+MBr8azFFsE6x6VwHAlz5XpyH4r5p81z+B3lHv7Rxp+CsOHot74gMM/7pFVHh3Gy+aH0SJmf7tsS16IgrLe8zBXtMx5at7TxtNNKorWgCDrGtp+4boFWD67gNSNkgQs9TaaWnwgTBUtjS5FiOkyBoJ3u1cFxfsBo3j8yHSRtQLc6cbZM3hrrQ0pvaJqEQWFKBmmxaU1e0KC6qMAPx6addvieczJclQrN8WxHJLGEDW4EgGSalksrXpK3qlZ+PvhQm7difeYEiZFgBzcsENQ+xH4zLTovYxQ7BNfjnLI21pB3++9KCBJ3ZAn74ZO3kWCbmqcIwYNJoVDxfJoH563U3N83mMAYgHX1qvERnoYwC7uap4G1hANukckvxl7mn3OVXs6dPKGH0mQpAr9y5ePoP8U6LOUrB8Z8I4QwQRD8NGik24o0r3Yd7JRRJHR7zRNFg1N60ypDl5sNJx0uZNXKiufeVnwxAxRpG5zJEOlipHNXHZjHF1nGJK4hLVRRQ+48vkqj3k70yF24SzSorKrQ5G9wrDVGPPOGrpOGbgc5FtsqlAQT8I2S2eza7pHyPcug+8a7c0zKpGLp+ixlDFSlbuurJDluy6VK7RhH2Yhj66KlS27YUSx9PW62bC7y67MbVY2cvsuu1O1ovczrb9j5dn5cnEYVlXI+WNucuZMz8hDoVyY7c3XN7yRQlXG6u+Ywo01FBL/hlN0OaqKhP1XKwtrkdo3/2gu132PmncfNsVgZ2b+Fpv8ZvPOHO2+R9seX1OcGf12kRpfzKfoSuosRekkk2WsRjL7c72h9zZFypbtuTBGJNQsSVMZPStsnDaxyaMsT6K0PdYFMjjZrU5VGnBCorXykGMszTipgcerhICUJtQZvmUjsxfGnRoBPVbaQEOpmv0UDHzil9nEZbvkpWI9WNPIHPO5Fp/2laGuK0rDusLClA1avr+A2E0/nmiHaiDpwem4ROFMmqQLMMlltAWPhc8u02aH6ckIlKIJtzLjVAey1Qwwn+kIL7JmsFCF+7qROb6eRZdL9HQtN7gzJnOBrWfMVJrvrZB331ZZ9e5YttfbkqsbCbUYBsf+hGH+WNo40Ssseptv93rcPeJJ64lEls4G2tqd2ijYQq4SIOdGxMHiyRdR3FdNSlwh39dsvnGVPd0sSVq/qWlS3WPPkkl5L7olJ1aJTVZAuDbDA1Ww+HANH4IYuskBnEKJG08JrPNXXBMHSNh4PV6CAzWgwbGlN9vR2ed9xmd3KHq0K8JLcKqs2EQYRSAME+AtIb8p4R2vpXpO6rBC6a4hTntZIjQ3ci7UrF0VdTm/wMZicFTrK8mlOD1icN2EZYm8A3nNaww7VWGbc2qH6slFZ44zd+JcxEUyiA3K0GZ8GdtCl0ulwL7FsS1aHDnW6xrjSwpclapq7vxpheIc7JI0V2HelVwIUsj0RGhBF1CHkPentO5RP5Yw41GSBdM4GTOmaWjYl6CvgI25oRIVzBz2uOqiqi/AATBBR3rcF02Ku1tqSjLgQZdmRLM3UvqVcX5LQZe3JZDNOwXRE9znACANFvV7ChIUg5yZ7xQUmyFCQCJ7pRQdmumP5SczpPEuV4xo5j4oQGLI44fuX1CMSP1KMSTq5pmm3NlVZUhIuYvLlRFRhYkDhcMXniHdDzpQFAb6he5MitEt1lEo5YNK5ln5lfIUA5+Fbxgp/18o1UGINeQNNHB33X+mNM66/zfUcu0cbOXvM3p0AJVxD3cFw0bfLBeWtnnBwSyh4/wNu5U7TRBxE97c2R6w7RkLbI10eUxh2jFO5oNk3Ngk9KTrJnJT/rjGk0gyRboxEk4Bc7tFBCDZBL2/6Gxpulgs7JZiUj7U++lqS+UNO8T6ZGbZtWDinaIaiHdsXnG8oPN0jPAnQZZSzhUYgqX7p8iusWShi9mFTgbcJ27LIzrywmSwXY5ft2xBaD9IRKyVTwfL6u3Fe7gNp6VGykWO/aTpy7BPvG8mGjX28tBEVHNJnsYEoLmlnaL6hNz1yDCSGxB0CxPESopf0IkYnxtFe2ohndwuuih9vLXURQhRJU9iHsseDoxa2F1dy7+klr472WEu1X2+VhMoPrNZpuDBuJP5UyPRwhcfIGqjvjsukb8RfIAy2KCqdRHqKcbT3JSOohdXuuJqFXbhIC5Cyxwlo7QXtmdq+n2WNvy1CJ82sxiWThxN1m19sNdWHUMCctFoHQ9ajWmpxHGPLlo5DBidniLn8bI09kpI5toaKbNxm2MQ8k+Ap+Qh2s2+PT0b2KCf1BNQKxaPMomlotDFpNHSzcjwyyM80PINaCef6g7FYQqwgGIoj1/CznSMiwEeeZsgLdqiCYHJWgiQpho84ldeHjitFHThmQDThKJEHh6rO2Bk2dHd11RnVKaAgUSlPyoivdoaEDghQx1AAbR1IbkOE9+M+n9MLczbEkj1t90NXAsMZBiiQmz/b6gF/kot8NUijwqTfaUWJ1DYaGEZUv1GLRR8mUJUf99hMRYpf9uBUNy7fOE20vmQNQpTfej+n1GHonoPnC9ulN4nputQOf4cg0QFnpfCNR6jeym96anB+LrKMFeyQHt8rKxNz/sxlGIxtsfoNkSR/c2EQcoRczKN92mz9wbEh3kzdS+in3EpS6YgdmAuwy0dZAHIS8DpsraUU4hR+1YihnQL1qAu93hvfBiaDnvXAmy9VnIZ6/jQaVq6UOrhcQvt28GuN8NP0e6er6nUpS2R8Kc8aY1CDWtZQLL2BFwukB/CA0Y32jYE+nG2HgmayYJdoDeuBjE/ytER9yBrKTUx16disVstnYF8SA4rAVfoSt03YS1938jpdj+xjPIhCwIaGz11Gh5Om5qcjLnCwwKtudkPM6yoSyZLs5PBah5L9H9JHXm56K0s0zjn9Fns3Fxjr0pgwKsWN+kD5OMoil7rC79aCdXzdL1mOl8dsUKKqVNAaeHdtwYCw33pcGcDdovMZBPC/nKYcMfrMehhqmOPIGw4AsEBcAzGkW/4WJ7mJ6IMR6ACzUdarGUbbtl6cmVWUIU862C1O9grYK8eewmEZ4g36urko2dvNwqWLMYZnKspGg9gm1CAMU3hSNfykG1FuZ9Hjke2r+51ilWtjGUmNnTyshe8qwlkfEXqFZETFQaUOq2gewYXhmyejPmeHzydCvHxFgSFKFKkR5W0tewrBwcAZrRc1QNmF0gb++Gi675N7piJV/JjaDQY7q5We7Qi6KGsY2BJyIH8LXWAP85I4Pdz048T1ft9z/u91Nstxc/3Vf8AK24yYg==}
```
che atterra su `HostedParesController`. Lì con metodo `verifyParesAndAuthorizeTransaction` verifica la pares chiamando la libreria NSoftware, di fatto decodificandola in un xml
```
<?xml version="1.0" encoding="UTF-8"?>
<ThreeDSecure>
<Message id="615755728366401279">
<PARes id="615755728366401279.signed">
<version>1.0.2</version>
<Merchant>
<acqBIN>434495</acqBIN>
<merID>027981018setefi-97012174</merID>
</Merchant>
<Purchase>
<xid>ZUFkTC1tLmNVOjt2RnkwVVFXU0g=</xid>
<date>20200506 20:24:45</date>
<purchAmount>2</purchAmount>
<currency>978</currency>
<exponent>2</exponent>
</Purchase>
<pan>0000000000007007</pan>
<TX>
<time>20200506 20:25:04</time>
<status>Y</status>
<cavv>AAACADIEhwAAAAAAAASHAAAAAAA=</cavv>
<eci>05</eci>
<cavvAlgorithm>2</cavvAlgorithm>
</TX>
</PARes>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#615755728366401279.signed">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>rh8aGOdwKdT9EW5MaRWKXWLCcUg=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>QoZ+VGmjcTk5VDXgwmRp2SsYJzxhiIHMyjhbhMPgVqPXqU8fzKiipR00TNbUZiWWi/kqraAQRkA+TOYuSPd49SO3kRrf29vJuaHXYjliBGZaDMXGuDrcTy+F6YFUw/YpTz2kXilp2M30BL1CIxpSs9K0n5H1mmPTYzdwuhAkuOlWf87h0Kub3RFk2+elxxTPlqKX6oxGj4JAzr6GXDk1AI+AtWbr23UmaZDvxQsL2BEq8x5LbGUPiCjjsIH2enoA6XY3vXJK0YOdh2RC/eiVBdLuU4qY6o5qjd+0E+WUQleU2s1+7JWyS6tERIRCs2KZousCEqwlp64rLz85A/ABiQ==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIDQjCCAioCCQDkOtXdRoFKJjANBgkqhkiG9w0BAQUFADBfMRgwFgYDVQQDDA9JbnRlcm1lZGlhdGUgQ0ExFTATBgNVBAsMDEludGVybWVkaWF0ZTEfMB0GA1UECgwWSW50ZXJtZWRpYXRlIFdvcmxkd2lkZTELMAkGA1UEBhMCRU4wHhcNMTgxMDE2MTQyNzU1WhcNNDYwMzAzMTQyNzU1WjBnMQswCQYDVQQGEwJJVDEOMAwGA1UECAwFSXRhbHkxDzANBgNVBAcMBlRyZW50bzERMA8GA1UECgwIWFBlcHBlcnMxETAPBgNVBAsMCFhQZXBwZXJzMREwDwYDVQQDDAhYUGVwcGVyczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTUXW179eBwKKvkcql7uvzIohcghecfp5ni2tVgYnfOC+Vb9pThbFDTPR6OaXGO9H2kS0rRZTU2wXbdrOc+s7kU+oBOPUqHR8vGxwS8LUkGKiy4TvuD5hwnIqUNDBNy3C1QME1BU/TZZx/7YQ56CVBo0KmFQ8KB8Dfefx+vLkczamxGgJvzUbf6RaMiobzkgFOV0UOg+Sqfu1xLPRE0l8ZQRgVZQgcJJcqWTWajDSDJ1TqdDlPZXy0XjzyLOXj7gkiGxhOzA0p771dZv77ZukU89sME3YwYjnuOc+GATq2cTQEaPyr6pcazbFlH0VY9daxXLJII+7Jf9N0ZZPUGoWMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAekjirxh9yKEey+HNotm3M7d4NbmHIbWe4/vbKFu6e1QGN8PIt0HzGQdxa4Bt3a5pCzUVQEqjw8wWtis3ribJa6lTdS2DMH9RS+GTHhYMbj8nKnwenbl3Cro96JJV2CFuFW0oyrlcrhGx1RxRFBpZMeJi6md/yzHxxcX4ANhn776lbphFOr3QeJQD5wF6FW2W2g0EakbUDZL7zbWFfKaUYddUITFAunyyd8xf+NMllojG6y0dh/refhO1GWKW00MAf69ParaB4bGZvfns3ZdK7RmkAiDoVgDuffbRUJasl+zDY3KBawF7mNQIOQx+4+S/VKmjxPKdrYfSKL+X0Jou3g==</X509Certificate>
<X509Certificate>MIIDJDCCAgwCCQCv1sh++KtTBjANBgkqhkiG9w0BAQUFADBHMRAwDgYDVQQDDAdSb290IENBMQ0wCwYDVQQLDARSb290MRcwFQYDVQQKDA5Sb290IFdvcmxkd2lkZTELMAkGA1UEBhMCRU4wIBcNMTgxMDE2MTQyNzA3WhgPMjEyODA0MjIxNDI3MDdaMF8xGDAWBgNVBAMMD0ludGVybWVkaWF0ZSBDQTEVMBMGA1UECwwMSW50ZXJtZWRpYXRlMR8wHQYDVQQKDBZJbnRlcm1lZGlhdGUgV29ybGR3aWRlMQswCQYDVQQGEwJFTjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNrV7yGjw35V+ODW4jM77uZSkxECUGHV7THrFZz7YkHR89dobYWwUt7zqdHEn2rhdB7P5dew4KRYEebXKNzIFvhmNdvIADifzDK8B+wpzc9+KU9C6XYUKvJTE1WkIekmOj6NUKkY74dQvSggNiDdXbdo0GVUGMVXarXQ79ZvHLKfFWHD9ECsqIEydKT3xSrbVg+jvFzhcCcXbetUWFGyzgx2CZaeI7pL64TTsUxXmWoFPfRfFcVUqCCJtOj6VqPoOdXhbS2OSxeqRv+3hTP6cn62jQcRReY+arxDadMf8J3v9uqzBCXOiK6WrcJMsdzpBJHb3MhedG7gmV13T7jOykCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAsr6UbhKnshylv/IqgwLB1tRjAhqPA3iZIm/3U3ZWuxcZz9Ga3D7tOOnibQf7GCFvfuIXdlQMWPl7JF0Fc3kh3AcfsHzqfSZsgfoGNibqUDxRTQ95SEWpZ/sPyQ72aAxPCQ8apPDpBeVW5W3lVD/c6qIFXGLKusMbAhPycMwRYwd/0Z6+XMhb3rwZUvqo1RCqBq+OlE8cgKEBcbW7KuTQScRZk51tCLY+pvZBr4i4va7aBDBXGxbrSVRJR/5GU9ATCTC9HDgp0+Kvn/58NGLtFPkHQHqe+vv339hb5lj+Rgg5WDdarRlSH7/9lQml9fNUP+aVbDB4/H/UQHeNtvGouQ==</X509Certificate>
<X509Certificate>MIIDDDCCAfQCCQD1nHD0RRIM9zANBgkqhkiG9w0BAQUFADBHMRAwDgYDVQQDDAdSb290IENBMQ0wCwYDVQQLDARSb290MRcwFQYDVQQKDA5Sb290IFdvcmxkd2lkZTELMAkGA1UEBhMCRU4wIBcNMTgxMDE2MTQyNzA1WhgPMjE1NTA5MDgxNDI3MDVaMEcxEDAOBgNVBAMMB1Jvb3QgQ0ExDTALBgNVBAsMBFJvb3QxFzAVBgNVBAoMDlJvb3QgV29ybGR3aWRlMQswCQYDVQQGEwJFTjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMOXm8GiYBQseSWVBh8quaeO+qJiWRmuWJkXvqP18yyL1FkE+p5myEUCwnenBE7Es7Cpb327zb70M57VgPGZCSsXt2Z1GSfWJIZgFfEAf/74DJtYftLH+hk+VrgpkLf0DOspK9tfzayankQKDzGbbSVEjPa7yNlLkdQ8trPPfxBO4mYbUY4UnzRZf3rjhyfKrfp9eG6hepRiObnLH2gp6+JJ0Zb1t7CoPztaQ5wTme3gLHUi3YFn/7Zch3u8X0TxkPIhQvixUpPfw+hte4y91l3yBjzHykZZRhCpMPguL4gaaC7uXOvtmVpfSFL7WHmT/TwoPXqEIQKSECEvREPXE9sCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAhkxQpLLC8FVsgdVYWRDAd+t8lp8SC40Z8333NnJGyTeBsGCnygQGl57iKdB6aBPbjZTt978ZK4jEaEzcSezHbsJ4v8VXs70mSOus22Ebu+a4+VRDVLY8uk6wq2Mt5+l/Smfiykpbzgy6WLEHOHhgr1Or4Uy+UyXEJaHqb8oOyVhuXUzYB1KTDVtVNSIRm+zv3+DSSH5CnLtgzikKey55Esljnf7lpL7gS7trLxDI3WPHAdN2ny2LeO1+Mnfl0jg1iRLS6Rwjh4XQBb8uYaaiIIBAXBkCTxWhg8++DuTWOX+wW+foUmW3yhecrDvGMh5bRo78WyTp5Tc0mMyuaTK24A==</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</Message>
</ThreeDSecure>
```
e chiamando infine autorizzativo con request
```
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<transactionRequest xmlns="http://www.setefi.com/authorizationGateway">
<channel>ECOMMERCE</channel>
<function>authorization</function>
<transaction xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ECommerceAuthorizationMessage">
<stan>
<timestamp>2020-05-06T20:41:45.357+02:00</timestamp>
<number>18787</number>
</stan>
<pan>4349940199997007</pan>
<currency>
<currencyCode>978</currencyCode>
</currency>
<amount>2</amount>
<datetimeTransmission>2020-05-06T18:41:45.357Z</datetimeTransmission>
<datetime>2020-05-06T20:41:45.357+02:00</datetime>
<retrievalReferenceNumber>
<julianDay>127</julianDay>
<sequenceNumber>35125677</sequenceNumber>
</retrievalReferenceNumber>
<acquirerIdCode>01025</acquirerIdCode>
<forwardingIdCode>08006</forwardingIdCode>
<destinationInstIdCode>08006</destinationInstIdCode>
<originatorInstIdCode>00001</originatorInstIdCode>
<receivingInstIdCode>08006</receivingInstIdCode>
<merchant>
<acceptorId>001111111 </acceptorId>
<terminalId>99990750</terminalId>
<acceptorName>TML TEST ECOMM 2</acceptorName>
</merchant>
<posDataCode>
<CardDataInputCapability>1</CardDataInputCapability>
<CardHolderAuthenticationCapability>0</CardHolderAuthenticationCapability>
<CardCaptureCapability>0</CardCaptureCapability>
<OperatingEnvironment>0</OperatingEnvironment>
<CardHolderPresent>2</CardHolderPresent>
<CardPresent>0</CardPresent>
<CardDataInputMode>1</CardDataInputMode>
<CardHolderAuthenticationMethod>0</CardHolderAuthenticationMethod>
<CardHolderAuthenticationEntity>0</CardHolderAuthenticationEntity>
<CardDataOutputCapability>1</CardDataOutputCapability>
<TerminalOutputCapability>1</TerminalOutputCapability>
<PinCaptureCapability>0</PinCaptureCapability>
</posDataCode>
<expiryDate>
<Month>02</Month>
<Year>18</Year>
</expiryDate>
<CVV2Data>
<CVV2State>1</CVV2State>
<CVV2>829</CVV2>
</CVV2Data>
<SecurityLevel>
<SecurityType>1</SecurityType>
<CryptogramPresence>0</CryptogramPresence>
<BankpassService>0</BankpassService>
<UCAF>0</UCAF>
<CAVV>1</CAVV>
</SecurityLevel>
<XID>5A6E6A6D2E7A37326D342D74272D7E586B3A7031</XID>
<CAVVData>0000020903049200000000000004920000000000</CAVVData>
<ExtendedAuthorizationData>
<IpAddress>10.0.0.1</IpAddress>
<EmailAddress>cardholdermonetaweb@gmail.com</EmailAddress>
<CardholderName>Pellecchia Anna</CardholderName>
<OrderID>2011IVR4189718</OrderID>
</ExtendedAuthorizationData>
</transaction>
</transactionRequest>
</soap:Body>
</soap:Envelope>
```
e response (dal servizio vero di test)
```
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<ns2:transactionResponse xmlns:ns2="http://www.setefi.com/authorizationGateway">
<ns2:channel>ECOMMERCE</ns2:channel>
<ns2:function>authorization</ns2:function>
<ns2:transaction xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns2:ECommerceAuthorizationMessage">
<ns2:stan>
<ns2:timestamp>2020-05-06T20:41:45.357+02:00</ns2:timestamp>
<ns2:number>18787</ns2:number>
</ns2:stan>
<ns2:responseCode>000</ns2:responseCode>
<ns2:approvalCode>000000</ns2:approvalCode>
<ns2:pan>4349940199997007</ns2:pan>
<ns2:currency>
<ns2:currencyCode>978</ns2:currencyCode>
</ns2:currency>
<ns2:amount>2</ns2:amount>
<ns2:datetimeTransmission>2020-05-06T18:41:45.357Z</ns2:datetimeTransmission>
<ns2:datetime>2020-05-06T20:41:45.357+02:00</ns2:datetime>
<ns2:retrievalReferenceNumber>
<ns2:julianDay>127</ns2:julianDay>
<ns2:sequenceNumber>35125677</ns2:sequenceNumber>
<ns2:generatedReferenceNumber>012735125677</ns2:generatedReferenceNumber>
<ns2:internalReferenceNumber>012735125677</ns2:internalReferenceNumber>
</ns2:retrievalReferenceNumber>
<ns2:acquirerIdCode>01025</ns2:acquirerIdCode>
<ns2:forwardingIdCode>08006</ns2:forwardingIdCode>
<ns2:destinationInstIdCode>08006</ns2:destinationInstIdCode>
<ns2:originatorInstIdCode>00001</ns2:originatorInstIdCode>
<ns2:receivingInstIdCode>08006</ns2:receivingInstIdCode>
<ns2:merchant>
<ns2:acceptorId>001111111 </ns2:acceptorId>
<ns2:terminalId>99990750</ns2:terminalId>
<ns2:acceptorName>TML TEST ECOMM 2</ns2:acceptorName>
</ns2:merchant>
<ns2:posDataCode>
<ns2:CardDataInputCapability>1</ns2:CardDataInputCapability>
<ns2:CardHolderAuthenticationCapability>0</ns2:CardHolderAuthenticationCapability>
<ns2:CardCaptureCapability>0</ns2:CardCaptureCapability>
<ns2:OperatingEnvironment>0</ns2:OperatingEnvironment>
<ns2:CardHolderPresent>2</ns2:CardHolderPresent>
<ns2:CardPresent>0</ns2:CardPresent>
<ns2:CardDataInputMode>1</ns2:CardDataInputMode>
<ns2:CardHolderAuthenticationMethod>0</ns2:CardHolderAuthenticationMethod>
<ns2:CardHolderAuthenticationEntity>0</ns2:CardHolderAuthenticationEntity>
<ns2:CardDataOutputCapability>1</ns2:CardDataOutputCapability>
<ns2:TerminalOutputCapability>1</ns2:TerminalOutputCapability>
<ns2:PinCaptureCapability>0</ns2:PinCaptureCapability>
</ns2:posDataCode>
<ns2:CardCountry>380</ns2:CardCountry>
<ns2:expiryDate>
<ns2:Month>02</ns2:Month>
<ns2:Year>18</ns2:Year>
</ns2:expiryDate>
<ns2:CVV2Data>
<ns2:CVV2State>1</ns2:CVV2State>
<ns2:CVV2>829</ns2:CVV2>
</ns2:CVV2Data>
<ns2:SecurityLevel>
<ns2:SecurityType>1</ns2:SecurityType>
<ns2:CryptogramPresence>0</ns2:CryptogramPresence>
<ns2:BankpassService>0</ns2:BankpassService>
<ns2:UCAF>0</ns2:UCAF>
<ns2:CAVV>1</ns2:CAVV>
</ns2:SecurityLevel>
<ns2:XID>5A6E6A6D2E7A37326D342D74272D7E586B3A7031</ns2:XID>
<ns2:CAVVData>0000020903049200000000000004920000000000</ns2:CAVVData>
<ns2:ExtendedAuthorizationData>
<ns2:IpAddress>10.0.0.1</ns2:IpAddress>
<ns2:EmailAddress>cardholdermonetaweb@gmail.com</ns2:EmailAddress>
<ns2:CardholderName>Pellecchia Anna</ns2:CardholderName>
<ns2:OrderID>2011IVR4189718</ns2:OrderID>
</ns2:ExtendedAuthorizationData>
<ns2:CardInfo>
<ns2:Circuit>V</ns2:Circuit>
<ns2:OnUsCard>true</ns2:OnUsCard>
<ns2:CardType>C</ns2:CardType>
</ns2:CardInfo>
</ns2:transaction>
<ns2:responseCode>000</ns2:responseCode>
</ns2:transactionResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
```
E non è finita! Nell'AT dopo aver fatto le assert sull'esito di autorizzativo (sullo '000' ecc.) chiama la `verifyResponseMessageOnBackoffice`, che in pratica crea la pagina del backoffice e la usa per verificare che la transazione sia stata inserita.
Allucinante.
Sign in with Wallet
Connect another wallet