#!/usr/bin/perl
##
This Perl CGI is a sample KRPS external CGI
###
Copyright © 2004 Kagi. All rights reserved.
# 1442A Walnut Street PMB #392, Berkeley, CA 94709, USA.
###
Permission is granted to use this specification and code for development and
# deployment of a Kagi Remote Post CGI free of charge as long as Kagi sells
# your products.
##
No warranty is made as to the suitability of code herein
# or even this code is bug or error free.
##
BECAUSE THE CODE IS LICENSED FREE OF CHARGE, THERE IS NO
# WARRANTY FOR THE CODE, TO THE EXTENT PERMITTED BY
# APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING
# THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDING THE
# CODE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
# EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
# PARTICULAR PURPOSE. YOU ASSUME THE ENTIRE RISK AS TO THE
# QUALITY AND PERFORMANCE OF THE CODE. SHOULD THE CODE
# PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL-NECESSARY
# SERVICING, REPAIR OR CORRECTION.
package KagiRemoteCGIPostReceiver;
use strict;
use Exporter;
use English;
use CGI;
use Digest::MD5;
# end of line and return for CGI and KRPS
my ($cr,$lf) = ("\015", "\012");
my ($crlf) = ("$cr$lf");
&main;
1;
exit;
sub main(){
#
# CGI programs must print their own HTTP
# response headers
#
printf ("Content-type: text/text%s%s",$crlf,$crlf);
my $cgi = new CGI; #read cgi input parameters
# does it start correctly?
if( !defined($cgi) ){
printf( "kagiRemotePostStatus=BAD,
message=Could not get CGI started.%s%s",$crlf,$crlf );
return(0);
}
# get the message and the digest for comparison
my $sharedSecret = "myTestPassword",
my $digest = md5Password($sharedSecret,$cgi);
if( !defined($digest) ){
# status set in call, just return
return(0);
}
# Specifically get the password from the input parameters
my $passwd = $cgi->param('ACG:Password');
#does the password match what I think it should be
if( $digest ne $passwd ){
printf( "kagiRemotePostStatus=BAD,
message=Password did not match calculated version. %s%s”,
$crlf,$crlf );
return(0);
}
# OK we passed the password test, now do something useful
my ($userName,$regNumber) = myalgo($cgi->param('ACG:PurchaserEmail);
printf( "kagiRemotePostStatus=GOOD,
message=Authenticated call from Kagi.%s%s",$crlf,$crlf );
printf( “username=%s,regNumber=%s%s%s”.
$username,$regNumber,$crlf,$crlf);
return(1);
}
sub md5Password($$){
# Calculate the KRPS encrypted password message and return lower case version
#
# The result of this routine should match what is passed by Kagi if the MD5
# encryption hash was specified during setup.
# Reference Appendix C for details on the implementation
#
my($sharedSecrete, $cgi) = @ARG;
# build the password as MD5 Hash
my $md5 = Digest::MD5->new();
if( !defined($md5) ){
printf("kagiRemotePostStatus=BAD,
message=MD5 could not be initialized. %s%s",
$crlf,$crlf)
}
# lowercase the data to be consistent, no spaces
# this is step 1 and step 2 in Appendix C
$md5->add( lc( $ sharedSecrete
. $cgi->param("ACG:TransactionID")
. $cgi->param("ACG:ProductName")
. $cgi->param("ACG:UnitPayment")
. $cgi->param("ACG:DateProcessed")
. $cgi->param("ACG:QuantityOrdered")
. $cgi->param("ACG:LicenseType")
) );
#we lowercase the password, this is step 3 and step 4 in Appendix C
my $newHash = lc( $md5->hexdigest );
# Perl adds spaces to output only, other libraries might add more
my ($cleanHash,@stringArray,$character) = ("",undef,undef);
# this is more of step 4 of Appendix C, Perl only, yours will vary.
@stringArray = split(//,$newHash);
# this is more of step 4 of Appendix C, Perl only, yours will vary.
foreach $character (@stringArray){
# only accept hex characters
if( $character =~ /[a-f0-9]/ ){
$cleanHash.= $character;
}
}
return( $cleanHash);
}
1;

##</code><code>##

<HTML>
<!-- -->
<!-- -->
<!-- Copyright © 2004 Kagi. All rights reserved.
1442A Walnut Street PMB #392, Berkeley, CA 94709, USA.
Permission is granted to use this specification and code for development and
deployment of a Kagi Remote Post CGI free of charge as long as Kagi sells
your products.
No warranty is made as to the suitability of code herein
or even that the code is bug or error free.
BECAUSE THE CODE IS LICENSED FREE OF CHARGE, THERE IS NO
WARRANTY FOR THE CODE, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING
THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE
CODE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. YOU ASSUME THE ENTIRE RISK AS TO THE
QUALITY AND PERFORMANCE OF THE CODE. SHOULD THE CODE
PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL-NECESSARY
SERVICING, REPAIR OR CORRECTION.
-->
<HEAD>
<TITLE>KRPS Test Page</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE="+2" FACE="Arial">ACG test page</FONT></P>
<!-- -->
<!-- MODIFY THE ACTION BELOW -->
<!-- FOR YOUR SERVER ADDRESS AND CGI-BIN DIRECTORY -->
<!-- -->
<!-- -->
<P><!-***************************************************-->
<!--* Modify the line below to point to the correct ACG or External CGI to test *-->
<!--*****************************************************--></P>
<P><FORM ACTION="http://127.0.0.1/cgi-bin/ KagiRemoteCGIPostReceiver.pl"
METHOD=POST>
<P><!--***************************************************-->
<!--***************************************************->
<!-*****************************************************-->
</P>
<P><TABLE>
<TR>
<TD>
<P></P>
</TD>
<TD>
<P>The seed parameters are comma separated. Internal
commas come escaped with a comma. The maximum length of
the value for a given seed is 256 bytes</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:Flags</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:Flags" VALUE="Test=1"
SIZE=55><BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:UserName</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:UserName"
VALUE="enter value if needed" SIZE=55><BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:Password</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:Password"
VALUE="myTestPassword" SIZE=55><BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:CustomerSeed</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:CustomerSeed"
VALUE="Keyword: mykey - value, hardwareFingerprint=E96D-6CEE,
userPreferredName=Softedge,, Inc." SIZE=255><BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:OEMSeed</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:OEMSeed"
VALUE="Clear-Text=Password" SIZE=256><BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:DebugFlag</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:DebugFlag"
VALUE="1" SIZE=30> Value 0 or 1
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:InputVersion</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:InputVersion"
VALUE="0200" SIZE=30> Value 0200<BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:Request</P>
</TD>
<TD>
<P><SELECT NAME="ACG:Request">
<OPTION VALUE=Generate>Generate
<OPTION VALUE=Information>Information
<OPTION>NULL
</SELECT>Value is 'Generate' and 'Information'. See
specification for meanings</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:CardName</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:CardName"
VALUE="Card Name Here" SIZE=30><BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:CardName-8bit</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:CardName-8bit"
VALUE="CARD NAME HERE" SIZE=30><BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:PurchaserName</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:PurchaserName"
VALUE="Fred Fragola" SIZE=30><BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:PurchaserName-8bit</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:PurchaserName-8bit"
VALUE="Fred Fragola" SIZE=30><BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:PurchaserEmail</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:PurchaserEmail"
VALUE="email@domain.com" SIZE=30><BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:SQNM</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:SQNM"
VALUE="9999" SIZE=30>Value
0000 to 9999<BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:QuantityOrdered</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:QuantityOrdered"
VALUE="1" SIZE=30><BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:LicenseType</P>
</TD>
<TD>
<P><SELECT NAME="ACG:LicenseType">
<OPTION VALUE=single>single
<OPTION VALUE=site>site
<OPTION VALUE=world>world
<OPTION VALUE=upgrade>upgrade
<OPTION VALUE=bonus>bonus
<!-- -->
<!-- Edit the value below for you special license type-->
<!-- -->
<OPTION VALUE="special=">special=(you must edit form and supply value)
<OPTION>null
</SELECT>See specification for meanings</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:UnitPayment</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:UnitPayment"
VALUE="149.000" SIZE=30><BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:TransactionID</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:TransactionID"
VALUE="CH0123456789" SIZE=30><BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:Postal-8bit</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:Postal-8bit"
VALUE="POSTAL-8BIT 12134 Center St. Boston CA 87654"
SIZE=60><BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:Postal</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:Postal"
VALUE="Postal 12134 Center St. Boston CA 87654" SIZE=60><BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:ProductName-8bit</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:ProductName-8bit"
VALUE="PRODUCT_NAME" SIZE=30><BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:ProductName</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:ProductName"
VALUE="Product_Name" SIZE=30><BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:UserPurchaseDate</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:UserPurchaseDate"
VALUE="2000-12-31" SIZE=30><BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:DateProcessed</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:DateProcessed"
VALUE="2000-12-31" SIZE=30><BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>ACG:TimeStamp</P>
</TD>
<TD>
<P><INPUT TYPE=text NAME="ACG:TimeStamp"
VALUE="49388234823" SIZE=30><BR>
</P>
</TD>
</TR>
<TR>
<TD>
<P>Submit</P>
</TD>
<TD>
<P><INPUT TYPE=submit NAME=Submit
VALUE="Do your ACG test"><BR>
</P>
</TD>
</TR></FORM>
</TABLE>
</FORM></P>
</BODY>
</HTML>