Introduction

PayPal is depracating their old PayFlowPro API’s and so we needed to upgrade to the new SDK. Despite PayPal’s efforts, this is not a simple task.

First I reviewed PayPal’s docs: https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/gateway_update_custom_dev . The PayPal link walks you through determining if you need to upgrade, and then directing you to the correct SDK.

Required Files

For ColdFusion, you will need the PayFlow_SDK_for_Java_v4.32 or later.

You will also need a Cold Fusion client. I decided to try the CFXPayFlowPro_v4.01. It’s a CFX tag that talks to the java SDK.

Installation

Installation for these SDK’s are included in the ReleaseNotes.txt and Readme.txt of each package, respectively.

In order to get these files installed, I had to do this:

1. unpack the zip files
2. copy the following files into your cold fusion’s <cfroot>/wwwroot/WEB-INF/lib: payflow.jar, xml-apis.jar, xercesImpl.jar
3. copy into your <cfroot>/wwwroot/WEB-INF/classes/: CFXPayFlowPro.class
4. open your CFADMIN browser, and register the CFX tag

Configuration

If you haven’t configured CFX tags, here are the steps:

1. open CFADMIN browser
2. navigate to Extensions/CFX Tags
3. select “Register JAVA CFX”

Tag Name: CFX_PAYFLOWPRO

Class Name: CFXPayFlowPro

Description: PayPal integration

Testing

The CFX package comes with a test file, PFProCFXtest.cfm. Copy it to your webroot, edit it with the correct user credentials and finally open it in a browser.

Fixing SSL Cert Errors

Your installation may just work. Mine didn’t. Looking in the the payflow logs (configured in the tag declaration), I was able to locate this error:

2009-08-03 17:20:03 EDT – Fatal – paypal.payflow.PaymentConnection.SendToServer(String): Caught Exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA12275)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA12275)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(DashoA12275)
at paypal.payflow.p.b(Unknown Source)
at paypal.payflow.a.b(Unknown Source)
at paypal.payflow.g.j(Unknown Source)
at paypal.payflow.PayflowAPI.submitTransaction(Unknown Source)
at CFXPayFlowPro.processRequest(CFXPayFlowPro.java:139)
at coldfusion.tagext.CfxTag.doStartTag(CfxTag.java:102)
at coldfusion.runtime.CfJspPage._emptyTag(CfJspPage.java:1915)
at cfPFProCFXtest2ecfm605041190.runPage(E:\mandala-sites\shambhala\003\internet\www\_unit_test\PFProCFXtest.cfm:35)
at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:152)
at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:349)
at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65)
at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:225)
at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:51)
at coldfusion.filter.PathFilter.invoke(PathFilter.java:86)
at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:69)
at coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:52)
at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
at coldfusion.filter.RequestThrottleFilter.invoke(RequestThrottleFilter.java:115)
at coldfusion.CfmServlet.service(CfmServlet.java:107)
at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:78)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:91)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:257)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:541)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:204)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:318)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:426)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:264)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
at sun.security.validator.Validator.validate(Validator.java:202)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA12275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275)
… 41 more

Download New VeriSign Certs

The problem relates to VeriSign certificates that need to be installed. I don’t know why these need to be installed, but I think it has to do with a VeriSign screwup a while back where they released a weak cert. The details are not that interesting to me. You can download the certs here.

Install the Certs in CFMX

Once downloaded you need to install the certs into CFMX’s JRE. I’m not sure if you need to install all four, but I did. Here’s the example command:

cd <cfroot>

cd runtime/jre/bin

./keytool.exe -import -keystore ../lib/security/cacerts -file facacbc6.cer -alias verisignfacacbc6

Repeat this three more times, changing the *.cer and alias. As far as I could tell, the alias value is not that important, though it should probably be unique. The important thing is that the cacerts file must be the one in <cfroot>/runtime/jre/lib/security.

Rerun your test CFM and hopefully it will now work. I hope this saves you some time. Please comment and let me know.

Sometimes you want to know if a file name contains a specific, or a list of extentions. Here’s how I did it.

Note that this snippet requires the Jakarta Commons StringUtils class.

	/**
	 * Returns true if filename has an extension in the list
	 * extension, case insensitive
	 *
	 * @param filename name of file to test
	 * @param extensions comma delimited list of file extensions
	 *
	 * @return true if filename has an extension in the list
	 *         extension, case insensitive
	 */
	public static boolean extensionInList(final String filename, final String extensions) {
		if (StringUtils.isBlank(extensions)) {
			throw new IllegalArgumentException("'extensions' must not be empty or null");
		}

		if (StringUtils.isBlank(filename)) {
			return false;
		}

		StringBuffer regExp = new StringBuffer(".+(");
		String delim = "";
		for (String ext : extensions.split(",")) {
			if (StringUtils.isBlank(ext)) {
				continue;
			}
			ext = ext.trim();
			regExp.append(delim).append("\\.").append(ext);
			if (StringUtils.isBlank(delim)) {
				delim = "|";
			}
		}
		regExp.append(")$");

		Pattern p = Pattern.compile(regExp.toString(), Pattern.CASE_INSENSITIVE);
		return p.matcher(filename).matches();
	}

	public void testFileExtensionIn() {
		String extensions = "pdf, html, htm";

		assertTrue(extensionInList("josh.pdf", extensions));
		assertTrue(extensionInList("josh.PDF", extensions));
		assertTrue(extensionInList("josh.html", extensions));
		assertTrue(extensionInList("josh.HTML", extensions));
		assertTrue(extensionInList("josh.HTM", extensions));
		assertTrue(extensionInList("josh.abc.HTM", extensions));

		assertFalse(extensionInList("josh.HTM1", extensions));
		assertFalse(extensionInList("josh.psd", extensions));
		assertFalse(MdxUtils.extensionInList("josh.pdf.psd", extensions));

	}