BrainTree

[Bryan Anderson]

Attempting to use cfpayment with braintree and I get 'invalid gateway specified'. Looking at the braintree cfc i see the api version is configured as 1.0, and I believe they are now in version 2.0 (ish) Anyone able to help out?

[Brian G]

Bryan, 

Right now the Braintree support is indeed for their older platform.  I have code from Peter Bell for the new platform that wraps the Java library which I have not had time to implement/test as of yet but hope to later this year.  If this were something you were interested in getting on with I could share it and help you make progress with it.  It should mostly work but needs to be cfpayment-ized and have some unit tests written.

Brian

[Bryan Anderson]

Brian

I could certainly help out in integrating the newer code into cfpayment. Let me know the details.

Bryan

[Brian G]

I am departing from Africa today and will be back in the saddle later this week after the jet lag wears off.  Fire me a private note and we'll start a dialogue when I am back, thanks!

Brian

[Tom McNeer]

Bryan,

Until cfpayment is implemented, or instead of ... integrating Braintree is not too difficult using javaloader and Braintree's Java API and jar.

You can use javaloader to create a CF object, then make method calls against it. I've only implemented basic vault storage and transaction creation; I haven't dealt with recurring transactions yet.

If you'd like to do this, I can give you a little direction and some samples.



--
Thanks,

Tom

Tom McNeer
MediumCool
http://www.mediumcool.com
1735 Johnson Road NE
Atlanta, GA 30306
404.589.0560

[Brian G]

I think this is largely what Peter's code does; wraps the Java code.  I will get it into the cfpayment repo shortly so it can be reviewed and we can get this going.  They want us to upgrade so I would like to get it prepped as well.

Brian

[Bryan Anderson]

How are things? I'm still able to help out if needed, can find out how to send a PM from here, :-0

[Brian G]

I just got Bryan the code to work with.  It's based on Braintree 2.4.0.  They are at 2.15.0 right now but the CFC and work that Peter Bell did should all transfer.  I'm hoping that Bryan can use my existing Braintree unit tests with minor tweaks while changing the implementation under the hood so we can see all the same functionality work.

[Wes Byrd]

GitHub still appears to have Braintree.cfc using api version 1.0.  Does this work?  If so, I just need to know what to pass into the core because my Braintree account does not have "SecurityKey" or "SecurityKeyID".

[Brian G]

The current gateway is for the Orange (or legacy) platform.  It works - I use it every day, but they no longer are adding accounts on it.  We have some code for the Blue platform (the current) which wraps the Java gateway that BT makes available.  I haven't had any takers to do the testing and add it yet and we haven't upgraded to Blue yet.  Let me know if you're interested and I can send your way.  Mostly needs some unit tests done.


Brian

[Daryl Lackey]

Brian G., our group may be trying this this week.  I'll try to remember to post back as the results.  Feel free to tap me on the shoulder in about two weeks if I forget.  :D

[Daryl Lackey]

I'd like some direction and samples, please.

[Brian G]

Here's the notes that Peter Bell provided me, this is to use the sample code straight up (which is a CFC that wraps the Java library that Braintree makes available here: https://github.com/braintree/braintree_java - you can get jars from the "releases" link). 

What needs to be done for cfpayment is to take the CFC that Peter wrote as a wrapper and just massage the parameters and method names to line up with the cfpayment standards.  It should be trivial since I've already written a braintree orange gateway to model it after.  The unit tests I wrote should work as I believe Braintree maintained the same values to generate declines/AVS/CVV matches/etc:




Braintree CFDML Library

Background

This is a library that wraps the Java Braintree library using Mark Mandell's Java Loader, so if you are more comfortable working directly with the Java library, feel free. The goal of this library is to expose most of the Java library in a way that will be slightly easier to consume.

Capabilities

There are two interfaces to the Braintree payment gateway. One uses a "Transparent Redirect" (TR) where the user fills out a form on your site and the form is posted directly to Braintree. Braintree then redirects the user to your site along with information in the URL about the success of the attempted transaction. The purpose of TR is to avoid cardholder data hitting your server to lower PCI DSS compliance costs by trying to keep your server environment out of scope. As such, you only need to do it when cardholder data is involved.

All other transactions will be submitted using a more standard server to server call where you will make requests against a different set of URLs on the Braintree servers using a token to identify the card that you wish to charge. (You *can* pass credit card information using a server to server call - but it will put your site in scope for PCI DSS compliance so these docs won't focus on that use case).

Installation

Start by downloading the project and create a mapping for your website titled "braintreecfml" pointing to the root directory of this project.

Registration

Before you can work with the Braintree API, you'll need a merchant Id, a private key and a public key. Contact Braintree to get the information required.

Your First Payment Form

Once you have the project installed and credentials from Braintree, the first thing you probably want to do is to create a form to allow a user to submit their credit card data and (probably) to make a payment at the same time. As with anything using the library, you will want to start by instantiating the braintreeGateway object which is the interface you use for all operations. Think of it as a factory for creating all of the objects you need. Because it acts as a factory, you can create a single instance of this either as a Singleton through ColdSpring or Lightwire, or you could just instantiate it in the application scope:

<cfset configuration = {
    environment = "SANDBOX",
    merchantId = "<your-merchand-Id>",
    privateKey = "<your-private-key>",
    publicKey = "<your-public-key>"
}>
<cfset braintreeGateway = createobject( "component", "braintreecfml.com.BraintreeGateway").init( argumentCollection=configuration )>

Now that we've done this, we need to create a payment form. This form is for storing a new customer (along with their card data) in the vault and charging that card.

<form action="#braintreeGateway.createCustomerUrl()#" method="post">
    <label for="transaction_credit_card_number">Card Number</label>
    <input type="text" id="transaction_credit_card_number" name="transaction[credit_card][number]" value="4111111111111111" />
    <br /><br />
    <label for="transaction_credit_card_expiration_date">Expiration Date</label>
    <input type="text" id="transaction_credit_card_expiration_date" name="transaction[credit_card][expiration_date]" value="07/10" />
    <br /><br />
    <input type="hidden" name="tr_data" value="#braintreeGateway.trCreateandChargeCustomerv( amount, redirect_url )#" />
    <input type="submit">
</form>

So we are calling the createCustomerUrl() method on braintreeGateway to get the URL for submitting a form to when we want to create a customer. We are putting the minimum fields required for making a payment (credit card number and expiration date) and we're calling trCreateandChargeCustomer() which creates and returns the necessary tr_Data to create and charge a customer (including storing the customer in the vault).

Gateway returns gateways for address, credit card, customer, subscription and transactions

Customer has transparentRedirectURLForCreate and transparentRedirectURLForUpdate

[Daryl Lackey]

Thank you.  We'll be looking at this closer either today or tomorrow.

[Daryl Lackey]

On the BrianTree site, there is a reference to a braintree.js file which is used to encrypt the information.  Is that needed or is the CFPayment wrapper handling that, too?

On Friday, February 14, 2014 6:38:42 PM UTC-6, Brian G wrote:

[Brian G]

Make sure you understand how the pieces fit together here:

1. The credit card must make its way to Braintree so they can store/process it
2. If your server or your network ever sees the unencrypted credit card number, then you must deal with full PCI DSS compliance
3. The transparent redirect and braintree.js are two different ways to accomplish getting the card to Braintree without you seeing it unencrypted
4. The alternative is having a form post straight to your server and then you submit it in the background to Braintree, but again, this means you deal with PCI DSS.

Braintree.js encrypts everything on the client side so when you receive a post to your server, you have encrypted bits which is NOT cardholder data and therefore you aren't required to deal with full PCI DSS.  This is good.  That is just an alternative to the transparent redirect where the form submits directly to braintree's server.

cfpayment is the server side for your application and Braintree.js is all client side.  If you use Braintree.js, when your server receives the form post with encrypted details, you can use cfpayment and the java wrapper to send the data to Braintree for storage/processing.

If you use braintree.js, they will probably require you to name the form fields a certain way which may or may not be the same as TR.  In both cases, you'll need to write the thin layer of controller glue which copies FORM or URL variables into your cfpayment arguments.


Brian

[Bryan Anderson]

By chance has anyone run across this issue?

chargeObject = gateway.transaction().sale(requestObject).result();

RETURNS: 

java.lang.RuntimeException: Could not generate secret

[Brian G]

Can you post the full stack trace? 

[Bryan Anderson]

Found the resolution to the posted issue of 

java.lang.RuntimeException: Could not generate secret

there are a few parts to it. First, braintree's newest jar requires their sandbox and production SSL certs to be installed on the coldfusion server performing the calls. Secondly, we added a JsafeJCE work around to the code that would run the code. The work around would be added like so:

<cfset objSecurity = createObject("java", "java.security.Security") />

<cfset storeProvider = objSecurity.getProvider("JsafeJCE") />

<cfset objSecurity.removeProvider("JsafeJCE") />

--- the braintree gateway code goes here ---

<cfset objSecurity.insertProviderAt(storeProvider, 1) />

I can post the code to anyone interested in its entirety if anyone is interested. I have not worked it into cfpayment as of yet.

Cheers!

[Brian G]

Thanks for following up on this Bryan - great news!  The JsafeJCE is a common problem with wildcard SSL certificates which CF's default provider can't always handle.  We actually remove that provider as part of our onApplicationStart due to the number of APIs we integrate with which have wildcard certs.

Let me know if you need some help getting it into cfpayment.  You can send a pull request via github or just send me code.


Brian

[Ilya Fedotov]

Was the Braintree java wrapper integrated into cfpayment? 

If not, is there a way I can get that Peter Bells code?