fix: Modified encryptedKey to base 64 standard (#29)

pagopa · Feb 12, 2024 · 8761ecb · 8761ecb
1 parent d9821ae
commit 8761ecb
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 9 deletions.
diff --git a/src/main/java/it/pagopa/swclient/mil/idpay/azurekeyvault/util/EncryptUtil.java b/src/main/java/it/pagopa/swclient/mil/idpay/azurekeyvault/util/EncryptUtil.java
@@ -5,22 +5,22 @@
 
 import java.math.BigInteger;
 import java.nio.charset.StandardCharsets;
-import java.security.InvalidKeyException;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.PublicKey;
+import java.security.*;
 import java.security.spec.InvalidKeySpecException;
+import java.security.spec.MGF1ParameterSpec;
 import java.security.spec.RSAPublicKeySpec;
 import java.util.Base64;
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.OAEPParameterSpec;
+import javax.crypto.spec.PSource;
 
 @ApplicationScoped
 public class EncryptUtil {
 
- public String encryptSessionKeyForIdpay(PublicKeyIDPay publicKeyIDPay, String sessionKey) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+ public String encryptSessionKeyForIdpay(PublicKeyIDPay publicKeyIDPay, String sessionKey) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException {
  String modulusBase64 = publicKeyIDPay.getN();
  String exponentBase64 = publicKeyIDPay.getE();
 
@@ -38,12 +38,15 @@ public String encryptSessionKeyForIdpay(PublicKeyIDPay publicKeyIDPay, String se
  KeyFactory keyFactory = KeyFactory.getInstance("RSA");
  PublicKey rsaPublicKey = keyFactory.generatePublic(rsaPublicKeySpec);
 
- Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
+ Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
+ OAEPParameterSpec oaepParams = new OAEPParameterSpec("SHA-256", "MGF1",
+ new MGF1ParameterSpec("SHA-256"), PSource.PSpecified.DEFAULT);
+ cipher.init(Cipher.ENCRYPT_MODE, rsaPublicKey, oaepParams);
+
  byte[] sessionKeyBytes = sessionKey.getBytes(StandardCharsets.UTF_8);
- cipher.init(Cipher.ENCRYPT_MODE, rsaPublicKey);
  byte[] encryptedSessionKeyBytes = cipher.doFinal(sessionKeyBytes);
 
  // encryptedSessionKeyBytes contains encrypted session key
- return Base64.getUrlEncoder().encodeToString(encryptedSessionKeyBytes);
+ return Base64.getEncoder().encodeToString(encryptedSessionKeyBytes);
  }
 }
diff --git a/src/main/java/it/pagopa/swclient/mil/idpay/service/TransactionsService.java b/src/main/java/it/pagopa/swclient/mil/idpay/service/TransactionsService.java
@@ -535,7 +535,6 @@ public Uni<Response> authorizeTransaction(CommonHeader headers, AuthorizeTransac
 
  // Start trying to encrypt session key with public key retrieved
  String encryptedSessionKey = encryptUtil.encryptSessionKeyForIdpay(publicKeyIDPay, unwrappedKey.getValue());
-
  String hexPinBlock = base64ToHex(authorizeTransaction.getAuthCodeBlockData().getAuthCodeBlock());
 
  PinBlockDTO pinBlock = PinBlockDTO.builder()