Re: Token validation failed 9210

Anees
Helper

Token validation failed 9210

Hi, 

I'm facing issue while implementing MLE , i have shared my query in the same post 'Token validation Failed for VPP API ' by other user. 

Following are my request response with complete header :

 

POST https://sandbox.api.visa.com/visadirect/mvisa/v1/merchantpushpayments HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/json
Authorization: Basic Uzg5S0NXMUFBQzlOWkxHWFpBQlYyMS1wdXdod01IMGs4UVNOeWR5ZXVueWlzOTdDczp4SVpBeFBBc25taWZjMjU1MnVPV3cyQUdXMWlyQWM5
Accept: application/json,application/octet-stream
X-CORRELATION-ID: 09465302022020_042_96_l73c033_VDP_ARM
keyId: 9decd3b4-7b48-47a3-8433-74d1f5484a06
Content-Length: 1570
Host: sandbox.api.visa.com
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

{"encData":"eyJlbmMiOiJBMTI4R0NNIiwiaWF0IjoxNTgzMTY4MDYwNzU1LCJhbGciOiJSU0EtT0FFUC0yNTYiLCJraWQiOiI5ZGVjZDNiNC03YjQ4LTQ3YTMtODQzMy03NGQxZjU0ODRhMDYifQ.eKIRaQUZ98qIdT69Bx79bKvRMI3nOYzF5yx3acHawANxCWLgEIAYY_F5K6bENL2Or_O8F3QcvFmDJP3UuO2DokCtZ6H4XMnYHAyObC54d45d0o94JK_lMh851KrLC0-m9KFo56a5rqS7IwDupfKf7w1vn5uEQeIeEet6Kv18rG8jT1vZdbv5sDJP2yA9O2w8L4f0p8188RtrgiO5zXNJ3gW0F1kmFjwPm_y4Hl8zYUwZ0muATMJ7ATjkJoCLJdTIVqOxdpVQ2yhL_dl7kWtd9-4VLFTpEFyVPehQwH5EdhCxcB3eX2qCi_cMuhDsWyKoVh2ClCViGefeSBzJ1URuWg.-XBEKSsUL2uN3KkQ.yuoOPPeFJIqAq1UxpazwkJndQgzlG_-okWP56JFjI4CEClzgL4fF1PfTUweLyx1145Yx1S2bSVnkZFjXPZ_OCqtHo0EHVq9AWZdA30oxr-VozzgeenO6bDHFIX4R64Yging9_RiF954CPsr_41VzVpJWGKY5RrCOPlDjZHxHbi1UosPEGfFHrt3rqlOp9Q_Xzy9f5Zn4im19cA84-SmazOmIIxpOvRVKv283NotmLcl1NYG3kYy_lY_RgRCk4Mgca-aUv8vbWctBPlJyPPA_S_9doLY2nSCyYtike_UJYFPbRXKkk8V3-nKxLxpgtvN8AU09fHrR7lEn8lvLDXzKi5_cW_QHHwN4jmFuIdbPIQXJbECDlYorgBFVaP5m88MVNc1Bxlhdou7Mrj18IgmP67aHXQhFdgLQsk4D20M4k9R-T5CQcrQyFK88-3fGv8RdVGI408DXUWeEi5rBEyK4JhpZA8wz4Y1e687LFJ0RNrZqGCNX9JdLIQW7HurDMsT-hOxg3qd981SjgjicEWP-kDtFTS_RI1DIAW6IEAoXqcCTq3s8bhkhCk42WcTLoLXY1opId1Q18aCOZdYnYH1RT9XLX5Wj6VAJxZzbBBcaYPkiI1CwZLbcsgoZpLUJ93COpfsjva29lQCi6Qy_lMSC8SM0dq20GWAJE0lZWBMt0x4TqcH7n5iWEAWpbDVUPa7eTNMwptzXI2RkQbIOe9osFagAd0TDWk4dt2NrzDbLdSc_o4GRqYXCUnDxpx6SrLgA-YuYqKp7O9Fzq1PcKhmcTrz980v9VQVXDYuvSUoONalUxGuvOLwvm0Y5Busb6GNOQW_49AirfoejolEudHQlOniGGPWr0zZLqHQeD9FgKApzxGa7YXfCRoccN5BB2ZnLcwAse3QgL6GnR-fnTv-8VaA8Ypg06u9LIRfuU5H8d2xbcywAYPu4UwzXmCZXTuzVyaHVjOhYE5l4kK0sJUuhn82ruNS3S8xJa0woZs-F3rwe6CZyMCXsvRN4L7JVOnV1mE8QWLH5SQ.I99-isaatt077d2OCikj_w"}

 

 

Response:

 

HTTP/1.1 401 Unauthorized
Server: nginx
Content-Type: application/json;charset=UTF-8
Content-Length: 112
X-SERVED-BY: l73c013
X-CORRELATION-ID: 1583081270_627_748839424_l73c013_VDP_WS
X-APP-STATUS: 401
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=2592000;includeSubdomains
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Date: Sun, 01 Mar 2020 16:47:50 GMT
Connection: close

{"responseStatus":{"status":401,"code":"9210","severity":"ERROR","message":"Token validation failed","info":""}}

 

Please help me what to do? , one confusion is do i have to encrypt only the json body or the whole request ?

 

Thanks,

 

5 REPLIES 5
API_Products
Visa Developer Support Specialist

Re: Token validation failed 9210

Hey @Anees,

 

You had posted this issue with Visa Direct in another forum post, as well. To resolve the issue, can you please refer to this community forum post - https://community.developer.visa.com/t5/Connection-Security-Errors/Token-validation-Failed-for-VPP-A...

 

Please scroll down to my latest post and it walks you through how to resolve the issue, as well as, it shows the successful result that I received today for the sandbox test.

 




Thanks,

Diana



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

Aneesce
Regular Visitor

Re: Token validation failed 9210

Hi Diana,

I'm actually implementing the Message Level Encryption and got this response {"responseStatus":{"status":401,"code":"9210","severity":"ERROR","message":"Token validation failed","info":""}}. Can you please help me why i'm getting this error. I have shared the complete request response with headers ad with correlation id .

 

I used the code snippet given on your site on MLE. I wrote java code using that snippet and encrypt the json request and then put that encrpted message in SOAP UI body.

Aneesce
Regular Visitor

Re: Token validation failed 9210

Hi Diana,

 

To further investigation following are more logs and my java encryption code. Also tell me what is JWE Token laps time>


iat : 1583353048280
{"encData":"eyJlbmMiOiJBMTI4R0NNIiwiaWF0IjoxNTgzMzUzMDQ5MTY4LCJhbGciOiJSU0EtT0FFUC0yNTYiLCJraWQiOiIwY2RlODAwMS1hYzBlLTQxMTQtYmFhNC03YWUwMzJhOWZhNzgifQ.fVeWQzWXTY3-3-WRBHL8v5EtD6thUXqCTdcgJcs0WBnZigqI-H7j3MFjL8dK89Esk7uZLhW7iyKogutn_y7iOL5T2OROAuw7DuqkIT1K9sX3siuSd7bEwZU-3jkHvkThXF5Q85FUR6k1dvnTf8duWCu_mALe50Y9O9NuVMPp5Dth9aAhm1Dpp2RUuKzW9O3qcDpYgeVHvvccqMTWKQwYUKCYH9CrEE_XhoY1Lbui4qMn6BO90fY6qIMjAvYfPsFwlKWazUqcfeyo6uHBtoO4_NJW32Nih91OgRXGCyf7_6lGPiu0KzvBs8NuxmaTfJWfD7UkYdh65tN3y_yXvqAlsw.qL3xk6iIekmqGHa3.wgnQJ2JQ8L7gmCR8WoyxFEFThxharAJRE9kcPRyaDtp3Z7qBBYo83LH1Q-Z2dzgf6WpwhANPo_l8C0tEpdoz7jyZFHq7JBt2ZMk7vVwcS6fJUJf_85MxgftXKFTkbyiNjAUjXU0Jp81fHVewcuccQfQ9I5J0HY9nucCnixXZwLh-VJFeF4PGtucMfFITEmN4GLXili5JvVm0Tt8et-DC8SFcICKiLHWG9vKk3s5hzAzDSlQFXhhIL9ZVRxiSqHzSRctyJ-ytba4tqFgmqjxA4S5HFK8uNomxncTFsc_QE8psNtuc0-8-feSLQ5hGTNNWtkAnre5r1kLZCqL7srqzc0u7i27slRUd9HiJHwH61pvhTPQRUkwoWUGXW4J7oYfZpa_inr7mjALnLjUXd-WPgxboylAhTcbnha8e0_1fZtfqF15IQZeFw3jINsUpBvaPT6ocdsOEjsgROBh_95alnHakWB5q7Cfcfi7lfU1bbfSWNRj1QM78-5SKXQspaP7VoNLnJL7hyDjM60VmtGVLbqwPdSLfD3qkoP_33Wp0o9yPtF9ZSHBtTwxazM9XZMBhidIiuW5pCIw1c5-Gfs4A6H2A3GBbJokG7eHIDBD10NDYzVCBJZEphwqofoBZXRUtQeoWYL9rpSWLVb-5tNb4-preInzpH0z0tr1npnqeD8hHqlfB5oZkzxosiYb_8veaLAyRz6E3Lyqimm5-qJW_EwCLV6R5rb0KL1kLkj7PHvcL1wfozdB-ezi6hkUgwvj3g46FGKtnAVWyHuz_VJbaunqXkGpUZi0ISUtfyRVXHU9TfUxk_sJPJlwH84i_z-BcbWJglmEc5SPJUUJaGYcVXnnccZfy4viprO2w1NchTuddBwExevKisfiGELB5FMYt8kkeMrOG0IqPqGxgYKVX0lDRBFIn9FdUZoa8_pd7U1mHlE_wTo0o1hpcCqPGCQIAd010VFZYl4GrBR548wJDfQyGwH0We7CcFUkiaZFAF3Gvp2XL_sRBXm2e1osX40horgM_bGQjPQ.B-mNDbiDzbxeHbYALCrGmg"}
Calling URL: https://sandbox.api.visa.com/visadirect/mvisa/v1/merchantpushpayments
**POST** request Url: https://sandbox.api.visa.com/visadirect/mvisa/v1/merchantpushpayments

Response Code: 401
Content:-

{"responseStatus":{"status":401,"code":"9209","severity":"ERROR","message":"Token validation failed","info":""}}
Server : nginx
Content-Type : application/json;charset=UTF-8
Content-Length : 112
X-SERVED-BY : l73c015
X-CORRELATION-ID : 1583266241_704_960466182_l73c015_VDP_WS
X-APP-STATUS : 401
X-Frame-Options : SAMEORIGIN
X-XSS-Protection : 1; mode=block
X-Content-Type-Options : nosniff
Strict-Transport-Security : max-age=2592000;includeSubdomains
Cache-Control : no-cache, no-store, must-revalidate
Pragma : no-cache
Expires : -1
Date : Tue, 03 Mar 2020 20:10:41 GMT
Connection : close

 

Java code for encrytion:

public static String getEncryptedPayload(String keyId) throws CertificateException, JOSEException, IOException {

ObjectMapper mapper = new ObjectMapper();
mapper.setSerializationInclusion(Include.NON_NULL);
mapper.setSerializationInclusion(Include.NON_EMPTY);



String payload= JSONReader.getJSON();

//String plainText = JSONReader.getJSON();//a;//payload.toString();// == null ? "" : mapper.writeValueAsString(payload);
String plainText = payload == null ? "" : mapper.writeValueAsString(payload);
//String plainText = "{ \"name\":\"John\", \"age\":30, \"car\":null }";
JWEHeader.Builder headerBuilder = new JWEHeader.Builder(JWEAlgorithm.RSA_OAEP_256, EncryptionMethod.A128GCM);

headerBuilder.keyID(keyId);
long iat=System.currentTimeMillis();
headerBuilder.customParam("iat",iat);
//System.out.println("iat : "+iat);
_iat=iat;


JWEObject jweObject = new JWEObject(headerBuilder.build(), new Payload(plainText));
jweObject.encrypt(new RSAEncrypter(getRSAPublicKey()));
String encData ="{\"encData\":\""+jweObject.serialize()+"\"}";
System.out.println(encData);
//return "{\"encData\":\""+jweObject.serialize()+"\"}";
return encData;
}

 

Aneesce
Regular Visitor

Re: Token validation failed 9210

Any solution of my issue?

API_Products
Visa Developer Support Specialist

Re: Token validation failed 9210

Hey @Aneesce,

 

If you're testing with MLE then I recommend you to use VDC Playground for your sandbox testing. Refer to this link - https://community.developer.visa.com/t5/Developer-Tools/How-to-test-and-troubleshoot-APIs-with-the-V...

 

Also, are you using test data? When you create a test App in our sandbox you will receive test data in your App. The test data for your Visa Developer application is available in the Dashboard under test data in the left navigation, this will ensure that you are using valid data that has been provisioned for specific scenarios. You will basically have a table per API that is split into the Request and Response sections and the values on the Request section are meant to be populated in the payload with the intention of obtaining results specified in the Response section.
 
Sandbox data is limited to what is provided in the Test Data tables and is not integrated to the Visa Network and you cannot test real data in sandbox.  

 

20190905 Test Data.png

 

However, if you want to see the below MLE Sample code which covers both Encryption and Decryption, feel free to look below. The code snippet below shows the encryption details for APIs that require Message Level Encryption. 

 

/*© Copyright 2018 Visa. All Rights Reserved.NOTICE: The software and accompanying information and documentation (together, the “Software”) remain the property of and are proprietary to Visa and its suppliers and affiliates. The Software remains protected by intellectual property rights and may be covered by U.S. and foreign patents or patent applications. The Software is licensed and not sold.By accessing the Software you are agreeing to Visa's terms of use (developer.visa.com/terms) and privacy policy (developer.visa.com/privacy). In addition, all permissible uses of the Software must be in support of Visa products, programs and services provided through the Visa Developer Program (VDP) platform only (developer.visa.com).

THE SOFTWARE AND ANY ASSOCIATED INFORMATION OR DOCUMENTATION IS PROVIDED ON AN “AS IS,” “AS AVAILABLE,” “WITH ALL FAULTS” BASIS WITHOUT WARRANTY OR CONDITION OF ANY KIND. YOUR USE IS AT YOUR OWN RISK.*/

import java.io.ByteArrayInputStream;

import java.io.File;

import java.io.IOException;

import java.math.BigInteger;

import java.nio.charset.Charset;

import java.security.KeyFactory;

import java.security.NoSuchAlgorithmException;

import java.security.cert.Certificate;

import java.security.cert.CertificateException;

import java.security.cert.CertificateFactory;

import java.security.interfaces.RSAPrivateKey;

import java.security.interfaces.RSAPublicKey;

import java.security.spec.InvalidKeySpecException;

import java.security.spec.RSAPrivateKeySpec;

import java.util.Enumeration;

 

import org.apache.commons.lang3.StringUtils;

import org.apache.log4j.Logger;

import org.bouncycastle.asn1.ASN1Integer;

import org.bouncycastle.asn1.ASN1Sequence;

import org.json.JSONObject;

 

import com.nimbusds.jose.EncryptionMethod;

import com.nimbusds.jose.JOSEException;

import com.nimbusds.jose.JWEAlgorithm;

import com.nimbusds.jose.JWEHeader;

import com.nimbusds.jose.JWEObject;

import com.nimbusds.jose.Payload;

import com.nimbusds.jose.crypto.RSADecrypter;

import com.nimbusds.jose.crypto.RSAEncrypter;

import com.nimbusds.jose.util.Base64;

import com.nimbusds.jose.util.IOUtils;

 

public class EncryptionUtils {

 

  final static Logger logger = Logger.getLogger(EncryptionUtils.class);

 

  private static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----";

  private static final String END_CERT = "-----END CERTIFICATE-----";

  private static final String BEGIN_RSA_PRIVATE_KEY = "-----BEGIN RSA PRIVATE KEY-----";

  private static final String END_RSA_PRIVATE_KEY = "-----END RSA PRIVATE KEY-----";

  private static final String ENC_DATA = "encData";

  private String keyID;

  private String rsaPrivKeyPath;

  private String rsaPublicKeyPath;

 

  public EncryptionUtils(String keyID, String rsaPrivKeyPath, String rsaPublicKeyPath) {

         this.keyID = keyID;

         this.rsaPrivKeyPath = rsaPrivKeyPath;

         this.rsaPublicKeyPath = rsaPublicKeyPath;

  }

 

public String getEncryptedPayload(String payload) throws CertificateException, JOSEException, IOException {

    logger.info("Encrypting the payload...");

    JWEHeader.Builder headerBuilder = new JWEHeader.Builder(

        JWEAlgorithm.RSA_OAEP_256,

        EncryptionMethod.A128GCM);

    headerBuilder.keyID(keyID);

    headerBuilder.customParam("iat", System.currentTimeMillis());

 

    JWEObject jweObject = new JWEObject(headerBuilder.build(), new Payload(payload));

    jweObject.encrypt(new RSAEncrypter(getRSAPublicKey()));

    String encrRequest = "{\"encData\":\""+jweObject.serialize()+"\"}";

    logger.info("Payload Encrypted Successfully : "+encrRequest);

       return encrRequest;

  }

 

  public String getDecryptedPayload(String encryptedPayload) throws Exception {

    logger.info("Decrypting the payload...");

    String response = encryptedPayload;

    logger.info("Encrypted Response \n"+ response);

    if(encryptedPayload.contains(ENC_DATA)) {

      JSONObject jsonObj = new JSONObject(encryptedPayload);

      String value = (String) jsonObj.get(ENC_DATA);

      if(StringUtils.isNotEmpty(value)) {

        JWEObject jweObject = JWEObject.parse(value);

        jweObject.decrypt(new RSADecrypter(getRSAPrivateKey()));

        response = jweObject.getPayload().toString();

        logger.info("Payload Decrypted Successfully. Decrypted payload : \n" + response);

      }

    }

    return response;

  }

 

  /*

   * Converts PEM file content to RSAPrivateKey

   */ 

  private RSAPrivateKey getRSAPrivateKey()

      throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {

    String pathToClientEncPrivateKey = rsaPrivKeyPath;

    String pemEncodedKey = IOUtils.readFileToString(new File(pathToClientEncPrivateKey), Charset.forName("UTF-8"));

    Base64 base64 = new Base64(pemEncodedKey

        .replaceAll(BEGIN_RSA_PRIVATE_KEY, "").replaceAll(END_RSA_PRIVATE_KEY, ""));

    ASN1Sequence primitive = (ASN1Sequence) ASN1Sequence.fromByteArray(base64.decode());

    Enumeration<?> e = primitive.getObjects();

    BigInteger v = ((ASN1Integer) e.nextElement()).getValue();

    int version = v.intValue();

    if (version != 0 && version != 1) {

      throw new IllegalArgumentException("wrong version for RSA private key");

    }

    BigInteger modulus = ((ASN1Integer) e.nextElement()).getValue();

    ((ASN1Integer) e.nextElement()).getValue();

    BigInteger privateExponent = ((ASN1Integer) e.nextElement()).getValue();

    ((ASN1Integer) e.nextElement()).getValue();

    ((ASN1Integer) e.nextElement()).getValue();

    ((ASN1Integer) e.nextElement()).getValue();

    ((ASN1Integer) e.nextElement()).getValue();

    ((ASN1Integer) e.nextElement()).getValue();

    RSAPrivateKeySpec privateKeySpec = new RSAPrivateKeySpec(modulus, privateExponent);

    KeyFactory keyFactory = KeyFactory.getInstance("RSA");

    return (RSAPrivateKey) keyFactory.generatePrivate(privateKeySpec);

  }

 

  /*

   * Converts PEM file content to RSAPublicKey

   */

  private RSAPublicKey getRSAPublicKey() throws CertificateException, IOException {

    String pathToClientEncPrivateKey = rsaPublicKeyPath;

    String pemEncodedPublicKey = IOUtils.readFileToString(new File(pathToClientEncPrivateKey), Charset.forName("UTF-8"));

    Base64 base64 = new Base64(

        pemEncodedPublicKey.replaceAll(BEGIN_CERT, "").replaceAll(END_CERT, ""));

    Certificate cf = CertificateFactory.getInstance("X.509")

        .generateCertificate(new ByteArrayInputStream(base64.decode()));

    return (RSAPublicKey) cf.getPublicKey();

  }

 

}

 

 




Thanks,

Diana



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.