I have followed documentation of VISA Developer Portal of the part MLE(Message Level Encryption) and encrypted data with VISA API call and see that it was successful encryption.
But I want to decrypt that particular encrypted data. I came to an issue says "com.nimbusds.jose.JOSEException: Decryption error". It seems to be error at the line:
jweObject.decrypt(new RSADecrypter(getRSAPrivateKey(MLE_CLIENT_PRIVATE_KEY_PATH)));
Error message log:
Caused by: javax.crypto.BadPaddingException: Decryption error
at java.base/sun.security.rsa.RSAPadding.unpadOAEP(RSAPadding.java:488)
at java.base/sun.security.rsa.RSAPadding.unpad(RSAPadding.java:284)at java.base/com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:372)
at java.base/com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:406)
at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2205)
at com.nimbusds.jose.crypto.RSA_OAEP_256.decryptCEK(RSA_OAEP_256.java:111)
... 83 more
Below is my code in JAVA:
public static String getDecryptedPayload(VisaEncryptedRes visaEncryptedRes) throws Exception {
String response = visaEncryptedRes.getEncData();
// T decryptedResponse = null;
try {
JWEObject jweObject = JWEObject.parse(response);
System.out.println("[PASSED JWT OBJECT PARSE RESPONSE]");
//If you have used passphrase while generating the csr make sure you the same while getting the private key. Otherwise decryption will fail.
System.out.println("[JWT OBJECT ENCRYPTION]: " + jweObject.getEncryptedKey());
System.out.println("[JWT OBJECT HEADER]: " + jweObject.getHeader());
System.out.println("[JWT OBJECT CIPHEREX TEXT]: " + jweObject.getCipherText());
System.out.println("[JWT OBJECT AUTH TAG]: " + jweObject.getAuthTag());
System.out.println("[JWT OBJECT STATE]: " + jweObject.getState());
jweObject.decrypt(new RSADecrypter(getRSAPrivateKey(MLE_CLIENT_PRIVATE_KEY_PATH)));
System.out.println("[PASSED JWT OBJECT DECRYPT]");
response = jweObject.getPayload().toString();
System.out.println("[PASSED RESPONSE GET PAYLOAD]");
// ObjectMapper mapper = new ObjectMapper();
// decryptedResponse = mapper.readValue(response, returnType);
return response;
} catch (Exception e) {
throw new Exception(e);
}
}
private static PrivateKey getRSAPrivateKey(String mleClientPrivateKeyPath) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
final String BEGIN_RSA_PRIVATE_KEY = "-----BEGIN RSA PRIVATE KEY-----";
final String END_RSA_PRIVATE_KEY = "-----END RSA PRIVATE KEY-----";
final String pemEncodedKey = IOUtils.readFileToString(new File(mleClientPrivateKeyPath), StandardCharsets.UTF_8);
final com.nimbusds.jose.util.Base64 base64 = new com.nimbusds.jose.util.Base64(pemEncodedKey.replaceAll(BEGIN_RSA_PRIVATE_KEY, "").replaceAll(END_RSA_PRIVATE_KEY, ""));
final ASN1Sequence primitive = (ASN1Sequence) ASN1Sequence.fromByteArray(base64.decode());
final Enumeration<?> e = primitive.getObjects();
final BigInteger v = ((ASN1Integer) e.nextElement()).getValue();
int version = v.intValue();
if (version != 0 && version != 1) {
throw new IllegalArgumentException("wrong version for RSA private key");
}
final BigInteger modulus = ((ASN1Integer) e.nextElement()).getValue();
((ASN1Integer) e.nextElement()).getValue();
BigInteger privateExponent = ((ASN1Integer) e.nextElement()).getValue();
((ASN1Integer) e.nextElement()).getValue();
((ASN1Integer) e.nextElement()).getValue();
((ASN1Integer) e.nextElement()).getValue();
((ASN1Integer) e.nextElement()).getValue();
((ASN1Integer) e.nextElement()).getValue();
RSAPrivateKeySpec privateKeySpec = new RSAPrivateKeySpec(modulus, privateExponent);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePrivate(privateKeySpec);
}
