API Header Author

truonghdpk

I'm sorry, but

First, i'm testing API visa but i don't know about Authorization in header, it require using """base64 encoded userid:password""" where is it, how i can see ?, i just know about user and password in Credential

Second, i'm trying to integrate credit card into my POS app, it using magento so i'm using visa solution is correct or not ?

API_Managers

Hey @truonghdpk,

Please see below MLE Sample code which covers both Encryption and Decryption. The code snippet below shows the encryption details for APIs that require Message Level Encryption.

/*© Copyright 2018 Visa. All Rights Reserved.NOTICE: The software and accompanying information and documentation (together, the “Software”) remain the property of and are proprietary to Visa and its suppliers and affiliates. The Software remains protected by intellectual property rights and may be covered by U.S. and foreign patents or patent applications. The Software is licensed and not sold.By accessing the Software you are agreeing to Visa's terms of use (developer.visa.com/terms) and privacy policy (developer.visa.com/privacy). In addition, all permissible uses of the Software must be in support of Visa products, programs and services provided through the Visa Developer Program (VDP) platform only (developer.visa.com).

THE SOFTWARE AND ANY ASSOCIATED INFORMATION OR DOCUMENTATION IS PROVIDED ON AN “AS IS,” “AS AVAILABLE,” “WITH ALL FAULTS” BASIS WITHOUT WARRANTY OR CONDITION OF ANY KIND. YOUR USE IS AT YOUR OWN RISK.*/

import java.io.ByteArrayInputStream;

import java.io.File;

import java.io.IOException;

import java.math.BigInteger;

import java.nio.charset.Charset;

import java.security.KeyFactory;

import java.security.NoSuchAlgorithmException;

import java.security.cert.Certificate;

import java.security.cert.CertificateException;

import java.security.cert.CertificateFactory;

import java.security.interfaces.RSAPrivateKey;

import java.security.interfaces.RSAPublicKey;

import java.security.spec.InvalidKeySpecException;

import java.security.spec.RSAPrivateKeySpec;

import java.util.Enumeration;

import org.apache.commons.lang3.StringUtils;

import org.apache.log4j.Logger;

import org.bouncycastle.asn1.ASN1Integer;

import org.bouncycastle.asn1.ASN1Sequence;

import org.json.JSONObject;

import com.nimbusds.jose.EncryptionMethod;

import com.nimbusds.jose.JOSEException;

import com.nimbusds.jose.JWEAlgorithm;

import com.nimbusds.jose.JWEHeader;

import com.nimbusds.jose.JWEObject;

import com.nimbusds.jose.Payload;

import com.nimbusds.jose.crypto.RSADecrypter;

import com.nimbusds.jose.crypto.RSAEncrypter;

import com.nimbusds.jose.util.Base64;

import com.nimbusds.jose.util.IOUtils;

public class EncryptionUtils {

final static Logger logger = Logger.getLogger(EncryptionUtils.class);

private static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----";

private static final String END_CERT = "-----END CERTIFICATE-----";

private static final String BEGIN_RSA_PRIVATE_KEY = "-----BEGIN RSA PRIVATE KEY-----";

private static final String END_RSA_PRIVATE_KEY = "-----END RSA PRIVATE KEY-----";

private static final String ENC_DATA = "encData";

private String keyID;

private String rsaPrivKeyPath;

private String rsaPublicKeyPath;

public EncryptionUtils(String keyID, String rsaPrivKeyPath, String rsaPublicKeyPath) {

this.keyID = keyID;

this.rsaPrivKeyPath = rsaPrivKeyPath;

this.rsaPublicKeyPath = rsaPublicKeyPath;

}

public String getEncryptedPayload(String payload) throws CertificateException, JOSEException, IOException {

logger.info("Encrypting the payload...");

JWEHeader.Builder headerBuilder = new JWEHeader.Builder(

JWEAlgorithm.RSA_OAEP_256,

EncryptionMethod.A128GCM);

headerBuilder.keyID(keyID);

headerBuilder.customParam("iat", System.currentTimeMillis());

JWEObject jweObject = new JWEObject(headerBuilder.build(), new Payload(payload));

jweObject.encrypt(new RSAEncrypter(getRSAPublicKey()));

String encrRequest = "{\"encData\":\""+jweObject.serialize()+"\"}";

logger.info("Payload Encrypted Successfully : "+encrRequest);

return encrRequest;

}

public String getDecryptedPayload(String encryptedPayload) throws Exception {

logger.info("Decrypting the payload...");

String response = encryptedPayload;

logger.info("Encrypted Response \n"+ response);

if(encryptedPayload.contains(ENC_DATA)) {

JSONObject jsonObj = new JSONObject(encryptedPayload);

String value = (String) jsonObj.get(ENC_DATA);

if(StringUtils.isNotEmpty(value)) {

JWEObject jweObject = JWEObject.parse(value);

jweObject.decrypt(new RSADecrypter(getRSAPrivateKey()));

response = jweObject.getPayload().toString();

logger.info("Payload Decrypted Successfully. Decrypted payload : \n" + response);

}

return response;

}

/*

* Converts PEM file content to RSAPrivateKey

*/

private RSAPrivateKey getRSAPrivateKey()

throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {

String pathToClientEncPrivateKey = rsaPrivKeyPath;

String pemEncodedKey = IOUtils.readFileToString(new File(pathToClientEncPrivateKey), Charset.forName("UTF-8"));

Base64 base64 = new Base64(pemEncodedKey

.replaceAll(BEGIN_RSA_PRIVATE_KEY, "").replaceAll(END_RSA_PRIVATE_KEY, ""));

ASN1Sequence primitive = (ASN1Sequence) ASN1Sequence.fromByteArray(base64.decode());

Enumeration<?> e = primitive.getObjects();

BigInteger v = ((ASN1Integer) e.nextElement()).getValue();

int version = v.intValue();

if (version != 0 && version != 1) {

throw new IllegalArgumentException("wrong version for RSA private key");

}

BigInteger modulus = ((ASN1Integer) e.nextElement()).getValue();

((ASN1Integer) e.nextElement()).getValue();

BigInteger privateExponent = ((ASN1Integer) e.nextElement()).getValue();

((ASN1Integer) e.nextElement()).getValue();

RSAPrivateKeySpec privateKeySpec = new RSAPrivateKeySpec(modulus, privateExponent);

KeyFactory keyFactory = KeyFactory.getInstance("RSA");

return (RSAPrivateKey) keyFactory.generatePrivate(privateKeySpec);

}

/*

* Converts PEM file content to RSAPublicKey

*/

private RSAPublicKey getRSAPublicKey() throws CertificateException, IOException {

String pathToClientEncPrivateKey = rsaPublicKeyPath;

String pemEncodedPublicKey = IOUtils.readFileToString(new File(pathToClientEncPrivateKey), Charset.forName("UTF-8"));

Base64 base64 = new Base64(

pemEncodedPublicKey.replaceAll(BEGIN_CERT, "").replaceAll(END_CERT, ""));

Certificate cf = CertificateFactory.getInstance("X.509")

.generateCertificate(new ByteArrayInputStream(base64.decode()));

return (RSAPublicKey) cf.getPublicKey();

}

Thanks,

Tee

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

truonghdpk

thanks so much but give me javascript code please 😞 , i just understand java code a little

API_Managers

Hey @truonghdpk,

Can you please let us know the API that you are interested in using for your project? Take a look at our website for specific APIs relevant to your business case. https://developer.visa.com/apibrowser