Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: provide valid implementation for generating sessionId #7

Merged
merged 1 commit into from
Sep 7, 2022
Merged

fix: provide valid implementation for generating sessionId #7

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 14 additions & 6 deletions app/src/main/java/XenCrypt.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import android.util.Base64
import com.sun.mail.util.BASE64DecoderStream
import com.sun.mail.util.BASE64EncoderStream
import org.apache.commons.io.output.ByteArrayOutputStream
import org.bouncycastle.jce.provider.BouncyCastleProvider
import utils.*
import java.nio.charset.StandardCharsets
Expand Down Expand Up @@ -32,25 +33,32 @@ class XenCrypt constructor(xenditKey: String) {
* Returns generated Session ID using RSA Public Key.
* @param {string} sessionKey base64 encoded session key.
*/
fun generateSessionId(sessionKey: String): SessionIdData{
fun generateSessionId(sessionKey: String): String{
try {
val ivB64 = this.ivKeyGenerator()
val decodedKey: ByteArray = Base64.decode(
this.xenditKey,
Base64.NO_WRAP
) // use 32 characters session key generated at first step
)

val aesKey: SecretKey = SecretKeySpec(decodedKey, 0, decodedKey.size, "AES")
val iv: ByteArray = Base64.decode(ivB64, Base64.NO_WRAP)
val ivSpec = IvParameterSpec(iv)

val aeseCipher = Cipher.getInstance("AES/CBC/PKCS7Padding")
aeseCipher.init(Cipher.ENCRYPT_MODE, aesKey, ivSpec)
val utf8 = sessionKey.toByteArray(charset("UTF8"))
val utf8: ByteArray = Base64.decode(
sessionKey,
Base64.NO_WRAP
)
val encryptedSessionKey = aeseCipher.doFinal(utf8)
val encrypted = String(BASE64EncoderStream.encode(encryptedSessionKey))

return SessionIdData(ivB64, encrypted);
val outputStream = ByteArrayOutputStream()
outputStream.write(iv)
outputStream.write(encryptedSessionKey)
val byteArray = outputStream.toByteArray();

return Base64.encodeToString(byteArray, Base64.DEFAULT)
} catch (error: SessionIdError) {
throw SessionIdError(error.message)
}
Expand Down Expand Up @@ -98,7 +106,7 @@ class XenCrypt constructor(xenditKey: String) {
@Throws(Exception::class)
fun getSessionKey(): String {
val secureRandom = SecureRandom.getInstance("SHA1PRNG")
val byteArray = ByteArray(32)
val byteArray = ByteArray(24)
secureRandom.nextBytes(byteArray)
return String(Base64.encode(byteArray, Base64.NO_WRAP))
}
Expand Down
13 changes: 6 additions & 7 deletions app/src/test/java/com/example/xenissuing_android/XenCryptoUnitTest.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ import android.util.Base64
import io.mockk.every
import io.mockk.mockkStatic
import io.mockk.slot
import org.apache.commons.io.output.ByteArrayOutputStream
import org.eclipse.jgit.diff.Subsequence.a
import org.eclipse.jgit.diff.Subsequence.b
import org.junit.jupiter.api.Assertions.*
import org.junit.jupiter.api.BeforeAll
import org.junit.jupiter.api.DisplayName
Expand Down Expand Up @@ -55,16 +58,12 @@ class XenCryptUnitTest{
@DisplayName("Test session-id data generation")
fun generateSessionId() {
val xenditKey = generateXenditKey()

val xenCrypt = XenCrypt(xenditKey)
val sessionKey = xenCrypt.getSessionKey()
val sessionData = xenCrypt.generateSessionId(sessionKey)

val decodedKey: ByteArray = Base64.decode(sessionData.encryptedSessionKey, Base64.NO_WRAP)
val decodedIv: ByteArray = Base64.decode(sessionData.iv, Base64.NO_WRAP)
val sessionId = xenCrypt.generateSessionId(sessionKey)
val decodedSessionId: ByteArray = Base64.decode(sessionId, Base64.NO_WRAP)

assertEquals(decodedKey.size, 48)
assertEquals(decodedIv.size, 16)
assertEquals(decodedSessionId.size, 48)
}

@Test
Expand Down