From 704f0b5dedf794b2410dd77bbac5872b6ba520d0 Mon Sep 17 00:00:00 2001
From: Max Martens <info@maxbytes.nl>
Date: Tue, 24 Dec 2024 19:35:52 +0100
Subject: [PATCH] First rough WIP, not working

---
 src/java/padp-encrypt-decrypt-poc/.gitignore  | 41 ++++++++
 src/java/padp-encrypt-decrypt-poc/pom.xml     | 44 +++++++++
 .../main/java/nl/ovpay/padp/ApiHelpers.java   | 93 +++++++++++++++++++
 .../nl/ovpay/padp/DummyX509TrustManager.java  | 40 ++++++++
 .../src/main/java/nl/ovpay/padp/PadpPoc.java  | 47 ++++++++++
 .../src/main/resources/log4j2.xml             | 27 ++++++
 6 files changed, 292 insertions(+)
 create mode 100644 src/java/padp-encrypt-decrypt-poc/.gitignore
 create mode 100644 src/java/padp-encrypt-decrypt-poc/pom.xml
 create mode 100644 src/java/padp-encrypt-decrypt-poc/src/main/java/nl/ovpay/padp/ApiHelpers.java
 create mode 100644 src/java/padp-encrypt-decrypt-poc/src/main/java/nl/ovpay/padp/DummyX509TrustManager.java
 create mode 100644 src/java/padp-encrypt-decrypt-poc/src/main/java/nl/ovpay/padp/PadpPoc.java
 create mode 100644 src/java/padp-encrypt-decrypt-poc/src/main/resources/log4j2.xml

diff --git a/src/java/padp-encrypt-decrypt-poc/.gitignore b/src/java/padp-encrypt-decrypt-poc/.gitignore
new file mode 100644
index 0000000..717ccc0
--- /dev/null
+++ b/src/java/padp-encrypt-decrypt-poc/.gitignore
@@ -0,0 +1,41 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### IntelliJ IDEA ###
+.idea
+.idea/modules.xml
+.idea/jarRepositories.xml
+.idea/compiler.xml
+.idea/libraries/
+*.iws
+*.iml
+*.ipr
+
+### Eclipse ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Mac OS ###
+.DS_Store
+
+/logs
\ No newline at end of file
diff --git a/src/java/padp-encrypt-decrypt-poc/pom.xml b/src/java/padp-encrypt-decrypt-poc/pom.xml
new file mode 100644
index 0000000..c38f891
--- /dev/null
+++ b/src/java/padp-encrypt-decrypt-poc/pom.xml
@@ -0,0 +1,44 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>nl.ovpay</groupId>
+  <artifactId>padp-encrypt-decrypt-poc</artifactId>
+  <version>1.0-SNAPSHOT</version>
+  <name>OVpay - PADP Encrypt Decrypt POC</name>
+  <dependencies>
+
+    <!-- Log4j Slf4j Logging -->
+    <dependency>
+      <groupId>org.apache.logging.log4j</groupId>
+      <artifactId>log4j-api</artifactId>
+      <version>2.23.1</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.logging.log4j</groupId>
+      <artifactId>log4j-core</artifactId>
+      <version>2.23.1</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.logging.log4j</groupId>
+      <artifactId>log4j-slf4j-impl</artifactId>
+      <version>2.23.1</version>
+    </dependency>
+    <dependency>
+      <groupId>org.json</groupId>
+      <artifactId>json</artifactId>
+      <version>20240303</version>
+    </dependency>
+  </dependencies>
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <configuration>
+          <source>11</source>
+          <target>11</target>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
+</project>
diff --git a/src/java/padp-encrypt-decrypt-poc/src/main/java/nl/ovpay/padp/ApiHelpers.java b/src/java/padp-encrypt-decrypt-poc/src/main/java/nl/ovpay/padp/ApiHelpers.java
new file mode 100644
index 0000000..f9256aa
--- /dev/null
+++ b/src/java/padp-encrypt-decrypt-poc/src/main/java/nl/ovpay/padp/ApiHelpers.java
@@ -0,0 +1,93 @@
+package nl.ovpay.padp;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.net.URLConnection;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.StringJoiner;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+
+import org.json.JSONObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public final class ApiHelpers {
+
+    private static Logger LOGGER = LoggerFactory.getLogger(ApiHelpers.class);
+
+    public static String getAlertId(String string) throws IOException {
+        return new JSONObject(string).get("alertId").toString();
+    }
+
+    public static String getXbot(String string) throws IOException {
+        return new JSONObject(string).get("xbot").toString();
+    }
+
+    public static void getEphermalKey(String apimAccessToken) throws Exception {
+        SSLContext sc = SSLContext.getInstance("SSL");
+        sc.init(null, DummyX509TrustManager.getDummyArray(), new java.security.SecureRandom());
+        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+
+
+        URL url = new URL("https://api-ovpay-acc.translink.nl/pad-management/v2");
+        URLConnection con = url.openConnection();
+        HttpURLConnection http = (HttpURLConnection)con;
+        http.setRequestMethod("POST");
+        http.setDoOutput(true);
+        http.setRequestProperty("Authorization", "Bearer " + apimAccessToken);
+        http.connect();
+
+        try(InputStream is = http.getInputStream()) {
+            String response = new String(is.readAllBytes(), StandardCharsets.UTF_8);
+            LOGGER.info("Response: \n" + new JSONObject(response).toString(2));
+        }
+    }
+
+    public static String getApimB2BAccessToken() throws IOException, NoSuchAlgorithmException, KeyManagementException {
+        // TODO: Add SSL cert in chain, how to use PFX?
+
+        SSLContext sc = SSLContext.getInstance("SSL");
+        sc.init(null, DummyX509TrustManager.getDummyArray(), new java.security.SecureRandom());
+        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+
+        URL url = new URL("https://api-ovpay-acc.translink.nl/b2b-client-authentication/v1/token");
+        URLConnection con = url.openConnection();
+        HttpURLConnection http = (HttpURLConnection)con;
+        http.setRequestMethod("POST");
+        http.setDoOutput(true);
+
+        Map<String,String> arguments = new HashMap<>();
+        arguments.put("client_id", "HTM_Retailer");
+        arguments.put("client_secret", "RUwZg4JWX7LFjdYUG00X3orWf5o0u188");
+        arguments.put("grant_type", "client_credentials");
+        StringJoiner sj = new StringJoiner("&");
+        for(Map.Entry<String,String> entry : arguments.entrySet())
+            sj.add(URLEncoder.encode(entry.getKey(), "UTF-8") + "="
+                   + URLEncoder.encode(entry.getValue(), "UTF-8"));
+        byte[] out = sj.toString().getBytes(StandardCharsets.UTF_8);
+        int length = out.length;
+
+        http.setFixedLengthStreamingMode(length);
+        http.setRequestProperty("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
+        http.setRequestProperty("APIKey", "9514f51f44f843df8a02f95b61436103");
+        http.connect();
+        try(OutputStream os = http.getOutputStream()) {
+            os.write(out);
+        }
+        try(InputStream is = http.getInputStream()) {
+            String response = new String(is.readAllBytes(), StandardCharsets.UTF_8);
+            JSONObject json = new JSONObject(response);
+            LOGGER.info("Got APIM B2B access token: " + json.get("access_token"));
+            return json.get("access_token").toString();
+        }
+    }
+}
diff --git a/src/java/padp-encrypt-decrypt-poc/src/main/java/nl/ovpay/padp/DummyX509TrustManager.java b/src/java/padp-encrypt-decrypt-poc/src/main/java/nl/ovpay/padp/DummyX509TrustManager.java
new file mode 100644
index 0000000..f9466c9
--- /dev/null
+++ b/src/java/padp-encrypt-decrypt-poc/src/main/java/nl/ovpay/padp/DummyX509TrustManager.java
@@ -0,0 +1,40 @@
+package nl.ovpay.padp;
+
+import java.security.cert.X509Certificate;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
+public final class DummyX509TrustManager implements X509TrustManager {
+
+    private static DummyX509TrustManager INSTANCE;
+
+    private DummyX509TrustManager() {
+        // prevent instantiation
+    }
+
+    public static DummyX509TrustManager getInstance() {
+        if (INSTANCE == null) {
+            INSTANCE = new DummyX509TrustManager();
+        }
+        return INSTANCE;
+    }
+
+    public static TrustManager[] getDummyArray() {
+        if (INSTANCE == null) {
+            INSTANCE = new DummyX509TrustManager();
+        }
+        return new TrustManager[] { INSTANCE };
+    }
+
+    public X509Certificate[] getAcceptedIssuers() {
+        return null;
+    }
+
+    public void checkClientTrusted(X509Certificate[] certs, String authType) {
+    }
+
+    public void checkServerTrusted(X509Certificate[] certs, String authType) {
+    }
+}
+
+
diff --git a/src/java/padp-encrypt-decrypt-poc/src/main/java/nl/ovpay/padp/PadpPoc.java b/src/java/padp-encrypt-decrypt-poc/src/main/java/nl/ovpay/padp/PadpPoc.java
new file mode 100644
index 0000000..81fd234
--- /dev/null
+++ b/src/java/padp-encrypt-decrypt-poc/src/main/java/nl/ovpay/padp/PadpPoc.java
@@ -0,0 +1,47 @@
+package nl.ovpay.padp;
+
+import java.nio.charset.StandardCharsets;
+import java.security.KeyFactory;
+import java.security.spec.MGF1ParameterSpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Base64;
+import javax.crypto.Cipher;
+import javax.crypto.spec.OAEPParameterSpec;
+import javax.crypto.spec.PSource;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class PadpPoc {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(PadpPoc.class);
+    private static final String pubKey = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2OB7Fb8vJVrIC2Lsy339XihyrncHGVkYCjrBb6u/VfLKreMbCJpH37Yo5/TXKOD37kX06vid1fJXNGsgUom2Ah0T5KEhbvp+Lngtcu6YxhJu8Z5NHAHWmtNeLPaudFLv2WLiINonMxfdnLDN2OrfgFmruTMGAF81KQIarY2/gcyBOTBSd3i7IAIoLEa8TDBAS8BlMR6eE+pm82vFzksGO1wL2wwm8OYiUD2uWZqyKvo2JfB9ycGFBk+8iIF5VMA7Fkamhi3cMxybNgdeRZkClGFmet7jdq+9L+80BAXRr2MkqKR2z1eHtc/VVu+hX40JVMLMGPWQdBdSdHbJsqC6wIDAQAB";
+    private static final String privKey = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCbY4HsVvy8lWsgLYuzLff1eKHKudwcZWRgKOsFvq79V8sqt4xsImkfftijn9Nco4PfuRfTq+J3V8lc0ayBSibYCHRPkoSFu+n4ueC1y7pjGEm7xnk0cAdaa014s9q50Uu/ZYuIg2iczF92csM3Y6t+AWau5MwYAXzUpAhqtjb+BzIE5MFJ3eLsgAigsRrxMMEBLwGUxHp4T6mbza8XOSwY7XAvbDCbw5iJQPa5ZmrIq+jYl8H3JwYUGT7yIgXlUwDsWRqaGLdwzHJs2B15FmQKUYWZ63uN2r70v7zQEBdGvYySopHbPV4e1z9VW76FfjQlUwswY9ZB0F1J0dsmyoLrAgMBAAECggEAAksT4N38Eni3fKqWRUvGBkYyI15ws0ADirkyKHnC489JGtDJqfe+nQArCHoGuwl9Uvfe2Mti1L5/JMmdZe0U4BsxjNI7P79zcHbvh49T8oThLI5Yq3HOZELfAS/1w39J50G6U8+orKhPNu/yg3j4vb4dsaAWGQRQmog4W0tkJWEqogkRyxkQtTNEocfEQh1w65ByW2PCrtTKS8zqiNyr5roOqcAWX3qTRIwXWq+CceHOmR9yZJKVyCd7kMlKI5Cc8cCZ4NbWR1Xk/O5GhEg0FMqn07rSu+B45QSPey0sayJdhfUVOIgSy10HFmUt9xaO87nDKKaC0DzEAwhIwuTtcQKBgQDI0L91xU9SFZgixkM48tbvYEBCNr/J9rs4wkuLGmzlPGeu4hfMEZJeYMuJja6KMmNnJqPd7a99XsjdcEEExCBPXWWfZpvfEZjg+0b/wWwZkBbhgZI1wiaye9OLAzhFSNG4PWlITDr0ZF3P96fW2I8yPOezcr8mDhsM2zzN0pp/EQKBgQDGFwPvKF+BLBAUKLTEs89rw58oORCP1P+Le4Kx1nqEKUVkVnOSujngm5ykyxJEm286/PBocj9PRD7anuZC08A8qcjyb2/YRP2GrQfbWABncSrXpKA8GdeTdejeD78kbuHhmEXGSToPbu/kKn4ZU4XmoKw4J1/559tv+2grDs+aOwKBgAbySZ0uTRcezhtt1kdzBwJSxwZDVJEM6t8EwY43RMsNMtz2zzHs7a48FO5WK1J2eb/Is2Rq42Yn0DTwvB8JFcEJDwnbh8rIlgw6RPN14mJj/JaiX8diRupnpCKr4tdqtG52GV053dQ0YJZgD7s71IA9YRpw/rG3TTI9pzXLcjKxAoGBAMHmj4RP+cSAdDC3c9NDy1rKPwXpbevM7GQFf3ZC4uRxXaqM8U6EGdlhmWC6IuSjXarZIx6qDoyx2fC4L97kVb1L2RZuvIVvatekkhdEOgkHfo9dZzfNd/axKUQNF+Y638KrAknJLhsjVZD7gzmZR23sgwfoiwsdyPABoQLc2Zw3AoGAEpeQYUzRcYqTC2ZOSD8RpODHpz17wOAARWxupuG2bt35TxKPtt2ex5slBhOevLa4cA6Jg2/CB+P9H98JwZpuc3jPohNxw1N4Pt08R5K9OIVvA3h5krgJTCjZvThBU1XBrGx0NysDieUkvvOhCMIx8foleEgJ9BPhAGVi5aKAxH8=";
+    private static final String encryptedEphermalKey = "UDE0cfieRfW9rZJZq+fooAjo70BGQe2sJACjqdpBt61zzVgHsEZwTjW/xKwESa9ebe2/02TEqp8jPa6vCS/9YnlqvCb1jA7oFUGBAMNZxujeDuTqd3OGS38Q8Xy/dsfgXEuByPItuEi9iDoBQ1fVPZnRYjtwI0ob8YzhvoiGlrCPYgL/idDiHK2Utzu8nLA5561yuEXHGuiY7KRPvu6qsZpmK4iVq9KwAYl4ZtGmyBxgA4kRcpce32MHzeQmmAHJy0Jqzn12v7nvO2Qfjp+1qKv/lFWTM7F3vfJ45c+6FzUsafD6nTQEQjUSP01+G5RlS8YqLtcETbXVmAd9IHg7FA==";
+    private static final String ephermalKeyAlias = "e-4b-20241224154522-0";
+
+    public static void main(String[] args) throws Exception {
+
+        ApiHelpers.getApimB2BAccessToken();
+
+
+//        byte[] decodedEphermalKey = Base64.getDecoder().decode(encryptedEphermalKey);
+//
+//        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
+//        OAEPParameterSpec oaepParams = new OAEPParameterSpec("SHA-512", "MGF1",
+//                                                             new MGF1ParameterSpec("SHA-512"), PSource.PSpecified.DEFAULT);
+//
+//        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+//        byte [] pkcs8EncodedBytes = Base64.getDecoder().decode(privKey);
+//        PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(pkcs8EncodedBytes);
+//        cipher.init(Cipher.DECRYPT_MODE, keyFactory.generatePrivate(privKeySpec), oaepParams);
+//
+//        byte[] decryptedData = cipher.doFinal(decodedEphermalKey);
+//
+//
+//        LOGGER.info("Decoded ephermal key: " + new String(decryptedData));
+//        LOGGER.info("Base64 encoded ephermal key: " + Base64.getEncoder().encodeToString(decryptedData));
+
+    }
+
+}
diff --git a/src/java/padp-encrypt-decrypt-poc/src/main/resources/log4j2.xml b/src/java/padp-encrypt-decrypt-poc/src/main/resources/log4j2.xml
new file mode 100644
index 0000000..6804902
--- /dev/null
+++ b/src/java/padp-encrypt-decrypt-poc/src/main/resources/log4j2.xml
@@ -0,0 +1,27 @@
+<Configuration status="INFO">
+    <Appenders>
+        <Console name="STDOUT-COLOR">
+            <PatternLayout
+                    pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} | %highlight{%-5level} | %cyan{%-28c{1}} - %msg %blue{[%t]}%n"
+                    disableAnsi="false"/>
+        </Console>
+        <Console name="STDOUT-NOCOLOR">
+            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} | %-5level | %-28c{1} - %msg [%t]%n"/>
+        </Console>
+        <RollingFile name="FILE-NOCOLOR"
+                     fileName="logs/padp-poc.log"
+                     filePattern="logs/padp-poc.log.%i.gz">
+            <DefaultRolloverStrategy max="100"/>
+            <Policies>
+                <SizeBasedTriggeringPolicy size="1M"/>
+            </Policies>
+            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss.SSS} | %-5level | %-28c{1} - %msg [%t]%n"/>
+        </RollingFile>
+    </Appenders>
+    <Loggers>
+        <Root level="INFO">
+            <AppenderRef ref="STDOUT-COLOR"/>
+            <AppenderRef ref="FILE-NOCOLOR"/>
+        </Root>
+    </Loggers>
+</Configuration>