Merge pull request #489 from /issues/488-invalid-key-activation-scope…

…-encrypt Fix #488: Invalid public key used in encryption in activation scope
wultra · Oct 19, 2024 · 5ca0009 · 5ca0009
2 parents d4275ba + d4dceb2
commit 5ca0009
Showing 1 changed file with 7 additions and 4 deletions.
diff --git a/...ava-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/EncryptStep.java b/...ava-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/EncryptStep.java
@@ -136,16 +136,16 @@ public StepContext<EncryptStepModel, EciesEncryptedResponse> prepareStepContext(
         }
         fetchTemporaryKey(stepContext, scope);
         final String temporaryPublicKey = (String) stepContext.getAttributes().get(TEMPORARY_PUBLIC_KEY);
-        final PublicKey encryptionPublicKey = temporaryPublicKey == null ?
-                model.getMasterPublicKey() :
-                KEY_CONVERTOR.convertBytesToPublicKey(java.util.Base64.getDecoder().decode(temporaryPublicKey));
 
         // Prepare the encryption header
         final EncryptorId encryptorId;
         final ClientEncryptor encryptor;
         final PowerAuthEncryptionHttpHeader header;
         switch (scope) {
             case APPLICATION_SCOPE -> {
+                final PublicKey encryptionPublicKey = temporaryPublicKey == null ?
+                        model.getMasterPublicKey() :
+                        KEY_CONVERTOR.convertBytesToPublicKey(java.util.Base64.getDecoder().decode(temporaryPublicKey));
                 // Prepare ECIES encryptor with sharedInfo1 = /pa/generic/application
                 encryptorId = EncryptorId.APPLICATION_SCOPE_GENERIC;
                 final EncryptorParameters encryptorParameters = new EncryptorParameters(model.getVersion().value(), model.getApplicationKey(), null, (String) context.get(TEMPORARY_KEY_ID));
@@ -154,7 +154,10 @@ public StepContext<EncryptStepModel, EciesEncryptedResponse> prepareStepContext(
                 header = new PowerAuthEncryptionHttpHeader(model.getApplicationKey(), model.getVersion().value());
             }
             case ACTIVATION_SCOPE -> {
-                ResultStatusObject resultStatusObject = model.getResultStatus();
+                final ResultStatusObject resultStatusObject = model.getResultStatus();
+                final PublicKey encryptionPublicKey = temporaryPublicKey == null ?
+                        resultStatusObject.getServerPublicKeyObject() :
+                        KEY_CONVERTOR.convertBytesToPublicKey(java.util.Base64.getDecoder().decode(temporaryPublicKey));
                 encryptorId = EncryptorId.ACTIVATION_SCOPE_GENERIC;
                 encryptor = ENCRYPTOR_FACTORY.getClientEncryptor(
                         encryptorId,