From d4dceb2cc332b71f82acc6db6304847a2a42eaf0 Mon Sep 17 00:00:00 2001
From: Roman Strobl <roman.strobl@wultra.com>
Date: Fri, 18 Oct 2024 19:38:59 +0800
Subject: [PATCH] Fix #488: Invalid public key used in encryption in activation
 scope

---
 .../powerauth/lib/cmd/steps/v3/EncryptStep.java       | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/EncryptStep.java b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/EncryptStep.java
index f978be33..b6498c68 100755
--- a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/EncryptStep.java
+++ b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/EncryptStep.java
@@ -136,9 +136,6 @@ public StepContext<EncryptStepModel, EciesEncryptedResponse> prepareStepContext(
         }
         fetchTemporaryKey(stepContext, scope);
         final String temporaryPublicKey = (String) stepContext.getAttributes().get(TEMPORARY_PUBLIC_KEY);
-        final PublicKey encryptionPublicKey = temporaryPublicKey == null ?
-                model.getMasterPublicKey() :
-                KEY_CONVERTOR.convertBytesToPublicKey(java.util.Base64.getDecoder().decode(temporaryPublicKey));
 
         // Prepare the encryption header
         final EncryptorId encryptorId;
@@ -146,6 +143,9 @@ public StepContext<EncryptStepModel, EciesEncryptedResponse> prepareStepContext(
         final PowerAuthEncryptionHttpHeader header;
         switch (scope) {
             case APPLICATION_SCOPE -> {
+                final PublicKey encryptionPublicKey = temporaryPublicKey == null ?
+                        model.getMasterPublicKey() :
+                        KEY_CONVERTOR.convertBytesToPublicKey(java.util.Base64.getDecoder().decode(temporaryPublicKey));
                 // Prepare ECIES encryptor with sharedInfo1 = /pa/generic/application
                 encryptorId = EncryptorId.APPLICATION_SCOPE_GENERIC;
                 final EncryptorParameters encryptorParameters = new EncryptorParameters(model.getVersion().value(), model.getApplicationKey(), null, (String) context.get(TEMPORARY_KEY_ID));
@@ -154,7 +154,10 @@ public StepContext<EncryptStepModel, EciesEncryptedResponse> prepareStepContext(
                 header = new PowerAuthEncryptionHttpHeader(model.getApplicationKey(), model.getVersion().value());
             }
             case ACTIVATION_SCOPE -> {
-                ResultStatusObject resultStatusObject = model.getResultStatus();
+                final ResultStatusObject resultStatusObject = model.getResultStatus();
+                final PublicKey encryptionPublicKey = temporaryPublicKey == null ?
+                        resultStatusObject.getServerPublicKeyObject() :
+                        KEY_CONVERTOR.convertBytesToPublicKey(java.util.Base64.getDecoder().decode(temporaryPublicKey));
                 encryptorId = EncryptorId.ACTIVATION_SCOPE_GENERIC;
                 encryptor = ENCRYPTOR_FACTORY.getClientEncryptor(
                         encryptorId,