By verifying the signature, the message receiver needs to verify the full message except for the field 'signature' itself, so 'signature' in the to-be-signed string needs to be replaced by a fixed value '00000000'.
Getting the public key from the certificate should be a fixed value.
The public key from the program comes from certificate, the first and last lines are removed, and the newline character is removed.
Failed to decrypt the message returned by the UPI system. The error content is as follows:
Exception in thread "main" javax.crypto.BadPaddingException: Decryption error
at sun.security.rsa.RSAPadding.unpadV15(RSAPadding.java:383)
at sun.security.rsa.RSAPadding.unpad(RSAPadding.java:294)
at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:363)
at com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:389)
at javax.crypto.Cipher.doFinal(Cipher.java:2222)
at Main.decryptByPrivateKey(Main.java:107)
at Main.main(Main.java:31)
The ciphertext input to the decryption function must be a byte array:
public static String decryptByPrivateKey(String encryptedDataString, String privateKey) throws Exception {
byte[] encryptedData = Base64Utils.decode(encryptedDataString.getBytes());//Please pay attention to this line
//byte[] encryptedData = encryptedDataString.getBytes();
byte[] keyBytes = Base64Utils.decode(privateKey.getBytes());
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
Key privateK = keyFactory.generatePrivate(pkcs8KeySpec);
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateK);
int inputLen = encryptedData.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_DECRYPT_BLOCK) {
cache = cipher.doFinal(encryptedData, offSet, MAX_DECRYPT_BLOCK);
} else {
cache = cipher.doFinal(encryptedData, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_DECRYPT_BLOCK;
}
byte[] decryptedData = out.toByteArray();
out.close();
return new String(decryptedData);
}According to the guidelines, the extraction of the public key from the public key certificate fails with the following error:
javax.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Empty input
Check to see if the certificate is formatted correctly. Make sure the certificate is padded with
-----BEGIN CERTIFICATE-----
and
-----END CERTIFICATE-----
lines
There are many reasons for UPI System return "Signature verification fails.".The following common causes of errors are for reference:
1. Messages shall contain no white space or newline between fields. Because of the message must ensure no changes during transmission and processing, so no white space between field and field or order adjustment is allowed.
2. Use the hash value as a byte array to calculate the SHA256 signature.Please make sure that your signature function supports input param as a byte array.
Developer shall use Acquirer IIN 47030344 in sandbox test, which does not need signature and encryption process. Later when you are ready to go live, we will provide you with complete documentation.
Are all currencies supported?
We support all currenies transaction, which can be configured under certain Acquirer. For testing acquirer given in sandbox testing, only '156' currency is supported. Please use 156 currency code to test, or you will recieve 'Message Format Error'
What if 'Unauthorized access' Error happen?
Please check whether the 'acquirerIIN' is 47030344. This IIN does not require developers to encrypt and sign request message.Currently, other IIN is not supported.
What is the time requirements for transactions of 'Void' and 'Refund'?
'Void' supports trasactions happened in that day, and 'Refund' supports trasactions happened in one year.
Kindly Reminder