2

I have a merchant certificate from Apple Pay Service, I need to use it to make a POST request on the Apple Pay Service Gateway. I am trying to configure Java Spring Framework RestTemplate. I did a .pem file with certificate and encrypted key to use it in configuration.

To write a code I am using the correct answer from this question.

Error stacktrace:

Caused by: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DerValue.getBigIntegerInternal, not expected 48
    at java.base/sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:252) ~[na:na]
    at java.base/java.security.KeyFactory.generatePrivate(KeyFactory.java:390) ~[na:na]
    at com.removed.applecert.ConnectionFactoryCreator.generatePrivateKeyFromDER(ConnectionFactoryCreator.java:69) ~[classes/:na]
    at com.removed.applecert.ConnectionFactoryCreator.getSocketFactory(ConnectionFactoryCreator.java:43) ~[classes/:na]
    at com.removed.applecert.SSLConfiguration.sslSocketFactory(SSLConfiguration.java:41) ~[classes/:na]
    at com.removed.applecert.SSLConfiguration$$EnhancerBySpringCGLIB$$f2e321da.CGLIB$sslSocketFactory$4(<generated>) ~[classes/:na]
    at com.removed.applecert.SSLConfiguration$$EnhancerBySpringCGLIB$$f2e321da$$FastClassBySpringCGLIB$$2b1ce4c.invoke(<generated>) ~[classes/:na]
    at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244) ~[spring-core-5.3.14.jar:5.3.14]
    at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:331) ~[spring-context-5.3.14.jar:5.3.14]
    at com.removed.applecert.SSLConfiguration$$EnhancerBySpringCGLIB$$f2e321da.sslSocketFactory(<generated>) ~[classes/:na]
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:78) ~[na:na]
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
    at java.base/java.lang.reflect.Method.invoke(Method.java:567) ~[na:na]
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154) ~[spring-beans-5.3.14.jar:5.3.14]
    ... 25 common frames omitted
Caused by: java.security.InvalidKeyException: IOException : DerValue.getBigIntegerInternal, not expected 48
    at java.base/sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:133) ~[na:na]
    at java.base/sun.security.pkcs.PKCS8Key.<init>(PKCS8Key.java:94) ~[na:na]
    at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:152) ~[na:na]
    at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:89) ~[na:na]
    at java.base/sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:343) ~[na:na]
    at java.base/sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:248) ~[na:na]
    ... 39 common frames omitted

Note: Not sure if this could play a role, but if you read the key as an array of bytes, the first value [0] is 48.

Perhaps this can be done without reassembling the certificate or in some other way, I will be grateful for any recommendations.

Mykola
  • 121
  • 2
  • 11
  • 1
    The `com.removed` code is apparently calling a Java `KeyFactory` instance for RSA. All `KeyFactory` instances reading a privatekey **expect `PKCS8EncodedKeySpec` containing _UNencrypted_ PKCS8** -- see the javadoc in a good IDE or [on Oracle's website](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/security/spec/PKCS8EncodedKeySpec.html). FYI 48 dec = 30 hex is the tag (first) byte in every ASN.1 DER SEQUENCE, which includes both encrypted _and_ unencrypted PKCS8; it is also ASCII '0' (zero) and thus easily spotted in dumps. – dave_thompson_085 Dec 30 '21 at 13:30
  • @dave_thompson_085, thank you, for information about key and 48 dec. I will try to update my code and question. – Mykola Dec 30 '21 at 14:40
  • @MykolaMurza any news? – Jacek Kaczmarek Jan 13 '22 at 13:28

0 Answers0