- remove all secretkey requirements from app

- changed the requery endpoint

Author: biodunalfet

app/src/main/java/com/flutterwave/rave_android/MainActivity.java

@@ -31,7 +31,7 @@ public class MainActivity extends AppCompatActivity {
     EditText emailEt;
     EditText amountEt;
     EditText publicKeyEt;
-    EditText secretKeyEt;
+    EditText encryptionKeyEt;
     EditText txRefEt;
     EditText narrationEt;
     EditText currencyEt;
@@ -60,7 +60,7 @@ protected void onCreate(Bundle savedInstanceState) {
         emailEt = findViewById(R.id.emailEt);
         amountEt = findViewById(R.id.amountEt);
         publicKeyEt = findViewById(R.id.publicKeyEt);
-        secretKeyEt = findViewById(R.id.secretKeyEt);
+        encryptionKeyEt = findViewById(R.id.encryptionEt);
         txRefEt = findViewById(R.id.txRefEt);
         narrationEt = findViewById(R.id.narrationTV);
         currencyEt = findViewById(R.id.currencyEt);
@@ -80,7 +80,7 @@ protected void onCreate(Bundle savedInstanceState) {
         vendorListTXT.setText("Your current vendor refs are: ");
 
         publicKeyEt.setText(RaveConstants.PUBLIC_KEY);
-        secretKeyEt.setText(RaveConstants.PRIVATE_KEY);
+        encryptionKeyEt.setText(RaveConstants.ENCRYPTION_KEY);
 
         addSubaccountsLayout = findViewById(R.id.addSubAccountsLayout);
 
@@ -131,7 +131,7 @@ private void validateEntries() {
         String email = emailEt.getText().toString();
         String amount = amountEt.getText().toString();
         String publicKey = publicKeyEt.getText().toString();
-        String secretKey = secretKeyEt.getText().toString();
+        String encryptionKey = encryptionKeyEt.getText().toString();
         String txRef = txRefEt.getText().toString();
         String narration = narrationEt.getText().toString();
         String currency = currencyEt.getText().toString();
@@ -156,9 +156,9 @@ private void validateEntries() {
             publicKeyEt.setError("A valid public key is required");
         }
 
-        if (secretKey.length() < 1){
+        if (encryptionKey.length() < 1){
             valid = false;
-            secretKeyEt.setError("A valid secret key is required");
+            encryptionKeyEt.setError("A valid encryption key is required");
         }
 
         if (txRef.length() < 1){
@@ -185,7 +185,7 @@ private void validateEntries() {
                     .setlName(lName)
                     .setNarration(narration)
                     .setPublicKey(publicKey)
-                    .setSecretKey(secretKey)
+                    .setEncryptionKey(encryptionKey)
                     .setTxRef(txRef)
                     .acceptMpesaPayments(isMpesaSwitch.isChecked())
                     .acceptAccountPayments(accountSwitch.isChecked())
@@ -230,7 +230,7 @@ private void clearErrors() {
         emailEt.setError(null);
         amountEt.setError(null);
         publicKeyEt.setError(null);
-        secretKeyEt.setError(null);
+        encryptionKeyEt.setError(null);
         txRefEt.setError(null);
         narrationEt.setError(null);
         currencyEt.setError(null);

app/src/main/res/layout/activity_main.xml

@@ -155,8 +155,8 @@
                     android:textSize="14sp"
                     android:layout_marginBottom="10dp"
                     android:text=""
-                    android:hint="@string/secret_key"
-                    android:id="@+id/secretKeyEt"
+                    android:hint="@string/encryption_key"
+                    android:id="@+id/encryptionEt"
                     />
 
                 <EditText

app/src/main/res/values/strings.xml

@@ -14,4 +14,5 @@
     <string name="last_name">Last name</string>
     <string name="start_payment">START PAYMENT</string>
     <string name="secret_key">Secret Key</string>
+    <string name="encryption_key">Encryption key</string>
 </resources>

raveandroid/src/main/java/com/flutterwave/raveandroid/RaveConstants.java

@@ -10,7 +10,8 @@ public class RaveConstants {
 //    public static String PUBLIC_KEY = "";
 //    public static String PRIVATE_KEY = "";
     public static String PUBLIC_KEY = "FLWPUBK-e634d14d9ded04eaf05d5b63a0a06d2f-X"; //test
-    public static String PRIVATE_KEY = "FLWSECK-bb971402072265fb156e90a3578fe5e6-X"; //test
+//    public static String ENCRYPTION_KEY = "FLWSECK-bb971402072265fb156e90a3578fe5e6-X"; //test
+    public static String ENCRYPTION_KEY = "bb9714020722eb4cf7a169f2";
     public static String STAGING_URL = "https://ravesandbox.azurewebsites.net";
     public static String LIVE_URL = "https://raveapi.azurewebsites.net";
     public static String VBV = "VBVSECURECODE";

raveandroid/src/main/java/com/flutterwave/raveandroid/RavePayActivity.java

@@ -82,7 +82,6 @@ protected void onCreate(Bundle savedInstanceState) {
             BASE_URL = RaveConstants.LIVE_URL;
         }
 
-        secretKey = ravePayInitializer.getSecretKey();
         tabLayout = (TabLayout) findViewById(R.id.sliding_tabs);
         pager = (ViewPager) findViewById(R.id.pager);
         permissionsRequiredLayout = (RelativeLayout) findViewById(R.id.rave_permission_required_layout);
@@ -147,10 +146,6 @@ public void onRequestPermissionsResult(int requestCode, @NonNull String[] permis
         }
     }
 
-    public static String getSecretKey() {
-        return secretKey;
-    }
-
     public RavePayInitializer getRavePayInitializer() {
         return ravePayInitializer;
     }

raveandroid/src/main/java/com/flutterwave/raveandroid/RavePayInitializer.java

@@ -13,7 +13,7 @@ public class RavePayInitializer {
     String email;
     double amount;
     String publicKey;
-    String secretKey;
+    String encryptionKey;
     String txRef;
     String narration;
     String currency;
@@ -32,15 +32,15 @@ public class RavePayInitializer {
     boolean staging = true;
 
     public RavePayInitializer(String email, double amount, String publicKey,
-                              String secretKey, String txRef, String narration,
+                              String encryptionKey, String txRef, String narration,
                               String currency, String country, String fName,
                               String lName, boolean withCard,
                               boolean withAccount, boolean withMpesa, boolean withGHMobileMoney, int theme,
                               boolean staging, boolean allowSaveCard, String meta, String subAccounts, String payment_plan) {
         this.email = email;
         this.amount = amount;
         this.publicKey = publicKey;
-        this.secretKey = secretKey;
+        this.encryptionKey = encryptionKey;
         this.txRef = txRef;
         this.narration = narration;
         this.currency = currency;
@@ -154,12 +154,12 @@ public void setPublicKey(String publicKey) {
         this.publicKey = publicKey;
     }
 
-    public String getSecretKey() {
-        return secretKey;
+    public String getEncryptionKey() {
+        return encryptionKey;
     }
 
-    public void setSecretKey(String secretKey) {
-        this.secretKey = secretKey;
+    public void setEncryptionKey(String encryptionKey) {
+        this.encryptionKey = encryptionKey;
     }
 
     public String getTxRef() {

raveandroid/src/main/java/com/flutterwave/raveandroid/RavePayManager.java

@@ -18,7 +18,7 @@ public class RavePayManager {
     private String email;
     private double amount = -1;
     private String publicKey;
-    private String secretKey;
+    private String encryptionKey;
     private String txRef;
     private String narration = "";
     private String currency = "NGN";
@@ -104,8 +104,8 @@ public RavePayManager setPublicKey(String publicKey) {
         return this;
     }
 
-    public RavePayManager setSecretKey(String secretKey) {
-        this.secretKey = secretKey;
+    public RavePayManager setEncryptionKey(String encryptionKey) {
+        this.encryptionKey = encryptionKey;
         return this;
     }
 
@@ -157,6 +157,6 @@ public void initialize() {
     }
 
     public RavePayInitializer createRavePayInitializer() {
-        return new RavePayInitializer(email, amount, publicKey, secretKey, txRef, narration, currency, country, fName, lName, withCard, withAccount, withMpesa, withGHMobileMoney, theme, staging, allowSaveCard, meta, subAccounts, payment_plan);
+        return new RavePayInitializer(email, amount, publicKey, encryptionKey, txRef, narration, currency, country, fName, lName, withCard, withAccount, withMpesa, withGHMobileMoney, theme, staging, allowSaveCard, meta, subAccounts, payment_plan);
     }
 }

raveandroid/src/main/java/com/flutterwave/raveandroid/Utils.java

@@ -18,11 +18,21 @@
 import org.json.JSONObject;
 
 import java.lang.reflect.Type;
+import java.nio.charset.Charset;
 import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
 import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.spec.MGF1ParameterSpec;
+import java.security.spec.X509EncodedKeySpec;
 import java.util.List;
 
 import javax.crypto.Cipher;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.OAEPParameterSpec;
+import javax.crypto.spec.PSource;
 import javax.crypto.spec.SecretKeySpec;
 
 /**
@@ -60,9 +70,8 @@ public static boolean wasTxSuccessful(RavePayInitializer ravePayInitializer, Str
             JSONObject jsonData = jsonObject.getJSONObject("data");
             String status = jsonData.getString("status");
             String txAmount = jsonData.getString("amount");
-            String txCurrency = jsonData.getString("transaction_currency");
-            JSONObject flwMetaJsonObject = jsonData.getJSONObject("flwMeta");
-            String chargeResponse = flwMetaJsonObject.getString("chargeResponse");
+            String txCurrency = jsonData.getString("currency");
+            String chargeResponse = jsonData.getString("chargeResponseCode");
 
             if (areAmountsSame(amount, txAmount) &&
                     chargeResponse.equalsIgnoreCase("00") &&
@@ -160,14 +169,36 @@ public static String stringifySubaccounts(List<SubAccount> subAccounts) {
         return gson.toJson(subAccounts, type);
     }
 
-    public static String getEncryptedData(String unEncryptedString, String secret) {
+    public static byte[] RSAEncrypt(String plaintext){
+        PublicKey key = getKey("baA/RgjURU3I0uqH3iRos3NbE8fT+lP8SDXKymsnfdPrMQAEoMBuXtoaQiJ1i5tuBG9EgSEOH1LAZEaAsvwClw==");
+        byte[] ciphertext = null;
         try {
-            // hash the secret
-            String md5Hash = getMd5(secret);
-            String cleanSecret = secret.replace(TARGET, "");
-            int hashLength = md5Hash.length();
-            String encryptionKey = cleanSecret.substring(0, 12).concat(md5Hash.substring(hashLength - 12, hashLength));
+            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
+            cipher.init(Cipher.ENCRYPT_MODE, key);
+            ciphertext = cipher.doFinal(plaintext.getBytes());
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return ciphertext;
+    }
+
+    public static PublicKey getKey(String key){
+        try{
+            byte[] byteKey = Base64.decode(key.getBytes(Charset.forName("UTF-16")), Base64.DEFAULT);
+            X509EncodedKeySpec X509publicKey = new X509EncodedKeySpec(byteKey);
+            KeyFactory kf = KeyFactory.getInstance("RSA");
+
+            return kf.generatePublic(X509publicKey);
+        }
+        catch(Exception e){
+            e.printStackTrace();
+        }
+
+        return null;
+    }
 
+    public static String getEncryptedData(String unEncryptedString, String encryptionKey) {
+        try {
             return encrypt(unEncryptedString, encryptionKey);
         }catch (Exception e){
             e.printStackTrace();

raveandroid/src/main/java/com/flutterwave/raveandroid/account/AccountContract.java

@@ -47,7 +47,7 @@ interface View {
     interface UserActionsListener {
         void getBanks();
 
-        void chargeAccount(Payload body, boolean internetBanking);
+        void chargeAccount(Payload body, String encryptionKey, boolean internetBanking);
 
         void validateAccountCharge(String flwRef, String otp, String publicKey);
 

raveandroid/src/main/java/com/flutterwave/raveandroid/account/AccountFragment.java

@@ -261,8 +261,6 @@ private void validateDetails() {
             Payload body = builder.createBankPayload();
             body.setPasscode(dob);
             body.setPhonenumber(phone);
-            body.setPBFSecKey(ravePayInitializer.getSecretKey());
-            body.setSECKEY(ravePayInitializer.getSecretKey());
 
             if ((selectedBank.getBankcode().equalsIgnoreCase("058") ||
                     selectedBank.getBankcode().equalsIgnoreCase("011"))
@@ -388,7 +386,7 @@ public void onActivityResult(int requestCode, int resultCode, Intent data) {
                 String otp = data.getStringExtra(OTPFragment.EXTRA_OTP);
                 presenter.validateAccountCharge(flwRef, otp, ravePayInitializer.getPublicKey());
             }else if(requestCode==FOR_INTERNET_BANKING){
-                presenter.requeryTx(flwRef, ravePayInitializer.getSecretKey());
+                presenter.requeryTx(flwRef, ravePayInitializer.getPublicKey());
             }
         }else{
             super.onActivityResult(requestCode, resultCode, data);
@@ -436,7 +434,7 @@ public void onPaymentFailed(String status, String responseAsJSONString) {
 
     @Override
     public void onValidateSuccessful(String flwRef, String responseAsJsonString) {
-        presenter.requeryTx(flwRef, ravePayInitializer.getSecretKey());
+        presenter.requeryTx(flwRef, ravePayInitializer.getPublicKey());
     }
 
     @Override
@@ -463,7 +461,7 @@ public void displayFee(String charge_amount, final Payload payload, final boolea
             @Override
             public void onClick(DialogInterface dialog, int which) {
                 dialog.dismiss();
-                presenter.chargeAccount(payload, internetbanking);
+                presenter.chargeAccount(payload, ravePayInitializer.getEncryptionKey(), internetbanking);
             }
         }).setNegativeButton("NO", new DialogInterface.OnClickListener() {
             @Override