I've just spent a day working out how to integrate Lotus Domino and the FoxyCart payment gateway. As part of this I had to decrypt the transaction data they send back to your server as part of the payment process.
Hopefully I can save somebody some time in doing this by posting what I did. First of all here's the code that does the job:
String password = "YOUR_SECRET_KEY"; Cipher rc4 = Cipher.getInstance("RC4"); rc4.init(Cipher.DECRYPT_MODE, new SecretKeySpec(password.getBytes(), "RC4") ); //need Commons-codec library for this bit! byte decoded = URLCodec.decodeUrl( document.getItemValueString("FoxyData").getBytes() ); byte decrypted = rc4.doFinal(decoded); String xml = new new String(decrypted); document.replaceItemValue("XML_From_Foxy", xml);
FoxyCart POSTs data back to the URL you specify in a field called "FoxyData". The data is RC4 encrypted as well as being URL encoded. To undo this and get the pure XML in a plain string you need to run the code above during the WQS event of the Form to which you have FoxyCart post results.
Note that you need to import the Commons Codec library in to your agent to get the above code to work.
The code took some arriving at itself, but the main obstacle was getting the code to run on the Domino server once "compiled".
First hurdle was this error:
java.security.InvalidKeyException: Illegal key size or default parameters
Turns out that we need to install the "unlimited strength" security files. This involves replacing US_export_policy.jar and local_policy.jar in the following directory on the server:
At first, to do this I used the official Sun/Oracle Java files but then hit this error:
java.lang.SecurityException: Cannot set up certs for trusted CAs
Jurisdiction policy files are not signed by trusted signers!
And, phew, it all worked.