From fce0f4a2ed5a184cc33dc5115ab5396cdb19a5f0 Mon Sep 17 00:00:00 2001
From: Alexandros Moraitis <alexandros.moraitis@adyen.com>
Date: Wed, 8 Nov 2023 11:53:03 +0100
Subject: [PATCH] Fix Terminal api missing encryption (#933)

* Add the unit test

* Add the adyen exception for missing nexoblob

* Add only the exception for the nexoblob
---
 Adyen.Test/MockPosApiRequest.cs               | 46 +++++++++++++++++++
 Adyen.Test/TerminalApiPosRequestTest.cs       | 22 ++++++++-
 .../pospayment-no-security-trailer.json       | 14 ++++++
 .../SaleToPoiMessageSecuredSerializer.cs      | 16 +++++--
 4 files changed, 92 insertions(+), 6 deletions(-)
 create mode 100644 Adyen.Test/mocks/terminalapi/pospayment-no-security-trailer.json

diff --git a/Adyen.Test/MockPosApiRequest.cs b/Adyen.Test/MockPosApiRequest.cs
index 48ebfd9ac..1573846e2 100644
--- a/Adyen.Test/MockPosApiRequest.cs
+++ b/Adyen.Test/MockPosApiRequest.cs
@@ -111,5 +111,51 @@ public static string MockNexoJsonRequest()
                    "     \"Currency\" : \"EUR\",\r\n               \"RequestedAmount\" : 15.25 \r\n            },\r\n            \"TransactionConditions\" : {}\r\n         },\r\n      " +
                    "   \"PaymentData\" : {\"PaymentType\" : \"Normal\"}\r\n      }\r\n   }\r\n}\r\n";
         }
+        /// <summary>
+        /// Dummy terminal api json api/terminal api request without security trailer set for test
+        /// enviroment
+        /// </summary>
+        /// <returns></returns>
+        public static SaleToPOIRequest CreatePosPaymentRequestEmptySecurityTrailer()
+        {
+            var saleToPoiRequest = new SaleToPOIRequest
+            {
+                MessageHeader = new MessageHeader
+                {
+                    MessageType = MessageType.Request,
+                    MessageClass = MessageClassType.Service,
+                    MessageCategory = MessageCategoryType.Payment,
+                    SaleID = "POSSystemID12345",
+                    POIID = "MX915-284251016",
+                    ServiceID = DateTime.Now.ToString("ddHHmmss")//this should be unique
+                },
+                MessagePayload = new PaymentRequest
+                {
+                    SaleData = new SaleData
+                    {
+                        SaleTransactionID = new TransactionIdentification
+                        {
+                            TransactionID = "PosAuth",
+                            TimeStamp = DateTime.Now
+                        },
+                        TokenRequestedType = TokenRequestedType.Customer,
+                    },
+                    PaymentTransaction = new PaymentTransaction
+                    {
+                        AmountsReq = new AmountsReq
+                        {
+                            Currency = "EUR",
+                            RequestedAmount = 10100
+                        }
+                    },
+                    PaymentData = new PaymentData
+                    {
+                        PaymentType = PaymentType.Normal
+                    }
+                },
+                SecurityTrailer = null
+            };
+            return saleToPoiRequest;
+        }
     }
 }
diff --git a/Adyen.Test/TerminalApiPosRequestTest.cs b/Adyen.Test/TerminalApiPosRequestTest.cs
index b42353c61..23d8ce7e9 100644
--- a/Adyen.Test/TerminalApiPosRequestTest.cs
+++ b/Adyen.Test/TerminalApiPosRequestTest.cs
@@ -1,4 +1,5 @@
 using System;
+using Adyen.Exceptions;
 using Adyen.Security;
 using Adyen.Service;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
@@ -80,6 +81,25 @@ public void TestTerminalApiCardAcquisitionResponse()
             {
                 Assert.Fail();
             }
-        }      
+        }
+        
+        [TestMethod]
+        public void TestTerminalApiRequestEmptySecurityTrailer()
+        {
+            try
+            {
+                var paymentRequest = MockPosApiRequest.CreatePosPaymentRequestEmptySecurityTrailer();
+                //create a mock client
+                var client = CreateMockTestClientPosLocalApiRequest("mocks/terminalapi/pospayment-no-security-trailer.json");
+                var terminalLocalApi = new TerminalLocalApi(client);
+                var configEndpoint = terminalLocalApi.Client.Config.LocalTerminalApiEndpoint;
+                var saleToPoiResponse = terminalLocalApi.TerminalRequest(paymentRequest, _encryptionCredentialDetails);
+                Assert.AreEqual(configEndpoint, @"https://_terminal_:8443/nexo/");
+            }
+            catch (Exception ex)
+            {
+                Assert.AreEqual(ex.Message,"NexoBlob is empty in the response");
+            }
+        }
     }
 }
diff --git a/Adyen.Test/mocks/terminalapi/pospayment-no-security-trailer.json b/Adyen.Test/mocks/terminalapi/pospayment-no-security-trailer.json
new file mode 100644
index 000000000..1ac3d75b2
--- /dev/null
+++ b/Adyen.Test/mocks/terminalapi/pospayment-no-security-trailer.json
@@ -0,0 +1,14 @@
+{
+  "SaleToPOIResponse": {
+    "SecurityTrailer": null,
+    "MessageHeader": {
+      "ProtocolVersion": "3.0",
+      "SaleID": "John",
+      "MessageClass": "Service",
+      "MessageCategory": "Payment",
+      "ServiceID": "9739",
+      "POIID": "MX915-284251016",
+      "MessageType": "Response"
+    }
+  }
+}
\ No newline at end of file
diff --git a/Adyen/ApiSerialization/SaleToPoiMessageSecuredSerializer.cs b/Adyen/ApiSerialization/SaleToPoiMessageSecuredSerializer.cs
index 40eb26432..de432fe67 100644
--- a/Adyen/ApiSerialization/SaleToPoiMessageSecuredSerializer.cs
+++ b/Adyen/ApiSerialization/SaleToPoiMessageSecuredSerializer.cs
@@ -46,12 +46,18 @@ private void CheckForTerminalError(JObject terminalResponseJObject)
 
         private SaleToPoiMessageSecured ParseSaleToPoiMessageSecured(JToken saleToPoiMessageSecuredJToken)
         {
-            var saleToPoiMessageSecured = new SaleToPoiMessageSecured
+            var saleToPoiMessageSecured = new SaleToPoiMessageSecured();
+            saleToPoiMessageSecured.MessageHeader = saleToPoiMessageSecuredJToken.SelectToken("MessageHeader").ToObject<MessageHeader>();
+            saleToPoiMessageSecured.SecurityTrailer = saleToPoiMessageSecuredJToken.SelectToken("SecurityTrailer")
+                .ToObject<SecurityTrailer>();
+            try
             {
-                MessageHeader = saleToPoiMessageSecuredJToken.SelectToken("MessageHeader").ToObject<MessageHeader>(),
-                NexoBlob = saleToPoiMessageSecuredJToken.SelectToken("NexoBlob").ToObject<string>(),
-                SecurityTrailer = saleToPoiMessageSecuredJToken.SelectToken("SecurityTrailer").ToObject<SecurityTrailer>()
-            };
+                saleToPoiMessageSecured.NexoBlob = saleToPoiMessageSecuredJToken.SelectToken("NexoBlob").ToObject<string>();
+            }
+            catch (Exception ex)
+            {
+                throw new DeserializationException("NexoBlob is empty in the response",ex.InnerException);
+            }
 
             return saleToPoiMessageSecured;
         }