* Adding support for AES CBC decryption

Author: danny-gallagher

lib/mcapi/encryption/crypto/jwe-crypto.rb

@@ -68,6 +68,7 @@ def decrypt_data(encrypted_data:)
         if enc_method == "A256GCM"
           enc_string = "aes-256-gcm"
         elsif enc_method == "A128CBC-HS256"
+          cek = cek.byteslice(16, cek.length)
           enc_string = "aes-128-cbc"
         else
           raise Exception, "Encryption method '#{enc_method}' not supported."
@@ -78,11 +79,12 @@ def decrypt_data(encrypted_data:)
         cipher.key = cek
         cipher.iv = iv
         cipher.padding = 0
-        cipher.auth_data = encrypted_header
-        cipher.auth_tag = cipher_tag
+        if enc_method == "A256GCM"
+          cipher.auth_data = encrypted_header
+          cipher.auth_tag = cipher_tag
+        end
 
-        plain_text = cipher.update(cipher_text) + cipher.final
-        plain_text
+        cipher.update(cipher_text) + cipher.final
       end
 
       private
@@ -92,8 +94,7 @@ def compute_public_fingerprint
       end
 
       def generate_header(alg, enc)
-        header = { alg: alg, enc: enc, kid: @public_key_fingerprint, cty: 'application/json' }
-        header
+        { alg: alg, enc: enc, kid: @public_key_fingerprint, cty: 'application/json' }
       end
 
       def jwe_encode(payload)

test/test_jwe_encryption.rb

@@ -92,4 +92,11 @@ def test_decrypt_gcm
     assert_equal decrypted['body']['mapping']['customer_identifier'], 'CUST_12345'
     assert !decrypted['body']['encrypted_data']
   end
+
+  def test_decrypt_cbc
+    resp = File.read('./test/mock/jwe-response-cbc.json')
+    jwe = McAPI::Encryption::JweEncryption.new(@test_config)
+    decrypted = JSON.parse(jwe.decrypt(resp))
+    assert !decrypted['body']['encrypted_data']
+  end
 end