These JAVA samples are to show payment flows supported by AWS Payment Cryptography.
Please ensure you have Java 17 or higher.
The samples need Maven to run. You can install it from https://maven.apache.org/install.html if not already installed on your system.
cd samples-for-payment-cryptography-service/java_sdk_example
mvn clean install
In both cases the clean step is unnecessary if it's the first time you're building it.
The examples pull your AWS credentials from environment variables or your credentials file. If using environment variables, you can exporrt them like below :
export AWS_ACCESS_KEY_ID=ASIA....
export AWS_SECRET_ACCESS_KEY=abcd....
export AWS_SESSION_TOKEN=wxyz....
There are samples for 2 flows below. The flows are setup on simulated terminals such as store terminal that processes payment or ATM that can be used for pin setup or PIN terminal that does PIN verification. Prior to running the samples, you will need to start the server like below. The server has services that the terminals connect to support the flows.
Note: Intentional delays are added between each transactions (using Thread.sleep) in PaymentTerminal, ATM,PinTerminal_ISO_Format_0 and PinTerminal_ISO_Format_4 to make it easier to follow the flows.
The samples are setup to run based on keys in the key import app. As a pre-requisite, you will need to run the key import app. Refer to key import instructions
cd samples-for-payment-cryptography-service/java_sdk_example
./run_example.sh aws.sample.paymentcryptography.Application
This class is setup for P2PE flow and uses pre created DUKPT to encrypt data from PaymentTerminal to send to Payment Processor API endpoint. The test data is defined on key-ksn-data.json file. For every increment of KSN counter (last 2 digits of KSN), a corresponding DUKPT has been pre-created.
To run -
cd samples-for-payment-cryptography-service/java_sdk_example
./run_example.sh aws.sample.paymentcryptography.terminal.PaymentTerminal
This is a simulation of ATM that sets PIN through an Issuer. It uses pre setup PIN test data to create an encoded PIN block and encrypts that block using pre setup PEK. The encrypted data is then sent to the issuer to set the PIN.
To run -
cd samples-for-payment-cryptography-service/java_sdk_example
./run_example.sh aws.sample.paymentcryptography.terminal.ATM
There are 2 variations of Pin terminals.
-
PinTerminal using ISO 0 Format for Pin Encryption
This class simulates terminal encrypting a plain text PIN using ISO 0 Format for PIN encryption.
-
PinTerminal using ISO 4 Format for Pin Encryption
This class simulates terminal encrypting a plain text PIN using ISO 4 Format for PIN encryption.
Both classes above are a simulation of a terminal that accepts PIN and sends it for verification. It uses pre setup PIN data to create an encoded PIN block and encrypts that block using pres setup PEK data for ISO Format 0 and PEK data for ISO Format 4 . The classes are setup for 2 flows 1/new pin setup, 2/ pin verification. The encrypted data is then sent to the PIN translating service which translates the encrypted pin blocks according to the incoming and outgoing ISO formats then connects to the Issuer to verify the PIN.
To run -
cd samples-for-payment-cryptography-service/java_sdk_example
./run_example.sh aws.sample.paymentcryptography.terminal.PinTerminal_ISO_0_Format
OR
cd samples-for-payment-cryptography-service/java_sdk_example
./run_example.sh aws.sample.paymentcryptography.terminal.PinTerminal_ISO_4_Format
Following are helper classes to support the flows defined above.
This will create an alias, either with a name you provide or a random one if you don't specify anything. The main purpose of this is to demonstrate basic operations against the API.
./run_example.sh aws.sample.paymentcryptography.CreateAlias or ./run_example.sh aws.sample.paymentcryptography.CreateAlias "alias/testalias-abcde"
This will list all the aliases in your account, plus what key they point to (if any).
The main purpose of this example is to let you inspect your resources and see how pagination works.
./run_example.sh aws.sample.paymentcryptography.ListAliases
This will list all the keys in your account, with a bit of info about each one's type.
The main purpose of this example is to let you inspect your resources and see how pagination works, as well as show some ways in which interacting with keys is different than interacting with aliases (for example, the attributes are nested more deeply, and ListKeys only returns the ARN, not all the info about the object, so an additional GetKey call is necessary).
./run_example.sh aws.sample.paymentcryptography.ListKeys