Merge pull request #190 from CyberSource/feature/gp-mtls

pgp  mtls

Author: mahmishr

composer.json

@@ -20,7 +20,8 @@
         "ext-mbstring": "*",
         "firebase/php-jwt": "^6.0.0",
         "monolog/monolog": ">=1.25.0",
-        "web-token/jwt-framework": "^2.2.11|^3.3.5"
+        "web-token/jwt-framework": "^2.2.11|^3.3.5",
+        "singpolyma/openpgp-php": "0.7.0"
     },
     "require-dev": {
         "phpunit/phpunit": "9.6.15"

generator/cybersource_php_sdk_gen.bat

@@ -37,6 +37,7 @@ git checkout ..\composer.json
 git checkout ..\lib\Api\OAuthApi.php
 git checkout ..\lib\Model\AccessTokenResponse.php
 git checkout ..\lib\Model\CreateAccessTokenRequest.php
+git checkout ..\lib\Api\BatchUploadApi.php
 
 pause
 

lib/Api/BatchUploadApi.php

@@ -0,0 +1,177 @@
+<?php
+
+namespace CyberSource\Api;
+
+use CyberSource\ApiException;
+use CyberSource\Utilities\PGP\BatchUpload\PgpEncryptionUtility;
+use CyberSource\Utilities\PGP\BatchUpload\MutualAuthUploadUtility;
+use CyberSource\Utilities\PGP\BatchUpload\BatchuploadUtility;
+use CyberSource\Logging\LogFactory;
+use CyberSource\Logging\LogConfiguration;
+
+class BatchUploadApi
+{
+    private static $logger = null;
+
+    /**
+     * BatchUploadApi constructor.
+     *
+     * Example usage with custom log configuration:
+     * ```php
+     * $logConfig = new \CyberSource\Logging\LogConfiguration();
+     * $logConfig->enableLogging(true);
+     * $logConfig->setDebugLogFile(__DIR__ . DIRECTORY_SEPARATOR . ".." . DIRECTORY_SEPARATOR . ".." . DIRECTORY_SEPARATOR . "Log" . DIRECTORY_SEPARATOR . "debugTest.log");
+     * $logConfig->setErrorLogFile(__DIR__ . DIRECTORY_SEPARATOR . ".." . DIRECTORY_SEPARATOR . ".." . DIRECTORY_SEPARATOR . "Log" . DIRECTORY_SEPARATOR . "errorTest.log");
+     * $logConfig->setLogDateFormat("Y-m-d\TH:i:s");
+     * $logConfig->setLogFormat("[%datetime%] [%level_name%] [%channel%] : %message%\n");
+     * $logConfig->setLogMaxFiles(3);
+     * $logConfig->setLogLevel("debug");
+     * $logConfig->enableMasking(true);
+     * $api = new \CyberSource\Api\BatchUploadApi($logConfig);
+     * ```
+     *
+     * @param LogConfiguration|null $logConfig
+     */
+    public function __construct($logConfig = null)
+    {
+        // If no log config provided, create one with logging disabled
+        if ($logConfig === null) {
+            $logConfig = new LogConfiguration();
+            $logConfig->enableLogging(false);
+        }
+        // Use LogFactory to get a logger for this class
+        self::$logger = (new LogFactory())->getLogger(
+            \CyberSource\Utilities\Helpers\ClassHelper::getClassName(get_class($this)),
+            $logConfig
+        );
+    }
+
+    /**
+     * Uploads a batch file using mutual TLS authentication with a PKCS#12 (.p12/.pfx) client certificate file.
+     *
+     * @param string $inputFilePath Path to the file to be uploaded.
+     * @param string $environmentHostname The environment hostname.
+     * @param string $pgpEncryptionCertPath Path to the PGP encryption certificate.
+     * @param string $clientCertP12FilePath Path to the PKCS#12 client certificate file (.p12 or .pfx).
+     * @param string $clientCertP12Password Password for the PKCS#12 client certificate.
+     * @param string|null $serverTrustCertPath Path to the server trust certificate(s) in PEM format. Optional.
+     * @param bool $verify_ssl Whether to verify the server's SSL certificate. Optional. Set to false to disable verification (not recommended). Default is true.
+     * @return array [responseBody, statusCode, headers]
+     * @throws ApiException
+     */
+    public function uploadBatchWithP12(
+        $inputFilePath,
+        $environmentHostname,
+        $pgpEncryptionCertPath,
+        $clientCertP12FilePath,
+        $clientCertP12Password,
+        $serverTrustCertPath = null,
+        $verify_ssl = true
+    ) {
+        if (self::$logger) {
+            self::$logger->info("Starting batch upload with P12/PFX for file: $inputFilePath");
+            if ($verify_ssl === false) {
+                self::$logger->warning("SSL verification is DISABLED for this batch upload. This is insecure and should not be used in production.");
+            }
+        }
+        BatchuploadUtility::validateBatchApiP12Inputs(
+            $inputFilePath, $environmentHostname, $pgpEncryptionCertPath, $clientCertP12FilePath, $serverTrustCertPath
+        );
+
+        $endpointUrl = $this->getEndpointUrl($environmentHostname, "/pts/v1/transaction-batch-upload");
+
+        $encryptedPgpBytes = PgpEncryptionUtility::encryptFileToBytes($inputFilePath, $pgpEncryptionCertPath);
+
+        $pgpFileName = basename($inputFilePath);
+        if (empty($pgpFileName) || $pgpFileName === '.' || $pgpFileName === '..') {
+            $pgpFileName = 'file.pgp';
+        } else {
+            $pgpFileName = pathinfo($pgpFileName, PATHINFO_FILENAME) . '.pgp';
+        }
+
+        return MutualAuthUploadUtility::uploadWithP12(
+            $encryptedPgpBytes,
+            $endpointUrl,
+            $pgpFileName,
+            $clientCertP12FilePath,
+            $clientCertP12Password,
+            $serverTrustCertPath,
+            $verify_ssl,
+            self::$logger
+        );
+    }
+
+    /**
+     * Uploads a batch file using mutual TLS authentication with client private key and certificate.
+     *
+     * @param string $inputFilePath Path to the file to be uploaded.
+     * @param string $environmentHostname The environment hostname (e.g., api.cybersource.com).
+     * @param string $pgpEncryptionCertPath Path to the PGP encryption certificate.
+     * @param string $clientCertPath Path to the client certificate (PEM).
+     * @param string $clientKeyPath Path to the client private key (PEM).
+     * @param string|null $serverTrustCertPath Path to the server trust certificate(s) in PEM format. Optional.
+     * @param string|null $clientKeyPassword Password for the client private key. Optional.
+     * @param bool $verify_ssl Whether to verify the server's SSL certificate. Optional. Set to false to disable verification (not recommended). Default is true.
+     * @return array [responseBody, statusCode, headers]
+     * @throws ApiException
+     */
+    public function uploadBatchWithKeyAndCert(
+        $inputFilePath,
+        $environmentHostname,
+        $pgpEncryptionCertPath,
+        $clientCertPath,
+        $clientKeyPath,
+        $serverTrustCertPath = null,
+        $clientKeyPassword = null,
+        $verify_ssl = true
+    ) {
+        if (self::$logger) {
+            self::$logger->info("Starting batch upload with client key/cert for file: $inputFilePath");
+            if ($verify_ssl === false) {
+                self::$logger->warning("SSL verification is DISABLED for this batch upload. This is insecure and should not be used in production.");
+            }
+        }
+        
+        BatchuploadUtility::validateBatchApiKeysInputs($inputFilePath, $environmentHostname, $pgpEncryptionCertPath, $clientKeyPath, $clientCertPath, $serverTrustCertPath);
+        
+        $endpointUrl = $this->getEndpointUrl($environmentHostname, "/pts/v1/transaction-batch-upload");
+
+        $encryptedPgpBytes = PgpEncryptionUtility::encryptFileToBytes($inputFilePath, $pgpEncryptionCertPath);
+
+        $pgpFileName = basename($inputFilePath);
+        if (empty($pgpFileName) || $pgpFileName === '.' || $pgpFileName === '..') {
+            $pgpFileName = 'file.pgp';
+        } else {
+            $pgpFileName = pathinfo($pgpFileName, PATHINFO_FILENAME) . '.pgp';
+        }
+
+        return MutualAuthUploadUtility::uploadWithKeyAndCert(
+            $encryptedPgpBytes,
+            $endpointUrl,
+            $pgpFileName,
+            $clientCertPath,
+            $clientKeyPath,
+            $serverTrustCertPath,
+            $clientKeyPassword,
+            $verify_ssl,
+            self::$logger
+        );
+    }
+
+    /**
+     * Constructs the full endpoint URL for the given environment hostname and endpoint path.
+     *
+     * @param string $environmentHostname The environment hostname (with or without protocol prefix).
+     * @param string $endpoint The endpoint path to append.
+     * @return string The full endpoint URL.
+     */
+    private function getEndpointUrl($environmentHostname, $endpoint)
+    {
+        $URL_PREFIX = 'https://';
+        $baseUrl = (stripos(trim($environmentHostname), $URL_PREFIX) === 0)
+            ? trim($environmentHostname)
+            : $URL_PREFIX . trim($environmentHostname);
+        return $baseUrl . $endpoint;
+    }
+
+}

lib/Utilities/MultipartHelpers/MultipartHelper.php

@@ -10,9 +10,9 @@ public static function build_data_files($boundary, $formParams){
 
         $delimiter = '-------------' . $boundary;
 
-        foreach ($formParams as $name => $content) {
+        foreach ($formParams as $filename => $content) {
             $data .= "--" . $delimiter . $eol
-                . 'Content-Disposition: form-data; name="' . $name . '"; filename="' . $name . '"' . $eol
+                . 'Content-Disposition: form-data; name="' . $filename . '"; filename="' . $filename . '"' . $eol
                 . 'Content-Transfer-Encoding: binary'.$eol
                 ;
 

lib/Utilities/PGP/BatchUpload/BatchuploadUtility.php

@@ -0,0 +1,106 @@
+<?php
+
+namespace CyberSource\Utilities\PGP\BatchUpload;
+
+class BatchuploadUtility
+{
+    const MAX_FILE_SIZE_BYTES = 75 * 1024 * 1024; // 75MB
+
+    /**
+     * Validates the input parameters for batch API using P12 client certificate.
+     *
+     * @param string $inputFile Path to the input CSV file for batch upload.
+     * @param string $environmentHostname
+     * @param string $pgpEncryptionCertPath Path to the PGP public key file (.asc).
+     * @param string $clientCertP12FilePath Path to the client P12 certificate file.
+     * @param string|null $serverTrustCertPath Path to the server trust certificate file (PEM, optional).
+     * @throws \InvalidArgumentException
+     */
+    public static function validateBatchApiP12Inputs($inputFile, $environmentHostname, $pgpEncryptionCertPath, $clientCertP12FilePath, $serverTrustCertPath = null)
+    {
+        self::validateInputFile($inputFile);
+        if (empty(trim($environmentHostname))) {
+            throw new \InvalidArgumentException('Environment Host Name for Batch Upload API cannot be null or empty.');
+        }
+        self::validatePathAndFile($pgpEncryptionCertPath, 'PGP Encryption Cert Path');
+        self::validatePathAndFile($clientCertP12FilePath, 'Client Cert P12 File Path');
+        if (!empty($serverTrustCertPath)) {
+            self::validatePathAndFile($serverTrustCertPath, 'Server Trust Cert Path');
+        }
+    }
+
+    /**
+     * Validates the input parameters for batch API using direct key and certificate file paths.
+     *
+     * @param string $inputFile Path to the input CSV file for batch upload.
+     * @param string $environmentHostname
+     * @param string $pgpPublicKeyPath Path to the PGP public key file (.asc).
+     * @param string $clientPrivateKeyPath Path to the client private key file (PEM).
+     * @param string $clientCertPath Path to the client certificate file (PEM).
+     * @param string|null $serverTrustCertPath Path to the server trust certificate file (PEM, optional).
+     * @throws \InvalidArgumentException
+     */
+    public static function validateBatchApiKeysInputs($inputFile, $environmentHostname, $pgpPublicKeyPath, $clientPrivateKeyPath, $clientCertPath, $serverTrustCertPath = null)
+    {
+        self::validateInputFile($inputFile);
+        if (empty(trim($environmentHostname))) {
+            throw new \InvalidArgumentException('Environment Host Name for Batch Upload API cannot be null or empty.');
+        }
+        self::validatePathAndFile($pgpPublicKeyPath, 'PGP Public Key Path');
+        self::validatePathAndFile($clientPrivateKeyPath, 'Client Private Key Path');
+        self::validatePathAndFile($clientCertPath, 'Client Certificate Path');
+        if (!empty($serverTrustCertPath)) {
+            self::validatePathAndFile($serverTrustCertPath, 'Server Trust Certificate Path');
+        }
+    }
+
+    /**
+     * Validates the input file for batch upload.
+     * Checks for existence, file type (CSV), and maximum file size (75MB).
+     *
+     * @param string $inputFile Path to the input file to validate.
+     * @throws \InvalidArgumentException
+     */
+    public static function validateInputFile($inputFile)
+    {
+        if (empty($inputFile) || !file_exists($inputFile) || !is_file($inputFile)) {
+            throw new \InvalidArgumentException("Input file is invalid or does not exist: $inputFile");
+        }
+        // Only CSV files are allowed for batch API
+        if (strtolower(pathinfo($inputFile, PATHINFO_EXTENSION)) !== 'csv') {
+            throw new \InvalidArgumentException("Only CSV file type is allowed: " . basename($inputFile));
+        }
+        // Max file size allowed is 75MB
+        $fileSize = filesize($inputFile);
+        if ($fileSize > self::MAX_FILE_SIZE_BYTES) {
+            throw new \InvalidArgumentException("Input file size exceeds the maximum allowed size of 75MB: $fileSize");
+        }
+    }
+
+    /**
+     * Validates that the given file path exists and is not empty.
+     *
+     * @param string $filePath The file path to validate.
+     * @param string $pathType A description of the path type (e.g., "Input file").
+     * @throws \InvalidArgumentException
+     */
+    public static function validatePathAndFile($filePath, $pathType)
+    {
+        if (empty($filePath) || !is_string($filePath) || !trim($filePath)) {
+            throw new \InvalidArgumentException("$pathType path cannot be null or empty");
+        }
+
+        $normalizedPath = trim($filePath);
+
+        if (!file_exists($normalizedPath)) {
+            throw new \InvalidArgumentException("$pathType does not exist: $normalizedPath");
+        }
+        if (!is_file($normalizedPath)) {
+            throw new \InvalidArgumentException("$pathType does not have valid file: $normalizedPath");
+        }
+        if (!is_readable($normalizedPath)) {
+            throw new \InvalidArgumentException("$pathType is not readable: $normalizedPath");
+        }
+    }
+
+}