Merge pull request #97 from ammajumd/future

Introduced flag certificateCacheEnabled(default true) to cache merchant certs. now it also check for if p12 file is replaced or not. If replaced then it would load the certs again and store into cache.

Author: mahendya1002

README.md

@@ -10,7 +10,7 @@ To install the `cybersource-sdk-java` from central repository, add dependency to
 <dependency>
   <groupId>com.cybersource</groupId>
   <artifactId>cybersource-sdk-java</artifactId>
-  <version>6.2.5</version>
+  <version>6.2.6</version>
 </dependency> 
 ```
 Run `mvn install` to install dependency
@@ -19,7 +19,7 @@ Run `mvn install` to install dependency
 Add the dependency to your build.gradle
 ```java
 dependencies {
-  compile 'com.cybersource:cybersource-sdk-java:6.2.5'
+  compile 'com.cybersource:cybersource-sdk-java:6.2.6'
 }
 ```
 ## Requirements
@@ -61,6 +61,7 @@ You do not need to download and build the source to use the SDK but if you want
     - if `enablejdkcert` parameter is set to true, certificates will be read from the JKS file specified at keysDirectory location. The JKS file should be of the same name as specified in keyFilename.
       - To know how to convert p12 to JKS refer the JKS creation section of this document.
     - `enableCacerts` property is considered only if `enablejdkcert` is set to true. If `enableCacerts` is set to true, certificates will be read from the cacerts folder under the JDK.
+    - if `certificateCacheEnabled` parameter is set to false (default is true), the p12 certificate of a merchant will be reloaded from filesystem every time a transaction is made 
     - `allowRetry` config parameter will only work for HttpClient. Set `allowRetry` config parameter to "true" to enable retry mechanism and set merchant specific values for the retry.
     - Set integer values for config parameter `numberOfRetries` *and* `retryInterval`. Retry Interval is time delay for next retry in seconds.
       - Number of retry parameter should be set between 1 to 5. Any other value will throw an Error Message.
@@ -181,6 +182,12 @@ Retry Pattern allows to retry sending a failed request and it will only work wit
 
 ## Changes
 
+Version Cybersource-sdk-java 6.2.6 (JAN,2018)
+_______________________________
+  1) Added certificateCacheEnabled optional feature. certificateCacheEnabled parameter is set to false (default is true), the p12 certificate of a merchant will be reloaded from filesystem every time a transaction is made.If the certificateCacheEnabled is true then only at the first time certificate of a merchant will loaded from filesystem.
+  2) Intreduced a new feature to check merchant .p12 certificate file validity at run time.If it is not valid and replaced at runtime then SDK will be able to reload the new certificate data into cache.
+  3) Changed clientLibrary version to 6.2.6;
+
 Version Cybersource-sdk-java 6.2.5 (OCT,2017)
 _______________________________
   1) Merchant cert to be read from JAVA key store. Flag is added to enable reading cert from Java keystore.

java/src/main/java/com/cybersource/ws/client/Client.java

@@ -212,12 +212,13 @@ private static void setVersionInformation(Map<String, String> request) {
      * @throws SignException if signing fails.
      * @throws SAXException 
      * @throws SignEncryptException 
+     * @throws ConfigException 
      */
     private static Document soapWrapAndSign(
             Map request, MerchantConfig mc, DocumentBuilder builder,
             LoggerWrapper logger)
             throws
-            IOException, SignException, SAXException, SignEncryptException {
+            IOException, SignException, SAXException, SignEncryptException, ConfigException {
         boolean logSignedData = mc.getLogSignedData();
         if (!logSignedData) {
             logger.log(

java/src/main/java/com/cybersource/ws/client/Identity.java

@@ -9,6 +9,7 @@
  */
 package com.cybersource.ws.client;
 
+import java.io.File;
 import java.security.PrivateKey;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
@@ -35,9 +36,13 @@ public class Identity {
     private PrivateKey privateKey;
 
     private MerchantConfig merchantConfig;
+
+	private long lastModifiedDate;
 
     private static final String SERVER_ALIAS = "CyberSource_SJC_US";
 
+    private Logger logger = null;
+    
     /**
      * Creates an Identity instance.this type of the instance can
      * only be used to store server certificate identity.
@@ -46,9 +51,12 @@ public class Identity {
      * @param x509Certificate
      * @throws SignException
      */
-    public Identity(MerchantConfig merchantConfig,X509Certificate x509Certificate) throws SignException {
+    public Identity(MerchantConfig merchantConfig,X509Certificate x509Certificate,Logger logger) throws SignException {
         this.merchantConfig = merchantConfig;
         this.x509Cert=x509Certificate;
+        if(this.logger == null){
+        	this.logger=logger;
+        }
         if(merchantConfig.isJdkCertEnabled()){
             setupJdkServerCerts();
         }
@@ -89,13 +97,42 @@ else if (subjectDNrray.length == 2 && subjectDNrray[1].contains(SERVER_ALIAS)) {
      * @param privateKey
      * @throws SignException
      */
-    public Identity(MerchantConfig merchantConfig,X509Certificate x509Certificate, PrivateKey privateKey) throws SignException {
+    public Identity(MerchantConfig merchantConfig,X509Certificate x509Certificate, PrivateKey privateKey,Logger logger) throws SignException {
         this.merchantConfig = merchantConfig;
         this.x509Cert = x509Certificate;
         this.privateKey = privateKey;
+        if(this.logger == null){
+        	this.logger=logger;
+        }
+        try {
+			this.lastModifiedDate=merchantConfig.getKeyFile().lastModified();
+		} catch (ConfigException e) {
+			
+			logger.log(Logger.LT_EXCEPTION,
+                    "Identity object ,cannot instantiate with key file lastModifiedDate. "
+                    + e.getMessage());
+         throw new SignException("Exception While initializing the merchant identity constructor with keyfile last modified date"+e.getMessage());
+		}
         setUpMerchant();
     }
 
+    /**
+     * Replace of merchant certificate not happened at runtime then isValid method will return true and certificate reload will not happen.
+     * But replace of merchant certificate happened at at runtime then isValid method will return false and certificate reload will happen.
+    */
+    
+	public boolean isValid(File keyFile) {
+		
+		boolean changeKeyFileStatus=(this.lastModifiedDate == keyFile.lastModified());
+
+		if (!changeKeyFileStatus) {
+
+			logger.log(Logger.LT_INFO, "Key file changed");
+			logger.log(Logger.LT_INFO, "Timestamp of current key file:"+this.lastModifiedDate);	
+		}
+		return changeKeyFileStatus;
+	}
+    
     private void setUpMerchant() throws SignException {
         if (serialNumber == null && x509Cert != null) {
             String subjectDN = x509Cert.getSubjectDN().getName();
@@ -234,5 +271,4 @@ public String toString() {
         + serialNumber + ",expiration=" + expireStr+ " }";
 	   }
 
-	   
 }

java/src/main/java/com/cybersource/ws/client/MerchantConfig.java

@@ -66,6 +66,7 @@ public class MerchantConfig {
     private String cacertPassword;
     private String customHttpClass;
     private boolean customHttpClassEnabled;
+    private boolean certificateCacheEnabled; 
 
     public String getcustomHttpClass() {
 		return customHttpClass;
@@ -83,8 +84,7 @@ public boolean isCustomHttpClassEnabled() {
     private int numberOfRetries = 0;
     private long retryInterval  = 0;
     private boolean allowRetry=true;
-    
-    
+
     // getter methods
     public boolean getUseSignAndEncrypted() { return useSignAndEncrypted; }
 
@@ -183,6 +183,10 @@ public String getProxyPassword() {
         return proxyPassword != null ? proxyPassword : "";
     }
 
+    public boolean isCertificateCacheEnabled() {  
+        return certificateCacheEnabled;  
+    }  
+    
     /**
      * Returns the effective server URL to which the request will be sent.
      * If a serverURL is specified, then that is what is returned.
@@ -271,6 +275,7 @@ public MerchantConfig(Properties _props, String _merchantID)
         enableCacert=getBooleanProperty(merchantID, "enableCacert", false);
         cacertPassword=getProperty(merchantID,"cacertPassword","changeit");
         customHttpClassEnabled=getBooleanProperty(merchantID,"customHttpClassEnabled",false);
+        certificateCacheEnabled=getBooleanProperty(merchantID,"certificateCacheEnabled",true); 
         // compute and store effective namespace URI
 
         if (namespaceURI == null && targetAPIVersion == null) {
@@ -495,6 +500,7 @@ public String getLogString() {
             }
         }
         appendPair(sb, "useSignAndEncrypted", useSignAndEncrypted);
+        appendPair(sb, "certificateCacheEnabled", certificateCacheEnabled);
         return (sb.toString());
     }
 
@@ -580,4 +586,5 @@ public boolean isJdkCertEnabled() {
     public String getCacertPassword(){
         return cacertPassword;
     }
+	
 }

java/src/main/java/com/cybersource/ws/client/SecurityUtil.java

@@ -23,7 +23,6 @@
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
-import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Enumeration;
 import java.util.concurrent.ConcurrentHashMap;
@@ -48,7 +47,6 @@ public class SecurityUtil {
 
     private static BouncyCastleProvider bcProvider = new BouncyCastleProvider();
 
-    
     // This is loaded by WSS4J but since we use it lets make sure its here
     static {
         Security.addProvider(bcProvider);
@@ -69,6 +67,13 @@ private static void initKeystore() throws KeyStoreException, CredentialException
     /**
      * Method loads the Merchant P12 key.
      *  IMPORTANT :This change is made based on the assumptions that at point of time , a merchant will have only one P12 Key
+     *
+     *CertificateCacheEnabled : If it is true then only first time merchant p12 file will be loaded.
+     *							If it is false then every time merchant p12 file will be loaded.
+     *
+     *isValid() method checks : If this method returns true that means existing certificate is valid and reload of merchant p12 file will not happen.                            
+     *						  : If method returns false that means existing certificate is not valid and reload of new merchant p12 file will happen.
+     *    
      * @param merchantConfig - Merchant Config
      * @param logger - logger instance
      * @throws SignException - Signature exception
@@ -77,12 +82,10 @@ private static void initKeystore() throws KeyStoreException, CredentialException
      * @throws IOException
      * @throws CredentialException
      */
-    public static void loadMerchantP12File(MerchantConfig merchantConfig, Logger logger) throws SignException, SignEncryptException {
-        
-        // Load the KeyStore and get the signing key and certificate do this once only
-        // This change is made based on the assumptions that at point of time , a merchant will have only one P12 Key
-        
-        if(identities.get(merchantConfig.getMerchantID()) == null){
+    public static void loadMerchantP12File(MerchantConfig merchantConfig, Logger logger) throws SignException, SignEncryptException, ConfigException {
+               
+        Identity identity=identities.get(merchantConfig.getMerchantID());
+        if(!merchantConfig.isCertificateCacheEnabled() || identity == null || !(identity.isValid(merchantConfig.getKeyFile()))){
             try {
                 if (localKeyStoreHandler == null)
                     initKeystore();
@@ -159,12 +162,12 @@ private static void readAndStoreCertificateAndPrivateKey(MerchantConfig merchant
                         throw new SignException(e);
                     }
 
-                    Identity identity = new Identity(merchantConfig,(X509Certificate) keyEntry.getCertificate(),keyEntry.getPrivateKey());
+                    Identity identity = new Identity(merchantConfig,(X509Certificate) keyEntry.getCertificate(),keyEntry.getPrivateKey(),logger);
                     localKeyStoreHandler.addIdentityToKeyStore(identity, logger);
                     identities.put(identity.getName(), identity);
                     continue;
                 }
-                Identity identity = new Identity(merchantConfig, (X509Certificate) merchantKeyStore.getCertificate(merchantKeyAlias));
+                Identity identity = new Identity(merchantConfig, (X509Certificate) merchantKeyStore.getCertificate(merchantKeyAlias),logger);
                 localKeyStoreHandler.addIdentityToKeyStore(identity, logger);
                 identities.put(identity.getName(), identity);
             }
@@ -307,12 +310,12 @@ public static void readJdkCert(MerchantConfig merchantConfig, Logger logger) thr
                             throw new SignException(e);
                         }
 
-                        Identity identity = new Identity(merchantConfig,(X509Certificate) keyEntry.getCertificate(),keyEntry.getPrivateKey());
+                        Identity identity = new Identity(merchantConfig,(X509Certificate) keyEntry.getCertificate(),keyEntry.getPrivateKey(),logger);
                         localKeyStoreHandler.addIdentityToKeyStore(identity, logger);
                         identities.put(identity.getName(), identity);
                         continue;
                     }
-                    Identity identity = new Identity(merchantConfig, (X509Certificate) keystore.getCertificate(merchantKeyAlias));
+                    Identity identity = new Identity(merchantConfig, (X509Certificate) keystore.getCertificate(merchantKeyAlias),logger);
                     localKeyStoreHandler.addIdentityToKeyStore(identity, logger);
                     identities.put(identity.getName(), identity);
                 }
@@ -353,13 +356,13 @@ private static void loadJavaKeystore(String keystore_location, MerchantConfig me
                 if (merchantConfig.getKeyAlias().equals(
                                                         keystore.getCertificateAlias(cert[i]))) {
                     identity = new Identity(merchantConfig,
-                                            (X509Certificate) cert[i], key);
+                                            (X509Certificate) cert[i], key,logger);
                     localKeyStoreHandler
                     .addIdentityToKeyStore(identity, logger);
                     identities.put(identity.getName(), identity);
                 } else {
                     identity = new Identity(merchantConfig,
-                                            (X509Certificate) cert[i]);
+                                            (X509Certificate) cert[i],logger);
                     localKeyStoreHandler
                     .addIdentityToKeyStore(identity, logger);
                     identities.put(identity.getName(), identity);
@@ -370,7 +373,7 @@ private static void loadJavaKeystore(String keystore_location, MerchantConfig me
                 	throw new SignException("Missing Server Certificate ");
                 }
             identity = new Identity(merchantConfig,
-                                    (X509Certificate) serverCert);
+                                    (X509Certificate) serverCert,logger);
             localKeyStoreHandler
             .addIdentityToKeyStore(identity, logger);
             identities.put(identity.getName(), identity);

java/src/main/java/com/cybersource/ws/client/Utility.java

@@ -48,7 +48,7 @@ private Utility() {
     /**
      * Version number of this release.
      */
-    public static final String VERSION = "6.2.5";
+    public static final String VERSION = "6.2.6";
 
     /**
      * If in the Request map, a key called "_has_escapes" is present and is set

java/src/main/java/com/cybersource/ws/client/XMLClient.java

@@ -355,11 +355,12 @@ private static void setVersionInformation(Document request, String nsURI) {
      * @return signed document.
      * @throws SignException if signing fails.
      * @throws SignEncryptException 
+     * @throws ConfigException 
      */
     private static Document soapWrapAndSign(
             Document doc, MerchantConfig mc, DocumentBuilder builder,
             LoggerWrapper logger)
-            throws SignException, SignEncryptException {
+            throws SignException, SignEncryptException, ConfigException {
     	boolean logSignedData = mc.getLogSignedData();
 
     	if (!logSignedData) {

java/src/main/resources/cybs.properties

@@ -54,6 +54,11 @@ enableLog=true
 logDirectory=../../logs
 logMaximumSize=10
 
+# If this property is set to false then the p12 certificate of a merchant will be reloaded  
+# every time a transaction is made  
+
+certificateCacheEnabled=true
+
 # Optional proxy server settings
 #proxyHost=<-- Set the Proxy Host-->
 #proxyPort=< -- Set the Proxy port-->

java/src/test/java/com/cybersource/ws/client/IdentityTest.java

@@ -6,6 +6,7 @@
 
 import static org.junit.Assert.*;
 
+import java.io.File;
 import java.io.InputStream;
 import java.security.Principal;
 import java.security.PrivateKey;
@@ -29,15 +30,21 @@ public void setUp() throws Exception {
     }
 
     @Test
-    public void testSetUpMerchant() throws InstantiationException, IllegalAccessException, SignException{
-    	String keyAlias = "CN="+config.getMerchantID()+",SERIALNUMBER=400000009910179089277";
+    public void testSetUpMerchant() throws InstantiationException, IllegalAccessException, SignException, ConfigException{
+    	File p12file = Mockito.mock(File.class);
+    	MerchantConfig mc = Mockito.mock(MerchantConfig.class);
+    	
+    	String keyAlias = "CN="+mc.getMerchantID()+",SERIALNUMBER=400000009910179089277";
     	X509Certificate x509Cert = Mockito.mock(X509Certificate.class);
     	Principal principal =  Mockito.mock(Principal.class);
     	PrivateKey pkey = Mockito.mock(PrivateKey.class);
+    	Logger logger = Mockito.mock(Logger.class);
     	Mockito.when(x509Cert.getSubjectDN()).thenReturn(principal);
     	Mockito.when(principal.getName()).thenReturn(keyAlias);
-    	Identity identity = new Identity(config,x509Cert,pkey);
-    	assertEquals(identity.getName(), config.getMerchantID());
+    	
+    	Mockito.when(mc.getKeyFile()).thenReturn(p12file);
+    	Identity identity = new Identity(mc,x509Cert,pkey,logger);
+    	assertEquals(identity.getName(), mc.getMerchantID());
     	assertEquals(identity.getSerialNumber(), "400000009910179089277");
     	assertNotNull(identity.getPrivateKey());
     }
@@ -47,9 +54,10 @@ public void testsetUpServer() throws InstantiationException, IllegalAccessExcept
     	String keyAlias = "CN=CyberSource_SJC_US,SERIALNUMBER=400000009910179089277";
     	X509Certificate x509Cert = Mockito.mock(X509Certificate.class);
     	Principal principal =  Mockito.mock(Principal.class);
+    	Logger logger = Mockito.mock(Logger.class);
     	Mockito.when(x509Cert.getSubjectDN()).thenReturn(principal);
     	Mockito.when(principal.getName()).thenReturn(keyAlias);
-    	Identity identity = new Identity(config,x509Cert);
+    	Identity identity = new Identity(config,x509Cert,logger);
     	assertEquals(identity.getName(), "CyberSource_SJC_US");
     	assertEquals(identity.getSerialNumber(), "400000009910179089277");
     	assertNull(identity.getPrivateKey());