Merge pull request #101 from ammajumd/future

Now user can load jks or cacerts file at runtime similar like p12 file

Author: mahendya1002

README.md

@@ -58,9 +58,9 @@ You do not need to download and build the source to use the SDK but if you want
       - `sendToProduction` is initially set to false. Set it to true only when you are ready to send live transactions.
     - Set `sendToAkamai` config parameter with toggle value "true/false" to turn on/off routing requests through Akamai to Cybersource. By default, it is set to true.
     - `serverURL` config parameter will take precedence over `sendToProduction` and `sendToAkamai` config parameters. By default the `serverURL` configuration is commented out.
-    - if `enablejdkcert` parameter is set to true, certificates will be read from the JKS file specified at keysDirectory location. The JKS file should be of the same name as specified in keyFilename.
+    - if `enableJdkcert` parameter is set to true, certificates will be read from the JKS file specified at keysDirectory location. The JKS file should be of the same name as specified in keyFilename.
       - To know how to convert p12 to JKS refer the JKS creation section of this document.
-    - `enableCacerts` property is considered only if `enablejdkcert` is set to true. If `enableCacerts` is set to true, certificates will be read from the cacerts folder under the JDK.
+    - If 'enableCacert' property parameter is set to true, certificates will be read from the cacerts file specified at keysDirectory location.If keysDirectory path is not set,certificate will be loaded from Java Installation cacerts file. The cacerts file should be of the same name as specified in keyFilename.
     - if `certificateCacheEnabled` parameter is set to false (default is true), the p12 certificate of a merchant will be reloaded from filesystem every time a transaction is made 
     - `allowRetry` config parameter will only work for HttpClient. Set `allowRetry` config parameter to "true" to enable retry mechanism and set merchant specific values for the retry.
     - Set integer values for config parameter `numberOfRetries` *and* `retryInterval`. Retry Interval is time delay for next retry in seconds.
@@ -137,7 +137,8 @@ keytool -list -v -keystore <Your_keystore_name>`
 - It should have two entries.
   - The first entry should contain a chain of two certificates - `CyberSourceCertAuth` and <Merchant_ID> with alias name <Merchant_ID>
   - Second entry should be for `CyberSource_SJC_US` certificate with alias name as CyberSource_SJC_US
-
+  
+  
 ## Message Level Encryption
 CyberSource supports Message Level Encryption (MLE) for Simple Order API. Message level encryption conforms to the SOAP Security 1.0 specification published by the OASIS standards group. 
 

java/src/main/java/com/cybersource/ws/client/Identity.java

@@ -57,7 +57,7 @@ public Identity(MerchantConfig merchantConfig,X509Certificate x509Certificate,Lo
         if(this.logger == null){
         	this.logger=logger;
         }
-        if(merchantConfig.isJdkCertEnabled()){
+        if(merchantConfig.isJdkCertEnabled() || merchantConfig.isCacertEnabled()){
             setupJdkServerCerts();
         }
         else{

java/src/main/java/com/cybersource/ws/client/MerchantConfig.java

@@ -329,6 +329,14 @@ public MerchantConfig(Properties _props, String _merchantID)
                 throw new ConfigException("Invalid value of numberOfRetries and/or retryInterval");
             }
         }
+		if(isCacertEnabled()){
+        	if(StringUtils.isBlank(keysDirectory)){
+        		keysDirectory = System.getProperty("java.home") + "/lib/security".replace('/', File.separatorChar);
+        	}
+        	if(StringUtils.isBlank(keyFilename)){
+        		keyFilename = "cacerts";
+        	}
+      }
     }
 
     /**

java/src/main/java/com/cybersource/ws/client/SecurityUtil.java

@@ -98,6 +98,10 @@ public static void loadMerchantP12File(MerchantConfig merchantConfig, Logger log
             if(merchantConfig.isJdkCertEnabled()){
                 logger.log(Logger.LT_INFO," Loading the certificate from JDK Cert");
                 SecurityUtil.readJdkCert(merchantConfig,logger);
+            }
+			else if(merchantConfig.isCacertEnabled()){
+                logger.log(Logger.LT_INFO," Loading the certificate from JRE security cacert file");
+                SecurityUtil.loadJavaKeystore(merchantConfig,logger);
             }
             else{
                 logger.log(Logger.LT_INFO,"Loading the certificate from p12 file ");
@@ -261,21 +265,13 @@ public static Document createSignedDoc(Document workingDocument,String merchantI
     }
 
 
-    public static void readJdkCert(MerchantConfig merchantConfig, Logger logger) throws SignEncryptException, SignException{
+    public static void readJdkCert(MerchantConfig merchantConfig, Logger logger) throws SignEncryptException, SignException, ConfigException{
         KeyStore keystore=null;
 
-        String path=merchantConfig.getKeysDirectory()+"/"+merchantConfig.getKeyFilename();
         String pass=merchantConfig.getKeyPassword();
 
-        if (merchantConfig.isCacertEnabled()){
-            path = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar);
-            loadJavaKeystore(path, merchantConfig,logger);
-            
-        }
-        
-        else{
             try{
-                FileInputStream is = new FileInputStream(path);
+            	FileInputStream is = new FileInputStream(merchantConfig.getKeyFile());
                 keystore = KeyStore.getInstance(KeyStore.getDefaultType());
                 keystore.load(is, pass.toCharArray());
             }
@@ -323,13 +319,13 @@ public static void readJdkCert(MerchantConfig merchantConfig, Logger logger) thr
                 logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                 throw new SignException(e);
             }
-        }
+        
    	}
 
-    private static void loadJavaKeystore(String keystore_location, MerchantConfig merchantConfig,Logger logger) throws SignException, SignEncryptException{
+    private static void loadJavaKeystore(MerchantConfig merchantConfig,Logger logger) throws SignException, SignEncryptException, ConfigException{
         FileInputStream is = null;
         try {
-            File file = new File(keystore_location);
+            File file = new File(merchantConfig.getKeyFile().getCanonicalPath());
             is = new FileInputStream(file);
             KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
             String password = merchantConfig.getCacertPassword();

java/src/main/resources/cybs.properties

@@ -32,13 +32,12 @@ retryInterval=5
 #customHttpClassEnabled=
 #customHttpClass=
 
-# If This property is set to true then the p12 certificate must be stored in JKS format
-# program will read it from there. If it is set to false then the certificate will be read from 
-# the location specified above from the key directory location
+# If enableJdkCert property is set to true then the p12 certificate must be stored in JKS format.
+# program will read it from keysDirectory path.
 enableJdkCert=false
 
-# if Cacert property is enabled then it means the certificates are kept under the cacert folder of JDK
-# And it will read from JDK cert. This property will be considered only if enableJDKcert is set to true.
+# If 'enableCacert' property parameter is set to true, certificates will be read from the cacerts file specified at keysDirectory      location. 
+# If keysDirectory path is not set,certificate will be loaded from Java Installation cacerts file. The cacerts file should be of the same name as specified in keyFilename.
 enableCacert=false
 # Enter the password for cacert file. Default password for JDK cacert is changeit
 cacertPassword=

java/src/test/resources/test_cybs.properties

@@ -30,13 +30,12 @@ retryInterval=5
 #customHttpClassEnabled=
 #customHttpClass=
 
-# If This property is set to true then the p12 certificate must be stored in JKS format
-# program will read it from there. If it is set to false then the certificate will be read from 
-# the location specified above from the key directory location
+# If enableJdkCert property is set to true then the p12 certificate must be stored in JKS format.
+# program will read it from keysDirectory path.
 enableJdkCert=false
 
-# if Cacert property is enabled then it means the certificates are kept under the cacert folder of JDK
-# And it will read from JDK cert. This property will be considered only if enableJDKcert is set to true.
+# If 'enableCacert' property parameter is set to true, certificates will be read from the cacerts file specified at keysDirectory location. 
+# If keysDirectory path is not set,certificate will be loaded from Java Installation cacerts file. The cacerts file should be of the same name as specified in keyFilename.
 enableCacert=false
 # Enter the password for cacert file. Default password for JDK cacert is changeit
 cacertPassword=

samples/nvp/cybs.properties

@@ -33,13 +33,12 @@ retryInterval=5
 #customHttpClassEnabled=
 #customHttpClass=
 
-# If This property is set to true then the p12 certificate must be stored in JKS format
-# program will read it from there. If it is set to false then the certificate will be read from 
-# the location specified above from the key directory location
+# If enableJdkCert property is set to true then the p12 certificate must be stored in JKS format.
+# program will read it from keysDirectory path.
 enableJdkCert=false
 
-# if Cacert property is enabled then it means the certificates are kept under the cacert folder of JDK
-# And it will read from JDK cert. This property will be considered only if enableJDKcert is set to true.
+# If 'enableCacert' property parameter is set to true, certificates will be read from the cacerts file specified at keysDirectory location. 
+# If keysDirectory path is not set,certificate will be loaded from Java Installation cacerts file. The cacerts file should be of the same name as specified in keyFilename.
 enableCacert=false
 # Enter the password for cacert file. Default password for JDK cacert is changeit
 cacertPassword=

samples/xml/cybs.properties

@@ -33,13 +33,12 @@ retryInterval=5
 #customHttpClassEnabled=
 #customHttpClass=
 
-# If This property is set to true then the p12 certificate must be stored in JKS format
-# program will read it from there. If it is set to false then the certificate will be read from 
-# the location specified above from the key directory location
+# If enableJdkCert property is set to true then the p12 certificate must be stored in JKS format.
+# program will read it from keysDirectory path.
 enableJdkCert=false
 
-# if Cacert property is enabled then it means the certificates are kept under the cacert folder of JDK
-# And it will read from JDK cert. This property will be considered only if enableJDKcert is set to true.
+# If 'enableCacert' property parameter is set to true, certificates will be read from the cacerts file specified at keysDirectory location. 
+# If keysDirectory path is not set,certificate will be loaded from Java Installation cacerts file. The cacerts file should be of the same name as specified in keyFilename.
 enableCacert=false
 # Enter the password for cacert file. Default password for JDK cacert is changeit
 cacertPassword=

zip/README

@@ -63,10 +63,10 @@ Refer to our Developer's Guide for details <http://apps.cybersource.com/library/
 
     h. "serverURL" config parameter will take precedence over sendToProduction and sendToAkamai config parameters. By default the "serverURL" configuration is commented out. 
 
-    i. if `enablejdkcert` parameter is set to true, certificates will be read from the JKS file specified at keysDirectory location. The JKS file should be of the same name as specified in keyFilename.
+    i. if `enableJdkcert` parameter is set to true, certificates will be read from the JKS file specified at keysDirectory location. The JKS file should be of the same name as specified in keyFilename.
 	To convert p12 to JKS refer to the JKS creation section.
 
-    j. `cacerts` property is considered only if `enablejdkcert` is set to true. If `cacerts` is set to true, certificates will be read from the cacerts folder under the JDK. 
+    j. - If 'enableCacert' property parameter is set to true, certificates will be read from the cacerts file specified at keysDirectory location.If keysDirectory path is not set,certificate will be loaded from Java Installation cacerts file. The cacerts file should be of the same name as specified in keyFilename.
 
     k. "allowRetry" config parameter will only work for HttpClient. Set allowRetry config parameter to "true" to enable retry mechanism and set merchant specific values for the retry. 
        Set integer values for config parameter numberOfRetries & retryInterval. Retry Interval is time delay for next retry in seconds. number of retry parameter should be set between