Merge pull request #149 from mahendya1002/future

Merging code for below changes.

1) SDK vulnerability issue for httpclient3.1 version
2) Separate out connection and socket timeout prop. Right now both are set via timeout property in case of jdk HttpUrlConnectiona and Apache basic http client. Make sure you have backward compatibility.
3)  Set default sockettimeout(readTimeout) value to 130000ms(130secs) in cybs.properties file.
4) Http request retry is added in case of HttpPoolingClient when 'javax.net.ssl.SSLException:Connection reset' exception is thrown(specific to jdk8u261 & + version refer this https://bugs.openjdk.java.net/browse/JDK-8214339)
5) Upgraded Junit lib version.
6) Make SDK exception handling better and minor code refactoring.

Author: mahendya1002

README.md

@@ -10,7 +10,7 @@ To install the `cybersource-sdk-java` from central repository, add dependency to
 <dependency>
   <groupId>com.cybersource</groupId>
   <artifactId>cybersource-sdk-java</artifactId>
-  <version>6.2.10</version>
+  <version>6.2.11</version>
 </dependency> 
 ```
 Run `mvn install` to install dependency
@@ -19,7 +19,7 @@ Run `mvn install` to install dependency
 Add the dependency to your build.gradle
 ```java
 dependencies {
-  compile 'com.cybersource:cybersource-sdk-java:6.2.10'
+  compile 'com.cybersource:cybersource-sdk-java:6.2.11'
 }
 ```
 ## Requirements
@@ -185,6 +185,25 @@ keytool -list -v -keystore <Your_keystore_name>`
 ## Message Level Encryption
 CyberSource supports Message Level Encryption (MLE) for Simple Order API. Message level encryption conforms to the SOAP Security 1.0 specification published by the OASIS standards group. 
 
+## Meta Key support
+Meta Key is a key generated by an entity that can be used to authenticate on behalf of other entities provided that the entity which holds key is a parent entity or associated as a partner.
+
+SOAPI Java SDK supports meta key by default. Additional details regarding cybs.properties.
+
+    merchantID=  <comment/remove this line> 
+    keysDirectory=<Directory where P12 is present>
+    keyAlias=<Refers to the portfolio>
+    keyPassword=<Password of p12>
+    targetAPIVersion=<latest API version, refer here https://ics2ws.ic3.com/commerce/1.x/transactionProcessor>
+    keyFilename= <metakey downloaded from portfolio MID>
+ 
+ Auth sample payload:
+  
+    merchantID=<meta_2232323> <Refers to the Child transactional MID>
+    ccAuthService_run=true
+    merchantReferenceCode=MRC-14344 
+    billTo_firstName=John
+
 ### Authentication Details
     Message level encryption authenticates using the same mechanism as signed SOAP messages. The signature creation involves utilizing the merchants private key which combined with a hash of the message to be signed, can be validated with the merchants certificate and the message which was signed. 
     The merchant certificate is included in the SOAP message for both signature and message level encryption. Message level encryption, encrypts a temporary message key for a specific recipient. This is done by encrypting the temporary message key with the recipient’s public certificate. Therefore only the party holding the private key (CyberSource) can decrypt the temporary message key. The merchant sending the request must be a valid merchant for the environment which the message is being processed in. After validating the merchant and retrieving the CyberSource copy of the merchant certificate from our database, these additional authentication steps are performed:
@@ -213,22 +232,30 @@ Retry Pattern allows to retry sending a failed request and it will only work wit
       The XML Security project is aimed at providing implementation of security standards for XML,supports XML-Signature Syntax and Processing,XML Encryption Syntax and Processing, and supports XML Digital Signature APIs.
     4. org.apache.commons:commons-lang3:3.4
       Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.
-    5. commons-httpclient:commons-httpclient:3.1
-      Provides a framework by which new request types (methods) or HTTP extensions can be created easily.
-    6. commons-logging:commons-logging:jar:1.1.1
+    5. commons-logging:commons-logging:jar:1.1.1
       This is getting downloaded as compile time dependency of wss4j:1.6.19.Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.
-    7. org.slf4j:slf4j-api:1.7.21 and org.slf4j:slf4j-jcl:1.7.21
+    6. org.slf4j:slf4j-api:1.7.21 and org.slf4j:slf4j-jcl:1.7.21
       slf4j-api is getting used as a dependency for wss4j. Modified to latest version.
-    8. junit:junit:4.12
+    7. junit:junit:4.13.1
       JUnit is a unit testing framework for Java.
-    9. org.mockito:mockito-all:1.10.19
+    8. org.mockito:mockito-all:1.10.19
       Mock objects library for java  
-    10. org.apache.httpcomponents:httpclient:4.5.11
+    9. org.apache.httpcomponents:httpclient:4.5.13
        Provides reusable components for client-side authentication, HTTP state management, and HTTP connection management. It is used for poolinghttpclientconnectionmanager feature.
-
+    10. org.apache.httpcomponents:httpcore:4.4.13
+       Provides low level HTTP transport components that can be used to build custom client and server side HTTP services with a minimal footprint.
 
 ## Changes
 _______________________________
+Version Cybersource-sdk-java 6.2.11 (JUNE,2020)
+_______________________________
+    1)Exception handling improvement.
+    2)Upgrading Apache's basic http client functionality.
+    3)Upgrading org.apache.httpcomponents:httpclient:4.5.11 to org.apache.httpcomponents:httpclient:4.5.13 because of CVE-2020-13956 vulnerability.
+    4)ReadMe changes for meta key support.
+    5)Http request retry is added in case of HttpPoolingClient when 'javax.net.ssl.SSLException:Connection reset' exception is thrown(specific to jdk8u251 & + version refer this https://bugs.openjdk.java.net/browse/JDK-8214339)
+    6)Separate out connection and socket timeout prop. Right now both are set via timeout property in case of jdk HttpUrlConnectiona and Apache basic http client.
+_______________________________
 Version Cybersource-sdk-java 6.2.10 (MAY,2020)
 _______________________________
     1)Added PoolingHttpClientConnection implementation
@@ -330,8 +357,6 @@ _______________________________
             // or 
             String stackTrace = Utility.getStackTrace(e.getInnerException() != null? e.getInnerException(): e);      
         }
-        
-   
       
 ## Documentation
 - For more information about CyberSource services, see <https://www.cybersource.com/en-us/support/technical-documentation.html>.

java/pom.xml

@@ -219,7 +219,7 @@
       <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.12</version>
+            <version>4.13.1</version>
             <scope>test</scope>
         </dependency>
        <dependency>
@@ -235,26 +235,15 @@
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
-            <version>4.5.11</version>
+            <version>4.5.13</version>
             <exclusions>
                 <exclusion>
                     <groupId>commons-logging</groupId>
                     <artifactId>commons-logging</artifactId>
                 </exclusion>
             </exclusions>
         </dependency>
-        <dependency>
-            <groupId>commons-httpclient</groupId>
-            <artifactId>commons-httpclient</artifactId>
-            <version>3.1</version>
-            <exclusions>
-	          <exclusion>
-	            <groupId>commons-logging</groupId>
-	            <artifactId>commons-logging</artifactId>
-	          </exclusion>
-        	</exclusions>
-        </dependency>
-        <dependency>
+         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
             <version>1.61</version>

java/src/main/java/com/cybersource/ws/client/ClientException.java

@@ -26,10 +26,10 @@
  */
 public class ClientException
         extends Exception {
-    private Exception innerException = null;
+    private Exception innerException;
     private boolean critical = false;
     private int httpStatusCode = -1;
-    private String httpError = null;
+    private String httpError;
 
     /**
      *
@@ -38,6 +38,7 @@ public class ClientException
      */
     public ClientException(
             Exception _innerException, Logger logger) {
+        super(_innerException);
         innerException = _innerException;
         log(logger);
     }
@@ -52,6 +53,7 @@ public ClientException(
      */
     public ClientException(
             Exception _innerException, boolean _critical, Logger logger) {
+        super(_innerException);
         innerException = _innerException;
         critical = _critical;
         log(logger);
@@ -77,7 +79,10 @@ public ClientException(int _httpStatusCode, Logger logger) {
      */
     public ClientException(
             int _httpStatusCode, String _httpError, Logger logger) {
-        this(_httpStatusCode, logger);
+        super(_httpError);
+        httpStatusCode = _httpStatusCode;
+        critical
+                = (_httpStatusCode == HttpURLConnection.HTTP_GATEWAY_TIMEOUT);
         httpError = _httpError;
         log(logger);
     }
@@ -94,8 +99,7 @@ public ClientException(
     public ClientException(
             int _httpStatusCode, String _httpError, boolean _critical,
             Logger logger) {
-        this(_httpStatusCode, logger);
-        httpError = _httpError;
+        this(_httpStatusCode, _httpError, logger);
 
         // if critical is already true (the other constructor invoked in the
         // first line may set it to true), don't bother setting it as we don't
@@ -169,28 +173,24 @@ void log(Logger logger) {
      * @return a string representation of the object for logging purposes.
      */
     String getLogString() {
-        StringBuffer sb = new StringBuffer("ClientException details:\n");
+        StringBuilder sb = new StringBuilder("ClientException details:\n");
 
         if (critical) {
             sb.append("CRITICAL\n");
         }
 
         if (httpStatusCode != -1) {
-            sb.append("httpStatusCode = " + httpStatusCode + "\n");
+            sb.append("httpStatusCode = ").append(httpStatusCode).append("\n");
         }
 
         if (httpError != null) {
-            sb.append("httpError = " + httpError + "\n");
+            sb.append("httpError = ").append(httpError).append("\n");
         }
 
         if (innerException != null) {
-            sb.append(
-                    "innerException: \n" +
-                            Utility.getStackTrace(innerException));
+            sb.append("innerException: \n").append(Utility.getStackTrace(innerException));
         } else {
-            sb.append(
-                    "Stack trace: \n" +
-                            Utility.getStackTrace(this));
+            sb.append("Stack trace: \n").append(Utility.getStackTrace(this));
         }
 
         return (sb.toString());
@@ -204,13 +204,13 @@ String getLogString() {
     public String getMessage() {
         if (innerException != null) return innerException.getMessage();
 
-        StringBuffer sb = new StringBuffer("ClientException:");
+        StringBuilder sb = new StringBuilder("ClientException:");
         if (httpStatusCode != -1) {
-            sb.append(" (" + httpStatusCode + ")");
+            sb.append(" (").append(httpStatusCode).append(")");
         }
 
         if (httpError != null) {
-            sb.append(" " + httpError);
+            sb.append(" ").append(httpError);
         }
 
         if (critical) {

java/src/main/java/com/cybersource/ws/client/ConfigException.java

@@ -32,4 +32,8 @@ public class ConfigException extends Exception {
     public ConfigException(String message) {
         super(message);
     }
+
+    public ConfigException(String message, Throwable cause) {
+        super(message, cause);
+    }
 }

java/src/main/java/com/cybersource/ws/client/ConnectionHelper.java

@@ -18,6 +18,16 @@
 
 package com.cybersource.ws.client;
 
+import org.apache.http.HttpHost;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.CredentialsProvider;
+import org.apache.http.client.config.AuthSchemes;
+import org.apache.http.client.config.RequestConfig;
+import org.apache.http.impl.client.BasicCredentialsProvider;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.ProxyAuthenticationStrategy;
+import org.apache.http.impl.conn.DefaultProxyRoutePlanner;
 import org.bouncycastle.util.encoders.Base64;
 
 import java.io.IOException;
@@ -26,6 +36,7 @@
 import java.net.Proxy;
 import java.net.URL;
 import java.nio.charset.Charset;
+import java.util.Collections;
 
 /**
  * Helps in creating the Proxy and adding Proxy credentials to JDKHttpURLConnection.
@@ -45,12 +56,11 @@ public static boolean getDefaultUseHttpClient() {
     /**
      * Sets the timeout for HTTP Request
      * @param con - HttpURLConnection
-     * @param timeout - timeout integer value
+     * @param mc - MerchantConfig
      */
-    public static void setTimeout(HttpURLConnection con, int timeout) {
-        int timeoutInMS = timeout * 1000;
-        con.setConnectTimeout(timeoutInMS);
-        con.setReadTimeout(timeoutInMS);
+    public static void setTimeout(HttpURLConnection con, MerchantConfig mc) {
+        con.setConnectTimeout(mc.getConnectionTimeoutMs());
+        con.setReadTimeout(mc.getSocketTimeoutMs());
     }
 
     /**
@@ -108,4 +118,30 @@ private static void addProxyCredentials(
 
         }
     }
+
+    /**
+     * Set proxy by using proxy credentials to create httpclient
+     *
+     * @param httpClientBuilder
+     * @param requestConfigBuilder
+     * @param merchantConfig
+     */
+    public static void setProxy(HttpClientBuilder httpClientBuilder, RequestConfig.Builder requestConfigBuilder, MerchantConfig merchantConfig) {
+        if (merchantConfig.getProxyHost() != null) {
+            HttpHost proxy = new HttpHost(merchantConfig.getProxyHost(), merchantConfig.getProxyPort());
+            DefaultProxyRoutePlanner routePlanner = new DefaultProxyRoutePlanner(proxy);
+            httpClientBuilder.setRoutePlanner(routePlanner);
+
+            if (merchantConfig.getProxyUser() != null) {
+                httpClientBuilder.setProxyAuthenticationStrategy(new ProxyAuthenticationStrategy());
+                requestConfigBuilder.setProxyPreferredAuthSchemes(Collections.singletonList(AuthSchemes.BASIC));
+
+                CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
+                credentialsProvider.setCredentials(AuthScope.ANY,
+                        new UsernamePasswordCredentials(merchantConfig.getProxyUser(), merchantConfig.getProxyPassword()));
+
+                httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
+            }
+        }
+    }
 }

java/src/main/java/com/cybersource/ws/client/FaultException.java

@@ -27,9 +27,9 @@
 public class FaultException
         extends Exception {
     private final Document faultDocument;
-    private String faultCode = null;
-    private String faultString = null;
-    private String requestID = null;
+    private String faultCode;
+    private String faultString;
+    private String requestID;
     private boolean critical = true;
 
     /**
@@ -106,7 +106,7 @@ private void extractFields(String nsURI) {
             faultCode
                     = Utility.getElementText(faultDocument, "faultcode", null);
 
-            int colonPos = faultCode.indexOf(":");
+            int colonPos = faultCode!=null? faultCode.indexOf(":"): -1;
             String localPart
                     = (colonPos != -1)
                     ? faultCode.substring(colonPos + 1)
@@ -133,14 +133,14 @@ void log(Logger logger) {
      * @return a string representation of the object for logging purposes.
      */
     String getLogString() {
-        StringBuffer sb = new StringBuffer("FaultException details:\n");
+        StringBuilder sb = new StringBuilder("FaultException details:\n");
 
         if (critical) {
             sb.append("CRITICAL\n");
         }
 
         if (requestID != null) {
-            sb.append("requestID = " + requestID + "\n");
+            sb.append("requestID = ").append(requestID).append("\n");
         }
 
         sb.append(Utility.nodeToString(faultDocument));
@@ -154,13 +154,13 @@ String getLogString() {
      * @return a description of the exception.
      */
     public String getMessage() {
-        StringBuffer sb = new StringBuffer("Fault:");
+        StringBuilder sb = new StringBuilder("Fault:");
         if (faultString != null) {
-            sb.append(" " + faultString);
+            sb.append(" ").append(faultString);
         }
 
         if (requestID != null) {
-            sb.append(" (requestID=" + requestID + ")");
+            sb.append(" (requestID=").append(requestID).append(")");
         }
 
         if (critical) {