Merge pull request #45 from mahendya/future

Upgraded 3rd party dependencies jars to latest stable versions

Author: shamirwasia

README.md

@@ -11,7 +11,7 @@ To install the cybersource-sdk-java from central repository,add dependency to yo
         <dependency>
             <groupId>com.cybersource</groupId>
             <artifactId>cybersource-sdk-java</artifactId>
-            <version>6.2.1</version>
+            <version>6.2.2</version>
         </dependency> 
 ````
  Run mvn install, to install dependency
@@ -20,7 +20,7 @@ To install the cybersource-sdk-java from central repository,add dependency to yo
 Add the dependency to your build.gradle
 ````
 dependencies {
-    compile 'com.cybersource:cybersource-sdk-java:6.2.1'
+    compile 'com.cybersource:cybersource-sdk-java:6.2.2'
     }
 ````
 ##Requirements

java/pom.xml

@@ -177,53 +177,49 @@
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.11</version>
+            <version>4.12</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>commons-httpclient</groupId>
             <artifactId>commons-httpclient</artifactId>
-            <version>3.0.1</version>
+            <version>3.1</version>
+            <exclusions>
+	          <exclusion>
+	            <groupId>commons-logging</groupId>
+	            <artifactId>commons-logging</artifactId>
+	          </exclusion>
+        	</exclusions>
         </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>
-            <artifactId>bcprov-jdk16</artifactId>
-            <version>1.45</version>
+            <artifactId>bcprov-jdk15on</artifactId>
+            <version>1.55</version>
         </dependency>
         <dependency>
-            <groupId>wss4j</groupId>
+            <groupId>org.apache.ws.security</groupId>
             <artifactId>wss4j</artifactId>
-            <version>1.5.0</version>
-        </dependency>        
-        <dependency>
-            <groupId>xml-security</groupId>
-            <artifactId>xmlsec</artifactId>
-            <version>1.3.0</version>
-        </dependency>
-        <dependency>
-            <groupId>xalan</groupId>
-            <artifactId>xalan</artifactId>
-            <version>2.7.0</version>
-        </dependency>
+            <version>1.6.19</version>
+        </dependency>     
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.7</version>
+            <version>1.7.21</version>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-jcl</artifactId>
-            <version>1.7.7</version>
+            <version>1.7.21</version>
         </dependency>
         <dependency>
-            <groupId>commons-lang</groupId>
-            <artifactId>commons-lang</artifactId>
-            <version>2.6</version>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.4</version>
         </dependency>
         <dependency>
       	    <groupId>org.mockito</groupId>
             <artifactId>mockito-all</artifactId>
-            <version>1.8.5</version>
+            <version>1.10.19</version>
             <scope>test</scope>
         </dependency>
     </dependencies>

java/src/main/java/com/cybersource/ws/client/Client.java

@@ -33,7 +33,6 @@
 import java.io.StringReader;
 import java.text.MessageFormat;
 import java.util.HashMap;
-import java.util.Iterator;
 import java.util.Map;
 import java.util.Properties;
 
@@ -182,7 +181,6 @@ private static Document soapWrapAndSign(
                     Logger.LT_REQUEST,
                     mapToString(request, true, PCI.REQUEST));
         }
-        Document doc;
 
         // wrap in SOAP envelope
         Object[] arguments
@@ -201,14 +199,14 @@ private static Document soapWrapAndSign(
         if ( !mc.getUseSignAndEncrypted() ) {
             // sign Document object
             logger.log(Logger.LT_INFO, "Signing request...");
-            resultDocument = handler.createSignedDoc(wrappedDoc,mc.getMerchantID(),null);
+            resultDocument = handler.createSignedDoc(wrappedDoc,mc.getMerchantID(),mc.getKeyPassword(),null);
             if (logSignedData) {
                 logger.log(Logger.LT_REQUEST,
                         Utility.nodeToString(resultDocument, PCI.REQUEST));
             }
         } else {
             logger.log(Logger.LT_INFO, "Signing and encrypting request...");
-            resultDocument = handler.handleMessageCreation(wrappedDoc,mc.getMerchantID());
+            resultDocument = handler.handleMessageCreation(wrappedDoc,mc.getMerchantID(),mc.getKeyPassword());
             if (logSignedData) {
                 logger.log(Logger.LT_REQUEST,XMLUtils.PrettyDocumentToString(resultDocument));
             }

java/src/main/java/com/cybersource/ws/client/SignedAndEncryptedMessageHandler.java

@@ -1,16 +1,11 @@
 package com.cybersource.ws.client;
 
-
-
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSEncryptionPart;
 import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.conversation.ConversationException;
-import org.apache.ws.security.message.WSSecDKEncrypt;
-import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.message.WSSecEncrypt;
 import org.apache.ws.security.message.WSSecHeader;
 import org.apache.ws.security.message.WSSecSignature;
-import org.apache.xml.security.signature.XMLSignature;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.w3c.dom.Document;
 
@@ -27,7 +22,7 @@
 import java.util.Collections;
 import java.util.Enumeration;
 import java.util.List;
-import java.util.Vector;
+
 
 /**
  * Created by jeaton on 3/1/2016.
@@ -42,6 +37,11 @@ public class SignedAndEncryptedMessageHandler extends BaseMessageHandler {
 
     private static final String SERVER_ALIAS = "CyberSource_SJC_US";
 
+    // By default signature algorithm is set to null and during WSSecSignature build() Signature algorithm will set to "http://www.w3.org/2000/09/xmldsig#rsa-sha1" .
+    public static final String SIGNATURE_ALGORITHM = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
+    // By default digest algorithm is set to "http://www.w3.org/2000/09/xmldsig#sha1"
+    public static final String DIGEST_ALGORITHM = "http://www.w3.org/2001/04/xmlenc#sha256";
+    
 	// This is loaded by WSS4J but since we use it lets make sure its here
     static {
         Security.addProvider(new BouncyCastleProvider());
@@ -54,7 +54,6 @@ private SignedAndEncryptedMessageHandler(MerchantConfig merchantConfig, Logger l
         for(int pos=0;pos<identities.size();pos++) {
             localKeyStoreHandler.addIdentityToKeyStore(identities.get(pos));
         }
-
     }
 
     static SignedAndEncryptedMessageHandler getInstance(MerchantConfig merchantConfig, Logger logger)
@@ -114,7 +113,6 @@ private static void readAndStoreCertificateAndPrivateKey(
 
      // our p12 files do not contain an alias as a normal name, its the common name and serial number
         String merchantKeyAlias = null;
-        int certIndex = 0;
         try {
             Enumeration enumKeyStore = merchantKeyStore.aliases();
             while (enumKeyStore.hasMoreElements()) {
@@ -150,73 +148,82 @@ private static void readAndStoreCertificateAndPrivateKey(
             throw new SignException(e);
         }
 	}
-
-	public Document handleMessageCreation(Document workingDocument, String senderAlias) throws SignException,SignEncryptException{
+    
+    public Document handleMessageCreation(Document workingDocument, String senderAlias,String password) throws SignEncryptException, SignException{
         if (senderAlias == null)
             throw new SignEncryptException("SignedAndEncryptedMessageHandler - handleMessageCreation," +
-                    " specified identity is null");
-
-        WSSecHeader secHeader = new WSSecHeader();
-        secHeader.insertSecurityHeader(workingDocument);
-
-        //EncryptedKey
-        WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
-        encrKeyBuilder.setUserInfo(SERVER_ALIAS);
-        encrKeyBuilder.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
+                    " senderAlias is null");
+
+	    WSSecHeader secHeader = new WSSecHeader();
+	    try {
+	      secHeader.insertSecurityHeader(workingDocument);
+	    } catch (WSSecurityException e) {
+	        logger.log(Logger.LT_EXCEPTION, "Exception while adding docuemnt in soap securiy header for MLE");
+	        throw new SignException(e);
+	    }
+
+        WSSecEncrypt encrBuilder = new WSSecEncrypt();
+        //Set the user name to get the encryption certificate. 
+        //The public key of this certificate is used, thus no password necessary. The user name is a keystore alias usually.
+        encrBuilder.setUserInfo(SERVER_ALIAS);
 
-        try {
-            encrKeyBuilder.prepare(workingDocument, localKeyStoreHandler);
-        } catch (WSSecurityException e) {
-        	logger.log(Logger.LT_EXCEPTION, "Key builder failed to create keys for , '" + senderAlias + "'" + " with " + SERVER_ALIAS);
-            throw new SignEncryptException(e.getMessage(), e);
-        }
-
-        byte[] ek = encrKeyBuilder.getEphemeralKey();
-        String tokenIdentifier = encrKeyBuilder.getId();
-
-        //Create signed document
-        Document signedDoc = createSignedDoc(workingDocument,senderAlias,secHeader);
+        /*This is to reference a public key or certificate when signing or encrypting a SOAP message.
+        *The following valid values for these configuration items are:
+		*IssuerSerial (default),DirectReference[BST],X509KeyIdentifier,Thumbprint,SKIKeyIdentifier,KeyValue (signature only),EncryptedKeySHA1 (encryption only)
+        */
+        encrBuilder.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
 
-        WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt();
+        //This encryption algorithm is used to encrypt the data. 
         encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_256);
-        encrBuilder.setExternalKey(ek, tokenIdentifier);
-        Document signedEncryptedDoc = null;
+        
+        //Sets the algorithm to encode the symmetric key. Default is the WSConstants.KEYTRANSPORT_RSAOEP algorithm.
+        //encrBuilder.setKeyEnc(WSConstants.KEYTRANSPORT_RSAOEP);
 
-        try {
-            signedEncryptedDoc = encrBuilder.build(signedDoc,localKeyStoreHandler, secHeader);
-        } catch (WSSecurityException e) {
-        	logger.log(Logger.LT_EXCEPTION, "Failed while encrypting signed requeest for , '" + senderAlias + "'" + " with " + SERVER_ALIAS);
-            throw new SignEncryptException(e.getMessage(), e);
-        }
+        
+        //Create signed document
+        Document signedDoc = createSignedDoc(workingDocument,senderAlias,password,secHeader);
 
-        encrKeyBuilder.prependToHeader(secHeader);
-        encrKeyBuilder.prependBSTElementToHeader(secHeader);
-       return signedEncryptedDoc;
+        Document signedEncryptedDoc;
+		try {
+			//Builds the SOAP envelope with encrypted Body and adds encrypted key.
+	        // If no external key (symmetricalKey) was set ,generate an encryption
+	        // key (session key) for this Encrypt element. This key will be
+	        // encrypted using the public key of the receiver
+			signedEncryptedDoc = encrBuilder.build(signedDoc, localKeyStoreHandler, secHeader);
+		} catch (WSSecurityException e) {
+			logger.log(Logger.LT_EXCEPTION, "Failed while encrypting signed requeest for , '" + senderAlias + "'" + " with " + SERVER_ALIAS);
+			throw new SignEncryptException(e.getMessage(), e);
+		}
+        encrBuilder.prependToHeader(secHeader);
+        return signedEncryptedDoc;
     }
-
-	public Document createSignedDoc(Document workingDocument,String senderAlias, WSSecHeader secHeader) throws SignException {
+	
+	public Document createSignedDoc(Document workingDocument,String senderAlias, String password,WSSecHeader secHeader) throws SignException {
 
 		if(secHeader==null){
+			try {
         	secHeader = new WSSecHeader();
         	secHeader.insertSecurityHeader(workingDocument);
+			} catch (WSSecurityException e) {
+	            logger.log(Logger.LT_EXCEPTION, "Exception while signing XML document");
+	            throw new SignException(e);
+	        }
     	}
-		
 		WSSecSignature sign = new WSSecSignature();
-	    sign.setUserInfo(senderAlias, senderAlias);
-	    sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA256);
+		sign.setUserInfo(senderAlias, password);
+	    sign.setDigestAlgo(DIGEST_ALGORITHM);
+	    sign.setSignatureAlgorithm(SIGNATURE_ALGORITHM);
 	    sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
 	    sign.setUseSingleCertificate(true);
 
 	    //Set which parts of the message to encrypt/sign.
 	    WSEncryptionPart msgBodyPart = new WSEncryptionPart(WSConstants.ELEM_BODY, WSConstants.URI_SOAP11_ENV, "");
-        sign.setParts(new Vector(Collections.singletonList(msgBodyPart)));
+	    sign.setParts(Collections.singletonList(msgBodyPart));
 		try {
 	        return sign.build(workingDocument, localKeyStoreHandler, secHeader);
 		} catch (WSSecurityException e) {
 	        logger.log(Logger.LT_EXCEPTION, "Failed while signing requeest for , '" + senderAlias + "'");
 	        throw new SignException(e.getMessage());
 	   }
 	}
-
-
 }

java/src/main/java/com/cybersource/ws/client/Utility.java

@@ -18,7 +18,7 @@
 
 package com.cybersource.ws.client;
 
-import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.StringEscapeUtils;
 import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -48,7 +48,7 @@ private Utility() {
     /**
      * Version number of this release.
      */
-    public static final String VERSION = "6.2.1";
+    public static final String VERSION = "6.2.2";
 
     /**
      * If in the Request map, a key called "_has_escapes" is present and is set
@@ -428,7 +428,7 @@ public static String mapToString(Map src, boolean mask, int type) {
         // themselves.
         return (("1".equals(hasEscapes) ||
                 "true".equalsIgnoreCase(hasEscapes))
-                ? dest.toString() : StringEscapeUtils.escapeXml((dest.toString())));
+                ? dest.toString() : StringEscapeUtils.escapeXml11((dest.toString())));
     }
 
 

java/src/main/java/com/cybersource/ws/client/XMLClient.java

@@ -368,15 +368,15 @@ private static Document soapWrapAndSign(
         if ( !mc.getUseSignAndEncrypted() ) {
         	// sign wrapped Document object
             logger.log(Logger.LT_INFO, "Signing request...");
-            resultDocument = handler.createSignedDoc(wrappedDoc,mc.getMerchantID(),null);
+            resultDocument = handler.createSignedDoc(wrappedDoc,mc.getMerchantID(),mc.getKeyPassword(),null);
             if (logSignedData) {
                 logger.log(Logger.LT_REQUEST,
                         Utility.nodeToString(resultDocument, PCI.REQUEST));
             }
         } else {
         	// sign and encrypt wrapped Document object
             logger.log(Logger.LT_INFO, "Signing and encrypting request...");
-            resultDocument = handler.handleMessageCreation(wrappedDoc,mc.getMerchantID());
+            resultDocument = handler.handleMessageCreation(wrappedDoc,mc.getMerchantID(),mc.getKeyPassword());
             if (logSignedData) {
                 logger.log(Logger.LT_REQUEST,XMLUtils.PrettyDocumentToString(resultDocument));
             }

java/src/main/resources/cybs.properties

@@ -7,7 +7,7 @@ targetAPIVersion=<-- API Version Number -->
 # the following flags can be used to control the endpoint to which requests will be sent. 
 # Set sendToProduction=true to send requests to Cybersource production environment.
 # Set sendToAkamai=true to send requests through Akamai to Cybersource.
-# If serverURL is provided then it takes presedence over the above settings. By default
+# If serverURL is provided then it takes precedence over the above settings. By default
 # the serverURL config is commented out.
 sendToProduction=<-- Set it to true for Production -->
 sendToAkamai=<-- Set it to true for Akamai -->

java/src/test/java/com/cybersource/ws/client/ApacheWssjSignatureIT.java

@@ -109,14 +109,14 @@ public void setup() throws Exception{
 
     @Test
     public void testSoapWrapAndSign() throws Exception {
-    	Document doc = handler.createSignedDoc(wrappedDoc,config.getMerchantID(),null);
+    	Document doc = handler.createSignedDoc(wrappedDoc,config.getMerchantID(),config.getKeyPassword(),null);
         NodeList signatureElement = doc.getElementsByTagName("wsse:Security");
         assert (signatureElement.getLength() >= 1);
     }
 
     @Test
     public void testSoapWrapSignedAndEncrypt() throws Exception {
-    	Document doc = handler.handleMessageCreation(wrappedDoc, config.getMerchantID());
+    	Document doc = handler.handleMessageCreation(wrappedDoc, config.getMerchantID(),config.getKeyPassword());
         NodeList signatureElement = doc.getElementsByTagName("xenc:EncryptedKey");
         assert (signatureElement.getLength() >= 1);
         assertEquals("Id", signatureElement.item(0).getAttributes().item(0).getLocalName());

java/src/test/java/com/cybersource/ws/client/ClientIT.java

@@ -66,7 +66,7 @@ public void testRunTransaction() throws Exception {
         requestMap.put("purchaseTotals_currency", "USD");
         requestMap.put("item_0_unitPrice", "12.34");
         requestMap.put("item_1_unitPrice", "56.78");
-        requestMap.put("merchant_id", "your_merchant_id");
+        //requestMap.put("merchantID", "your_merchant_id");
 
 	    //Loading the properties file from src/test/resources
         Properties merchantProperties = new Properties();