Merge pull request #156 from CyberSource/future

Merge future branch to master

Author: mahendya1002

README.md

@@ -1,6 +1,6 @@
 # CyberSource Simple Order API for Java
 
-[![Build Status](https://travis-ci.org/CyberSource/cybersource-sdk-java.png?branch=master)](https://travis-ci.org/CyberSource/cybersource-sdk-java)
+[![Build Status](https://travis-ci.org/CyberSource/cybersource-sdk-java.png?branch=future)](https://travis-ci.org/CyberSource/cybersource-sdk-java)
 
 ## Package Managers
 
@@ -10,7 +10,7 @@ To install the `cybersource-sdk-java` from central repository, add dependency to
 <dependency>
   <groupId>com.cybersource</groupId>
   <artifactId>cybersource-sdk-java</artifactId>
-  <version>6.2.10</version>
+  <version>6.2.11</version>
 </dependency> 
 ```
 Run `mvn install` to install dependency
@@ -19,7 +19,7 @@ Run `mvn install` to install dependency
 Add the dependency to your build.gradle
 ```java
 dependencies {
-  compile 'com.cybersource:cybersource-sdk-java:6.2.10'
+  compile 'com.cybersource:cybersource-sdk-java:6.2.11'
 }
 ```
 ## Requirements
@@ -78,8 +78,11 @@ You do not need to download and build the source to use the SDK but if you want
 
             Note: This number cannot be greater than Maximum Total Connections and every connection created here also counts into Maximum Total Connections.
          - `connectionRequestTimeoutMs` Time taken in milliseconds to get connection request from the pool. If it times out, it will throw error as Timeout waiting for connection from pool
-         - `connectionTimeoutMs` Specifies the number of milliseconds to wait while a connection is being established.
-         - `socketTimeoutMs` Specifies the time waiting for data – after establishing the connection; maximum time of inactivity between two data packets. Recommanded valut is 130000 (in ms).
+         - `connectionTimeoutMs` Specifies the number of milliseconds to wait while a connection is being established. With 6.2.11 release onwards, this property can be used for basic 
+            apache http client and JDK provided HttpUrlConnection implementation as well while keeping the backward compatibility with 'timeout' property.
+         - `socketTimeoutMs` Specifies the time waiting for data – after establishing the connection; maximum time of inactivity between two data packets. 
+            With 6.2.11 release onwards, this property can be used for basic apache http client and JDK provided HttpUrlConnection implementation as well while keeping the 
+            backward compatibility with 'timeout' property.
          - `evictThreadSleepTimeMs` Specifies time duration in milliseconds between "sweeps" by the "idle connection" evictor thread. 
             This thread will check if any idle/expired/stale connections are available in pool and evict it.
          - `maxKeepAliveTimeMs` Specifies the time duration in milliseconds that a connection can be idle before it is evicted from the pool.
@@ -185,6 +188,25 @@ keytool -list -v -keystore <Your_keystore_name>`
 ## Message Level Encryption
 CyberSource supports Message Level Encryption (MLE) for Simple Order API. Message level encryption conforms to the SOAP Security 1.0 specification published by the OASIS standards group. 
 
+## Meta Key support
+Meta Key is a key generated by an entity that can be used to authenticate on behalf of other entities provided that the entity which holds key is a parent entity or associated as a partner.
+
+SOAPI Java SDK supports meta key by default. Additional details regarding cybs.properties.
+
+    merchantID=  <comment/remove this line> 
+    keysDirectory=<Directory where P12 is present>
+    keyAlias=<Refers to the portfolio>
+    keyPassword=<Password of p12>
+    targetAPIVersion=<latest API version, refer here https://ics2ws.ic3.com/commerce/1.x/transactionProcessor>
+    keyFilename= <metakey downloaded from portfolio MID>
+ 
+ Auth sample payload:
+  
+    merchantID=<meta_2232323> <Refers to the Child transactional MID>
+    ccAuthService_run=true
+    merchantReferenceCode=MRC-14344 
+    billTo_firstName=John
+
 ### Authentication Details
     Message level encryption authenticates using the same mechanism as signed SOAP messages. The signature creation involves utilizing the merchants private key which combined with a hash of the message to be signed, can be validated with the merchants certificate and the message which was signed. 
     The merchant certificate is included in the SOAP message for both signature and message level encryption. Message level encryption, encrypts a temporary message key for a specific recipient. This is done by encrypting the temporary message key with the recipient’s public certificate. Therefore only the party holding the private key (CyberSource) can decrypt the temporary message key. The merchant sending the request must be a valid merchant for the environment which the message is being processed in. After validating the merchant and retrieving the CyberSource copy of the merchant certificate from our database, these additional authentication steps are performed:
@@ -213,22 +235,30 @@ Retry Pattern allows to retry sending a failed request and it will only work wit
       The XML Security project is aimed at providing implementation of security standards for XML,supports XML-Signature Syntax and Processing,XML Encryption Syntax and Processing, and supports XML Digital Signature APIs.
     4. org.apache.commons:commons-lang3:3.4
       Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.
-    5. commons-httpclient:commons-httpclient:3.1
-      Provides a framework by which new request types (methods) or HTTP extensions can be created easily.
-    6. commons-logging:commons-logging:jar:1.1.1
+    5. commons-logging:commons-logging:jar:1.1.1
       This is getting downloaded as compile time dependency of wss4j:1.6.19.Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.
-    7. org.slf4j:slf4j-api:1.7.21 and org.slf4j:slf4j-jcl:1.7.21
+    6. org.slf4j:slf4j-api:1.7.21 and org.slf4j:slf4j-jcl:1.7.21
       slf4j-api is getting used as a dependency for wss4j. Modified to latest version.
-    8. junit:junit:4.12
+    7. junit:junit:4.13.1
       JUnit is a unit testing framework for Java.
-    9. org.mockito:mockito-all:1.10.19
+    8. org.mockito:mockito-all:1.10.19
       Mock objects library for java  
-    10. org.apache.httpcomponents:httpclient:4.5.11
+    9. org.apache.httpcomponents:httpclient:4.5.13
        Provides reusable components for client-side authentication, HTTP state management, and HTTP connection management. It is used for poolinghttpclientconnectionmanager feature.
-
+    10. org.apache.httpcomponents:httpcore:4.4.13
+       Provides low level HTTP transport components that can be used to build custom client and server side HTTP services with a minimal footprint.
 
 ## Changes
 _______________________________
+Version Cybersource-sdk-java 6.2.11 (MAY,2020)
+_______________________________
+    1)Exception handling improvement.
+    2)Upgrading Apache's basic http client functionality.
+    3)Upgrading org.apache.httpcomponents:httpclient:4.5.11 to org.apache.httpcomponents:httpclient:4.5.13 because of CVE-2020-13956 vulnerability.
+    4)ReadMe changes for meta key support.
+    5)Http request retry is added in case of HttpPoolingClient when 'javax.net.ssl.SSLException:Connection reset' exception is thrown(specific to jdk8u251 & + version refer this https://bugs.openjdk.java.net/browse/JDK-8214339)
+    6)Separate out connection and socket timeout prop. Right now both are set via timeout property in case of jdk HttpUrlConnectiona and Apache basic http client.
+_______________________________
 Version Cybersource-sdk-java 6.2.10 (MAY,2020)
 _______________________________
     1)Added PoolingHttpClientConnection implementation
@@ -330,8 +360,6 @@ _______________________________
             // or 
             String stackTrace = Utility.getStackTrace(e.getInnerException() != null? e.getInnerException(): e);      
         }
-        
-   
       
 ## Documentation
 - For more information about CyberSource services, see <https://www.cybersource.com/en-us/support/technical-documentation.html>.

java/pom.xml

@@ -219,7 +219,7 @@
       <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.12</version>
+            <version>4.13.1</version>
             <scope>test</scope>
         </dependency>
        <dependency>
@@ -235,26 +235,15 @@
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
-            <version>4.5.11</version>
+            <version>4.5.13</version>
             <exclusions>
                 <exclusion>
                     <groupId>commons-logging</groupId>
                     <artifactId>commons-logging</artifactId>
                 </exclusion>
             </exclusions>
         </dependency>
-        <dependency>
-            <groupId>commons-httpclient</groupId>
-            <artifactId>commons-httpclient</artifactId>
-            <version>3.1</version>
-            <exclusions>
-	          <exclusion>
-	            <groupId>commons-logging</groupId>
-	            <artifactId>commons-logging</artifactId>
-	          </exclusion>
-        	</exclusions>
-        </dependency>
-        <dependency>
+         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
             <version>1.61</version>

java/src/main/java/com/cybersource/ws/client/ClientException.java

@@ -26,10 +26,10 @@
  */
 public class ClientException
         extends Exception {
-    private Exception innerException = null;
+    private Exception innerException;
     private boolean critical = false;
     private int httpStatusCode = -1;
-    private String httpError = null;
+    private String httpError;
 
     /**
      *
@@ -38,6 +38,7 @@ public class ClientException
      */
     public ClientException(
             Exception _innerException, Logger logger) {
+        super(_innerException);
         innerException = _innerException;
         log(logger);
     }
@@ -52,6 +53,7 @@ public ClientException(
      */
     public ClientException(
             Exception _innerException, boolean _critical, Logger logger) {
+        super(_innerException);
         innerException = _innerException;
         critical = _critical;
         log(logger);
@@ -77,7 +79,10 @@ public ClientException(int _httpStatusCode, Logger logger) {
      */
     public ClientException(
             int _httpStatusCode, String _httpError, Logger logger) {
-        this(_httpStatusCode, logger);
+        super(_httpError);
+        httpStatusCode = _httpStatusCode;
+        critical
+                = (_httpStatusCode == HttpURLConnection.HTTP_GATEWAY_TIMEOUT);
         httpError = _httpError;
         log(logger);
     }
@@ -94,8 +99,7 @@ public ClientException(
     public ClientException(
             int _httpStatusCode, String _httpError, boolean _critical,
             Logger logger) {
-        this(_httpStatusCode, logger);
-        httpError = _httpError;
+        this(_httpStatusCode, _httpError, logger);
 
         // if critical is already true (the other constructor invoked in the
         // first line may set it to true), don't bother setting it as we don't
@@ -169,28 +173,24 @@ void log(Logger logger) {
      * @return a string representation of the object for logging purposes.
      */
     String getLogString() {
-        StringBuffer sb = new StringBuffer("ClientException details:\n");
+        StringBuilder sb = new StringBuilder("ClientException details:\n");
 
         if (critical) {
             sb.append("CRITICAL\n");
         }
 
         if (httpStatusCode != -1) {
-            sb.append("httpStatusCode = " + httpStatusCode + "\n");
+            sb.append("httpStatusCode = ").append(httpStatusCode).append("\n");
         }
 
         if (httpError != null) {
-            sb.append("httpError = " + httpError + "\n");
+            sb.append("httpError = ").append(httpError).append("\n");
         }
 
         if (innerException != null) {
-            sb.append(
-                    "innerException: \n" +
-                            Utility.getStackTrace(innerException));
+            sb.append("innerException: \n").append(Utility.getStackTrace(innerException));
         } else {
-            sb.append(
-                    "Stack trace: \n" +
-                            Utility.getStackTrace(this));
+            sb.append("Stack trace: \n").append(Utility.getStackTrace(this));
         }
 
         return (sb.toString());
@@ -204,13 +204,13 @@ String getLogString() {
     public String getMessage() {
         if (innerException != null) return innerException.getMessage();
 
-        StringBuffer sb = new StringBuffer("ClientException:");
+        StringBuilder sb = new StringBuilder("ClientException:");
         if (httpStatusCode != -1) {
-            sb.append(" (" + httpStatusCode + ")");
+            sb.append(" (").append(httpStatusCode).append(")");
         }
 
         if (httpError != null) {
-            sb.append(" " + httpError);
+            sb.append(" ").append(httpError);
         }
 
         if (critical) {

java/src/main/java/com/cybersource/ws/client/ConfigException.java

@@ -32,4 +32,8 @@ public class ConfigException extends Exception {
     public ConfigException(String message) {
         super(message);
     }
+
+    public ConfigException(String message, Throwable cause) {
+        super(message, cause);
+    }
 }

java/src/main/java/com/cybersource/ws/client/ConnectionHelper.java

@@ -18,6 +18,16 @@
 
 package com.cybersource.ws.client;
 
+import org.apache.http.HttpHost;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.CredentialsProvider;
+import org.apache.http.client.config.AuthSchemes;
+import org.apache.http.client.config.RequestConfig;
+import org.apache.http.impl.client.BasicCredentialsProvider;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.ProxyAuthenticationStrategy;
+import org.apache.http.impl.conn.DefaultProxyRoutePlanner;
 import org.bouncycastle.util.encoders.Base64;
 
 import java.io.IOException;
@@ -26,6 +36,7 @@
 import java.net.Proxy;
 import java.net.URL;
 import java.nio.charset.Charset;
+import java.util.Collections;
 
 /**
  * Helps in creating the Proxy and adding Proxy credentials to JDKHttpURLConnection.
@@ -45,12 +56,11 @@ public static boolean getDefaultUseHttpClient() {
     /**
      * Sets the timeout for HTTP Request
      * @param con - HttpURLConnection
-     * @param timeout - timeout integer value
+     * @param mc - MerchantConfig
      */
-    public static void setTimeout(HttpURLConnection con, int timeout) {
-        int timeoutInMS = timeout * 1000;
-        con.setConnectTimeout(timeoutInMS);
-        con.setReadTimeout(timeoutInMS);
+    public static void setTimeout(HttpURLConnection con, MerchantConfig mc) {
+        con.setConnectTimeout(mc.getConnectionTimeoutMs());
+        con.setReadTimeout(mc.getSocketTimeoutMs());
     }
 
     /**
@@ -108,4 +118,30 @@ private static void addProxyCredentials(
 
         }
     }
+
+    /**
+     * Set proxy by using proxy credentials to create httpclient
+     *
+     * @param httpClientBuilder
+     * @param requestConfigBuilder
+     * @param merchantConfig
+     */
+    public static void setProxy(HttpClientBuilder httpClientBuilder, RequestConfig.Builder requestConfigBuilder, MerchantConfig merchantConfig) {
+        if (merchantConfig.getProxyHost() != null) {
+            HttpHost proxy = new HttpHost(merchantConfig.getProxyHost(), merchantConfig.getProxyPort());
+            DefaultProxyRoutePlanner routePlanner = new DefaultProxyRoutePlanner(proxy);
+            httpClientBuilder.setRoutePlanner(routePlanner);
+
+            if (merchantConfig.getProxyUser() != null) {
+                httpClientBuilder.setProxyAuthenticationStrategy(new ProxyAuthenticationStrategy());
+                requestConfigBuilder.setProxyPreferredAuthSchemes(Collections.singletonList(AuthSchemes.BASIC));
+
+                CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
+                credentialsProvider.setCredentials(AuthScope.ANY,
+                        new UsernamePasswordCredentials(merchantConfig.getProxyUser(), merchantConfig.getProxyPassword()));
+
+                httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
+            }
+        }
+    }
 }

java/src/main/java/com/cybersource/ws/client/FaultException.java

@@ -27,9 +27,9 @@
 public class FaultException
         extends Exception {
     private final Document faultDocument;
-    private String faultCode = null;
-    private String faultString = null;
-    private String requestID = null;
+    private String faultCode;
+    private String faultString;
+    private String requestID;
     private boolean critical = true;
 
     /**
@@ -106,7 +106,7 @@ private void extractFields(String nsURI) {
             faultCode
                     = Utility.getElementText(faultDocument, "faultcode", null);
 
-            int colonPos = faultCode.indexOf(":");
+            int colonPos = faultCode!=null? faultCode.indexOf(":"): -1;
             String localPart
                     = (colonPos != -1)
                     ? faultCode.substring(colonPos + 1)
@@ -133,14 +133,14 @@ void log(Logger logger) {
      * @return a string representation of the object for logging purposes.
      */
     String getLogString() {
-        StringBuffer sb = new StringBuffer("FaultException details:\n");
+        StringBuilder sb = new StringBuilder("FaultException details:\n");
 
         if (critical) {
             sb.append("CRITICAL\n");
         }
 
         if (requestID != null) {
-            sb.append("requestID = " + requestID + "\n");
+            sb.append("requestID = ").append(requestID).append("\n");
         }
 
         sb.append(Utility.nodeToString(faultDocument));
@@ -154,13 +154,13 @@ String getLogString() {
      * @return a description of the exception.
      */
     public String getMessage() {
-        StringBuffer sb = new StringBuffer("Fault:");
+        StringBuilder sb = new StringBuilder("Fault:");
         if (faultString != null) {
-            sb.append(" " + faultString);
+            sb.append(" ").append(faultString);
         }
 
         if (requestID != null) {
-            sb.append(" (requestID=" + requestID + ")");
+            sb.append(" (requestID=").append(requestID).append(")");
         }
 
         if (critical) {