modified the code in MerchantConfig,SecurityUtil java file to enable reloading of cacerts file content at runtime.Also modified README and cybs.properties file description inside

Author: ammajumd

README.md

@@ -60,8 +60,8 @@ You do not need to download and build the source to use the SDK but if you want
     - `serverURL` config parameter will take precedence over `sendToProduction` and `sendToAkamai` config parameters. By default the `serverURL` configuration is commented out.
     - if `enablejdkcert` parameter is set to true, certificates will be read from the JKS file specified at keysDirectory location. The JKS file should be of the same name as specified in keyFilename.
       - To know how to convert p12 to JKS refer the JKS creation section of this document.
-    - If `enableCacerts` is set to true, certificates will be read from the cacerts folder under the " %JAVA_HOME\jre\lib\security ".
-       Also point keysDirectory to " %JAVA_HOME\\jre\\lib\\security " and keyFilename=cacerts .
+    - If enableCacert property is enabled then it means the certificates are kept under the keysDirectory path.
+       By default, keysDirectory path is set to Java Installation cacerts location.
     - if `certificateCacheEnabled` parameter is set to false (default is true), the p12 certificate of a merchant will be reloaded from filesystem every time a transaction is made 
     - `allowRetry` config parameter will only work for HttpClient. Set `allowRetry` config parameter to "true" to enable retry mechanism and set merchant specific values for the retry.
     - Set integer values for config parameter `numberOfRetries` *and* `retryInterval`. Retry Interval is time delay for next retry in seconds.

java/src/main/java/com/cybersource/ws/client/MerchantConfig.java

@@ -330,15 +330,12 @@ public MerchantConfig(Properties _props, String _merchantID)
             }
         }
 		if(isCacertEnabled()){
-        String keyPath=this.getKeysDirectory();
-        String keysFilename=this.getKeyFilename();
-        if(!(keyPath == null)){
-        	keysDirectory=keyPath;
-        }
-        if(!(keysFilename == null)){
-        	keyFilename=keysFilename;
-        	
-        }
+        	if(StringUtils.isBlank(keysDirectory)){
+        		keysDirectory = System.getProperty("java.home") + "/lib/security".replace('/', File.separatorChar);
+        	}
+        	if(StringUtils.isBlank(keyFilename)){
+        		keyFilename = "cacerts";
+        	}
       }
     }
 

java/src/main/java/com/cybersource/ws/client/SecurityUtil.java

@@ -101,7 +101,7 @@ public static void loadMerchantP12File(MerchantConfig merchantConfig, Logger log
             }
 			else if(merchantConfig.isCacertEnabled()){
                 logger.log(Logger.LT_INFO," Loading the certificate from JRE security cacert file");
-                SecurityUtil.readJdkCert(merchantConfig,logger);
+                SecurityUtil.loadJavaKeystore(merchantConfig,logger);
             }
             else{
                 logger.log(Logger.LT_INFO,"Loading the certificate from p12 file ");
@@ -265,18 +265,11 @@ public static Document createSignedDoc(Document workingDocument,String merchantI
     }
 
 
-    public static void readJdkCert(MerchantConfig merchantConfig, Logger logger) throws SignEncryptException, SignException{
+    public static void readJdkCert(MerchantConfig merchantConfig, Logger logger) throws SignEncryptException, SignException, ConfigException{
         KeyStore keystore=null;
 
         String pass=merchantConfig.getKeyPassword();
 
-        if (merchantConfig.isCacertEnabled()){
-            String path = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar);
-            loadJavaKeystore(path, merchantConfig,logger);
-            
-        }
-        
-        else{
             try{
             	FileInputStream is = new FileInputStream(merchantConfig.getKeyFile());
                 keystore = KeyStore.getInstance(KeyStore.getDefaultType());
@@ -326,13 +319,13 @@ public static void readJdkCert(MerchantConfig merchantConfig, Logger logger) thr
                 logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                 throw new SignException(e);
             }
-        }
+        
    	}
 
-    private static void loadJavaKeystore(String keystore_location, MerchantConfig merchantConfig,Logger logger) throws SignException, SignEncryptException{
+    private static void loadJavaKeystore(MerchantConfig merchantConfig,Logger logger) throws SignException, SignEncryptException, ConfigException{
         FileInputStream is = null;
         try {
-            File file = new File(keystore_location);
+            File file = new File(merchantConfig.getKeyFile().getCanonicalPath());
             is = new FileInputStream(file);
             KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
             String password = merchantConfig.getCacertPassword();

java/src/main/resources/cybs.properties

@@ -32,13 +32,12 @@ retryInterval=5
 #customHttpClassEnabled=
 #customHttpClass=
 
-# If This property is set to true then the p12 certificate must be stored in JKS format
-# program will read it from there. If it is set to false then the certificate will be read from 
-# the location specified above from the key directory location
+# If enableJdkCert property is set to true then the p12 certificate must be stored in JKS format.
+# program will read it from keysDirectory path.
 enableJdkCert=false
 
-# if Cacert property is enabled then it means the certificates are kept under the cacert folder of JDK
-# And it will read from JDK cert.
+# If enableCacert property is enabled then it means the certificates are kept under the keysDirectory path. 
+# By default, keysDirectory path set to Java Installation cacerts location
 enableCacert=false
 # Enter the password for cacert file. Default password for JDK cacert is changeit
 cacertPassword=

java/src/test/resources/test_cybs.properties

@@ -30,13 +30,12 @@ retryInterval=5
 #customHttpClassEnabled=
 #customHttpClass=
 
-# If This property is set to true then the p12 certificate must be stored in JKS format
-# program will read it from there. If it is set to false then the certificate will be read from 
-# the location specified above from the key directory location
+# If enableJdkCert property is set to true then the p12 certificate must be stored in JKS format.
+# program will read it from keysDirectory path.
 enableJdkCert=false
 
-# if Cacert property is enabled then it means the certificates are kept under the cacert folder of JDK
-# And it will read from JDK cert.
+# If enableCacert property is enabled then it means the certificates are kept under the keysDirectory path. 
+# By default, keysDirectory path set to Java Installation cacerts location
 enableCacert=false
 # Enter the password for cacert file. Default password for JDK cacert is changeit
 cacertPassword=

samples/nvp/cybs.properties

@@ -33,13 +33,12 @@ retryInterval=5
 #customHttpClassEnabled=
 #customHttpClass=
 
-# If This property is set to true then the p12 certificate must be stored in JKS format
-# program will read it from there. If it is set to false then the certificate will be read from 
-# the location specified above from the key directory location
+# If enableJdkCert property is set to true then the p12 certificate must be stored in JKS format.
+# program will read it from keysDirectory path.
 enableJdkCert=false
 
-# if Cacert property is enabled then it means the certificates are kept under the cacert folder of JDK
-# And it will read from JDK cert.
+# If enableCacert property is enabled then it means the certificates are kept under the keysDirectory path. 
+# By default, keysDirectory path set to Java Installation cacerts location
 enableCacert=false
 # Enter the password for cacert file. Default password for JDK cacert is changeit
 cacertPassword=

samples/xml/cybs.properties

@@ -33,13 +33,12 @@ retryInterval=5
 #customHttpClassEnabled=
 #customHttpClass=
 
-# If This property is set to true then the p12 certificate must be stored in JKS format
-# program will read it from there. If it is set to false then the certificate will be read from 
-# the location specified above from the key directory location
+# If enableJdkCert property is set to true then the p12 certificate must be stored in JKS format.
+# program will read it from keysDirectory path.
 enableJdkCert=false
 
-# if Cacert property is enabled then it means the certificates are kept under the cacert folder of JDK
-# And it will read from JDK cert.
+# If enableCacert property is enabled then it means the certificates are kept under the keysDirectory path. 
+# By default, keysDirectory path set to Java Installation cacerts location
 enableCacert=false
 # Enter the password for cacert file. Default password for JDK cacert is changeit
 cacertPassword=