Merge pull request #105 from CyberSource/future

Future

Author: mahendya1002

README.md

@@ -1,6 +1,6 @@
 # CyberSource Simple Order API for Java
 
-[![Build Status](https://travis-ci.org/CyberSource/cybersource-sdk-java.png?branch=master)](https://travis-ci.org/CyberSource/cybersource-sdk-java)
+[![Build Status](https://travis-ci.org/CyberSource/cybersource-sdk-java.png?branch=future)](https://travis-ci.org/CyberSource/cybersource-sdk-java)
 
 ## Package Managers
 
@@ -10,7 +10,7 @@ To install the `cybersource-sdk-java` from central repository, add dependency to
 <dependency>
   <groupId>com.cybersource</groupId>
   <artifactId>cybersource-sdk-java</artifactId>
-  <version>6.2.5</version>
+  <version>6.2.6</version>
 </dependency> 
 ```
 Run `mvn install` to install dependency
@@ -19,7 +19,7 @@ Run `mvn install` to install dependency
 Add the dependency to your build.gradle
 ```java
 dependencies {
-  compile 'com.cybersource:cybersource-sdk-java:6.2.5'
+  compile 'com.cybersource:cybersource-sdk-java:6.2.6'
 }
 ```
 ## Requirements
@@ -58,9 +58,10 @@ You do not need to download and build the source to use the SDK but if you want
       - `sendToProduction` is initially set to false. Set it to true only when you are ready to send live transactions.
     - Set `sendToAkamai` config parameter with toggle value "true/false" to turn on/off routing requests through Akamai to Cybersource. By default, it is set to true.
     - `serverURL` config parameter will take precedence over `sendToProduction` and `sendToAkamai` config parameters. By default the `serverURL` configuration is commented out.
-    - if `enablejdkcert` parameter is set to true, certificates will be read from the JKS file specified at keysDirectory location. The JKS file should be of the same name as specified in keyFilename.
+    - If `enableJdkcert` parameter is set to true, certificates will be read from the JKS file specified at keysDirectory location. The JKS file should be of the same name as specified in keyFilename.
       - To know how to convert p12 to JKS refer the JKS creation section of this document.
-    - `enableCacerts` property is considered only if `enablejdkcert` is set to true. If `enableCacerts` is set to true, certificates will be read from the cacerts folder under the JDK.
+    - If 'enableCacert' property parameter is set to true, certificates will be read from the cacerts file specified at keysDirectory location.If keysDirectory path is not set,certificate will be loaded from Java Installation cacerts file. The cacerts file should be of the same name as specified in keyFilename.
+    - If `certificateCacheEnabled` parameter is set to false (default is true), the p12 certificate of a merchant will be reloaded from filesystem every time a transaction is made 
     - `allowRetry` config parameter will only work for HttpClient. Set `allowRetry` config parameter to "true" to enable retry mechanism and set merchant specific values for the retry.
     - Set integer values for config parameter `numberOfRetries` *and* `retryInterval`. Retry Interval is time delay for next retry in seconds.
       - Number of retry parameter should be set between 1 to 5. Any other value will throw an Error Message.
@@ -136,7 +137,8 @@ keytool -list -v -keystore <Your_keystore_name>`
 - It should have two entries.
   - The first entry should contain a chain of two certificates - `CyberSourceCertAuth` and <Merchant_ID> with alias name <Merchant_ID>
   - Second entry should be for `CyberSource_SJC_US` certificate with alias name as CyberSource_SJC_US
-
+  
+  
 ## Message Level Encryption
 CyberSource supports Message Level Encryption (MLE) for Simple Order API. Message level encryption conforms to the SOAP Security 1.0 specification published by the OASIS standards group. 
 
@@ -181,6 +183,12 @@ Retry Pattern allows to retry sending a failed request and it will only work wit
 
 ## Changes
 
+Version Cybersource-sdk-java 6.2.6 (MAY,2018)
+_______________________________
+  1) Added certificateCacheEnabled optional feature. certificateCacheEnabled parameter is set to false (default is true), the p12 certificate of a merchant will be reloaded from filesystem every time a transaction is made.If the certificateCacheEnabled is true then only at the first time certificate of a merchant will loaded from filesystem.
+  2) Intreduced a new feature to check merchant .p12 certificate file validity at run time. If it is replaced at runtime then SDK will reload the new certificate into the cache.
+  3) Changed clientLibrary version to 6.2.6;
+
 Version Cybersource-sdk-java 6.2.5 (OCT,2017)
 _______________________________
   1) Merchant cert to be read from JAVA key store. Flag is added to enable reading cert from Java keystore.

java/src/main/java/com/cybersource/ws/client/Client.java

@@ -212,12 +212,13 @@ private static void setVersionInformation(Map<String, String> request) {
      * @throws SignException if signing fails.
      * @throws SAXException 
      * @throws SignEncryptException 
+     * @throws ConfigException 
      */
     private static Document soapWrapAndSign(
             Map request, MerchantConfig mc, DocumentBuilder builder,
             LoggerWrapper logger)
             throws
-            IOException, SignException, SAXException, SignEncryptException {
+            IOException, SignException, SAXException, SignEncryptException, ConfigException {
         boolean logSignedData = mc.getLogSignedData();
         if (!logSignedData) {
             logger.log(

java/src/main/java/com/cybersource/ws/client/Identity.java

@@ -9,6 +9,7 @@
  */
 package com.cybersource.ws.client;
 
+import java.io.File;
 import java.security.PrivateKey;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
@@ -35,9 +36,13 @@ public class Identity {
     private PrivateKey privateKey;
 
     private MerchantConfig merchantConfig;
+
+	private long lastModifiedDate;
 
     private static final String SERVER_ALIAS = "CyberSource_SJC_US";
 
+    private Logger logger = null;
+    
     /**
      * Creates an Identity instance.this type of the instance can
      * only be used to store server certificate identity.
@@ -46,10 +51,13 @@ public class Identity {
      * @param x509Certificate
      * @throws SignException
      */
-    public Identity(MerchantConfig merchantConfig,X509Certificate x509Certificate) throws SignException {
+    public Identity(MerchantConfig merchantConfig,X509Certificate x509Certificate,Logger logger) throws SignException {
         this.merchantConfig = merchantConfig;
         this.x509Cert=x509Certificate;
-        if(merchantConfig.isJdkCertEnabled()){
+        if(this.logger == null){
+        	this.logger=logger;
+        }
+        if(merchantConfig.isJdkCertEnabled() || merchantConfig.isCacertEnabled()){
             setupJdkServerCerts();
         }
         else{
@@ -89,13 +97,42 @@ else if (subjectDNrray.length == 2 && subjectDNrray[1].contains(SERVER_ALIAS)) {
      * @param privateKey
      * @throws SignException
      */
-    public Identity(MerchantConfig merchantConfig,X509Certificate x509Certificate, PrivateKey privateKey) throws SignException {
+    public Identity(MerchantConfig merchantConfig,X509Certificate x509Certificate, PrivateKey privateKey,Logger logger) throws SignException {
         this.merchantConfig = merchantConfig;
         this.x509Cert = x509Certificate;
         this.privateKey = privateKey;
+        if(this.logger == null){
+        	this.logger=logger;
+        }
+        try {
+			this.lastModifiedDate=merchantConfig.getKeyFile().lastModified();
+		} catch (ConfigException e) {
+			
+			logger.log(Logger.LT_EXCEPTION,
+                    "Identity object ,cannot instantiate with key file lastModifiedDate. "
+                    + e.getMessage());
+         throw new SignException("Exception While initializing the merchant identity constructor with keyfile last modified date"+e.getMessage());
+		}
         setUpMerchant();
     }
 
+    /**
+     * If merchant uploads a new key then isValid method will return false and certificate reload will happen.
+     * else isValid method will return true and certificate reload will not occur.
+    */
+    
+	public boolean isValid(File keyFile) {
+		
+		boolean changeKeyFileStatus=(this.lastModifiedDate == keyFile.lastModified());
+
+		if (!changeKeyFileStatus) {
+
+			logger.log(Logger.LT_INFO, "Key file changed");
+			logger.log(Logger.LT_INFO, "Timestamp of current key file:"+keyFile.lastModified());	
+		}
+		return changeKeyFileStatus;
+	}
+    
     private void setUpMerchant() throws SignException {
         if (serialNumber == null && x509Cert != null) {
             String subjectDN = x509Cert.getSubjectDN().getName();
@@ -234,5 +271,4 @@ public String toString() {
         + serialNumber + ",expiration=" + expireStr+ " }";
 	   }
 
-	   
 }

java/src/main/java/com/cybersource/ws/client/MerchantConfig.java

@@ -66,6 +66,7 @@ public class MerchantConfig {
     private String cacertPassword;
     private String customHttpClass;
     private boolean customHttpClassEnabled;
+    private boolean certificateCacheEnabled; 
 
     public String getcustomHttpClass() {
 		return customHttpClass;
@@ -83,8 +84,7 @@ public boolean isCustomHttpClassEnabled() {
     private int numberOfRetries = 0;
     private long retryInterval  = 0;
     private boolean allowRetry=true;
-    
-    
+
     // getter methods
     public boolean getUseSignAndEncrypted() { return useSignAndEncrypted; }
 
@@ -183,6 +183,10 @@ public String getProxyPassword() {
         return proxyPassword != null ? proxyPassword : "";
     }
 
+    public boolean isCertificateCacheEnabled() {  
+        return certificateCacheEnabled;  
+    }  
+    
     /**
      * Returns the effective server URL to which the request will be sent.
      * If a serverURL is specified, then that is what is returned.
@@ -271,6 +275,7 @@ public MerchantConfig(Properties _props, String _merchantID)
         enableCacert=getBooleanProperty(merchantID, "enableCacert", false);
         cacertPassword=getProperty(merchantID,"cacertPassword","changeit");
         customHttpClassEnabled=getBooleanProperty(merchantID,"customHttpClassEnabled",false);
+        certificateCacheEnabled=getBooleanProperty(merchantID,"certificateCacheEnabled",true); 
         // compute and store effective namespace URI
 
         if (namespaceURI == null && targetAPIVersion == null) {
@@ -324,6 +329,14 @@ public MerchantConfig(Properties _props, String _merchantID)
                 throw new ConfigException("Invalid value of numberOfRetries and/or retryInterval");
             }
         }
+		if(isCacertEnabled()){
+        	if(StringUtils.isBlank(keysDirectory)){
+        		keysDirectory = System.getProperty("java.home") + "/lib/security".replace('/', File.separatorChar);
+        	}
+        	if(StringUtils.isBlank(keyFilename)){
+        		keyFilename = "cacerts";
+        	}
+      }
     }
 
     /**
@@ -495,6 +508,7 @@ public String getLogString() {
             }
         }
         appendPair(sb, "useSignAndEncrypted", useSignAndEncrypted);
+        appendPair(sb, "certificateCacheEnabled", certificateCacheEnabled);
         return (sb.toString());
     }
 
@@ -580,4 +594,5 @@ public boolean isJdkCertEnabled() {
     public String getCacertPassword(){
         return cacertPassword;
     }
+	
 }