Merge pull request #104 from mahendya1002/future

mahendya1002 · web-flow · commit e6c6eb008026 · 2018-05-14T12:29:37.000+05:30
Checkmarx findings
diff --git a/README.md b/README.md
@@ -58,10 +58,10 @@ You do not need to download and build the source to use the SDK but if you want
       - `sendToProduction` is initially set to false. Set it to true only when you are ready to send live transactions.
     - Set `sendToAkamai` config parameter with toggle value "true/false" to turn on/off routing requests through Akamai to Cybersource. By default, it is set to true.
     - `serverURL` config parameter will take precedence over `sendToProduction` and `sendToAkamai` config parameters. By default the `serverURL` configuration is commented out.
-    - if `enableJdkcert` parameter is set to true, certificates will be read from the JKS file specified at keysDirectory location. The JKS file should be of the same name as specified in keyFilename.
+    - If `enableJdkcert` parameter is set to true, certificates will be read from the JKS file specified at keysDirectory location. The JKS file should be of the same name as specified in keyFilename.
       - To know how to convert p12 to JKS refer the JKS creation section of this document.
     - If 'enableCacert' property parameter is set to true, certificates will be read from the cacerts file specified at keysDirectory location.If keysDirectory path is not set,certificate will be loaded from Java Installation cacerts file. The cacerts file should be of the same name as specified in keyFilename.
-    - if `certificateCacheEnabled` parameter is set to false (default is true), the p12 certificate of a merchant will be reloaded from filesystem every time a transaction is made 
+    - If `certificateCacheEnabled` parameter is set to false (default is true), the p12 certificate of a merchant will be reloaded from filesystem every time a transaction is made 
     - `allowRetry` config parameter will only work for HttpClient. Set `allowRetry` config parameter to "true" to enable retry mechanism and set merchant specific values for the retry.
     - Set integer values for config parameter `numberOfRetries` *and* `retryInterval`. Retry Interval is time delay for next retry in seconds.
       - Number of retry parameter should be set between 1 to 5. Any other value will throw an Error Message.
@@ -183,10 +183,10 @@ Retry Pattern allows to retry sending a failed request and it will only work wit
 
 ## Changes
 
-Version Cybersource-sdk-java 6.2.6 (JAN,2018)
+Version Cybersource-sdk-java 6.2.6 (MAY,2018)
 _______________________________
   1) Added certificateCacheEnabled optional feature. certificateCacheEnabled parameter is set to false (default is true), the p12 certificate of a merchant will be reloaded from filesystem every time a transaction is made.If the certificateCacheEnabled is true then only at the first time certificate of a merchant will loaded from filesystem.
-  2) Intreduced a new feature to check merchant .p12 certificate file validity at run time.If it is not valid and replaced at runtime then SDK will be able to reload the new certificate data into cache.
+  2) Intreduced a new feature to check merchant .p12 certificate file validity at run time. If it is replaced at runtime then SDK will reload the new certificate into the cache.
   3) Changed clientLibrary version to 6.2.6;
 
 Version Cybersource-sdk-java 6.2.5 (OCT,2017)
diff --git a/java/src/main/java/com/cybersource/ws/client/Identity.java b/java/src/main/java/com/cybersource/ws/client/Identity.java
@@ -117,8 +117,8 @@ public Identity(MerchantConfig merchantConfig,X509Certificate x509Certificate, P
     }
     
     /**
-     * Replace of merchant certificate not happened at runtime then isValid method will return true and certificate reload will not happen.
-     * But replace of merchant certificate happened at at runtime then isValid method will return false and certificate reload will happen.
+     * If merchant uploads a new key then isValid method will return false and certificate reload will happen.
+     * else isValid method will return true and certificate reload will not occur.
     */
     
 	public boolean isValid(File keyFile) {
diff --git a/java/src/main/java/com/cybersource/ws/client/SecurityUtil.java b/java/src/main/java/com/cybersource/ws/client/SecurityUtil.java
@@ -265,142 +265,140 @@ public static Document createSignedDoc(Document workingDocument,String merchantI
     }
     
     
-    public static void readJdkCert(MerchantConfig merchantConfig, Logger logger) throws SignEncryptException, SignException, ConfigException{
-        KeyStore keystore=null;
-        
-        String pass=merchantConfig.getKeyPassword();
-        
-            try{
-            	FileInputStream is = new FileInputStream(merchantConfig.getKeyFile());
-                keystore = KeyStore.getInstance(KeyStore.getDefaultType());
-                keystore.load(is, pass.toCharArray());
-            }
-            catch (Exception e) {
-                logger.log(Logger.LT_EXCEPTION,
-                           "Failed to load the key , '" + merchantConfig.getKeyAlias() + "'");
-                throw new SignException(e);
-            }
-            
-            
-            String merchantKeyAlias = null;
-            try {
-                Enumeration enumKeyStore = keystore.aliases();
-		if(!enumKeyStore.hasMoreElements()){
-                	throw new SignException("Empty Keystore or Missing Certificate ");
-                }
-                while (enumKeyStore.hasMoreElements()) {
-                    KeyStore.PrivateKeyEntry keyEntry = null;
-                    merchantKeyAlias = (String) enumKeyStore.nextElement();
-                    if (merchantKeyAlias.contains(merchantConfig.getKeyAlias())){
-                        try {
-                            keyEntry = (KeyStore.PrivateKeyEntry) keystore.getEntry
-                            (merchantKeyAlias, new KeyStore.PasswordProtection(merchantConfig.getKeyPassword().toCharArray()));
-                        } catch (NoSuchAlgorithmException e) {
-                            logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
-                            throw new SignException(e);
-                        } catch (UnrecoverableEntryException e) {
-                            logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
-                            throw new SignException(e);
-                        } catch (KeyStoreException e) {
-                            logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
-                            throw new SignException(e);
-                        }
-                        
-                        Identity identity = new Identity(merchantConfig,(X509Certificate) keyEntry.getCertificate(),keyEntry.getPrivateKey(),logger);
-                        localKeyStoreHandler.addIdentityToKeyStore(identity, logger);
-                        identities.put(identity.getName(), identity);
-                        continue;
-                    }
-                    Identity identity = new Identity(merchantConfig, (X509Certificate) keystore.getCertificate(merchantKeyAlias),logger);
-                    localKeyStoreHandler.addIdentityToKeyStore(identity, logger);
-                    identities.put(identity.getName(), identity);
-                }
-            } catch (KeyStoreException e) {
-                logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
-                throw new SignException(e);
-            }
-        
-   	}
+	public static void readJdkCert(MerchantConfig merchantConfig, Logger logger)
+			throws SignEncryptException, SignException, ConfigException {
+		KeyStore keystore = null;
+		try {
+			FileInputStream is = new FileInputStream(merchantConfig.getKeyFile());
+			keystore = KeyStore.getInstance(KeyStore.getDefaultType());
+			keystore.load(is, merchantConfig.getKeyPassword().toCharArray());
+		} catch (Exception e) {
+			logger.log(Logger.LT_EXCEPTION, "Failed to load the key , '" + merchantConfig.getKeyAlias() + "'");
+			throw new SignException(e);
+		}
+
+		String merchantKeyAlias = null;
+		try {
+			Enumeration enumKeyStore = keystore.aliases();
+			if (!enumKeyStore.hasMoreElements()) {
+				throw new SignException("Empty Keystore or Missing Certificate ");
+			}
+			while (enumKeyStore.hasMoreElements()) {
+				KeyStore.PrivateKeyEntry keyEntry = null;
+				merchantKeyAlias = (String) enumKeyStore.nextElement();
+				if (merchantKeyAlias.contains(merchantConfig.getKeyAlias())) {
+					try {
+						keyEntry = (KeyStore.PrivateKeyEntry) keystore.getEntry(merchantKeyAlias,
+								new KeyStore.PasswordProtection(merchantConfig.getKeyPassword().toCharArray()));
+					} catch (NoSuchAlgorithmException e) {
+						logger.log(Logger.LT_EXCEPTION,
+								"Exception while obtaining private key from KeyStore with alias, '"
+										+ merchantConfig.getKeyAlias() + "'");
+						throw new SignException(e);
+					} catch (UnrecoverableEntryException e) {
+						logger.log(Logger.LT_EXCEPTION,
+								"Exception while obtaining private key from KeyStore with alias, '"
+										+ merchantConfig.getKeyAlias() + "'");
+						throw new SignException(e);
+					} catch (KeyStoreException e) {
+						logger.log(Logger.LT_EXCEPTION,
+								"Exception while obtaining private key from KeyStore with alias, '"
+										+ merchantConfig.getKeyAlias() + "'");
+						throw new SignException(e);
+					}
+
+					Identity identity = new Identity(merchantConfig, (X509Certificate) keyEntry.getCertificate(),
+							keyEntry.getPrivateKey(), logger);
+					localKeyStoreHandler.addIdentityToKeyStore(identity, logger);
+					identities.put(identity.getName(), identity);
+					continue;
+				}
+				Identity identity = new Identity(merchantConfig,
+						(X509Certificate) keystore.getCertificate(merchantKeyAlias), logger);
+				localKeyStoreHandler.addIdentityToKeyStore(identity, logger);
+				identities.put(identity.getName(), identity);
+			}
+		} catch (KeyStoreException e) {
+			logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '"
+					+ merchantConfig.getKeyAlias() + "'");
+			throw new SignException(e);
+		}
+
+	}
     
-    private static void loadJavaKeystore(MerchantConfig merchantConfig,Logger logger) throws SignException, SignEncryptException, ConfigException{
-        FileInputStream is = null;
-        try {
-            File file = new File(merchantConfig.getKeyFile().getCanonicalPath());
-            is = new FileInputStream(file);
-            KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
-            String password = merchantConfig.getCacertPassword();
-            keystore.load(is, password.toCharArray());
-            
-            Identity identity;
-            
-            java.security.cert.Certificate[] cert = keystore.getCertificateChain(merchantConfig.getKeyAlias());
-            if (cert == null) {
-                throw new SignException("Empty Keystore or Missing Certificate ");
-            }
-            PrivateKey key = null;
-            try {
-                key = (PrivateKey)keystore.getKey(merchantConfig.getKeyAlias(), merchantConfig.getKeyAlias().toCharArray());
-            } catch (UnrecoverableKeyException e) {
-                logger.log(Logger.LT_EXCEPTION,
-                           "Exception while obtaining private key from KeyStore with alias, '"
-                           + merchantConfig.getKeyAlias() + "'");
-                throw new SignException(e);
-            }
-            
-            for (int i = 0; i < cert.length; i++) {
-                
-                if (merchantConfig.getKeyAlias().equals(
-                                                        keystore.getCertificateAlias(cert[i]))) {
-                    identity = new Identity(merchantConfig,
-                                            (X509Certificate) cert[i], key,logger);
-                    localKeyStoreHandler
-                    .addIdentityToKeyStore(identity, logger);
-                    identities.put(identity.getName(), identity);
-                } else {
-                    identity = new Identity(merchantConfig,
-                                            (X509Certificate) cert[i],logger);
-                    localKeyStoreHandler
-                    .addIdentityToKeyStore(identity, logger);
-                    identities.put(identity.getName(), identity);
-                }
-            }
-            java.security.cert.Certificate serverCert = keystore.getCertificate(SERVER_ALIAS);
-	    if(serverCert == null){
-                	throw new SignException("Missing Server Certificate ");
-                }
-            identity = new Identity(merchantConfig,
-                                    (X509Certificate) serverCert,logger);
-            localKeyStoreHandler
-            .addIdentityToKeyStore(identity, logger);
-            identities.put(identity.getName(), identity);
-            
-        }
-        
-        catch (java.security.cert.CertificateException e) {
-            logger.log(Logger.LT_EXCEPTION, "Unable to load the certificate,"+ merchantConfig.getKeyFilename() + "'");
-            throw new SignException(e);
-        } catch (NoSuchAlgorithmException e) {
-            logger.log(Logger.LT_EXCEPTION, "Unable to find the certificate with the specified algorithm");
-            throw new SignException(e);
-        } catch (FileNotFoundException e) {
-            logger.log(Logger.LT_EXCEPTION, "File Not found ");
-            throw new SignException(e);
-        } catch (KeyStoreException e) {
-            logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore"+ merchantConfig.getKeyFilename() + "'");
-            throw new SignException(e);
-        } catch (IOException e) {
-            logger.log(Logger.LT_EXCEPTION, "Exception while loading KeyStore, '" + merchantConfig.getKeyFilename() + "'");
-            throw new SignException(e);
-        }finally {
-            if(null != is)
-                try {
-                    is.close();
-                } catch (IOException e) {
-                    logger.log(Logger.LT_EXCEPTION, "Exception while closing FileStream, '" + merchantConfig.getKeyFilename() + "'");
-                    throw new SignException(e);
-                }
-        }
-        
-        
-    }
+	private static void loadJavaKeystore(MerchantConfig merchantConfig, Logger logger)
+			throws SignException, SignEncryptException, ConfigException {
+		FileInputStream is = null;
+		try {
+			is = new FileInputStream(merchantConfig.getKeyFile());
+			KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
+			keystore.load(is, merchantConfig.getCacertPassword().toCharArray());
+
+			Identity identity;
+
+			java.security.cert.Certificate[] cert = keystore.getCertificateChain(merchantConfig.getKeyAlias());
+			if (cert == null) {
+				throw new SignException("Empty Keystore or Missing Certificate ");
+			}
+			PrivateKey key = null;
+			try {
+				key = (PrivateKey) keystore.getKey(merchantConfig.getKeyAlias(),
+						merchantConfig.getKeyAlias().toCharArray());
+			} catch (UnrecoverableKeyException e) {
+				logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '"
+						+ merchantConfig.getKeyAlias() + "'");
+				throw new SignException(e);
+			}
+
+			for (int i = 0; i < cert.length; i++) {
+
+				if (merchantConfig.getKeyAlias().equals(keystore.getCertificateAlias(cert[i]))) {
+					identity = new Identity(merchantConfig, (X509Certificate) cert[i], key, logger);
+					localKeyStoreHandler.addIdentityToKeyStore(identity, logger);
+					identities.put(identity.getName(), identity);
+				} else {
+					identity = new Identity(merchantConfig, (X509Certificate) cert[i], logger);
+					localKeyStoreHandler.addIdentityToKeyStore(identity, logger);
+					identities.put(identity.getName(), identity);
+				}
+			}
+			java.security.cert.Certificate serverCert = keystore.getCertificate(SERVER_ALIAS);
+			if (serverCert == null) {
+				throw new SignException("Missing Server Certificate ");
+			}
+			identity = new Identity(merchantConfig, (X509Certificate) serverCert, logger);
+			localKeyStoreHandler.addIdentityToKeyStore(identity, logger);
+			identities.put(identity.getName(), identity);
+
+		}
+
+		catch (java.security.cert.CertificateException e) {
+			logger.log(Logger.LT_EXCEPTION, "Unable to load the certificate," + merchantConfig.getKeyFilename() + "'");
+			throw new SignException(e);
+		} catch (NoSuchAlgorithmException e) {
+			logger.log(Logger.LT_EXCEPTION, "Unable to find the certificate with the specified algorithm");
+			throw new SignException(e);
+		} catch (FileNotFoundException e) {
+			logger.log(Logger.LT_EXCEPTION, "File Not found ");
+			throw new SignException(e);
+		} catch (KeyStoreException e) {
+			logger.log(Logger.LT_EXCEPTION,
+					"Exception while obtaining private key from KeyStore" + merchantConfig.getKeyFilename() + "'");
+			throw new SignException(e);
+		} catch (IOException e) {
+			logger.log(Logger.LT_EXCEPTION,
+					"Exception while loading KeyStore, '" + merchantConfig.getKeyFilename() + "'");
+			throw new SignException(e);
+		} finally {
+			if (null != is)
+				try {
+					is.close();
+				} catch (IOException e) {
+					logger.log(Logger.LT_EXCEPTION,
+							"Exception while closing FileStream, '" + merchantConfig.getKeyFilename() + "'");
+					throw new SignException(e);
+				}
+		}
+
+	}
 }
diff --git a/zip/README b/zip/README

Original file line number	Diff line number	Diff line change
`@@ -117,8 +117,8 @@ public Identity(MerchantConfig merchantConfig,X509Certificate x509Certificate, P`
`117`	`117`	`}`
`118`	`118`
`119`	`119`	`/**`
`120`		`- * Replace of merchant certificate not happened at runtime then isValid method will return true and certificate reload will not happen.`
`121`		`- * But replace of merchant certificate happened at at runtime then isValid method will return false and certificate reload will happen.`
	`120`	`+ * If merchant uploads a new key then isValid method will return false and certificate reload will happen.`
	`121`	`+ * else isValid method will return true and certificate reload will not occur.`
`122`	`122`	`*/`
`123`	`123`
`124`	`124`	`public boolean isValid(File keyFile) {`