Merge pull request #113 from CyberSource/release-march25

Release march25

Author: gnongsie

cybersource-rest-auth-netstandard/AuthenticationSdk/AuthenticationSdk/AuthenticationSdk.csproj

@@ -3,7 +3,7 @@
   <PropertyGroup>
     <TargetFramework>netstandard2.1</TargetFramework>
     <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
-    <Version>0.0.1.16</Version>
+    <Version>0.0.1.17</Version>
     <Authors>CyberSource</Authors>
     <Product>Authentication_SDK</Product>
     <Description />

cybersource-rest-auth-netstandard/AuthenticationSdk/AuthenticationSdk/authentication/jwt/JwtToken.cs

@@ -21,7 +21,8 @@ public JwtToken(MerchantConfig merchantConfig)
 
             KeyAlias = merchantConfig.KeyAlias;
             KeyPass = merchantConfig.KeyPass;
-            Certificate = Cache.FetchCachedCertificate(P12FilePath, KeyPass);
+            X509Certificate2Collection certs = Cache.FetchCachedCertificate(P12FilePath, KeyPass);
+            Certificate = Cache.GetCertBasedOnKeyAllias(certs, merchantConfig.KeyAlias);
         }
 
         public string BearerToken { get; set; }

cybersource-rest-auth-netstandard/AuthenticationSdk/AuthenticationSdk/core/Authorize.cs

@@ -63,12 +63,12 @@ public HttpToken GetSignature()
                     _logger.Debug($"Date: {signatureObj.GmtDateTime}");
                     _logger.Debug($"Host: {signatureObj.HostName}");
 
-                    //if (_merchantConfig.IsPostRequest || _merchantConfig.IsPutRequest || _merchantConfig.IsPatchRequest)
-                    //{
-                    //    _logger.Debug($"digest: {signatureObj.Digest}");
-                    //}
+                    if (_merchantConfig.IsPostRequest || _merchantConfig.IsPutRequest || _merchantConfig.IsPatchRequest)
+                    {
+                        logUtility.LogDebugMessage( _logger, $"digest: {signatureObj.Digest}");
+                    }
 
-                    //logUtility.LogDebugMessage( _logger, $"Signature : {signatureObj.SignatureParam}");
+                    logUtility.LogDebugMessage( _logger, $"Signature : {signatureObj.SignatureParam}");
 
                     return signatureObj;
                 }

cybersource-rest-auth-netstandard/AuthenticationSdk/AuthenticationSdk/core/MerchantConfig.cs

@@ -18,7 +18,7 @@ namespace AuthenticationSdk.core
     *============================================================================================*/
     public class MerchantConfig
     {
-        public MerchantConfig(IReadOnlyDictionary<string, string> merchantConfigDictionary = null)
+        public MerchantConfig(IReadOnlyDictionary<string, string> merchantConfigDictionary = null, Dictionary<string, bool> mapToControlMLEonAPI = null)
         {
             var _propertiesSetUsing = string.Empty;
 
@@ -37,7 +37,7 @@ public MerchantConfig(IReadOnlyDictionary<string, string> merchantConfigDictiona
             {
                 _propertiesSetUsing = "Dictionary Object";
 
-                SetValuesUsingDictObj(merchantConfigDictionary);
+                SetValuesUsingDictObj(merchantConfigDictionary, mapToControlMLEonAPI);
             }
             else
             {
@@ -48,7 +48,7 @@ public MerchantConfig(IReadOnlyDictionary<string, string> merchantConfigDictiona
                 {
                     _propertiesSetUsing = "App.Config File";
 
-                    SetValuesFromAppConfig(merchantConfigSection);
+                    SetValuesFromAppConfig(merchantConfigSection, mapToControlMLEonAPI);
                 }
                 else
                 {
@@ -64,6 +64,8 @@ public MerchantConfig(IReadOnlyDictionary<string, string> merchantConfigDictiona
 
             // Validations
             ValidateProperties();
+            //validate MLE configs
+            ValidateMLEProperties();
         }
 
         #region Class Properties
@@ -162,6 +164,12 @@ public MerchantConfig(IReadOnlyDictionary<string, string> merchantConfigDictiona
 
         public string PemFileDirectory { get; set; }
 
+        public bool UseMLEGlobally { get; set; }
+
+        public Dictionary<string, bool> MapToControlMLEonAPI { get; set; }
+
+        public string MleKeyAlias { get; set; }
+
         #endregion
 
         public void LogMerchantConfigurationProperties()
@@ -195,7 +203,7 @@ public void LogMerchantConfigurationProperties()
             Logger.Debug($"Merchant Configuration :\n{merchCfgLogString}");
         }
 
-        private void SetValuesFromAppConfig(NameValueCollection merchantConfigSection)
+        private void SetValuesFromAppConfig(NameValueCollection merchantConfigSection, Dictionary<string, bool> mapToControlMLEonAPI)
         {
             MerchantId = merchantConfigSection["merchantID"];
             PortfolioId = merchantConfigSection["portfolioID"];
@@ -223,9 +231,30 @@ private void SetValuesFromAppConfig(NameValueCollection merchantConfigSection)
             ProxyUsername = merchantConfigSection["proxyUsername"];
             ProxyPassword = merchantConfigSection["proxyPassword"];
             PemFileDirectory = merchantConfigSection["pemFileDirectory"];
+
+            if (merchantConfigSection["useMLEGlobally"] != null && "true".Equals(merchantConfigSection["useMLEGlobally"], StringComparison.OrdinalIgnoreCase))
+            {
+                UseMLEGlobally = bool.Parse(merchantConfigSection["useMLEGlobally"]);
+            }
+            else
+            {
+                UseMLEGlobally = false;
+            }
+            
+            MapToControlMLEonAPI = mapToControlMLEonAPI;
+
+            if (merchantConfigSection["mleKeyAlias"] != null)
+            {
+                MleKeyAlias = merchantConfigSection["mleKeyAlias"]?.Trim();
+            }
+
+            if (string.IsNullOrWhiteSpace(MleKeyAlias?.Trim()))
+            {
+                MleKeyAlias = Constants.DefaultMleAliasForCert;
+            }
         }
 
-        private void SetValuesUsingDictObj(IReadOnlyDictionary<string, string> merchantConfigDictionary)
+        private void SetValuesUsingDictObj(IReadOnlyDictionary<string, string> merchantConfigDictionary, Dictionary<string, bool> mapToControlMLEonAPI)
         {
             var key = string.Empty;
 
@@ -434,6 +463,31 @@ private void SetValuesUsingDictObj(IReadOnlyDictionary<string, string> merchantC
                     {
                         PemFileDirectory = merchantConfigDictionary["pemFileDirectory"];
                     }
+
+                    if (merchantConfigDictionary.ContainsKey("useMLEGlobally") && "true".Equals(merchantConfigDictionary["useMLEGlobally"], StringComparison.OrdinalIgnoreCase))
+                    {
+                        UseMLEGlobally = bool.Parse(merchantConfigDictionary["useMLEGlobally"]);
+                    }
+                    else
+                    {
+                        UseMLEGlobally = false;
+                    }
+
+                    if (mapToControlMLEonAPI != null)
+                    {
+                        MapToControlMLEonAPI = mapToControlMLEonAPI;
+                    }
+
+                    if (merchantConfigDictionary.ContainsKey("mleKeyAlias"))
+                    {
+                        MleKeyAlias = merchantConfigDictionary["mleKeyAlias"]?.Trim();
+                    }
+
+                    //if MleKeyAlias is null or empty or contains only whitespace then set default value
+                    if (string.IsNullOrWhiteSpace(MleKeyAlias?.Trim()))
+                    {
+                        MleKeyAlias = Constants.DefaultMleAliasForCert;
+                    }
                 }
             }
             catch (KeyNotFoundException err)
@@ -547,5 +601,29 @@ private void ValidateProperties()
                 P12Keyfilepath = $"{KeyDirectory}{pathDirectorySeparator}{KeyfileName}.p12";
             }
         }
+
+        private void ValidateMLEProperties()
+        {
+            bool mleConfigured = UseMLEGlobally;
+
+            if (MapToControlMLEonAPI != null && MapToControlMLEonAPI.Count > 0)
+            {
+                foreach (bool value in MapToControlMLEonAPI.Values)
+                {
+                    if (value)
+                    {
+                        mleConfigured = true;
+                        break;
+                    }
+                }
+            }
+
+            //if MLE=true then check for auth Type
+            if (mleConfigured && !Enumerations.AuthenticationType.JWT.ToString().Equals(AuthenticationType, StringComparison.OrdinalIgnoreCase))
+            {
+                Logger.Error("MLE is only supported in JWT auth type");
+                throw new Exception("MLE is only supported in JWT auth type");
+            }
+        }
     }
 }

cybersource-rest-auth-netstandard/AuthenticationSdk/AuthenticationSdk/util/Cache.cs

@@ -24,7 +24,13 @@ public static class Cache
 
         private static readonly string regexForFileNameFromDirectory = "(^([a-z]|[A-Z]):(?=\\\\(?![\\0-\\37<>:\"/\\\\|?*])|\\/(?![\\0-\\37<>:\"/\\\\|?*])|$)|^\\\\(?=[\\\\\\/][^\\0-\\37<>:\"/\\\\|?*]+)|^(?=(\\\\|\\/)$)|^\\.(?=(\\\\|\\/)$)|^\\.\\.(?=(\\\\|\\/)$)|^(?=(\\\\|\\/)[^\\0-\\37<>:\"/\\\\|?*]+)|^\\.(?=(\\\\|\\/)[^\\0-\\37<>:\"/\\\\|?*]+)|^\\.\\.(?=(\\\\|\\/)[^\\0-\\37<>:\"/\\\\|?*]+))((\\\\|\\/)([^\\0-\\37<>:\"/\\\\|?*]+|(\\\\|\\/)$))*()$";
 
-        public static X509Certificate2 FetchCachedCertificate(string p12FilePath, string keyPassword)
+        private class CertInfo
+        {
+            public X509Certificate2Collection Certificates { get; set; }
+            public DateTime Timestamp { get; set; }
+        }
+
+        public static X509Certificate2Collection FetchCachedCertificate(string p12FilePath, string keyPassword)
         {
             try
             {
@@ -34,30 +40,27 @@ public static X509Certificate2 FetchCachedCertificate(string p12FilePath, string
 
                     var matches = Regex.Match(p12FilePath, regexForFileNameFromDirectory);
                     var certFile = matches.Groups[11].ToString();
-
-                    if (!cache.Contains(certFile))
+                    if (!cache.Contains(certFile) || ((CertInfo)cache[certFile]).Timestamp != File.GetLastWriteTime(p12FilePath))
                     {
                         var policy = new CacheItemPolicy();
                         var filePaths = new List<string>();
                         var cachedFilePath = Path.GetFullPath(p12FilePath);
                         filePaths.Add(cachedFilePath);
                         policy.ChangeMonitors.Add(new HostFileChangeMonitor(filePaths));
+                        var certificates = new X509Certificate2Collection();
+                        certificates.Import(p12FilePath, keyPassword, X509KeyStorageFlags.PersistKeySet);
 
-                        var certificate = new X509Certificate2(p12FilePath, keyPassword);
-                        cache.Set(certFile, certificate, policy);
-                        return certificate;
-                    }
-                    else if (cache[certFile] is X509Certificate2 cachedCertificateFromP12File)
-                    {
-                        return cachedCertificateFromP12File;
-                    }
-                    else
-                    {
-                        return null;
+                        CertInfo certInfo = new CertInfo();
+                        certInfo.Certificates = certificates;
+                        certInfo.Timestamp = File.GetLastWriteTime(p12FilePath);
+
+                        cache.Set(certFile, certInfo, policy);
                     }
+                    //return all certs in p12
+                    return ((CertInfo)cache[certFile]).Certificates;
                 }
             }
-            catch (CryptographicException e)
+            catch (Exception e)
             {
                 if (e.Message.Equals("The specified network password is not correct.\r\n"))
                 {
@@ -97,5 +100,18 @@ public static RSAParameters FetchCachedRSAParameters(MerchantConfig merchantConf
                 return (RSAParameters)cache[certFile];
             }
         }
+
+        public static X509Certificate2 GetCertBasedOnKeyAllias(X509Certificate2Collection certs, String keyAlias)
+        {
+            foreach (var cert in certs)
+            {
+                if (cert.GetNameInfo(X509NameType.SimpleName, false).Equals(keyAlias, StringComparison.OrdinalIgnoreCase))
+                {
+                    return cert;
+                }
+            }
+            throw new Exception($"{Constants.ErrorPrefix} Certificate with alias {keyAlias} not found.");
+
+        }
     }
 }

cybersource-rest-auth-netstandard/AuthenticationSdk/AuthenticationSdk/util/Constants.cs

@@ -33,5 +33,13 @@ public static class Constants
         public static readonly string DeprecationPrefix = "Deprecated: ";
 
         public static readonly string P12FileDirectory = "..\\..\\Resource";
+
+        public static readonly string DefaultMleAliasForCert = "CyberSource_SJC_US";
+
+        public static readonly int CertificateExpiryDateWarningDays = 90;
+
+        public static readonly string LOG_REQUEST_BEFORE_MLE = "LOG_REQUEST_BEFORE_MLE: ";
+
+        public static readonly string LOG_REQUEST_AFTER_MLE = "LOG_REQUEST_AFTER_MLE: ";
     }
 }

cybersource-rest-auth-netstandard/AuthenticationSdk/AuthenticationSdk/util/LogUtility.cs

@@ -49,6 +49,15 @@ private void LoadSensitiveDataConfiguration()
 
         public string MaskSensitiveData(string str)
         {
+            if (str.StartsWith(Constants.LOG_REQUEST_BEFORE_MLE))
+            {
+                return Constants.LOG_REQUEST_BEFORE_MLE + MaskSensitiveData(str.Substring(Constants.LOG_REQUEST_BEFORE_MLE.Length));
+            }
+            if (str.StartsWith(Constants.LOG_REQUEST_AFTER_MLE))
+            {
+                return Constants.LOG_REQUEST_AFTER_MLE + MaskSensitiveData(str.Substring(Constants.LOG_REQUEST_AFTER_MLE.Length));
+            }
+
             bool isJsonString;
             try
             {
@@ -112,14 +121,7 @@ public void MaskSensitiveData(JObject jsonMsg)
 
         public void LogDebugMessage(Logger logger, String debugMessage)
         {
-            if (IsMaskingEnabled(logger))
-            {
-                logger.Debug(MaskSensitiveData(debugMessage));
-            }
-            else
-            {
-                logger.Debug(debugMessage);
-            }
+            logger.Debug(MaskSensitiveData(debugMessage));
         }
 
         public bool IsMaskingEnabled(Logger logger)