Giter Club home page Giter Club logo

cybersource-sdk-java's Introduction

CyberSource Simple Order API for Java

Build Status

Package Managers

Maven

To install the cybersource-sdk-java from central repository, add dependency to your application pom.xml as below.

<dependency>
  <groupId>com.cybersource</groupId>
  <artifactId>cybersource-sdk-java</artifactId>
  <version>6.2.15</version>
</dependency>

Run mvn install to install dependency

Grails/Gradle

Add the dependency to your build.gradle

dependencies {
  compile 'com.cybersource:cybersource-sdk-java:6.2.15'
}

Requirements

Prerequisites

CyberSource Evaluation account

Sign up here: http://www.cybersource.com/register/

  • Complete your Evaluation account creation by following the instructions in the Registration email

Transaction Security Keys

Create security keys in the Enterprise Business Center after you've created your Merchant Admin account.

JCE Unlimited Strength Jars

Replace your Java installation’s existing security policy files with the new ones you downloaded from the Oracle site:

  • Locate your existing US_export_policy.jar and local_policy.jar files in the $JAVA_HOME/jre/lib/security directory.
  • Rename or move your existing files to another directory.
  • Copy the new US_export_policy.jar and local_policy.jar that you downloaded from Oracle to the $JAVA_HOME/jre/lib/security directory.

Installing the SDK

You do not need to download and build the source to use the SDK but if you want to do that, follow these steps:

  • Clone this repository.
  • Go to the cybersource-sdk-java-master directory.
  • To run the integration tests, edit the test_cybs.properties and make the following changes:
    • Set merchantID, keyAlias and keyPassword to your merchantID. Please note that it is case-sensitive.
    • Set keysDirectory to the directory where your key resides. Use forward-slashes for the directory separator, even on Windows. For example, "c:/keys"
    • Uncomment & set KeyFilename if you want to use JKS file or if the p12 file name is different from Merchant_ID
    • Optional Additional Changes

      • Set targetAPIVersion to the latest version displayed at: https://ics2ws.ic3.com/commerce/1.x/transactionProcessor/. By default, it is set to the latest version when the package was created.

      • Modify the logging properties as appropriate. Use forward-slashes for the directory separator in the logDirectory value, even on Windows. The directory you specify must already exist.

      • Set useSignAndEncrypted to true, to encrypt the signed Payload.

      • Set sendToProduction config parameter with toggle value "true/false" to send requests to Cybersource production/testing environment.

        • sendToProduction is initially set to false. Set it to true only when you are ready to send live transactions.

      • Set sendToAkamai config parameter with toggle value "true/false" to turn on/off routing requests through Akamai to Cybersource. By default, it is set to true.

      • serverURL config parameter will take precedence over sendToProduction and sendToAkamai config parameters. By default the serverURL configuration is commented out.

      • If enableJdkcert parameter is set to true, certificates will be read from the JKS file specified at keysDirectory location. The JKS file should be of the same name as specified in keyFilename.

        • To know how to convert p12 to JKS refer the JKS creation section of this document.

      • If 'enableCacert' property parameter is set to true, certificates will be read from the cacerts file specified at keysDirectory location.

        • If keysDirectory path is not set,certificate will be loaded from Java Installation cacerts file. The cacerts file should be of the same name as specified in keyFilename.

      • If certificateCacheEnabled parameter is set to false (default is true), the p12 certificate of a merchant will be reloaded from filesystem every time a transaction is made

      • If useHttpClient parameter is set to true (default is false), then simple HttpClientConnection will be enabled

      • If useHttpClientWithConnectionPool parameter is set to true (default is false), then poolingHttpClientConnection will be enabled. In case of poolingHttpConnection, we are initializing connection manager and httpclient once, If any change in value in between the application is running, it will not reflect. need to restart it.

      • Below properties are specific to poolinghttpclient connection, If it is not added in properties file, it will throw config exception.

        Note : Sample values used in properties files are based on our testing application factors such as TPS, CPU, JVM, OS etc. Before using these values in actual real time application, please consider all real time factors.

        • maxConnections Specifies the maximum number of concurrent, active HTTP connections allowed by the resource instance to be opened with the target service. There is no default value. For applications that create many long-lived connections, increase the value of this parameter.

        • defaultMaxConnectionsPerRoute the maximum number of connections per (any) route.

        • maxConnectionsPerRoute Specifies the maximum number of concurrent, active HTTP connections allowed by the resource instance to the same host or route. In SDK, all above config does same functionality and the same value can be given to these configs as we have only one route.

          Note: This number cannot be greater than Maximum Total Connections and every connection created here also counts into Maximum Total Connections.

        • connectionRequestTimeoutMs Time taken in milliseconds to get connection request from the pool. If it times out, it will throw error as Timeout waiting for connection from pool

        • connectionTimeoutMs Specifies the number of milliseconds to wait while a connection is being established. With 6.2.11 release onwards, this property can be used for basic apache http client and JDK provided HttpUrlConnection implementation as well while keeping the backward compatibility with 'timeout' property.

        • socketTimeoutMs Specifies the time waiting for data – after establishing the connection; maximum time of inactivity between two data packets. With 6.2.11 release onwards, this property can be used for basic apache http client and JDK provided HttpUrlConnection implementation as well while keeping the backward compatibility with 'timeout' property.

        • evictThreadSleepTimeMs Specifies time duration in milliseconds between "sweeps" by the "idle connection" evictor thread. This thread will check if any idle/expired/stale connections are available in pool and evict it.

        • maxKeepAliveTimeMs Specifies the time duration in milliseconds that a connection can be idle before it is evicted from the pool.

        • staleConnectionCheckEnabled It determines whether the stale connection check is to be used. Disabling the stale connection check can result in slight performance improvement at the risk of getting an I/O error, when executing a request over a connection that has been closed at the server side. By default it is set to true, which means it is enabled.

        • validateAfterInactivityMs By default it is set to 0. This value can be set if in case you decide to disable staleConnectionCheckEnabled to get slight better performance. We recommended a value of 2000ms.

        • enabledShutdownHook We should close the connection manager, http client and idle connection cleaner thread when application get shutdown both abruptly and gracefully. If enabledShutdownHook is true, then JVM runtime addShutdownHook method will be initialized. Shutdown Hooks are a special construct that allows developers to plug in a piece of code to be executed when the JVM is shutting down. This comes in handy in cases where we need to do special clean-up operations in case the VM is shutting down. private void addShutdownHook() { Runtime.getRuntime().addShutdownHook(this.createShutdownHookThread()); } createShutdownHookThread method will call static shutdown api to close connectionManager, httpClient and IdleCleanerThread. By default this is enabled when useHttpClientWithConnectionPool is true.

      • allowRetry config parameter will only work for HttpClient and PoolingHttpClient. Set allowRetry config parameter to "true" to enable retry mechanism and set merchant specific values for the retry.

        • Set integer values and long values for config parameter numberOfRetries and retryInterval respectively. Retry Interval is time delay for next retry in milliSeconds.
          • Number of retry parameter should be set between 1 to 5. By default the value for numberOfRetries will be 3. Any other value will throw an Error Message.
        • Refer to the Retry Pattern section below.

      • Please refer to the accompanying documentation for the other optional properties that you may wish to specify.

      • Set customHttpClassEnabled to true to make use of Custom Http Library.

        • Enter the custom class name in customHttpClass field. Provide the full package name along with the class name. example customHttpClass= <packagename.customHttpClass>
        • The custom HTTP Class must have a three argument constructor which accepts MerchantConfig, DocumentBuilder and LoggerWrapper as argument. Then it should call the constructor of the parent class.

      • merchantConfigCacheEnabled If this property is set to true (default value is false) it will cache the merchantConfig object based on keyAlias/merchantID -If cache enabled is true, for single merchant id, if you change any properties after first initialization, it will not reflect.

  • Build this project using Maven.
    • mvn clean - Cleans the Project
    • mvn install - Builds the project and creates a jar file of client SDK. Includes running all unit tests and integration tests
    • mvn test - Runs unit tests
    • mvn failsafe:integration-test - Runs unit and integration tests. Note that integration tests require proper setup of test_cybs.properties

Testing the SDK

We have two ways to test -- one is by downloading the zip and using scripts to test; other is using maven tool.

Using Scripts

  • Unzip the downloaded zip file into a directory of your choice. It will create a directory called cybersource-sdk-java-master.
    • If in the Request, a key called "_has_escapes" is present and is set to "1", we will not escape the special characters. This is a way for the merchant to specify that they have escaped the characters themselves. This might prove useful for more advanced users of the Basic client.
      • Note: The Script will take Service_name as program argument. Service Name can be auth, auth_reversal, capture, sale, emv_auth, credit. If no argument is passed the script will terminate the program.
  • Choosing which sample to test:
    • If you want to test Name-Value Pair, go to the cybersource-sdk-java-master/samples/nvp directory.
    • If you want to test XML, go to the cybersource-sdk-java-master/samples/xml directory.
  • Use compileSample scripts to create classes directory as it is not included in SDK.
  • Then at a command prompt, type this line:
Windows:	runSample.bat <service_name>
Unix or Linux:	runSample.sh <service_name>
  • If JAVA_HOME is defined, the script uses <JAVA_HOME>/bin/java. Otherwise, it uses whatever java is in the path.
  • If the client is installed correctly, the requests and replies for a credit card authorization and a follow-on capture appear.
  • If you make any changes to the RunSample.java sample, you must rebuild the sample before using it. Use the compileSample batch file or shell script provided in the sample directory.

Using samples and maven tool

  • Clone/Download the code from GitHub.
  • Choosing which sample to test:
    • If you want to test Name-Value Pair, cd to the cybersource-sdk-java-master/samples/nvp directory.
    • If you want to test XML, cd to the cybersource-sdk-java-master/samples/xml directory.
      • Sample projects nvp and xml use cybersource-sdk-java and 3rd party jars as dependent jar files.
  • Build this project using Maven. mvn install
  • If build is successful then it will put all jars inside cybersource-sdk-java/samples/nvp/target/dependencies folder.
  • Edit cybs.properties and make the required changes.
  • Now use scripts to test.

JKS creation

  • To convert the p12 file to JKS follow the steps mentioned below.

    • These commands will take out all the certs from the p12 file.
    1. openssl pkcs12 -in <Merchant_ID>.p12 -nocerts -out <Merchant_ID>.key
    2. openssl pkcs12 -in <Merchant_ID>.p12 -clcerts -nokeys -out <Merchant_ID>.crt
    3. openssl pkcs12 -in <Merchant_ID>.p12 -cacerts -nokeys -out CyberSourceCertAuth.crt
    4. openssl pkcs12 -in <Merchant_ID>.p12 -cacerts -nokeys -out CyberSource_SJC_US.crt

  • Create a new p12. Here Identity.p12 is the new p12 file

openssl pkcs12 -export -certfile CyberSourceCertAuth.crt -in <Merchant_ID>.crt -inkey <Merchant_ID>.key -out identity.p12 -name "<Merchant_ID>"
  • Create JKS from p12 using keytool
keytool -importkeystore -destkeystore <Your_keystore_name>.jks -deststorepass <your_password> -srckeystore identity.p12 -srcstoretype PKCS12 -srcstorepass <Merchant_ID>
  • Now import the CyberSource_SJC_US.crt to your keystore
keytool -importcert -trustcacerts -file CyberSource_SJC_US.crt -alias CyberSource_SJC_US -keystore <Your_keystore_name>.jks
  • List the entries of your keystore
keytool -list -v -keystore <Your_keystore_name>`
  • It should have two entries.
    • The first entry should contain a chain of two certificates - CyberSourceCertAuth and <Merchant_ID> with alias name <Merchant_ID>
    • Second entry should be for CyberSource_SJC_US certificate with alias name as CyberSource_SJC_US

PoolingHttpClient

PoolingHttpClient is built using the apache's PoolingHttpClientConnectionManager class. It comes with retry functionality which is very much needed in case if SDK receives an I/O error/exception, when executing a request over a connection that has been closed at the server side. However there might be some cases when transaction has reached server and similar or some other exception has occurred. We are considering merchantTransactionIdentifier as idempotent key, specially in case of auth service(ccAuthService). Hence if you want to use PoolingHttpClient, for auth service(ccAuthService) merchantTransactionIdentifier field is mandatory in the payload for both nvp and xml. The value of the merchant transaction ID must be unique for 60 days.

To get more information related to connection pooling please refer wiki.

Message Level Encryption

CyberSource supports Message Level Encryption (MLE) for Simple Order API. Message level encryption conforms to the SOAP Security 1.0 specification published by the OASIS standards group.

Meta Key support

Meta Key is a key generated by an entity that can be used to authenticate on behalf of other entities provided that the entity which holds key is a parent entity or associated as a partner.

SOAPI Java SDK supports meta key by default. Additional details regarding cybs.properties.

merchantID=  <comment/remove this line> 
keysDirectory=<Directory where P12 is present>
keyAlias=<Refers to the portfolio>
keyPassword=<Password of p12>
targetAPIVersion=<latest API version, refer here https://ics2ws.ic3.com/commerce/1.x/transactionProcessor>
keyFilename= <metakey downloaded from portfolio MID>

Auth sample payload:

merchantID=<meta_2232323> <Refers to the Child transactional MID>
ccAuthService_run=true
merchantReferenceCode=MRC-14344 
billTo_firstName=John

Authentication Details

Message level encryption authenticates using the same mechanism as signed SOAP messages. The signature creation involves utilizing the merchants private key which combined with a hash of the message to be signed, can be validated with the merchants certificate and the message which was signed. 
The merchant certificate is included in the SOAP message for both signature and message level encryption. Message level encryption, encrypts a temporary message key for a specific recipient. This is done by encrypting the temporary message key with the recipient’s public certificate. Therefore only the party holding the private key (CyberSource) can decrypt the temporary message key. The merchant sending the request must be a valid merchant for the environment which the message is being processed in. After validating the merchant and retrieving the CyberSource copy of the merchant certificate from our database, these additional authentication steps are performed:
1.	The certificate sent in the message must have valid trust chain with the CyberSource certificate authority as the root signer.
2.	A certificate belonging to the merchant which sent the message must exist within our database, having the exact serial number of the certificate provided. 
3.	Our record of the certificate must have a valid start and end date for the transaction time sent.
4.	Our record of the certificate must have a “active” state (ie. Not deactivated by support).
5.	If merchant is reseller, the merchant must allow reseller to act upon their behalf and reseller must be configured as a reseller and the provided merchant must be configured as a merchant of this reseller. Additionally all above authorizations apply.

Cryptography Algorithms

CyberSource utilizes the following algorithms for this implementation. While others may work, the following are validated and recommended. SSL is used for transport security even with encrypted messages. CyberSource asymmetric keys are RSA 2048 keys and therefore your cryptography API should support 2048 bit RSA keys and signatures create with them. The messages are encrypted with a temporary derived key which is used per message. This derived key is AES 256 bit and utilizes CBC blocking mode for encryption. The derived key is encrypted with the recipient (CyberSource) public key. The key exchange algorithm used is RSA-OAEP.

Retry Pattern

Retry Pattern allows to retry sending a failed request and it will only work with useHttpClient=true or useHttpClientWithConnectionPool. allowRetry` flag enables the retry mechanism.

  • Set the value of allowRetry parameter to "TRUE/FALSE". Then the system will retry the failed request as many times as configured by the merchant in the config parameter 'numberOfRetries'.
  • numberOfRetries parameter value should be set between 0 to 5. By default the value for numberOfRetries will be 3. User can set a delay in between the retry attempts.
  • Config parameter for this property is 'retryInterval' in cybs.property file. The default value for 'retryInterval' parameter is 1000 which means a delay of 1000 milliSeconds.

Third Party jars

1. org.apache.wss4j:wss4j-ws-security-common:2.4.1
  The Apache WSS4J project provides a Java implementation of the common primary security standards for Web Services, namely the OASIS Web Services Security (WS-Security) specifications from the OASIS Web Services Security TC.
2. org.apache.wss4j:wss4j-ws-security-dom:2.4.1
  WSS4J 2.0.0 introduces a streaming (StAX-based) WS-Security implementation to complement the existing DOM-based implementation. The DOM-based implementation is quite performant and flexible, but suffers from having to read the entire XML tree into memory. For large SOAP requests this can have a detrimental impact on performance. In addition, for web services stacks such as Apache CXF which are streaming-based, it carries an additional performance penalty of having to explicitly convert the request stream to a DOM Element.
3. org.bouncycastle:bcprov-jdk18on:1.78
  This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.
4. org.apache.santuario:xmlsec:2.3.4
  The XML Security project is aimed at providing implementation of security standards for XML,supports XML-Signature Syntax and Processing,XML Encryption Syntax and Processing, and supports XML Digital Signature APIs.
5. org.apache.commons:commons-lang3:3.4
  Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.
6. commons-logging:commons-logging:jar:1.1.1
  This is getting downloaded as compile time dependency of wss4j:1.6.19.Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems.
7. org.slf4j:slf4j-api:1.7.32 and org.slf4j:slf4j-jcl:1.7.32
  slf4j-api is getting used as a dependency for wss4j. Modified to latest version.
8. junit:junit:4.13.1
  JUnit is a unit testing framework for Java.
9. org.mockito:mockito-all:1.10.19
  Mock objects library for java  
10. org.apache.httpcomponents:httpclient:4.5.13
   Provides reusable components for client-side authentication, HTTP state management, and HTTP connection management. It is used for poolinghttpclientconnectionmanager feature.
11. org.apache.httpcomponents:httpcore:4.4.13
   Provides low level HTTP transport components that can be used to build custom client and server side HTTP services with a minimal footprint.

Changes

Version Cybersource-sdk-java 6.2.15 (MAY,2024)

1) Applied masking on password in logs

Version Cybersource-sdk-java 6.2.14 (APRIL,2024)

1) Removed unnecessary dependencies
2) Upgraded outdated versions

Version Cybersource-sdk-java 6.2.13 (AUGUST,2022)

1)Modified the CYBS P12 certificate's CN name verification to case insensitive.

Version Cybersource-sdk-java 6.2.12 (JULY,2022)

1) Mitigation of Apache WSS4j Security Vulnerability (CVE-2016-1000343, CVE-2018-1000180).
   i) Updated Apache wss4j version from 1.6.19 to 2.4.1
   ii) Updated dependent libraries version. (xmlsec from 1.5.6 to 2.3.0, bcprov-jdk15on from 1.61 to 1.70)

Version Cybersource-sdk-java 6.2.11 (MAY,2020)

1)Exception handling improvement.
2)Upgrading Apache's basic http client functionality.
3)Upgrading org.apache.httpcomponents:httpclient:4.5.11 to org.apache.httpcomponents:httpclient:4.5.13 because of CVE-2020-13956 vulnerability.
4)ReadMe changes for meta key support.
5)Http request retry is added in case of HttpPoolingClient when 'javax.net.ssl.SSLException:Connection reset' exception is thrown(specific to jdk8u251 & + version refer this https://bugs.openjdk.java.net/browse/JDK-8214339)
6)Separate out connection and socket timeout prop. Right now both are set via timeout property in case of jdk HttpUrlConnectiona and Apache basic http client.

Version Cybersource-sdk-java 6.2.10 (MAY,2020)

1)Added PoolingHttpClientConnection implementation
2)MerchantConfig Object Caching based on KeyAlias/Merchant Id
3)Changed retry interval from second to millisecond
4)Added one more request header "v-c-client-computetime" to calculate time taken to send request to Cybersource
5)Added troubleshooting section in README.

Version Cybersource-sdk-java 6.2.9 (APR,2020)

1)Corrected request header name

Version Cybersource-sdk-java 6.2.8 (FEB,2020)

1)Added request header and logged request and response headers

2)Caching of certificate is done using keyAlias earlier it was done using merchant_id

Version Cybersource-sdk-java 6.2.7 (MAR,2019)

1) Fixed security vulnerabilities found in the jar dependencies.
    xmlsec jar :-upgraded from version 1.4.3 to version 1.5.6
    opensaml jar :- Removed this jar as its not impacting our code base
    bcprov jar :- upgraded from version 1.54 to version 1.61
2) Fixed keyfile password issue. Now using keyfile password to store/load p12 certs.

Version Cybersource-sdk-java 6.2.6 (MAY,2018)

1) Added certificateCacheEnabled optional feature. certificateCacheEnabled parameter is set to false (default is true), the p12 certificate of a merchant will be reloaded from filesystem every time a transaction is made.If the certificateCacheEnabled is true then only at the first time certificate of a merchant will loaded from filesystem.
2) Introduced a new feature to check merchant .p12 certificate file validity at run time. If it is replaced at runtime then SDK will reload the new certificate into the cache.
3) Changed clientLibrary version to 6.2.6;

Version Cybersource-sdk-java 6.2.5 (OCT,2017)

1) Merchant cert to be read from JAVA key store. Flag is added to enable reading cert from Java keystore.
2) Added Custom HttpClient feature. Merchants can use there own http client instead of defaults which comes with SDK.
3) Http Client connection reuse issue.
4) Changed clientLibrary version to 6.2.5; in 6.2.4 release it was missed. So, in 6.2.4 release, clientLibrary version was      pointing to 6.2.3.

Version Cybersource-sdk-java 6.2.4 (Dec 15, 2016)

1) RetryPattern config for http client.
2) Code review comments.
3) Added timers to log the method execution time.
4) Sample added to support other services.

Version Cybersource-sdk-java 6.2.3 (Oct 17, 2016)

1) Fixed performance issue; in case of multiple merchantIDs, p12 was getting loaded for every request.
2) p12 will be loaded once per merchantId.

Version Cybersource-sdk-java 6.2.2 (Sep 15, 2016)

1)Upgraded 3rd party dependencies jars including wss4j.

Version Cybersource-sdk-java 6.2.1 (Aug 4, 2016)

1) AkamaiSureroute config parameter introduced
2) i18n fix for NVP sample.            
3) In `Sample/cybs.properties` file, `targetAPIVersion` changed to latest 1.129.

Version Cybersource-sdk-java 6.2.0 (Jul 28, 2016)

1) MLE[Message Level Encryption] is enabled.
2) published zip file with samples and packaged compiled cybersoruce-sdk-java jar file.
3) `Bouncycastle` jar issue; changed scope from provided to default"scope"

Version Cybersource-sdk-java 6.1.0 (Feb 24,2016)

1) SHA256 changes which are required to signed the request with SHA256.

Troubleshooting

  • If you get an exception java.lang.SecurityException: JCE cannot authenticate the provider BC. This could be because of many reasons. bcprov*.jar is a signed jar if java fails to validate the signature, it throws this exception. Make sure you run below java command to verify this signature.

    jarsigner -verify bcprov-jdk18on-1.78.jar

    when above command fails it says "jar is unsigned. (signatures missing or not parsable)", this could be because of many reasons. e.g

      1) When we unpack it and include in our own jar file. Including bcprov*.jar separately in the CLASSPATH should solve this issue.
  2) May be changes in Oracle jar signer. If using Java SDK 1.6 or 1.7 with cybersource-sdk-java:6.2.7 and higher 
     (ships with org.bouncycastle:bcprov-jdk15on:1.61). Upgrading version to bcprov-jdk15to18-1.63.jar should solve this issue.
  3) If you are using some old version of JBOSS and have copied bcprov*.jar under $JBOSS_HOME/server/default/lib/. 
      copying bcprov*.jar in $JBOSS_HOME/server/default/lib/ instead of $JBOSS_HOME/server/servername/lib/ should solve this issue.

  • If you get an exception exception decrypting data - java.security.InvalidKeyException: Illegal key size. It is recommended to download Unlimited Strength Jurisdiction Policy files from Oracle (US_export_policy.jar and local_policy.jar) for appropriate JAVA version. I meant if merchant are using java 6 then download these policy file only for java6. You need to copy security jars (US_export_policy.jar, local_policy.jar) in the $JAVA_HOME/jre/lib/security directory not in $JAVA_HOME/jre/lib/ext/).

  • Put below block of code to handle the ClientException to print the complete stacktrace.

      try{
      Client.runTransaction(requestMap, merchantProperties);
  }catch (ClientException e){
      e.getInnerException().printStackTrace();
      // or 
      String stackTrace = Utility.getStackTrace(e.getInnerException() != null? e.getInnerException(): e);      
  }

Documentation

cybersource-sdk-java's People

Contributors

adkumar3 avatar amie-gao avatar ammajumd avatar brianmc avatar dhimandeepak avatar divyadosibhatla avatar gauravmokhasi avatar gnongsie avatar gnongsiej avatar mahendya avatar mahendya1002 avatar mayuri-kumar93 avatar mmiranda7v avatar senagant avatar shamirwasia avatar spcolyvas avatar sudhirmn avatar sumadhav avatar sumiteshrs avatar ylokhand avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

dhimandeepak mmiranda7v senagant dlfgeo junlapong pasviegas antoniorllanos gchavezb rebecka00 sachinrkvisa ylokhand mahendya leifw psarode deeppate timgates ashchand e-payment kokenjr open-pay adkumar3 vechnetmakuyana gauravmokhasi jaiew prverma3 christopwner mahendya1002 avaleria sunilindoria2017 igorrohal ammajumd tinaliao010 amitshukla30 phayden3305 ddtrung-fs andreysaksonov mathifonseca ashtru khairulhabib thaingo infyilan jafetsanchez diegogallegos4 divyadosibhatla braveblack am-wr isack34 mdmollaidentiy4d umeshh wintranx meetsha mayuri-kumar93 illusionme zhgob curioustauseef guo951021 prathamtangri1 ameria12 pthakurmob rohitkes sapam-lamyanba kongqingtian karthikeyankumarskcet indisateesh pratik-bhuite rohitkesarvani55 eslade87 jwatzke hoatat-handsome rhama1234 alexsartre1 sumadhav igzdavidgarcia abhijithkvs wamdy grimderp pongsiri-dev pauvquinterom jeremiebarnes chrisphua-bunkerchain manueljamher longhuawan

cybersource-sdk-java's Issues

Update dependencies

Please update your dependencies: for example commons-lang:commons-lang is quite old and the new one is under org.apache.commons:commons-lang3. Same with commons-httpclient-3.1

Upgrade to Java SDK 6.2.13 from Cybsclients15.jar and new P12 keys...

Hello Community, we are upgrading to the new Java SDK using the RunSample.java and our own projects, I have consistent reproduce the following behaviors, please advise.

P12 keys created using a strong password vs P12 keys created with the "merchantid" being the password. All P12 keys are imported using the "Certificate Import Wizard"

In the RunSample.java run time, the P12 keys with a strong password, required the keyAlias property field being populated, otherwise, would result in error:

Exception in thread "main" java.lang.UnsupportedOperationException: trusted certificate entries are not password-protected
at java.security.KeyStoreSpi.engineGetEntry(KeyStoreSpi.java:466)
at java.security.KeyStore.getEntry(KeyStore.java:1521)
at com.cybersource.ws.client.SecurityUtil.readAndStoreCertificateAndPrivateKey(SecurityUtil.java:158)
at com.cybersource.ws.client.SecurityUtil.loadMerchantP12File(SecurityUtil.java:109)
at com.cybersource.ws.client.Client.soapWrapAndSign(Client.java:231)
at com.cybersource.ws.client.Client.runTransaction(Client.java:117)
at com.cybersource.ws.client.Client.runTransaction(Client.java:67)
at com.cybersource.sample.RunSample.runAuth(RunSample.java:153)
at com.cybersource.sample.RunSample.main(RunSample.java:64)
Command execution failed.

However, the P12 keys were generated with the password as the merchantid, can't have the keyAlias field populated, it would cause the error:

Exception while obtaining private key from KeyStore with alias,

Any insights would be appreciated.

MerchantConfig constructor throw unresolvable ConfigException

The constructor of MerchantConfig may throws ConfigException that is a package private class, thus one has to catch Exception instead of ConfigException.

The javadoc of ConfigException explains that :

Note that you do not have to
catch this exception in your code as it would be the inner exception of a
ClientException.

Obviously, this not the inner exception of a client exception in my case.

⇒ I believe a fix could be one of the following :

  1. either make ConfigException public
  2. OR make the MerchantConfig constructor throw a ClientException with an inner ConfigException.

non blocking issue

Workaround : catch Exception

trusted certificate entries are not password-protected

Error log:

Test set: com.cybersource.ws.client.ApacheWssjSignatureIT

Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.031 sec <<< FAILURE!
testSoapWrapAndSign(com.cybersource.ws.client.ApacheWssjSignatureIT) Time elapsed: 0.031 sec <<< ERROR!
java.lang.UnsupportedOperationException: trusted certificate entries are not password-protected
at java.security.KeyStoreSpi.engineGetEntry(KeyStoreSpi.java:466)
at java.security.KeyStore.getEntry(KeyStore.java:1290)
at com.cybersource.ws.client.ApacheSignatureWrapper.readAndStoreCertificateAndPrivateKey(ApacheSignatureWrapper.java:237)
at com.cybersource.ws.client.ApacheSignatureWrapper.loadMerchantP12File(ApacheSignatureWrapper.java:181)
at com.cybersource.ws.client.ApacheSignatureWrapper.soapWrapAndSign(ApacheSignatureWrapper.java:76)
at com.cybersource.ws.client.ApacheWssjSignatureIT.testSoapWrapAndSign(ApacheWssjSignatureIT.java:93)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
at org.apache.maven.surefire.junit4.JUnit4TestSet.execute(JUnit4TestSet.java:59)
at org.apache.maven.surefire.suite.AbstractDirectoryTestSuite.executeTestSet(AbstractDirectoryTestSuite.java:120)
at org.apache.maven.surefire.suite.AbstractDirectoryTestSuite.execute(AbstractDirectoryTestSuite.java:103)
at org.apache.maven.surefire.Surefire.run(Surefire.java:169)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.maven.surefire.booter.SurefireBooter.runSuitesInProcess(SurefireBooter.java:350)
at org.apache.maven.surefire.booter.SurefireBooter.main(SurefireBooter.java:1021)

window 7 /JDK 7

link Generating Transaction Keys

Properties file

Is there any way to mimic the functionality of the properties file but not locally. I am developing an application that could to be run from different computers. So is there some way so that i need not download the security key to my local machine every time before running the application.

requestToken value is not returned from the server

I use cybersource sdk for Apple Pay authorization. Authorize is successful but there is no requestToken value in Cybersource response. I'm working with test account.

My log is:

2017-02-01 16:45:25.776 INFO 21917 --- [nio-8080-exec-3] c.m.m.i.c.client.AuthorizePayment : Cybersource auth request: {billTo_city=San Francisco, purchaseTotals_currency=USD, billTo_email=[email protected], billTo_phone=415xxx05xx, merchantReferenceCode=66f65d91-fd1f-4668-bacf-44c4660669fe, billTo_country=UNITED STATES, billTo_lastName=Xxxxx, billTo_street2=XxxxxXxxxx, billTo_postalCode=94105, billTo_street1=xxx Mission, paymentNetworkToken_transactionType=1, ccAuthService_run=true, purchaseTotals_grandTotalAmount=4.99, ccAuthService_cavv=xxxXXXXxxxxXXXxxxxXXXXXxxx==, billTo_firstName=Xxxxxxx, billTo_state=CA, card_expirationMonth=02, paymentSolution=001, ccAuthService_commerceIndicator=internet, card_expirationYear=20, card_accountNumber=xxxxxxxxxxxx3937}

2017-02-01 16:45:27.009 INFO 21917 --- [nio-8080-exec-3] c.m.m.i.c.client.AuthorizePayment : Cybersource auth reply received: {purchaseTotals_currency=USD, ccAuthReply_processorResponse=100, ccAuthReply_avsCode=X, ccAuthReply_reasonCode=100, decision=ACCEPT, merchantReferenceCode=66f65d91-fd1f-4668-bacf-44c4660669fe, ccAuthReply_authorizationCode=888888, ccAuthReply_reconciliationID=70199722IYCFZWWA, ccAuthReply_amount=4.99, requestID=4859675264816925004009, ccAuthReply_authorizedDateTime=2017-02-01T16:45:26Z, reasonCode=100, ccAuthReply_avsCodeRaw=I1}

Exception while obtaining private key from KeyStore with alias, 'MYALIAS'

I just generated a new keystore from the Cybersource test site ( https://ebc2test.cybersource.com/ebc2/ ) - in trying to use it with my existing, working code I'm receiving the error:

com.cybersource.ws.client.ClientException: Exception while obtaining private key from KeyStore with alias, 'MYALIAS'

If I inspect the keystore using keytool I get the following information:

Keystore type: PKCS12
Keystore provider: SunJSSE

Your keystore contains 1 entry

Alias name: 1
Creation date: Dec 2, 2020
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: SERIALNUMBER=1111111111111111111111111, CN=MYALIAS
Issuer: CN=CyberSourceCertAuth
Serial number: 2222222222222222222222222222222222222222222222
Valid from: Wed Dec 02 13:47:52 MST 2020 until: Fri Dec 02 13:47:52 MST 2022
Certificate fingerprints:
MD5: XXX
SHA1: XXX
SHA256: XXX
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Certificate[2]:
Owner: CN=CyberSourceCertAuth
Issuer: CN=CyberSourceCertAuth
Serial number: 1111111111111111111111111111111111111111111
Valid from: Wed Jan 18 09:37:02 MST 2012 until: Tue Jan 18 09:37:02 MST 2022
Certificate fingerprints:
MD5: XXX
SHA1: XXX
SHA256: XXX
Signature algorithm name: SHA1withRSA
Subject Public Key Algorithm: 1024-bit RSA key
Version: 3

It SEEMS that the code is looking for a certificate with the name "CyberSourceCertAuth" but since it is the second one in the list here the code errors out before reaching it.

Strangely if I inspect previously generated keystores that have been working in production I get this returned:

Keystore type: PKCS12
Keystore provider: SunJSSE

Your keystore contains 0 entries

It looks like cybersource has changed the way that it is creating the keystore files and I'm wondering if this SDK is not supporting the new files.

Any help is appreciated.

.p12 key file

I am using your sdk in android studio , It cannot find .p12 key file where i put the file

Multiple dependencies have vulnerabilities/security issues

The following dependencies have vulnerabilities/security issues:

Please upgrade the dependencies to fix these security issues.

Provide an environment value to implement BDD test with a mocked cybersource service

I want to implement BDD test on my implementation of Psp Integration.

Usually, I have a mean to tell that the PSP API url point to a Wiremock managed url to send back to my code a controlled answer.

I cannot do that with cybersource SDK and ends up having to really use the test environnement ('CAS'). It means that my test MUST use keys and certificates that will expire, and that they will break at a later time. And it also means that my test are flawed, as I cannot control for sure the content of the answers from cybersource.

⇒ I would like another environment, e.g. called 'MOCK', that would allow a configuration value to store the effective url to use, e.g. 'https://localost:4000/mock/cybs', to be able to implement correctly BDD tests.

Debit payment

Hi,

Is possible make a payment with debit card? How?

Thanks.

Invalid class loader hierarchy. You have more than one version of 'org.apache.commons.logging.Log' visible, which is not allowed.

at org.apache.commons.logging.impl.LogFactoryImpl.getLogConstructor(LogFactoryImpl.java:385)
at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:529)
at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:235)
at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:209)
at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:351)
at org.apache.ws.security.components.crypto.AbstractCrypto.(AbstractCrypto.java:56)
at com.cybersource.ws.client.BaseMessageHandler.(BaseMessageHandler.java:23)
at com.cybersource.ws.client.SignedAndEncryptedMessageHandler.(SignedAndEncryptedMessageHandler.java:51)
at com.cybersource.ws.client.SignedAndEncryptedMessageHandler.getInstance(SignedAndEncryptedMessageHandler.java:62)
at com.cybersource.ws.client.Client.soapWrapAndSign(Client.java:198)
at com.cybersource.ws.client.Client.runTransaction(Client.java:113)
at com.cybersource.ws.client.Client.runTransaction(Client.java:69)
at juspay.CybersourceGatewayService.runAuth(CybersourceGatewayService.groovy:204)

Types missmatch on "consumerAuthenticationInformation.acsOperatorID" field

Hi, I'm currently developing on a solution that call CheckPayerAuthEnrollment, when I get a response from the server the SDK breaks throwing the error java.lang.NumberFormatException: For input string: "MerchantACS"

at Invokers.JSON.deserialize(JSON.java:103)
at Invokers.ApiClient.deserialize(ApiClient.java:1069)
at Invokers.ApiClient.handleResponse(ApiClient.java:1293)
at Invokers.ApiClient.execute(ApiClient.java:1213)
at Api.PayerAuthenticationApi.checkPayerAuthEnrollmentWithHttpInfo(PayerAuthenticationApi.java:163)
at Api.PayerAuthenticationApi.checkPayerAuthEnrollment(PayerAuthenticationApi.java:148)
at com.api.cybersource.EnrollWithPendingAuthentication.run(EnrollWithPendingAuthentication.java:102)

It is happening because acsOperatorID is Integer field in SDK but as per API field it should be string and response being returned from cyber source is String.
Please check.

Security key subject DN does not match what SDK code expects.

Hello,

Their is not much activity here but I thought I would give this a shot.

I am implementing the CyberSource Simple Order API and have run into a strange issue regarding the generated security key and how the SDK parses information within it.

On the business center using a test account a .p12 security key was generated successfully.

When using the security key with the SDK the following error occurs (merchant id replaced with zeros):

Exception while obtaining private key from KeyStore with alias, '000000000000'

After some debugging it seems like this error happens because the subject DN provided in the security key does not match what the SDK code thinks should be there. This is what the subject DN looks like in the security key (serial number replaced with zeros):

CN=CyberSource_SJC_US,SN=0000000000000000000000

But if you look at the Identity class in the SDK, it seems like it wants to find "SERIALNUMBER=" instead of the "SN=" provided in the security key itself:

private void setUpServer() throws SignException {
 if (serialNumber == null && x509Cert != null) {
	 String subjectDN = x509Cert.getSubjectDN().getName();
	 if (subjectDN != null) {
		 String subjectDNrray[] = subjectDN.split("SERIALNUMBER=");
		 if (subjectDNrray.length == 1 && subjectDNrray[0].contains("CyberSourceCertAuth")){
			 name = keyAlias = "CyberSourceCertAuth";
		 }
		 else if (subjectDNrray.length == 2 && subjectDNrray[0].contains(SERVER_ALIAS)) {
			 name = SERVER_ALIAS;
			 serialNumber = subjectDNrray[1]; 
			 keyAlias = "serialNumber=" + serialNumber + ",CN=" + name;
		 }else{
			 throw new SignException("Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
		 }

	 } else {
		 throw new SignException("Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
	 }
}

See also the code here:

https://github.com/CyberSource/cybersource-sdk-java/blob/master/java/src/main/java/com/cybersource/ws/client/Identity.java#L93

This ends up throwing the SignException, which stops the transaction from happening.

Do you have any insight on what is going wrong? Is there something I am not doing correctly?

Thank you.

spring boot java issue

Error while running the spring boot jar using 'java -jar app.jar'

2017-12-12 12:04:30.433 http-nio-4040-exec-6 INFO     > Client, End of soapWrap   16ms
2017-12-12 12:04:30.474 http-nio-4040-exec-6 INFO     > Loading the certificate from p12 file 
2017-12-12 12:04:31.261 http-nio-4040-exec-6 EXCEPTION> Exception while loading KeyStore, 'xx_xxxxxxxx_xx.p12'
2017-12-12 12:04:31.267 http-nio-4040-exec-6 EXCEPTION> 
ClientException details:
innerException: 
java.io.IOException: exception decrypting data - java.security.InvalidKeyException: Illegal key size
	at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.cryptData(Unknown Source)
	at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.engineLoad(Unknown Source)
	at java.security.KeyStore.load(Unknown Source)
	at com.cybersource.ws.client.SecurityUtil.readAndStoreCertificateAndPrivateKey(SecurityUtil.java:125)
	at com.cybersource.ws.client.SecurityUtil.loadMerchantP12File(SecurityUtil.java:101)
	at com.cybersource.ws.client.Client.soapWrapAndSign(Client.java:236)

Typo in com.cybersource.ws.client.PCI.java

There is a typo in PCI.java file under package com.cybersource.ws.client
Full path of this file is: cybersource-sdk-java-master\java\src\main\java\com\cybersource\ws\client\PCI.java

Line 49, reconcilationID should be spelled as reconciliationID, it's missing an i

Which I suppose could've caused some verification problems.

Can simple order api and rest api use the same p12file?

We are currently working on a refactoring of our old project which uses the simple order api, can we use the existing certificates for the rest api sdk. If not, will recreating a new p12 for rest have any impact on the existing functionality.

CyberSource payment processor error: Unsupported currency

I am supposed to integrate a CyberSource payment gateway:
My request data :
request.put( "ccAuthService_run", "true" ); request.put( "ccCaptureService_run", "true" ); request.put( "merchantReferenceCode", "your_merchant_reference_code" ); request.put( "billTo_firstName", "John" ); request.put( "card_accountNumber", "4111111111111111" ); request.put( "card_expirationMonth", "12" ); request.put( "card_expirationYear", "2020" ); request.put( "purchaseTotals_currency", "USD" ); request.put("purchaseTotals_grandTotalAmount", "100.00");

I am always getting this error response:
decision=REJECT invalidField_0=purchaseTotals_currency ccAuthReply_avsCode=2 reasonCode=102 merchantReferenceCode=your_merchant_reference_code invalidField_=purchaseTotals_currency

It looks like my merchant ID is not configured with a valid currency. Please help me.

Invalid `amountIncludesTax` value for Level 3 processing

We are facing a weird issue while trying to capture a payment with Level 2/3 data.

For Visa credit cards, everything works fine.

For MasterCard, the REST API returns the following error:

The following offer-level field data is either invalid or missing: offer0.gross_net_indicator

After talking to Visa technical team, it turned out that the value of the amountIncludesTax field is not correctly translating to an expected value.

Here is the response we got from the Visa team:

Turns out that there is nothing wrong with your code, but rather a documentation issue or API translation issue on our side.

For amountIncludesTax, instead of sending true which is listed in our documentation, you have to set the value to “Y” or “N”.

As a point of clarity, our REST API translates the API values to our backend servers which are expecting different field values (which are part of our other APIs). It appears that the REST API isn’t translating “true” or “false” to “Y” or “N”.

Since we are using Java SDK, we are unable to replace true/false with Y/N.

Can you please look into this issue and advise us what should we do?

Thank you so much!

P.S. If you want to reproduce the issue, here is a gist I've created for the Visa team.

How to track an order?

Is there any service that can help track an order using the Request ID/Merchant Reference Code/Reconciliation ID?

Mention "_has_escapes" in the README

Guys,

I've been troubleshooting the SDK because when using NVP Request with strings in UTF-8 special chars, like "José" in the billTo_firstName, I was receiving an error as below:

image

Debugging all the code, I just discovered this happened because the message was transformed in order to deal with HTML/XML escape special chars.

I was wondering if you guys could mention the existance of the key "_has_escapes" in the README of this project just like you guys did in the Utility.java.

After reading this comment in the Utility.java, just added the key into my requestMap (HashMap) and everything worked fine!

Adding this mechanism in the README probably would save some time for someone in the future. This is specially true for developers working with customers in countries where the mother language has very special chars, like Portuguese.

Just my 2 cents. Loved the SDK.

error constructing MAC: unknown parameter type.

Hi,
I am trying to use the client within the wildfly 10.X application server. I included the client using Gradle:
compile ("com.cybersource:cybersource-sdk-java:6.2.4")

At the first attempt of usage, it told me that the BouncyCastleProvider could not be found.
I added the Jar to the lib/ext folder of my JDK, then modified the java.security configuration file adding bouncycastle as a provider and when i restarted the error changed in

15:07:50,849 ERROR [stderr] (default task-2) com.cybersource.ws.client.ClientException: error constructing MAC: java.security.InvalidAlgorithmParameterException: unknown parameter type.
15:07:50,849 ERROR [stderr] (default task-2) at com.cybersource.ws.client.Client.runTransaction(Client.java:132)
15:07:50,849 ERROR [stderr] (default task-2) at com.cybersource.ws.client.Client.runTransaction(Client.java:68)

Activating the logs with the library very little was added:
2017-09-16 15:33:58.771 default task-3 INFO > Client, End of soapWrap 16ms
2017-09-16 16:24:44.405 default task-3 EXCEPTION> Exception while loading KeyStore, 'null'
2017-09-16 16:24:44.405 default task-3 EXCEPTION>
ClientException details:
innerException:
java.io.IOException: error constructing MAC: java.security.InvalidAlgorithmParameterException: unknown parameter type.
at org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.engineLoad(Unknown Source)
at java.security.KeyStore.load(KeyStore.java:1445)
at com.cybersource.ws.client.SecurityUtil.readAndStoreCertificateAndPrivateKey(SecurityUtil.java:111)
at com.cybersource.ws.client.SecurityUtil.loadMerchantP12File(SecurityUtil.java:88)
at com.cybersource.ws.client.Client.soapWrapAndSign(Client.java:194)
at com.cybersource.ws.client.Client.runTransaction(Client.java:112)
at com.cybersource.ws.client.Client.runTransaction(Client.java:68)

Could you please help me understand where is the problem?

Thanks

[EDIT]
I don't know if this helps, but switching to the more recent bouncycastle version (1.58), the error becomes:
16:22:09,522 ERROR [stderr] (default task-2) com.cybersource.ws.client.ClientException: error constructing MAC: java.security.InvalidAlgorithmParameterException: inappropriate parameter type: javax.crypto.spec.PBEParameterSpec

Error after updating client key file

After attempting to update our expiring key with a new key (.p12 Simple Order key, generated from the Enterprise Business Center), we are seeing the following exception:

com.cybersource.ws.client.SignEncryptException: General security error (No certificates for user CyberSource_SJC_US were found for encryption)
 at com.cybersource.ws.client.SignedAndEncryptedMessageHandler.handleMessageCreation(SignedAndEncryptedMessageHandler.java:197)    
 at com.cybersource.ws.client.Client.soapWrapAndSign(Client.java:215)                                                              
 at com.cybersource.ws.client.Client.runTransaction(Client.java:112)                                                               
 at com.cybersource.ws.client.Client.runTransaction(Client.java:68)                                                                
...                                                                
Caused by: org.apache.ws.security.WSSecurityException: General security error (No certificates for user CyberSource_SJC_US were found for encryption) 
 at org.apache.ws.security.message.WSSecEncrypt.prepare(WSSecEncrypt.java:174)                                                     
 at org.apache.ws.security.message.WSSecEncrypt.build(WSSecEncrypt.java:223)                                                       
 at com.cybersource.ws.client.SignedAndEncryptedMessageHandler.handleMessageCreation(SignedAndEncryptedMessageHandler.java:194)

This was running on the SDK 6.2.3, But I believe I was also able to reproduce the problem using only the nvp RunSample class provided in the 6.2.10 SDK, which generates the following back trace:

Exception in thread "main" java.lang.NullPointerException
	at com.cybersource.ws.client.SecurityUtil.handleMessageCreation(SecurityUtil.java:204)
	at com.cybersource.ws.client.Client.soapWrapAndSign(Client.java:240)
	at com.cybersource.ws.client.Client.runTransaction(Client.java:117)
	at com.cybersource.ws.client.Client.runTransaction(Client.java:67)
	at com.cybersource.sample.RunSample.runAuth(RunSample.java:150)
	at com.cybersource.sample.RunSample.main(RunSample.java:57)

Restoring our previous key resolves the issue. I have also tried regenerating the key, which all appear to be valid keys, without success.

paySubscriptionCreate_service_run request with 101 missingField_0=(ics_applications)

Hi,
We're attempting to test requests to create an installment subscription, using a payment token that is created with Secure Acceptance hosted checkout.

The response we're getting is:
decision=REJECT
requestID=
reasonCode=101
requestToken=AxgBxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx7BIs
missingField_0=(ics_applications)

and we're not quite sure it's requiring this field. We're pulling in the latest version, 6.2.13.
Thank you for any assistance and please let me know if you need anymore information.

Support for Akamai Sureroute?

Hi,

According to communications from cybersource, we should be updating our endpoints from
ics2wstest.ic3.com/ics2ws.ic3.com -> ics2wstesta.ic3.com/ics2wsa.ic3.com

Is that planned to be added to this SDK directly? Or should we be overriding the serverURL property somehow in our own code when calling the SDK?

Receiving: Payment processor error This field is invalid or missing.

This had worked previously but now we are receiving this error, anyone who could help?
Payment processor error This field is invalid or missing. Please contact customer support.: merchant_id

ccAuthReply_reasonCode=150
requestID=4667236970366429001015
requestToken=Ahj77wSR+gXZQO8arupuypb1c4SvwClvVzhK/aQN2AMD4AGkmW6QHaUmAJyP0C7KB3jVd1NwsXRZ
reasonCode=150

Availability of cybersource-sdk-java-6.2.14.zip for Version 6.2.14?

Hi,
I have noticed that previous versions of the Cybersource SDK for Java are available as cybersource-sdk-java-{version}.zip.
I was looking for cybersource-sdk-java-6.2.14.zip but couldn't find it.
Will this version be available soon?
Thank you for your assistance.

More secure way to provide p12 file

We really do not want to be putting the p12 file out on the filesystem. There ought to be another way to provide the p12 file as a byteArray, InputStream, etc other than the keysDirectory setting. This is java after all. We are storing the file encrypted in our database to keep it out of our infrastructure code, application code and build artifacts. We are going to have to write it out unencrypted somewhere to the filesystem just so cybersource can read it in and that's against our security policies.

Problem upgrading to 6.2.8

This is an existing Simple Order API install that is being upgraded to the newest version, 6.2.8.

The error is a "no such method" on the call to Client.runTransaction. Full stack follows:

Feb 24, 2020 11:33:18 AM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [jsp] in context with path [/Gateway] threw exception [javax.servlet.ServletException: java.lang.NoSuchMethodError: com.cybersource.ws.client.Client.runTransaction(Ljava/util/Map;Ljava/util/Properties;)Ljava/util/HashMap;] with root cause
java.lang.NoSuchMethodError: com.cybersource.ws.client.Client.runTransaction(Ljava/util/Map;Ljava/util/Properties;)Ljava/util/HashMap;
at org.apache.jsp.process_005frequest_jsp._jspService(process_005frequest_jsp.java:766)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Unknown Source)

It works using the older version but replacing the old lib with the new one gives the above error.

Windows Server 2008
Tomcat 7
Java 1.8
New version files are 6.2.8
tomcat_lib

Those files replace the older version 5.02
tomcat_lib_old

An issue with could not transform to ICS request

What is meaning with the error msg which is "Could not transform to ICS request"? and how to penetrace futher troubleshooting in this situation?

2024-07-02 10:01:41,315 [http-nio-8080-exec-32] ERROR [g.c.c.c.s.RunAllFunctions:264] - Fault:
Could not transform to ICS request
 (requestID=7198893010786607204093)
com.cybersource.ws.client.FaultException: Fault:
Could not transform to ICS request
 (requestID=7198893010786607204093)
        at com.cybersource.ws.client.Connection.checkForFault(Connection.java:198) ~[cybersource-sdk-java-6.2.13.jar:?]
        at com.cybersource.ws.client.Connection.post(Connection.java:138) ~[cybersource-sdk-java-6.2.13.jar:?]
        at com.cybersource.ws.client.XMLClient.runTransaction(XMLClient.java:194) ~[cybersource-sdk-java-6.2.13.jar:?]
        at com.cybersource.ws.client.XMLClient.runTransaction(XMLClient.java:97) ~[cybersource-sdk-java-6.2.13.jar:?]
        at gateway.core.channel.cybersource.service.RunAllFunctions.runCheckEnroll(RunAllFunctions.java:256) ~[classes/:0.0.1-SNAPSHOT]
        at gateway.core.channel.cybersource.implement.CybersourceImplement.runCheckEnrollment(CybersourceImplement.java:573) ~[classes/:0.0.1-SNAPSHOT]
        at gateway.core.channel.cybersource.implement.CybersourceImplement$$FastClassBySpringCGLIB$$ac0d9824.invoke(<generated>) ~[classes/:0.0.1-SNAPSHOT]
        at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) ~[spring-core-5.0.13.RELEASE.jar:5.0.13.RELEASE]
        at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746) ~[spring-aop-5.0.13.RELEASE.jar:5.0.13.RELEASE]
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.0.13.RELEASE.jar:5.0.13.RELEASE]
        at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:294) [spring-tx-5.0.13.RELEASE.jar:5.0.13.RELEASE]
        at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98) [spring-tx-5.0.13.RELEASE.jar:5.0.13.RELEASE]
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185) [spring-aop-5.0.13.RELEASE.jar:5.0.13.RELEASE]
        at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688) [spring-aop-5.0.13.RELEASE.jar:5.0.13.RELEASE]
        at gateway.core.channel.cybersource.implement.CybersourceImplement$$EnhancerBySpringCGLIB$$1be718b0.runCheckEnrollment(<generated>) [classes/:0.0.1-SNAPSHOT]
        at gateway.core.api.controller.ApiCybersourceController.callCybersourceGateway(ApiCybersourceController.java:146) [classes/:0.0.1-SNAPSHOT]
        at gateway.core.api.controller.ApiCybersourceController.request(ApiCybersourceController.java:69) [classes/:0.0.1-SNAPSHOT]
        at sun.reflect.GeneratedMethodAccessor451.invoke(Unknown Source) ~[?:?]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_232]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_232]

AND

2024-07-02 10:01:39.973 http-nio-8080-exec-32 INFO     > Client, End of soapWrap   1ms
2024-07-02 10:01:39.973 http-nio-8080-exec-32 INFO     > Client, End of loading Merchant Certificate   0ms
2024-07-02 10:01:39.973 http-nio-8080-exec-32 INFO     > Signing request...
2024-07-02 10:01:39.977 http-nio-8080-exec-32 INFO     > Client, End of createSignedDoc   3ms
2024-07-02 10:01:39.977 http-nio-8080-exec-32 INFO     > Encrypting Signed doc ...
2024-07-02 10:01:39.978 http-nio-8080-exec-32 INFO     > Client, End of handleMessageCreation   2ms
2024-07-02 10:01:39.978 http-nio-8080-exec-32 INFO     > Using HttpClient for connections.
2024-07-02 10:01:39.979 http-nio-8080-exec-32 INFO     > Request Headers: [v-c-client-computetime: 7, v-c-client-iat: 1719889299979]
2024-07-02 10:01:39.979 http-nio-8080-exec-32 INFO     > Sending 8740 bytes to https://ics2wsa.ic3.com/commerce/1.x/transactionProcessor/
2024-07-02 10:01:41.314 http-nio-8080-exec-32 INFO     > waiting for response...
2024-07-02 10:01:41.314 http-nio-8080-exec-32 INFO     > Response Headers[X-OPNET-Transaction-Trace: a2_d6e444ec-9a46-4419-9ab5-6372e7069b15, Strict-Transport-Security: max-age=31536000, X-Frame-Options: DENY, X-Content-Type-Options: nosniff, X-XSS-Protection: 1; mode=block, v-c-correlation-id: 9cfdffca-2ecf-446d-adee-b705b870c72a, Cache-Control: no-cache, no-store, max-age=0, Pragma: no-cache, Expires: -1, X-Download-Options: noopen, Content-Type: text/xml, Content-Length: 896, Date: Tue, 02 Jul 2024 03:01:40 GMT, X-Cnection: close]
2024-07-02 10:01:41.315 http-nio-8080-exec-32 FAULT    >
FaultException details:
requestID = 7198893010786607204093
<?xml version="1.0" encoding="UTF-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-784755825">
<wsu:Created>2024-07-02T03:01:41.176Z</wsu:Created>
</wsu:Timestamp>
</wsse:Security>
</soap:Header>
<soap:Body>
<soap:Fault xmlns:c="urn:schemas-cybersource-com:transaction-data-1.220" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<faultcode>c:ServerError</faultcode>
<faultstring>
Could not transform to ICS request
</faultstring>
<detail>
<c:faultDetails>
<c:requestID>7198893010786607204093</c:requestID>
</c:faultDetails>
</detail>
</soap:Fault>
</soap:Body>
</soap:Envelope>

Using Cybersource SDK in Multiple Application on same server giving error

We are running two Web Application from a single Tomcat Server. Both applications have dependency on Cybersource SDK for payment processing. Calling cybersource api works from only first application. When 2nd application tries to access the API, we get following error:

com.cybersource.ws.client.ClientException: error constructing MAC: java.security.InvalidAlgorithmParameterException: unknown parameter type. at com.cybersource.ws.client.Client.runTransaction(Client.java:174) ~[cybersource-sdk-java-6.2.6.jar:?] at com.cybersource.ws.client.Client.runTransaction(Client.java:76) ~[cybersource-sdk-java-6.2.6.jar:?]

If we restart server, call second application first, that will work and other application will give error.
We have tried multiple environment as follows, but it still gives error:

  1. JRE 8, Tomcat 8, Cybersource SDK 6.2.4
  2. JRE 10, Tomcat 9, Cybersource SDK 6.2.6

The only workaround right now is to put cybersource SDK jar and all dependent Jar in tomcat library so that classes are loaded by the server class loader. This causes issue of distributing the application that we have, because we have to manage the cybersource related dependencies separately.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.