Class: MLEUtility

Inherits:
Object
  • Object
show all
Defined in:
lib/AuthenticationSDK/util/MLEUtility.rb

Class Method Summary collapse

Class Method Details

.check_is_mle_for_API(merchant_config, inbound_mle_status, operation_ids) ⇒ Object 



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/AuthenticationSDK/util/MLEUtility.rb', line 8

def self.check_is_mle_for_API(merchant_config, inbound_mle_status, operation_ids)
  is_mle_for_api = false

  if inbound_mle_status&.casecmp('optional') == 0 && merchant_config.enableRequestMLEForOptionalApisGlobally
    is_mle_for_api = true
  end

  if inbound_mle_status&.casecmp('mandatory') == 0
    is_mle_for_api = !merchant_config.disableRequestMLEForMandatoryApisGlobally
  end

  if merchant_config.mapToControlMLEonAPI && operation_ids
    operation_ids.each do |operation_id|
      if merchant_config.mapToControlMLEonAPI.key?(operation_id)
        is_mle_for_api = merchant_config.mapToControlMLEonAPI[operation_id]
        break
      end
    end
  end
  is_mle_for_api
end

.create_request_payload(compact_jwe) ⇒ Object 



86
87
88
 
# File 'lib/AuthenticationSDK/util/MLEUtility.rb', line 86

def self.create_request_payload(compact_jwe)
  "{ \"encryptedRequest\": \"#{compact_jwe}\" }"
end

.encrypt_request_payload(merchantConfig, requestBody) ⇒ Object 



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
# File 'lib/AuthenticationSDK/util/MLEUtility.rb', line 30

def self.encrypt_request_payload(merchantConfig, requestBody)
  return nil if requestBody.nil?
  return requestBody if requestBody == '{}'

  @log_obj ||= Log.new(merchantConfig.log_config, 'MLEUtility')

  @log_obj.logger.info('Encrypting request payload')
  @log_obj.logger.debug('LOG_REQUEST_BEFORE_MLE: ' + requestBody)

  mleCertificate = Cache.new.getRequestMLECertificateFromCache(merchantConfig)

  if mleCertificate.nil? && Constants::AUTH_TYPE_HTTP.downcase == merchantConfig.authenticationType.downcase
    @log_obj.logger.debug("The certificate to use for MLE for requests is not provided in the merchant configuration. Please ensure that the certificate path is provided.")
    @log_obj.logger.debug("Currently, MLE for requests using HTTP Signature as authentication is not supported by Cybersource. By default, the SDK will fall back to non-encrypted requests.")
    return requestBody
  end

  begin
    serial_number = extract_serial_number_from_certificate(mleCertificate)
    if serial_number.nil?
      @log_obj.logger.error('Serial number not found in certificate for MLE')
      raise StandardError.new('Serial number not found in MLE certificate')
    end

    jwk = JOSE::JWK.from_key(mleCertificate.public_key)
    if jwk.nil?
      @log_obj.logger.error('Failed to create JWK object from public key')
      raise StandardError.new('Failed to create JWK object from public key')
    end
    headers = {
      'alg' => 'RSA-OAEP-256',
      'enc'  => 'A256GCM',
      'typ' => 'JWT',
      'kid' => serial_number,
      'iat' => Time.now.to_i
    }
    jwe = JOSE::JWE.block_encrypt(jwk, requestBody, headers)

    compact_jwe = jwe.compact
    mle_request_body = create_request_payload(compact_jwe)
    @log_obj.logger.debug('LOG_REQUEST_AFTER_MLE: ' + mle_request_body)
    return mle_request_body
  rescue StandardError => e
    @log_obj.logger.error("An error occurred during encryption: #{e.message}")
    raise e
  end
end

.extract_serial_number_from_certificate(certificate) ⇒ Object 



78
79
80
81
82
83
84
 
# File 'lib/AuthenticationSDK/util/MLEUtility.rb', line 78

def self.extract_serial_number_from_certificate(certificate)
  return nil if certificate.subject.to_s.empty? && certificate.issuer.to_s.empty?
  certificate.subject.to_a.each do |attribute|
    return attribute[1] if attribute[0].include?('serialNumber')
  end
  certificate.serial.nil? ? nil : certificate.serial.to_s
end