Feature/mle for response

cybersource-rest-auth-netstandard/AuthenticationSdk/AuthenticationSdk/authentication/jwt/JwtTokenGenerator.cs

@@ -4,16 +4,19 @@
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using AuthenticationSdk.core;
+using Newtonsoft.Json.Linq;
 
 namespace AuthenticationSdk.authentication.jwt
 {
     public class JwtTokenGenerator : ITokenGenerator
     {
         private readonly MerchantConfig _merchantConfig;
         private readonly JwtToken _jwtToken;
+        private readonly bool _isResponseMLEForApi;
 
-        public JwtTokenGenerator(MerchantConfig merchantConfig)
+        public JwtTokenGenerator(MerchantConfig merchantConfig, bool isResponseMLEForApi)
         {
+            _isResponseMLEForApi = isResponseMLEForApi;
             _merchantConfig = merchantConfig;
             _jwtToken = new JwtToken(_merchantConfig);
         }
@@ -54,7 +57,16 @@ private string SetToken()
 
         private string TokenForCategory1()
         {
-            var jwtBody = $"{{ \"iat\":\"{DateTime.Now.ToUniversalTime().ToString("r")}\"}}";
+            JObject claimSetJson = new JObject();
+            claimSetJson["iat"] = DateTime.Now.ToUniversalTime().ToString("r");
+
+            if (_isResponseMLEForApi)
+            {
+                claimSetJson["v-c-response-mle-kid"] = _merchantConfig.ResponseMleKID;
+            }
+
+            String jwtBody = "";
+            jwtBody = claimSetJson.ToString(Newtonsoft.Json.Formatting.None);
 
             var x5Cert = _jwtToken.Certificate;
 
@@ -82,7 +94,18 @@ private string TokenForCategory2()
         {
             var digest = GenerateDigest(_jwtToken.RequestJsonData);
 
-            var jwtBody = $"{{\n            \"digest\":\"{digest}\", \"digestAlgorithm\":\"SHA-256\", \"iat\":\"{DateTime.Now.ToUniversalTime().ToString("r")}\"}}";
+            JObject claimSetJson = new JObject();
+            claimSetJson["digest"] = digest;
+            claimSetJson["digestAlgorithm"] = "SHA-256";
+            claimSetJson["iat"] = DateTime.Now.ToUniversalTime().ToString("r");
+
+            if (_isResponseMLEForApi)
+            {
+                claimSetJson["v-c-response-mle-kid"] = _merchantConfig.ResponseMleKID;
+            }
+
+            String jwtBody = "";
+            jwtBody = claimSetJson.ToString(Newtonsoft.Json.Formatting.None);
 
             var x5Cert = _jwtToken.Certificate;
 
@@ -101,7 +124,6 @@ private string TokenForCategory2()
             };
 
             var token = Jose.JWT.Encode(jwtBody, privateKey, Jose.JwsAlgorithm.RS256, cybsHeaders);
-
             return token;
         }
     }

cybersource-rest-auth-netstandard/AuthenticationSdk/AuthenticationSdk/core/Authorize.cs

@@ -86,7 +86,7 @@ public HttpToken GetSignature()
          * @return a JwtToken object (JWT Bearer Token), 
          * based on the Merchant Configuration passed to the Constructor of Authorize Class
          */
-        public JwtToken GetToken()
+        public JwtToken GetToken(bool isResponseMLEForApi = false)
         {
             try
             {
@@ -101,7 +101,7 @@ public JwtToken GetToken()
                         throw new Exception("Missing or Empty Credentials : MerchantID or KeyAlias or KeyPassphrase");
                     }
 
-                    var tokenObj = (JwtToken)new JwtTokenGenerator(_merchantConfig).GetToken();
+                    var tokenObj = (JwtToken)new JwtTokenGenerator(_merchantConfig, isResponseMLEForApi).GetToken();
 
                     if (_merchantConfig.IsGetRequest || _merchantConfig.IsDeleteRequest)
                     {

cybersource-rest-auth-netstandard/AuthenticationSdk/AuthenticationSdk/util/Cache.cs

@@ -9,6 +9,7 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Runtime.Caching;
+using System.Security;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Text.RegularExpressions;
@@ -35,6 +36,12 @@ private class CertInfo
             public X509Certificate2 MLECertificate { get; set; }
         }
 
+        private class PrivateKeyInfo
+        {
+            public AsymmetricAlgorithm PrivateKey { get; set; }
+            public DateTime Timestamp { get; set; }
+        }
+
         public static X509Certificate2Collection FetchCachedCertificate(string p12FilePath, string keyPassword)
         {
             try
@@ -173,6 +180,57 @@ private static X509Certificate2 GetMLECertBasedOnCacheKey(MerchantConfig merchan
 
         private static void SetupCache(MerchantConfig merchantConfig, string cacheKey, string certificateFilePath)
         {
+            var policy = new CacheItemPolicy();
+            var filePaths = new List<string>();
+            var cachedFilePath = Path.GetFullPath(certificateFilePath);
+            filePaths.Add(cachedFilePath);
+            policy.ChangeMonitors.Add(new HostFileChangeMonitor(filePaths));
+
+            ObjectCache cache = MemoryCache.Default;
+
+            if (cacheKey.EndsWith(Constants.MLE_CACHE_KEY_IDENTIFIER_FOR_RESPONSE_PRIVATE_KEY))
+            {
+                try
+                {
+                    string fileExtension = Path.GetExtension(certificateFilePath)?.TrimStart('.').ToLowerInvariant();
+                    AsymmetricAlgorithm mlePrivateKey = null;
+                    SecureString password = merchantConfig.ResponseMlePrivateKeyFilePassword;
+
+                    // Case 1 - PKCS#12 formats (.p12, .pfx)
+                    if (fileExtension.Equals("p12") || fileExtension.Equals("pfx"))
+                    {
+                        mlePrivateKey = Utility.ReadPrivateKeyFromP12(certificateFilePath, password);
+                    }
+                    // Case 2 - PEM-based formats (.pem, .key, .p8)
+                    else if (fileExtension.Equals("pem") || fileExtension.Equals("key") || fileExtension.Equals("p8"))
+                    {
+                        mlePrivateKey = (AsymmetricAlgorithm) Utility.ExtractPrivateKeyFromFile(certificateFilePath, password);
+                    }
+                    else
+                    {
+                        throw new Exception($"Unsupported Response MLE Private Key file format: {fileExtension}. Supported formats are: .p12, .pfx, .pem, .key, .p8");
+                    }
+
+                    PrivateKeyInfo privateKeyInfo = new PrivateKeyInfo
+                    {
+                        PrivateKey = mlePrivateKey,
+                        Timestamp = File.GetLastWriteTime(certificateFilePath)
+                    };
+
+                    lock (mutex)
+                    {
+                        cache.Set(cacheKey, privateKeyInfo, policy);
+                    }
+                }
+                catch (Exception e)
+                {
+                    logger.Error($"Error loading MLE response private key from: {certificateFilePath}. Error: {e.Message}");
+                    throw new Exception($"Error loading MLE response private key from: {certificateFilePath}. Error: {e.Message}", e);
+                }
+                return;
+            }
+
+            // ... existing code for other cacheKey cases ...
             X509Certificate2 mleCertificate = null;
 
             if (cacheKey.EndsWith(Constants.MLE_CACHE_IDENTIFIER_FOR_CONFIG_CERT))
@@ -181,15 +239,15 @@ private static void SetupCache(MerchantConfig merchantConfig, string cacheKey, s
 
                 try
                 {
-                    mleCertificate = GetCertBasedOnKeyAlias(certificates, merchantConfig.MleKeyAlias);
+                    mleCertificate = GetCertBasedOnKeyAlias(certificates, merchantConfig.RequestMleKeyAlias);
                 }
                 catch (Exception)
                 {
                     if (mleCertificate == null)
                     {
                         // If no certificate found for the specified alias, fall back to first certificate
                         string fileName = Path.GetFileName(certificateFilePath);
-                        logger.Warn($"No certificate found for the specified mleKeyAlias '{merchantConfig.MleKeyAlias}'. Using the first certificate from file {fileName} as the MLE request certificate.");
+                        logger.Warn($"No certificate found for the specified requestMleKeyAlias '{merchantConfig.RequestMleKeyAlias}'. Using the first certificate from file {fileName} as the MLE request certificate.");
                         mleCertificate = certificates[0];
                     }
                 }
@@ -199,13 +257,13 @@ private static void SetupCache(MerchantConfig merchantConfig, string cacheKey, s
             {
                 try
                 {
-                    mleCertificate = GetCertBasedOnKeyAlias(FetchCertificateCollectionFromP12File(merchantConfig.P12Keyfilepath, merchantConfig.KeyPass), merchantConfig.MleKeyAlias);
+                    mleCertificate = GetCertBasedOnKeyAlias(FetchCertificateCollectionFromP12File(merchantConfig.P12Keyfilepath, merchantConfig.KeyPass), merchantConfig.RequestMleKeyAlias);
                 }
                 catch (Exception)
                 {
                     string fileName = Path.GetFileName(merchantConfig.P12Keyfilepath);
-                    logger.Error($"No certificate found for the specified mleKeyAlias '{merchantConfig.MleKeyAlias}' in file {fileName}.");
-                    throw new ArgumentException($"No certificate found for the specified mleKeyAlias '{merchantConfig.MleKeyAlias}' in file {fileName}.");
+                    logger.Error($"No certificate found for the specified requestMleKeyAlias '{merchantConfig.RequestMleKeyAlias}' in file {fileName}.");
+                    throw new ArgumentException($"No certificate found for the specified requestMleKeyAlias '{merchantConfig.RequestMleKeyAlias}' in file {fileName}.");
                 }
             }
 
@@ -215,13 +273,7 @@ private static void SetupCache(MerchantConfig merchantConfig, string cacheKey, s
                 Timestamp = File.GetLastWriteTime(certificateFilePath)
             };
 
-            var policy = new CacheItemPolicy();
-            var filePaths = new List<string>();
-            var cachedFilePath = Path.GetFullPath(certificateFilePath);
-            filePaths.Add(cachedFilePath);
-            policy.ChangeMonitors.Add(new HostFileChangeMonitor(filePaths));
 
-            ObjectCache cache = MemoryCache.Default;
             lock(mutex)
             {
                 cache.Set(cacheKey, certInfo, policy);
@@ -236,5 +288,40 @@ private static X509Certificate2Collection FetchCertificateCollectionFromP12File(
             //return all certs in p12
             return certificates;
         }
+        public static AsymmetricAlgorithm GetMleResponsePrivateKeyFromFilePath(MerchantConfig merchantConfig)
+        {
+            string merchantId = merchantConfig.MerchantId;
+            string identifier = Constants.MLE_CACHE_KEY_IDENTIFIER_FOR_RESPONSE_PRIVATE_KEY;
+            string cacheKey = $"{merchantId}_{identifier}";
+            string mleResponsePrivateKeyFilePath = merchantConfig.ResponseMlePrivateKeyFilePath;
+
+            ObjectCache cache = MemoryCache.Default;
+
+            if (!cache.Contains(cacheKey))
+            {
+                SetupCache(merchantConfig, cacheKey, mleResponsePrivateKeyFilePath);
+            }
+            else
+            {
+                var responseMlePrivateKeyInfo = (PrivateKeyInfo)cache.Get(cacheKey);
+                if (responseMlePrivateKeyInfo == null || responseMlePrivateKeyInfo.Timestamp != File.GetLastWriteTime(mleResponsePrivateKeyFilePath))
+                {
+                    SetupCache(merchantConfig, cacheKey, mleResponsePrivateKeyFilePath);
+                }
+            }
+
+            var cachedResponseMlePrivateKeyInfo = (PrivateKeyInfo)cache.Get(cacheKey);
+
+            try
+            {
+                RSA privateKey = (RSA)cachedResponseMlePrivateKeyInfo.PrivateKey;
+                return cachedResponseMlePrivateKeyInfo.PrivateKey;
+            }
+            catch (Exception ex)
+            {
+                logger.Error($"Error retrieving MLE response private key: {ex.Message}");
+                throw new Exception($"{Constants.ErrorPrefix} Failed to retrieve MLE response private key from cache.", ex);
+            }
+        }
     }
 }

cybersource-rest-auth-netstandard/AuthenticationSdk/AuthenticationSdk/util/Constants.cs

@@ -51,5 +51,16 @@ public static class Constants
         public static readonly string MLE_CACHE_IDENTIFIER_FOR_CONFIG_CERT = "mleCertFromMerchantConfig";
 
         public static readonly string MLE_CACHE_IDENTIFIER_FOR_P12_CERT = "mleCertFromP12";
+
+        public static readonly string MLE_CACHE_KEY_IDENTIFIER_FOR_RESPONSE_PRIVATE_KEY = "mleResponsePrivateKeyFromFile";
+
+        public static readonly string PKCS8_PRIVATE_KEY_HEADER = "-----BEGIN PRIVATE KEY-----";
+
+        public static readonly string PKCS8_ENCRYPTED_PRIVATE_KEY_HEADER = "-----BEGIN ENCRYPTED PRIVATE KEY-----";
+
+        public static readonly string PKCS1_PRIVATE_KEY_HEADER = "-----BEGIN RSA PRIVATE KEY-----";
+
+        public static readonly string PROC_TYPE_ENCRYPTED_HEADER = "Proc-Type: 4,ENCRYPTED";
+
     }
 }