added support for MLE

README.md

@@ -3,7 +3,7 @@
 
 * **Description:**  Cybersource, a Visa solution, is the only global, modular payment management platform built on secure Visa infrastructure with the payment reach and fraud insights of a massive $500B+ global processing network. You can find out more about what Cybersource does [here](https://www.cybersource.com/en-gb.html).
 * **Categories:** Payment Processing, Fraud Detection, Address Validation, Tax Computation
-* **Version:** 24.1.3
+* **Version:** 25.1.0
 * **Compatibility:** <span style="color:red">This version of the Cybersource cartridge is not compatible with versions of SFRA higher than Release 7.0.0. </span>
 This version can be found on the Master branch of the SFRA repository at commit 50ee82face6e0a000f649a51f162e8a3f171531c  [50ee82f] on December , 2024 <span style="color:red">This version is compatible with Salesforce B2C Commerce 22.2 release. <span>
 

cartridges/int_cybersource_sfra/cartridge/scripts/cybersource/libCybersource.js

@@ -193,7 +193,7 @@ function replaceCharsInSessionID(sessionID) {
 var CybersourceHelper = {
 
     getcsReference: function() {
-        var wsdlName = Site.getCurrent().getCustomPreferenceValue('CsP12_Name');
+        var wsdlName = Site.getCurrent().getCustomPreferenceValue('CsKeystore_Name');
         var webref = webreferences2[wsdlName];
         return webref;
     },
@@ -202,12 +202,24 @@ var CybersourceHelper = {
         return Site.getCurrent().getCustomPreferenceValue('CsMerchantId');
     },
 
-    getP12Password: function () {
-        return Site.getCurrent().getCustomPreferenceValue('CsP12_Password');
+    getKeystorePassword: function () {
+        return Site.getCurrent().getCustomPreferenceValue('CsKeystore_Password');
     },
 
-    getP12UserName: function () {
-        return Site.getCurrent().getCustomPreferenceValue('CsP12_UserName');
+    getAliasForSignature: function () {
+        return Site.getCurrent().getCustomPreferenceValue('CsAuth_Alias');
+    },
+
+    isMLEEnabled: function () {
+        return Site.getCurrent().getCustomPreferenceValue('CsMLE_Enabled');
+    },
+
+    getAliasForMLEinJKSfile: function () {
+        return Site.getCurrent().getCustomPreferenceValue('CsJKS_MLEAlias');
+    },
+
+    getKeystoreTypeforAuthentication: function () {
+        return Site.getCurrent().getCustomPreferenceValue('CsAuth_KeystoreType');
     },
 
     getklarnaPrivateKeyAlias: function() {

cartridges/int_cybersource_sfra/cartridge/scripts/init/SoapServiceInit.js

@@ -130,28 +130,53 @@ var CyberSourceTransactionService = LocalServiceRegistry.createService('cybersou
     */
 
     execute: function (svc, parameter) {
+        var WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
         var libCybersource = require('*/cartridge/scripts/cybersource/libCybersource');
         var CybersourceHelper = libCybersource.getCybersourceHelper();
-        var password = CybersourceHelper.getP12Password();
-        var userName = CybersourceHelper.getP12UserName();
+        var passwordOfKeystore = CybersourceHelper.getKeystorePassword();
+        var alisForSignature = CybersourceHelper.getAliasForSignature();
+
+        var aliasForEncryption = CybersourceHelper.getAliasForMLEinJKSfile();
+        var isMLEEnabled = CybersourceHelper.isMLEEnabled();
+        var keystoreTypeforAuthentication = CybersourceHelper.getKeystoreTypeforAuthentication();
 
         var secretsMap = new HashMap();
-        secretsMap.put(userName, password);
+        secretsMap.put(alisForSignature, passwordOfKeystore);
 
         var requestCfg = new HashMap();
-        requestCfg.put(WSUtil.WS_ACTION, WSUtil.WS_TIMESTAMP + " " + WSUtil.WS_SIGNATURE);
 
-        requestCfg.put(WSUtil.WS_SIGNATURE_USER, userName);
+        if (isMLEEnabled) {
+            requestCfg.put(WSUtil.WS_ACTION, WSUtil.WS_TIMESTAMP + " " + WSUtil.WS_SIGNATURE + " " + WSUtil.WS_ENCRYPT);
+              // define enrcryption properties
+              requestCfg.put(WSUtil.WS_ENCRYPTION_USER, aliasForEncryption);
+              requestCfg.put(WSUtil.WS_ENC_PROP_KEYSTORE_TYPE, "jks");
+              requestCfg.put(WSUtil.WS_ENC_PROP_KEYSTORE_PW, passwordOfKeystore);
+              requestCfg.put(WSUtil.WS_ENC_PROP_KEYSTORE_ALIAS, aliasForEncryption);  
+              requestCfg.put(WSUtil.WS_ENC_KEY_ID, WSUtil.KEY_ID_TYPE_X509_KEY_IDENTIFIER);
+
+
+              requestCfg.put(
+                  WSUtil.WS_ENCRYPTION_PARTS,
+                  "{Element}{" +
+                  WSU_NS +
+                  "}Timestamp;" +
+                  "{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body",
+              );
+        }
+        else {
+            requestCfg.put(WSUtil.WS_ACTION, WSUtil.WS_TIMESTAMP + " " + WSUtil.WS_SIGNATURE);
+        }
+        requestCfg.put(WSUtil.WS_SIGNATURE_USER, alisForSignature);
         requestCfg.put(WSUtil.WS_PASSWORD_TYPE, WSUtil.WS_PW_TEXT);
         requestCfg.put(WSUtil.WS_SIG_DIGEST_ALGO, "http://www.w3.org/2001/04/xmlenc#sha256");
 
         // define signature properties
         // the keystore file has the basename of the WSDL file and the 
         // file extension based on the keystore type (for example, HelloWorld.pkcs12).
         // The keystore file has to be placed beside the WSDL file.
-        requestCfg.put(WSUtil.WS_SIG_PROP_KEYSTORE_TYPE, "pkcs12");
-        requestCfg.put(WSUtil.WS_SIG_PROP_KEYSTORE_PW, password);
-        requestCfg.put(WSUtil.WS_SIG_PROP_KEYSTORE_ALIAS, userName);
+        requestCfg.put(WSUtil.WS_SIG_PROP_KEYSTORE_TYPE, keystoreTypeforAuthentication.value.toLowerCase());
+        requestCfg.put(WSUtil.WS_SIG_PROP_KEYSTORE_PW, passwordOfKeystore);
+        requestCfg.put(WSUtil.WS_SIG_PROP_KEYSTORE_ALIAS, alisForSignature);
         requestCfg.put(WSUtil.WS_SIGNATURE_PARTS, "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body");
         requestCfg.put(WSUtil.WS_SIG_KEY_ID, WSUtil.KEY_ID_TYPE_DIRECT_REFERENCE);
 

cartridges/int_cybersource_sfra/cartridge/scripts/utils/CybersourceConstants.js

@@ -14,7 +14,7 @@
 var CybersourceConstants = {};
 
 CybersourceConstants.APPLICATION_NAME = 'Salesforce B2C(SOAP)';
-CybersourceConstants.APPLICATION_VERSION = '24.1.3';
+CybersourceConstants.APPLICATION_VERSION = '25.1.0';
 
 CybersourceConstants.METHOD_ALIPAY = 'ALIPAY';
 CybersourceConstants.METHOD_ALIPAY_returnURLValue = 'alipay';

documentation/markdown/Configure-cartridge.md

@@ -38,9 +38,12 @@ Field | Description
 ------------ | -------------
 Enable Cybersource Cartridge | Enable or disable Cyberdource Cartridge. If disabled none of the Cybersource services are invoked
 Cybersource Merchant ID | Cybersource Merchant ID
-CyberSource p12 Name | Name of the p12 file added in webreferences2 folder.
-CyberSource p12 UserName | friendly name of first certificate extracted from p12 file.
-CyberSource p12 Password | password added while creating p12 file.
+CsKeystore_Name | Name of the keystore file added in webreferences2 folder.
+CsAuth_Alias | 1. If MLE is enabled, then extract the Alias of the client certificate in JKS file for Authentication (<Merchant_ID>) 2. If MLE is disabled and you are choosing to use PKCS12 keystore for Authentication, then extract Friendly name from p12 (run openssl pkcs12 -in CyberSourceTransaction.pkcs12 -info in terminal to extract friendly name of p12 key uploaded in webreferences2 folder.) Use the serialNumber and CN of the friendly name returned. Ex: serialNumber=1690399296411018724102,CN=sfcc_cybs
+CsKeystore_Password | Password of the keystore file
+CsAuth_KeystoreType | Type of keystore for Authentication (PKCS12 or JKS). NOTE: Use only JKS type if MLE is enabled.
+CsMLE_Enabled | Enable or Disable Message-Level Encryption
+CsJKS_MLEAlias | Alias of the certificate in JKS file (cybersource_sjc_us)
 CyberSource Endpoint | Select Test(Test) or Production(Production)
 CyberSource Developer ID | Unique identifier generated by Cybersource for System Integrator
 CyberSource Disable Debug logging | Some trace information will be stored in the impex folder on the server with the order ID as the name.