Merge pull request #34 from CyberSource/future

Future

Author: shamirwasia

CyberSource/Base/Properties/AssemblyInfo.cs

@@ -31,5 +31,5 @@
 //
 // You can specify all the values or you can default the Revision and Build Numbers 
 // by using the '*' as shown below:
-[assembly: AssemblyVersion("1.0.0")]
-[assembly: AssemblyFileVersion("1.0.0")]
+[assembly: AssemblyVersion("1.4.0")]
+[assembly: AssemblyFileVersion("1.4.0")]

CyberSource/Client/BaseClient.cs

@@ -4,6 +4,7 @@
 using System.ServiceModel;
 using System.Xml.Serialization;
 using System.ServiceModel.Channels;
+using System.ServiceModel.Security.Tokens;
 
 namespace CyberSource.Clients
 {
@@ -15,7 +16,7 @@ public abstract class BaseClient
         /// <summary>
         /// Version of this client.
         /// </summary>
-        public const string CLIENT_LIBRARY_VERSION = "1.0.1";
+        public const string CLIENT_LIBRARY_VERSION = "1.4.0";
 
         /// <summary>
         /// Proxy object that is initialized during start-up, if needed.
@@ -40,6 +41,9 @@ public abstract class BaseClient
         private const string PROXY_PASSWORD = "proxyPassword";
         private const string BASIC_AUTH = "Basic";
 
+        public const string CYBERSOURCE_PUBLIC_KEY = "CyberSource_SJC_US";
+        public const string X509_CLAIMTYPE = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishedname";
+
 		static BaseClient()
 		{
 			SetupProxy();
@@ -211,6 +215,12 @@ int boolVal
                 = AppSettings.GetIntSetting(
                     merchantID, Configuration.CONNECTION_LIMIT);
 
+            // Encryption enable flag
+            boolVal
+               = AppSettings.GetBoolSetting(
+                   merchantID, Configuration.USE_SIGNED_AND_ENCRYPTED);
+            if (boolVal != -1) config.UseSignedAndEncrypted = (boolVal == 1);
+
             return (config);
         }
 
@@ -303,7 +313,7 @@ protected static void SetConnectionLimit(Configuration config)
         /// Returns a custom wcf binding that will create a SOAP request 
         /// compatible with the Simple Order API Service
         /// </summary>
-        protected static CustomBinding getWCFCustomBinding()
+        protected static CustomBinding getWCFCustomBinding(Configuration config)
         {
             //Setup custom binding with HTTPS + Body Signing 
             CustomBinding currentBinding = new CustomBinding();
@@ -315,6 +325,15 @@ protected static CustomBinding getWCFCustomBinding()
             asec.EnableUnsecuredResponse = true;
             asec.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
 
+            if (config.UseSignedAndEncrypted)
+            {
+                asec.LocalClientSettings.IdentityVerifier = new CustomeIdentityVerifier();
+                asec.RecipientTokenParameters = new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.Once };
+                asec.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.SignBeforeEncrypt;
+                asec.EndpointSupportingTokenParameters.SignedEncrypted.Add(new System.ServiceModel.Security.Tokens.X509SecurityTokenParameters());
+                asec.SetKeyDerivation(false);
+            }
+
             //Use custom encoder to strip unsigned timestamp in response
             CustomTextMessageBindingElement textBindingElement = new CustomTextMessageBindingElement();
 

CyberSource/Client/Configuration.cs

@@ -27,6 +27,7 @@ public class Configuration
         internal const string CONNECTION_LIMIT = "connectionLimit";
         internal const string SEND_TO_AKAMAI = "sendToAkamai";
         internal const string EFFECTIVE_SERVER_URL = "effectiveServerURL";
+        internal const string USE_SIGNED_AND_ENCRYPTED = "useSignAndEncrypted";
 
         /// <summary>
         /// Default log file name.
@@ -68,6 +69,7 @@ public class Configuration
         private bool demo = false;
         private bool sendToAkamai = true;
         private int connectionLimit = -1;
+        private bool useSignedAndEncrypted = false;
 
         private bool isSendToProductionSet = false;
 
@@ -406,5 +408,11 @@ private void CheckMerchantID()
                     "CONFIGURATION OR CODE BUG:  merchantID is missing!");
             }
         }
+
+        public bool UseSignedAndEncrypted
+        {
+            get { return useSignedAndEncrypted; }
+            set { useSignedAndEncrypted = value; }
+        }
     }
 }

CyberSource/Client/CustomeIdentityVerifier.cs

@@ -0,0 +1,54 @@
+using System;
+using System.Collections.Generic;
+using System.IdentityModel.Claims;
+using System.IdentityModel.Policy;
+using System.Linq;
+using System.Security.Cryptography.X509Certificates;
+using System.ServiceModel;
+using System.ServiceModel.Security;
+using System.Text;
+
+namespace CyberSource.Clients
+{
+    class CustomeIdentityVerifier : IdentityVerifier
+    {
+        IdentityVerifier defaultVerifier;
+
+        public CustomeIdentityVerifier()
+        {
+            this.defaultVerifier = CustomeIdentityVerifier.CreateDefault();
+        }
+
+        public override bool CheckAccess(EndpointIdentity identity,
+            AuthorizationContext authContext)
+        {
+            bool returnvalue = false;
+            foreach (ClaimSet claimset in authContext.ClaimSets)
+            {
+                foreach (Claim claim in claimset)
+                {
+                    if (claim.ClaimType == BaseClient.X509_CLAIMTYPE)
+                    {
+                        X500DistinguishedName name = (X500DistinguishedName)claim.Resource;
+                        if (name.Name.Contains(BaseClient.CYBERSOURCE_PUBLIC_KEY))
+                        {
+                            returnvalue = true;
+                            break;
+                        }
+                    }
+                }
+
+            }
+            // The following implementation is for demonstration only, and
+            // does not perform any checks regarding EndpointIdentity.
+            // Do not use this for production code.
+            return returnvalue;
+        }
+
+        public override bool TryGetIdentity(EndpointAddress reference,
+            out EndpointIdentity identity)
+        {
+            return this.defaultVerifier.TryGetIdentity(reference, out identity);
+        }
+    }
+}

CyberSource/Client/CyberSourceClients.csproj

@@ -97,6 +97,7 @@
   <ItemGroup>
     <Reference Include="System" />
     <Reference Include="System.Configuration" />
+    <Reference Include="System.IdentityModel" />
     <Reference Include="System.Runtime.Serialization" />
     <Reference Include="System.Security" />
     <Reference Include="System.ServiceModel" />
@@ -106,6 +107,7 @@
     <Compile Include="AppSettings.cs" />
     <Compile Include="BaseClient.cs" />
     <Compile Include="Configuration.cs" />
+    <Compile Include="CustomeIdentityVerifier.cs" />
     <Compile Include="CustomTextMessageEncoder.cs" />
     <Compile Include="CustomTextMessageEncoderFactory.cs" />
     <Compile Include="CustomTextMessageEncodingBindingElement.cs" />

CyberSource/Client/NVPClient.cs

@@ -61,18 +61,18 @@ public static Hashtable RunTransaction(
                 SetConnectionLimit(config);
 
                 //Setup custom binding with HTTPS + Body Signing 
-                CustomBinding currentBinding = getWCFCustomBinding();
+                CustomBinding currentBinding = getWCFCustomBinding(config);
 
                 //Setup endpoint Address with dns identity
                 AddressHeaderCollection headers = new AddressHeaderCollection();
                 EndpointAddress endpointAddress = new EndpointAddress(new Uri(config.EffectiveServerURL), EndpointIdentity.CreateDnsIdentity(config.EffectivePassword), headers);
 
                 //Get instance of service
                 using (proc = new NVPTransactionProcessorClient(currentBinding, endpointAddress))
-                {
-
-                    //Set protection level to sign only
-                    proc.Endpoint.Contract.ProtectionLevel = System.Net.Security.ProtectionLevel.Sign;
+                {
+
+                    //Set protection level to sign
+                        proc.Endpoint.Contract.ProtectionLevel = System.Net.Security.ProtectionLevel.Sign;
 
                     // set the timeout
                     TimeSpan timeOut = new TimeSpan(0, 0, 0, config.Timeout, 0);
@@ -96,6 +96,21 @@ public static Hashtable RunTransaction(
                             proc.ClientCredentials.ServiceCertificate.DefaultCertificate = cert1;
                             break;
                         }
+                    }
+
+                    if (config.UseSignedAndEncrypted)
+                    {
+                        foreach (X509Certificate2 cert2 in collection)
+                        {
+                            //Console.WriteLine(cert1.Subject);
+                            if (cert2.Subject.Contains(CYBERSOURCE_PUBLIC_KEY))
+                            {
+                                //Set protection level to sign & encrypt only
+                                proc.Endpoint.Contract.ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign;
+                                proc.ClientCredentials.ServiceCertificate.DefaultCertificate = cert2;
+                                break;
+                            }
+                        }
                     }
 
                     if (logger != null)
@@ -207,7 +222,7 @@ private static void SetVersionInformation(Hashtable request)
             request["clientLibrary"] = ".NET NVP";
             request["clientLibraryVersion"] = CLIENT_LIBRARY_VERSION;
             request["clientEnvironment"] = mEnvironmentInfo;
-            request["clientSecurityLibraryVersion"] =".Net 1.0.0";
+            request["clientSecurityLibraryVersion"] =".Net 1.4.0";
         }
     }
 }

CyberSource/Client/Properties/AssemblyInfo.cs

@@ -31,5 +31,5 @@
 //
 // You can specify all the values or you can default the Revision and Build Numbers 
 // by using the '*' as shown below:
-[assembly: AssemblyVersion("1.0.0")]
-[assembly: AssemblyFileVersion("1.0.0")]
+[assembly: AssemblyVersion("1.4.0")]
+[assembly: AssemblyFileVersion("1.4.0")]

CyberSource/Client/SoapClient.cs

@@ -58,10 +58,10 @@ public static ReplyMessage RunTransaction(
                 DetermineEffectiveMerchantID(ref config, requestMessage);
                 SetVersionInformation(requestMessage);
                 logger = PrepareLog(config);
-                SetConnectionLimit(config);
-
-
-                CustomBinding currentBinding = getWCFCustomBinding();
+                SetConnectionLimit(config);
+
+
+                CustomBinding currentBinding = getWCFCustomBinding(config);
 
 
                 //Setup endpoint Address with dns identity
@@ -71,7 +71,7 @@ public static ReplyMessage RunTransaction(
                 //Get instance of service
                 using( proc = new TransactionProcessorClient(currentBinding, endpointAddress)){
 
-                    //Set protection level to sign only
+                    //Set protection level to sign & encrypt only
                     proc.Endpoint.Contract.ProtectionLevel = System.Net.Security.ProtectionLevel.Sign;
 
                     // set the timeout
@@ -96,6 +96,21 @@ public static ReplyMessage RunTransaction(
                             proc.ClientCredentials.ServiceCertificate.DefaultCertificate = cert1;
                             break;
                         }
+                    }
+
+                    if (config.UseSignedAndEncrypted)
+                    {
+                        foreach (X509Certificate2 cert2 in collection)
+                        {
+                            //Console.WriteLine(cert1.Subject);
+                            if (cert2.Subject.Contains(CYBERSOURCE_PUBLIC_KEY))
+                            {
+                                //Set protection level to sign & encrypt only
+                                proc.Endpoint.Contract.ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign;
+                                proc.ClientCredentials.ServiceCertificate.DefaultCertificate = cert2;
+                                break;
+                            }
+                        }
                     }
 
                     // send request now
@@ -200,7 +215,7 @@ private static void SetVersionInformation(
 			requestMessage.clientLibrary = ".NET Soap";
 			requestMessage.clientLibraryVersion = CLIENT_LIBRARY_VERSION;
 			requestMessage.clientEnvironment = mEnvironmentInfo;
-			requestMessage.clientSecurityLibraryVersion =".Net 1.0.0";
+			requestMessage.clientSecurityLibraryVersion =".Net 1.4.0";
 		}
 	}
 }