feat: encryption service integration to support batch encryption and decryption (#5164)

Co-authored-by: dracarys18 <karthikey.hegde@juspay.in> Co-authored-by: hyperswitch-bot[bot] <148525504+hyperswitch-bot[bot]@users.noreply.github.com>
2025-10-31 18:17:13 +08:00 · 2024-07-19 13:08:58 +05:30
parent c698921c41
commit 33298b3808
127 changed files with 4239 additions and 1378 deletions
--- a/crates/router/src/core/pm_auth.rs
+++ b/crates/router/src/core/pm_auth.rs
@ -15,7 +15,7 @@ use common_utils::{
    crypto::{HmacSha256, SignMessage},
    ext_traits::AsyncExt,
    generate_id,
-    types::{self as util_types, AmountConvertor},
+    types::{self as util_types, keymanager::Identifier, AmountConvertor},
 };
 use error_stack::ResultExt;
 use helpers::PaymentAuthConnectorDataExt;
@ -110,7 +110,7 @@ pub async fn create_link_token(
    > = connector.connector.get_connector_integration();

    let payment_intent = oss_helpers::verify_payment_intent_time_and_client_secret(
-        &*state.store,
+        &state,
        &merchant_account,
        &key_store,
        payload.client_secret,
@ -121,7 +121,7 @@ pub async fn create_link_token(
        .as_ref()
        .async_map(|pi| async {
            oss_helpers::get_address_by_id(
-                &*state.store,
+                &state,
                pi.billing_address_id.clone(),
                &key_store,
                &pi.payment_id,
@ -139,6 +139,7 @@ pub async fn create_link_token(
    let merchant_connector_account = state
        .store
        .find_by_merchant_connector_account_merchant_id_merchant_connector_id(
+            &(&state).into(),
            merchant_account.merchant_id.as_str(),
            &selected_config.mca_id,
            &key_store,
@ -234,6 +235,7 @@ pub async fn exchange_token_core(
    let merchant_connector_account = state
        .store
        .find_by_merchant_connector_account_merchant_id_merchant_connector_id(
+            &(&state).into(),
            merchant_account.merchant_id.as_str(),
            &config.mca_id,
            &key_store,
@ -294,6 +296,7 @@ async fn store_bank_details_in_payment_methods(

    let payment_intent = db
        .find_payment_intent_by_payment_id_merchant_id(
+            &(&state).into(),
            &payload.payment_id,
            &merchant_account.merchant_id,
            &key_store,
@ -326,7 +329,9 @@ async fn store_bank_details_in_payment_methods(
    for pm in payment_methods {
        if pm.payment_method == Some(enums::PaymentMethod::BankDebit) {
            let bank_details_pm_data = decrypt::<serde_json::Value, masking::WithType>(
+                &(&state).into(),
                pm.payment_method_data.clone(),
+                Identifier::Merchant(key_store.merchant_id.clone()),
                key,
            )
            .await
@ -433,10 +438,11 @@ async fn store_bank_details_in_payment_methods(
            );

            let payment_method_data = payment_methods::PaymentMethodsData::BankDetails(pmd);
-            let encrypted_data = cards::create_encrypted_data(&key_store, payment_method_data)
-                .await
-                .change_context(ApiErrorResponse::InternalServerError)
-                .attach_printable("Unable to encrypt customer details")?;
+            let encrypted_data =
+                cards::create_encrypted_data(&state, &key_store, payment_method_data)
+                    .await
+                    .change_context(ApiErrorResponse::InternalServerError)
+                    .attach_printable("Unable to encrypt customer details")?;

            let pm_update = storage::PaymentMethodUpdate::PaymentMethodDataUpdate {
                payment_method_data: Some(encrypted_data.into()),
@ -446,7 +452,7 @@ async fn store_bank_details_in_payment_methods(
        } else {
            let payment_method_data = payment_methods::PaymentMethodsData::BankDetails(pmd);
            let encrypted_data =
-                cards::create_encrypted_data(&key_store, Some(payment_method_data))
+                cards::create_encrypted_data(&state, &key_store, Some(payment_method_data))
                    .await
                    .change_context(ApiErrorResponse::InternalServerError)
                    .attach_printable("Unable to encrypt customer details")?;
@ -701,14 +707,19 @@ pub async fn retrieve_payment_method_from_auth_service(
    let connector = PaymentAuthConnectorData::get_connector_by_name(
        auth_token.connector_details.connector.as_str(),
    )?;
-
+    let key_manager_state = &state.into();
    let merchant_account = db
-        .find_merchant_account_by_merchant_id(&payment_intent.merchant_id, key_store)
+        .find_merchant_account_by_merchant_id(
+            key_manager_state,
+            &payment_intent.merchant_id,
+            key_store,
+        )
        .await
        .to_not_found_response(ApiErrorResponse::MerchantAccountNotFound)?;

    let mca = db
        .find_by_merchant_connector_account_merchant_id_merchant_connector_id(
+            key_manager_state,
            &payment_intent.merchant_id,
            &auth_token.connector_details.mca_id,
            key_store,
@ -770,7 +781,7 @@ pub async fn retrieve_payment_method_from_auth_service(
    }

    let address = oss_helpers::get_address_by_id(
-        &*state.store,
+        state,
        payment_intent.billing_address_id.clone(),
        key_store,
        &payment_intent.payment_id,