mirror of
https://github.com/juspay/hyperswitch.git
synced 2025-10-30 17:47:54 +08:00
chore: make client certificate and private key secret across codebase (#4490)
This commit is contained in:
Hrithikesh
@ -3894,8 +3894,10 @@ pub struct PaymentRequestMetadata {
|
|||||||
|
|
||||||
#[derive(Debug, Clone, serde::Serialize, serde::Deserialize, ToSchema)]
|
#[derive(Debug, Clone, serde::Serialize, serde::Deserialize, ToSchema)]
|
||||||
pub struct SessionTokenInfo {
|
pub struct SessionTokenInfo {
|
||||||
pub certificate: String,
|
#[schema(value_type = String)]
|
||||||
pub certificate_keys: String,
|
pub certificate: Secret<String>,
|
||||||
|
#[schema(value_type = String)]
|
||||||
|
pub certificate_keys: Secret<String>,
|
||||||
pub merchant_identifier: String,
|
pub merchant_identifier: String,
|
||||||
pub display_name: String,
|
pub display_name: String,
|
||||||
pub initiative: String,
|
pub initiative: String,
|
||||||
|
|||||||
@ -35,8 +35,8 @@ pub struct Request {
|
|||||||
pub url: String,
|
pub url: String,
|
||||||
pub headers: Headers,
|
pub headers: Headers,
|
||||||
pub method: Method,
|
pub method: Method,
|
||||||
pub certificate: Option<String>,
|
pub certificate: Option<Secret<String>>,
|
||||||
pub certificate_key: Option<String>,
|
pub certificate_key: Option<Secret<String>>,
|
||||||
pub body: Option<RequestContent>,
|
pub body: Option<RequestContent>,
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -96,11 +96,11 @@ impl Request {
|
|||||||
self.headers.insert((String::from(header), value));
|
self.headers.insert((String::from(header), value));
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn add_certificate(&mut self, certificate: Option<String>) {
|
pub fn add_certificate(&mut self, certificate: Option<Secret<String>>) {
|
||||||
self.certificate = certificate;
|
self.certificate = certificate;
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn add_certificate_key(&mut self, certificate_key: Option<String>) {
|
pub fn add_certificate_key(&mut self, certificate_key: Option<Secret<String>>) {
|
||||||
self.certificate = certificate_key;
|
self.certificate = certificate_key;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -110,8 +110,8 @@ pub struct RequestBuilder {
|
|||||||
pub url: String,
|
pub url: String,
|
||||||
pub headers: Headers,
|
pub headers: Headers,
|
||||||
pub method: Method,
|
pub method: Method,
|
||||||
pub certificate: Option<String>,
|
pub certificate: Option<Secret<String>>,
|
||||||
pub certificate_key: Option<String>,
|
pub certificate_key: Option<Secret<String>>,
|
||||||
pub body: Option<RequestContent>,
|
pub body: Option<RequestContent>,
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -157,12 +157,12 @@ impl RequestBuilder {
|
|||||||
self
|
self
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn add_certificate(mut self, certificate: Option<String>) -> Self {
|
pub fn add_certificate(mut self, certificate: Option<Secret<String>>) -> Self {
|
||||||
self.certificate = certificate;
|
self.certificate = certificate;
|
||||||
self
|
self
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn add_certificate_key(mut self, certificate_key: Option<String>) -> Self {
|
pub fn add_certificate_key(mut self, certificate_key: Option<Secret<String>>) -> Self {
|
||||||
self.certificate_key = certificate_key;
|
self.certificate_key = certificate_key;
|
||||||
self
|
self
|
||||||
}
|
}
|
||||||
|
|||||||
@ -5,7 +5,6 @@ use std::fmt::Debug;
|
|||||||
|
|
||||||
use common_utils::{ext_traits::ByteSliceExt, request::RequestContent};
|
use common_utils::{ext_traits::ByteSliceExt, request::RequestContent};
|
||||||
use error_stack::ResultExt;
|
use error_stack::ResultExt;
|
||||||
use masking::ExposeInterface;
|
|
||||||
use transformers as netcetera;
|
use transformers as netcetera;
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
@ -297,8 +296,8 @@ impl
|
|||||||
self, req, connectors,
|
self, req, connectors,
|
||||||
)?,
|
)?,
|
||||||
)
|
)
|
||||||
.add_certificate(Some(netcetera_auth_type.certificate.expose()))
|
.add_certificate(Some(netcetera_auth_type.certificate))
|
||||||
.add_certificate_key(Some(netcetera_auth_type.private_key.expose()))
|
.add_certificate_key(Some(netcetera_auth_type.private_key))
|
||||||
.build(),
|
.build(),
|
||||||
))
|
))
|
||||||
}
|
}
|
||||||
@ -407,8 +406,8 @@ impl
|
|||||||
self, req, connectors,
|
self, req, connectors,
|
||||||
)?,
|
)?,
|
||||||
)
|
)
|
||||||
.add_certificate(Some(netcetera_auth_type.certificate.expose()))
|
.add_certificate(Some(netcetera_auth_type.certificate))
|
||||||
.add_certificate_key(Some(netcetera_auth_type.private_key.expose()))
|
.add_certificate_key(Some(netcetera_auth_type.private_key))
|
||||||
.build(),
|
.build(),
|
||||||
))
|
))
|
||||||
}
|
}
|
||||||
|
|||||||
@ -111,8 +111,8 @@ fn get_applepay_metadata(
|
|||||||
fn build_apple_pay_session_request(
|
fn build_apple_pay_session_request(
|
||||||
state: &routes::AppState,
|
state: &routes::AppState,
|
||||||
request: payment_types::ApplepaySessionRequest,
|
request: payment_types::ApplepaySessionRequest,
|
||||||
apple_pay_merchant_cert: String,
|
apple_pay_merchant_cert: masking::Secret<String>,
|
||||||
apple_pay_merchant_cert_key: String,
|
apple_pay_merchant_cert_key: masking::Secret<String>,
|
||||||
) -> RouterResult<services::Request> {
|
) -> RouterResult<services::Request> {
|
||||||
let mut url = state.conf.connectors.applepay.base_url.to_owned();
|
let mut url = state.conf.connectors.applepay.base_url.to_owned();
|
||||||
url.push_str("paymentservices/paymentSession");
|
url.push_str("paymentservices/paymentSession");
|
||||||
@ -188,16 +188,14 @@ async fn create_applepay_session_token(
|
|||||||
.applepay_decrypt_keys
|
.applepay_decrypt_keys
|
||||||
.get_inner()
|
.get_inner()
|
||||||
.apple_pay_merchant_cert
|
.apple_pay_merchant_cert
|
||||||
.clone()
|
.clone();
|
||||||
.expose();
|
|
||||||
|
|
||||||
let apple_pay_merchant_cert_key = state
|
let apple_pay_merchant_cert_key = state
|
||||||
.conf
|
.conf
|
||||||
.applepay_decrypt_keys
|
.applepay_decrypt_keys
|
||||||
.get_inner()
|
.get_inner()
|
||||||
.apple_pay_merchant_cert_key
|
.apple_pay_merchant_cert_key
|
||||||
.clone()
|
.clone();
|
||||||
.expose();
|
|
||||||
|
|
||||||
(
|
(
|
||||||
payment_request_data,
|
payment_request_data,
|
||||||
|
|||||||
@ -66,15 +66,15 @@ use crate::{
|
|||||||
};
|
};
|
||||||
|
|
||||||
pub fn create_identity_from_certificate_and_key(
|
pub fn create_identity_from_certificate_and_key(
|
||||||
encoded_certificate: String,
|
encoded_certificate: masking::Secret<String>,
|
||||||
encoded_certificate_key: String,
|
encoded_certificate_key: masking::Secret<String>,
|
||||||
) -> Result<reqwest::Identity, error_stack::Report<errors::ApiClientError>> {
|
) -> Result<reqwest::Identity, error_stack::Report<errors::ApiClientError>> {
|
||||||
let decoded_certificate = BASE64_ENGINE
|
let decoded_certificate = BASE64_ENGINE
|
||||||
.decode(encoded_certificate)
|
.decode(encoded_certificate.expose())
|
||||||
.change_context(errors::ApiClientError::CertificateDecodeFailed)?;
|
.change_context(errors::ApiClientError::CertificateDecodeFailed)?;
|
||||||
|
|
||||||
let decoded_certificate_key = BASE64_ENGINE
|
let decoded_certificate_key = BASE64_ENGINE
|
||||||
.decode(encoded_certificate_key)
|
.decode(encoded_certificate_key.expose())
|
||||||
.change_context(errors::ApiClientError::CertificateDecodeFailed)?;
|
.change_context(errors::ApiClientError::CertificateDecodeFailed)?;
|
||||||
|
|
||||||
let certificate = String::from_utf8(decoded_certificate)
|
let certificate = String::from_utf8(decoded_certificate)
|
||||||
|
|||||||
@ -22,8 +22,8 @@ pub async fn verify_merchant_creds_for_applepay(
|
|||||||
.common_merchant_identifier
|
.common_merchant_identifier
|
||||||
.clone()
|
.clone()
|
||||||
.expose();
|
.expose();
|
||||||
let cert_data = applepay_merchant_configs.merchant_cert.clone().expose();
|
let cert_data = applepay_merchant_configs.merchant_cert.clone();
|
||||||
let key_data = applepay_merchant_configs.merchant_cert_key.clone().expose();
|
let key_data = applepay_merchant_configs.merchant_cert_key.clone();
|
||||||
let applepay_endpoint = &applepay_merchant_configs.applepay_endpoint;
|
let applepay_endpoint = &applepay_merchant_configs.applepay_endpoint;
|
||||||
|
|
||||||
let request_body = verifications::ApplepayMerchantVerificationConfigs {
|
let request_body = verifications::ApplepayMerchantVerificationConfigs {
|
||||||
|
|||||||
@ -83,8 +83,8 @@ fn get_base_client(
|
|||||||
pub(super) fn create_client(
|
pub(super) fn create_client(
|
||||||
proxy_config: &Proxy,
|
proxy_config: &Proxy,
|
||||||
should_bypass_proxy: bool,
|
should_bypass_proxy: bool,
|
||||||
client_certificate: Option<String>,
|
client_certificate: Option<masking::Secret<String>>,
|
||||||
client_certificate_key: Option<String>,
|
client_certificate_key: Option<masking::Secret<String>>,
|
||||||
) -> CustomResult<reqwest::Client, ApiClientError> {
|
) -> CustomResult<reqwest::Client, ApiClientError> {
|
||||||
match (client_certificate, client_certificate_key) {
|
match (client_certificate, client_certificate_key) {
|
||||||
(Some(encoded_certificate), Some(encoded_certificate_key)) => {
|
(Some(encoded_certificate), Some(encoded_certificate_key)) => {
|
||||||
@ -154,8 +154,8 @@ where
|
|||||||
&self,
|
&self,
|
||||||
method: Method,
|
method: Method,
|
||||||
url: String,
|
url: String,
|
||||||
certificate: Option<String>,
|
certificate: Option<masking::Secret<String>>,
|
||||||
certificate_key: Option<String>,
|
certificate_key: Option<masking::Secret<String>>,
|
||||||
) -> CustomResult<Box<dyn RequestBuilder>, ApiClientError>;
|
) -> CustomResult<Box<dyn RequestBuilder>, ApiClientError>;
|
||||||
|
|
||||||
async fn send_request(
|
async fn send_request(
|
||||||
@ -223,8 +223,8 @@ impl ProxyClient {
|
|||||||
pub fn get_reqwest_client(
|
pub fn get_reqwest_client(
|
||||||
&self,
|
&self,
|
||||||
base_url: String,
|
base_url: String,
|
||||||
client_certificate: Option<String>,
|
client_certificate: Option<masking::Secret<String>>,
|
||||||
client_certificate_key: Option<String>,
|
client_certificate_key: Option<masking::Secret<String>>,
|
||||||
) -> CustomResult<reqwest::Client, ApiClientError> {
|
) -> CustomResult<reqwest::Client, ApiClientError> {
|
||||||
match (client_certificate, client_certificate_key) {
|
match (client_certificate, client_certificate_key) {
|
||||||
(Some(certificate), Some(certificate_key)) => {
|
(Some(certificate), Some(certificate_key)) => {
|
||||||
@ -323,8 +323,8 @@ impl ApiClient for ProxyClient {
|
|||||||
&self,
|
&self,
|
||||||
method: Method,
|
method: Method,
|
||||||
url: String,
|
url: String,
|
||||||
certificate: Option<String>,
|
certificate: Option<masking::Secret<String>>,
|
||||||
certificate_key: Option<String>,
|
certificate_key: Option<masking::Secret<String>>,
|
||||||
) -> CustomResult<Box<dyn RequestBuilder>, ApiClientError> {
|
) -> CustomResult<Box<dyn RequestBuilder>, ApiClientError> {
|
||||||
let client_builder = self
|
let client_builder = self
|
||||||
.get_reqwest_client(url.clone(), certificate, certificate_key)
|
.get_reqwest_client(url.clone(), certificate, certificate_key)
|
||||||
@ -378,8 +378,8 @@ impl ApiClient for MockApiClient {
|
|||||||
&self,
|
&self,
|
||||||
_method: Method,
|
_method: Method,
|
||||||
_url: String,
|
_url: String,
|
||||||
_certificate: Option<String>,
|
_certificate: Option<masking::Secret<String>>,
|
||||||
_certificate_key: Option<String>,
|
_certificate_key: Option<masking::Secret<String>>,
|
||||||
) -> CustomResult<Box<dyn RequestBuilder>, ApiClientError> {
|
) -> CustomResult<Box<dyn RequestBuilder>, ApiClientError> {
|
||||||
// [#2066]: Add Mock implementation for ApiClient
|
// [#2066]: Add Mock implementation for ApiClient
|
||||||
Err(ApiClientError::UnexpectedState.into())
|
Err(ApiClientError::UnexpectedState.into())
|
||||||
|
|||||||
Reference in New Issue
Block a user