rust/hyperswitch
1
0
Fork 0
mirror of https://github.com/juspay/hyperswitch.git synced 2025-10-30 01:27:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: make client certificate and private key secret across codebase (#4490)

Browse Source
This commit is contained in:
Hrithikesh
2024-05-01 16:10:02 +05:30
committed by GitHub
parent 8f0d4d4191
commit dd7b10a8bd
7 changed files with 36 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
crates/api_models/src/payments.rs
View File

@ -3894,8 +3894,10 @@ pub struct PaymentRequestMetadata {
#[derive(Debug, Clone, serde::Serialize, serde::Deserialize, ToSchema)]
pub struct SessionTokenInfo {
pub certificate: String,
pub certificate_keys: String,
#[schema(value_type = String)]
pub certificate: Secret<String>,
#[schema(value_type = String)]
pub certificate_keys: Secret<String>,
pub merchant_identifier: String,
pub display_name: String,
pub initiative: String,

16
crates/common_utils/src/request.rs
View File

@ -35,8 +35,8 @@ pub struct Request {
pub url: String,
pub headers: Headers,
pub method: Method,
pub certificate: Option<String>,
pub certificate_key: Option<String>,
pub certificate: Option<Secret<String>>,
pub certificate_key: Option<Secret<String>>,
pub body: Option<RequestContent>,
}
@ -96,11 +96,11 @@ impl Request {
self.headers.insert((String::from(header), value));
}
pub fn add_certificate(&mut self, certificate: Option<String>) {
pub fn add_certificate(&mut self, certificate: Option<Secret<String>>) {
self.certificate = certificate;
}
pub fn add_certificate_key(&mut self, certificate_key: Option<String>) {
pub fn add_certificate_key(&mut self, certificate_key: Option<Secret<String>>) {
self.certificate = certificate_key;
}
}
@ -110,8 +110,8 @@ pub struct RequestBuilder {
pub url: String,
pub headers: Headers,
pub method: Method,
pub certificate: Option<String>,
pub certificate_key: Option<String>,
pub certificate: Option<Secret<String>>,
pub certificate_key: Option<Secret<String>>,
pub body: Option<RequestContent>,
}
@ -157,12 +157,12 @@ impl RequestBuilder {
self
}
pub fn add_certificate(mut self, certificate: Option<String>) -> Self {
pub fn add_certificate(mut self, certificate: Option<Secret<String>>) -> Self {
self.certificate = certificate;
self
}
pub fn add_certificate_key(mut self, certificate_key: Option<String>) -> Self {
pub fn add_certificate_key(mut self, certificate_key: Option<Secret<String>>) -> Self {
self.certificate_key = certificate_key;
self
}

9
crates/router/src/connector/netcetera.rs
View File

@ -5,7 +5,6 @@ use std::fmt::Debug;
use common_utils::{ext_traits::ByteSliceExt, request::RequestContent};
use error_stack::ResultExt;
use masking::ExposeInterface;
use transformers as netcetera;
use crate::{
@ -297,8 +296,8 @@ impl
self, req, connectors,
)?,
)
.add_certificate(Some(netcetera_auth_type.certificate.expose()))
.add_certificate_key(Some(netcetera_auth_type.private_key.expose()))
.add_certificate(Some(netcetera_auth_type.certificate))
.add_certificate_key(Some(netcetera_auth_type.private_key))
.build(),
))
}
@ -407,8 +406,8 @@ impl
self, req, connectors,
)?,
)
.add_certificate(Some(netcetera_auth_type.certificate.expose()))
.add_certificate_key(Some(netcetera_auth_type.private_key.expose()))
.add_certificate(Some(netcetera_auth_type.certificate))
.add_certificate_key(Some(netcetera_auth_type.private_key))
.build(),
))
}

10
crates/router/src/core/payments/flows/session_flow.rs
View File

@ -111,8 +111,8 @@ fn get_applepay_metadata(
fn build_apple_pay_session_request(
state: &routes::AppState,
request: payment_types::ApplepaySessionRequest,
apple_pay_merchant_cert: String,
apple_pay_merchant_cert_key: String,
apple_pay_merchant_cert: masking::Secret<String>,
apple_pay_merchant_cert_key: masking::Secret<String>,
) -> RouterResult<services::Request> {
let mut url = state.conf.connectors.applepay.base_url.to_owned();
url.push_str("paymentservices/paymentSession");
@ -188,16 +188,14 @@ async fn create_applepay_session_token(
.applepay_decrypt_keys
.get_inner()
.apple_pay_merchant_cert
.clone()
.expose();
.clone();
let apple_pay_merchant_cert_key = state
.conf
.applepay_decrypt_keys
.get_inner()
.apple_pay_merchant_cert_key
.clone()
.expose();
.clone();
(
payment_request_data,

8
crates/router/src/core/payments/helpers.rs
View File

@ -66,15 +66,15 @@ use crate::{
};
pub fn create_identity_from_certificate_and_key(
encoded_certificate: String,
encoded_certificate_key: String,
encoded_certificate: masking::Secret<String>,
encoded_certificate_key: masking::Secret<String>,
) -> Result<reqwest::Identity, error_stack::Report<errors::ApiClientError>> {
let decoded_certificate = BASE64_ENGINE
.decode(encoded_certificate)
.decode(encoded_certificate.expose())
.change_context(errors::ApiClientError::CertificateDecodeFailed)?;
let decoded_certificate_key = BASE64_ENGINE
.decode(encoded_certificate_key)
.decode(encoded_certificate_key.expose())
.change_context(errors::ApiClientError::CertificateDecodeFailed)?;
let certificate = String::from_utf8(decoded_certificate)

4
crates/router/src/core/verification.rs
View File

@ -22,8 +22,8 @@ pub async fn verify_merchant_creds_for_applepay(
.common_merchant_identifier
.clone()
.expose();
let cert_data = applepay_merchant_configs.merchant_cert.clone().expose();
let key_data = applepay_merchant_configs.merchant_cert_key.clone().expose();
let cert_data = applepay_merchant_configs.merchant_cert.clone();
let key_data = applepay_merchant_configs.merchant_cert_key.clone();
let applepay_endpoint = &applepay_merchant_configs.applepay_endpoint;
let request_body = verifications::ApplepayMerchantVerificationConfigs {

20
crates/router/src/services/api/client.rs
View File

@ -83,8 +83,8 @@ fn get_base_client(
pub(super) fn create_client(
proxy_config: &Proxy,
should_bypass_proxy: bool,
client_certificate: Option<String>,
client_certificate_key: Option<String>,
client_certificate: Option<masking::Secret<String>>,
client_certificate_key: Option<masking::Secret<String>>,
) -> CustomResult<reqwest::Client, ApiClientError> {
match (client_certificate, client_certificate_key) {
(Some(encoded_certificate), Some(encoded_certificate_key)) => {
@ -154,8 +154,8 @@ where
&self,
method: Method,
url: String,
certificate: Option<String>,
certificate_key: Option<String>,
certificate: Option<masking::Secret<String>>,
certificate_key: Option<masking::Secret<String>>,
) -> CustomResult<Box<dyn RequestBuilder>, ApiClientError>;
async fn send_request(
@ -223,8 +223,8 @@ impl ProxyClient {
pub fn get_reqwest_client(
&self,
base_url: String,
client_certificate: Option<String>,
client_certificate_key: Option<String>,
client_certificate: Option<masking::Secret<String>>,
client_certificate_key: Option<masking::Secret<String>>,
) -> CustomResult<reqwest::Client, ApiClientError> {
match (client_certificate, client_certificate_key) {
(Some(certificate), Some(certificate_key)) => {
@ -323,8 +323,8 @@ impl ApiClient for ProxyClient {
&self,
method: Method,
url: String,
certificate: Option<String>,
certificate_key: Option<String>,
certificate: Option<masking::Secret<String>>,
certificate_key: Option<masking::Secret<String>>,
) -> CustomResult<Box<dyn RequestBuilder>, ApiClientError> {
let client_builder = self
.get_reqwest_client(url.clone(), certificate, certificate_key)
@ -378,8 +378,8 @@ impl ApiClient for MockApiClient {
&self,
_method: Method,
_url: String,
_certificate: Option<String>,
_certificate_key: Option<String>,
_certificate: Option<masking::Secret<String>>,
_certificate_key: Option<masking::Secret<String>>,
) -> CustomResult<Box<dyn RequestBuilder>, ApiClientError> {
// [#2066]: Add Mock implementation for ApiClient
Err(ApiClientError::UnexpectedState.into())