From cc98303d9b037f5785693261374fb67286571e86 Mon Sep 17 00:00:00 2001 From: gnongsie Date: Fri, 8 Mar 2024 12:24:36 +0530 Subject: [PATCH 1/3] Added fix to account for custom password for the p12 file --- CyberSource/Client/NVPClient.cs | 2 +- CyberSource/Client/SoapClient.cs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CyberSource/Client/NVPClient.cs b/CyberSource/Client/NVPClient.cs index e10394d..59a8c5a 100644 --- a/CyberSource/Client/NVPClient.cs +++ b/CyberSource/Client/NVPClient.cs @@ -65,7 +65,7 @@ public static Hashtable RunTransaction( //Setup endpoint Address with dns identity AddressHeaderCollection headers = new AddressHeaderCollection(); - EndpointAddress endpointAddress = new EndpointAddress(new Uri(config.EffectiveServerURL), EndpointIdentity.CreateDnsIdentity(config.EffectivePassword), headers); + EndpointAddress endpointAddress = new EndpointAddress(new Uri(config.EffectiveServerURL), EndpointIdentity.CreateDnsIdentity(config.MerchantID), headers); //Get instance of service using (proc = new NVPTransactionProcessorClient(currentBinding, endpointAddress)) diff --git a/CyberSource/Client/SoapClient.cs b/CyberSource/Client/SoapClient.cs index 8f34fb7..6dd8dc6 100644 --- a/CyberSource/Client/SoapClient.cs +++ b/CyberSource/Client/SoapClient.cs @@ -66,7 +66,7 @@ public static ReplyMessage RunTransaction( //Setup endpoint Address with dns identity AddressHeaderCollection headers = new AddressHeaderCollection(); - EndpointAddress endpointAddress = new EndpointAddress(new Uri(config.EffectiveServerURL), EndpointIdentity.CreateDnsIdentity(config.EffectivePassword), headers); + EndpointAddress endpointAddress = new EndpointAddress(new Uri(config.EffectiveServerURL), EndpointIdentity.CreateDnsIdentity(config.MerchantID), headers); //Get instance of service using (proc = new TransactionProcessorClient(currentBinding, endpointAddress)) From 75ea9fd1dff95a741f9bcbbffd75e7d43d6214c5 Mon Sep 17 00:00:00 2001 From: gnongsie Date: Tue, 26 Mar 2024 13:34:27 +0530 Subject: [PATCH 2/3] Fixes for security scans --- CyberSource/Client/CustomTextMessageEncoder.cs | 15 ++++++++++++--- CyberSource/Client/NVPClient.cs | 2 ++ CyberSource/Client/XmlClient.cs | 18 ++++++++++++++---- CyberSourceSamples/src/nvp/NVPSample.cs | 2 +- CyberSourceSamples/src/soap/SoapSample.cs | 12 ++++++------ sample.xml | 2 +- 6 files changed, 36 insertions(+), 15 deletions(-) diff --git a/CyberSource/Client/CustomTextMessageEncoder.cs b/CyberSource/Client/CustomTextMessageEncoder.cs index da359ca..f353b85 100644 --- a/CyberSource/Client/CustomTextMessageEncoder.cs +++ b/CyberSource/Client/CustomTextMessageEncoder.cs @@ -61,6 +61,7 @@ public override Message ReadMessage(Stream stream, int maxSizeOfHeaders, string { var sr = new StreamReader(stream); var wireResponse = sr.ReadToEnd(); + sr.Close(); // Fix for Xml external entity injection violation in fortify report XmlReaderSettings settings = new XmlReaderSettings(); @@ -68,7 +69,8 @@ public override Message ReadMessage(Stream stream, int maxSizeOfHeaders, string settings.XmlResolver = null; XmlDocument doc = new XmlDocument(); - XmlReader reader = XmlReader.Create(new StringReader(wireResponse), settings); + StringReader stringReader = new StringReader(wireResponse); + XmlReader reader = XmlReader.Create(stringReader, settings); doc.Load(reader); //We need to get rid of the security header because it is not signed by the web service. //The whole reason for the custom Encoder is to do this. the client rejected the unsigned header. @@ -79,8 +81,15 @@ public override Message ReadMessage(Stream stream, int maxSizeOfHeaders, string { n.DeleteSelf(); } - reader = XmlReader.Create(new StringReader(doc.InnerXml), settings); - return Message.CreateMessage(reader, maxSizeOfHeaders, MessageVersion.Soap11); + StringReader stringReaderInnerXml = new StringReader(doc.InnerXml); + reader = XmlReader.Create(stringReaderInnerXml, settings); + Message returnMessage = Message.CreateMessage(reader, maxSizeOfHeaders, MessageVersion.Soap11); + + stringReader.Close(); + stringReaderInnerXml.Close(); + reader.Close(); + + return returnMessage; } public override ArraySegment WriteMessage(Message message, int maxMessageSize, BufferManager bufferManager, int messageOffset) diff --git a/CyberSource/Client/NVPClient.cs b/CyberSource/Client/NVPClient.cs index 59a8c5a..adb6da4 100644 --- a/CyberSource/Client/NVPClient.cs +++ b/CyberSource/Client/NVPClient.cs @@ -272,6 +272,8 @@ private static Hashtable String2Hash(string src) } } + reader.Close(); + return (dest); } diff --git a/CyberSource/Client/XmlClient.cs b/CyberSource/Client/XmlClient.cs index 9cde669..9964b67 100644 --- a/CyberSource/Client/XmlClient.cs +++ b/CyberSource/Client/XmlClient.cs @@ -34,9 +34,13 @@ static XmlClient() XmlReaderSettings settings = new XmlReaderSettings(); settings.DtdProcessing = DtdProcessing.Prohibit; settings.XmlResolver = null; - XmlReader reader = XmlReader.Create(new StringReader(SOAP_ENVELOPE), settings); + StringReader stringReader = new StringReader(SOAP_ENVELOPE); + XmlReader reader = XmlReader.Create(stringReader, settings); mSoapEnvelope.Load(reader); + + stringReader.Close(); + reader.Close(); } private XmlClient() { } @@ -332,7 +336,8 @@ private static void SignDocument(X509Certificate2 cert, XmlDocument doc) XmlReaderSettings settings = new XmlReaderSettings(); settings.DtdProcessing = DtdProcessing.Prohibit; settings.XmlResolver = null; - XmlReader reader = XmlReader.Create(new StringReader(keyInfoTags), settings); + StringReader stringReader = new StringReader(keyInfoTags); + XmlReader reader = XmlReader.Create(stringReader, settings); //keyInfo.LoadXml(""); keyInfo.Load(reader); @@ -341,7 +346,8 @@ private static void SignDocument(X509Certificate2 cert, XmlDocument doc) //Add The Base64 representation of the X509 cert to BinarySecurityToken Node //X509SecurityToken token = new X509SecurityToken(cert); doc.DocumentElement.FirstChild.LastChild.InnerText = Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.None); - + stringReader.Close(); + reader.Close(); } private static void encryptDocument(X509Certificate2 cert, XmlDocument doc) @@ -359,7 +365,8 @@ private static void encryptDocument(X509Certificate2 cert, XmlDocument doc) XmlReaderSettings settings = new XmlReaderSettings(); settings.DtdProcessing = DtdProcessing.Prohibit; settings.XmlResolver = null; - XmlReader reader = XmlReader.Create(new StringReader(encData), settings); + StringReader stringReader = new StringReader(encData); + XmlReader reader = XmlReader.Create(stringReader, settings); encryptedDataTags.Load(reader); doc.DocumentElement.FirstChild.FirstChild.PrependChild(doc.ImportNode(encryptedDataTags.FirstChild.FirstChild, true)); @@ -392,6 +399,8 @@ private static void encryptDocument(X509Certificate2 cert, XmlDocument doc) // Put encypted body inside ciphervalue tag doc.GetElementsByTagName("SOAP-ENV:Body")[0].InnerXml = encryptedSoapBody; doc.GetElementsByTagName("xenc:CipherValue")[1].InnerText = encryptedPayload; + stringReader.Close(); + reader.Close(); } /// @@ -492,6 +501,7 @@ private static XmlDocument ReadXml(WebResponse webResponse) settings.XmlResolver = null; XmlReader reader = XmlReader.Create(stream, settings); xmlDoc.Load(reader); + reader.Close(); return (xmlDoc); } finally diff --git a/CyberSourceSamples/src/nvp/NVPSample.cs b/CyberSourceSamples/src/nvp/NVPSample.cs index 6252b92..72b2313 100644 --- a/CyberSourceSamples/src/nvp/NVPSample.cs +++ b/CyberSourceSamples/src/nvp/NVPSample.cs @@ -40,7 +40,7 @@ static void Main(string[] args) request.Add( "billTo_ipAddress", "10.7.111.111" ); request.Add( "card_accountNumber", "4111111111111111" ); request.Add( "card_expirationMonth", "12" ); - request.Add( "card_expirationYear", "2020" ); + request.Add( "card_expirationYear", "2030" ); request.Add( "purchaseTotals_currency", "USD" ); // there are two items in this sample diff --git a/CyberSourceSamples/src/soap/SoapSample.cs b/CyberSourceSamples/src/soap/SoapSample.cs index 1347a55..60ce620 100644 --- a/CyberSourceSamples/src/soap/SoapSample.cs +++ b/CyberSourceSamples/src/soap/SoapSample.cs @@ -393,7 +393,7 @@ public RequestMessage authRequest() Card card = new Card(); card.accountNumber = "4111111111111111"; card.expirationMonth = "12"; - card.expirationYear = "2020"; + card.expirationYear = "2030"; request.card = card; PurchaseTotals purchaseTotals = new PurchaseTotals(); @@ -491,7 +491,7 @@ public RequestMessage emvAuthRequest() Card card = new Card(); card.accountNumber = "4111111111111111"; card.expirationMonth = "12"; - card.expirationYear = "2020"; + card.expirationYear = "2030"; request.card = card; PurchaseTotals purchaseTotals = new PurchaseTotals(); @@ -663,7 +663,7 @@ public RequestMessage refundRequest() Card card = new Card(); card.accountNumber = "4111111111111111"; card.expirationMonth = "12"; - card.expirationYear = "2020"; + card.expirationYear = "2030"; request.card = card; @@ -739,7 +739,7 @@ public RequestMessage androidPayAuthRequest() Card card = new Card(); card.accountNumber = "4111111111111111"; card.expirationMonth = "12"; - card.expirationYear = "2020"; + card.expirationYear = "2030"; request.card = card; PurchaseTotals purchaseTotals = new PurchaseTotals(); @@ -807,7 +807,7 @@ public RequestMessage applePayAuthRequest() Card card = new Card(); card.accountNumber = "4111111111111111"; card.expirationMonth = "12"; - card.expirationYear = "2020"; + card.expirationYear = "2030"; request.card = card; PurchaseTotals purchaseTotals = new PurchaseTotals(); @@ -874,7 +874,7 @@ public RequestMessage saleRequest() Card card = new Card(); card.accountNumber = "4111111111111111"; card.expirationMonth = "12"; - card.expirationYear = "2020"; + card.expirationYear = "2030"; request.card = card; PurchaseTotals purchaseTotals = new PurchaseTotals(); diff --git a/sample.xml b/sample.xml index 55f0f87..1faa889 100644 --- a/sample.xml +++ b/sample.xml @@ -25,7 +25,7 @@ 4111111111111111 12 - 2020 + 2030 From 34d1b6394bcfb3a6163c9ee4ea0c486018a56a50 Mon Sep 17 00:00:00 2001 From: gnongsie Date: Thu, 4 Apr 2024 14:01:22 +0530 Subject: [PATCH 3/3] Upgraded versions for release --- CyberSource.nuspec | 2 +- CyberSource/Base/Properties/AssemblyInfo.cs | 4 ++-- CyberSource/Client/Properties/AssemblyInfo.cs | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CyberSource.nuspec b/CyberSource.nuspec index 6999525..ad11600 100644 --- a/CyberSource.nuspec +++ b/CyberSource.nuspec @@ -2,7 +2,7 @@ CyberSource - 1.4.0 + 1.4.5 CyberSource Corporation CyberSource Corporation CyberSource Corporation diff --git a/CyberSource/Base/Properties/AssemblyInfo.cs b/CyberSource/Base/Properties/AssemblyInfo.cs index 4580c5d..96f5f2f 100644 --- a/CyberSource/Base/Properties/AssemblyInfo.cs +++ b/CyberSource/Base/Properties/AssemblyInfo.cs @@ -31,5 +31,5 @@ // // You can specify all the values or you can default the Revision and Build Numbers // by using the '*' as shown below: -[assembly: AssemblyVersion("1.4.4")] -[assembly: AssemblyFileVersion("1.4.4")] +[assembly: AssemblyVersion("1.4.5")] +[assembly: AssemblyFileVersion("1.4.5")] diff --git a/CyberSource/Client/Properties/AssemblyInfo.cs b/CyberSource/Client/Properties/AssemblyInfo.cs index fedb2b7..b0f2387 100644 --- a/CyberSource/Client/Properties/AssemblyInfo.cs +++ b/CyberSource/Client/Properties/AssemblyInfo.cs @@ -31,5 +31,5 @@ // // You can specify all the values or you can default the Revision and Build Numbers // by using the '*' as shown below: -[assembly: AssemblyVersion("1.4.4")] -[assembly: AssemblyFileVersion("1.4.4")] +[assembly: AssemblyVersion("1.4.5")] +[assembly: AssemblyFileVersion("1.4.5")]