Message level Encryption for response

generator/cybersource-javascript-template/ApiClient.mustache

@@ -7,18 +7,18 @@ const agentPool = new Map();
 (function(root, factory) {
   if (typeof define === 'function' && define.amd) {
     // AMD. Register as an anonymous module.
-    define(['axios', 'axios-cookiejar-support', 'https-proxy-agent', 'https', 'querystring', 'agentkeepalive', 'crypto', 'Authentication/MerchantConfig', 'Authentication/Logger', 'Authentication/Constants', 'Authentication/Authorization', 'Authentication/PayloadDigest'], factory);
+    define(['axios', 'axios-cookiejar-support', 'https-proxy-agent', 'https', 'querystring', 'agentkeepalive', 'crypto', 'Authentication/MerchantConfig', 'Authentication/Logger', 'Authentication/Constants', 'Authentication/Authorization', 'Authentication/PayloadDigest', 'Authentication/MLEUtility'], factory);
   } else if (typeof module === 'object' && module.exports) {
     // CommonJS-like environments that support module.exports, like Node.
-    module.exports = factory(require('axios'), require('axios-cookiejar-support'), require('https-proxy-agent'), require('https'), require('querystring'), require('agentkeepalive'), require('crypto'), require('./authentication/core/MerchantConfig'), require('./authentication/logging/Logger'), require('./authentication/util/Constants'), require('./authentication/core/Authorization'), require('./authentication/payloadDigest/DigestGenerator'));
+    module.exports = factory(require('axios'), require('axios-cookiejar-support'), require('https-proxy-agent'), require('https'), require('querystring'), require('agentkeepalive'), require('crypto'), require('./authentication/core/MerchantConfig'), require('./authentication/logging/Logger'), require('./authentication/util/Constants'), require('./authentication/core/Authorization'), require('./authentication/payloadDigest/DigestGenerator'), require('./authentication/util/MLEUtility'));
   } else {
     // Browser globals (root is window)
     if (!root.{{moduleName}}) {
       root.{{moduleName}} = {};
     }
-    root.{{moduleName}}.ApiClient = factory(root.axios, root.axiosCookieJar, root.httpsProxyAgent, root.https, root.querystring, root.AgentKeepAlive, root.crypto, root.Authentication.MerchantConfig, root.Authentication.Logger, root.Authentication.Constants, root.Authentication.Authorization, root.Authentication.PayloadDigest);
+    root.{{moduleName}}.ApiClient = factory(root.axios, root.axiosCookieJar, root.httpsProxyAgent, root.https, root.querystring, root.AgentKeepAlive, root.crypto, root.Authentication.MerchantConfig, root.Authentication.Logger, root.Authentication.Constants, root.Authentication.Authorization, root.Authentication.PayloadDigest, root.Authentication.MLEUtility);
   }
-}(this, function(axios, axiosCookieJar, HttpsProxyAgent, https, querystring, AgentKeepAlive, crypto, MerchantConfig, Logger, Constants, Authorization, PayloadDigest) {
+}(this, function(axios, axiosCookieJar, HttpsProxyAgent, https, querystring, AgentKeepAlive, crypto, MerchantConfig, Logger, Constants, Authorization, PayloadDigest, MLEUtility) {
 {{#emitJSDoc}}  /**
    * @module {{#invokerPackage}}{{invokerPackage}}/{{/invokerPackage}}ApiClient
    * @version {{projectVersion}}
@@ -573,8 +573,9 @@ const agentPool = new Map();
    * @param {String} httpMethod
    * @param {String} requestTarget
    * @param {String} requestBody
+   * @param {Boolean} isResponseMLEForApi
    */
-  exports.prototype.callAuthenticationHeader = function (httpMethod, requestTarget, requestBody, headerParams) {
+  exports.prototype.callAuthenticationHeader = function (httpMethod, requestTarget, requestBody, headerParams, isResponseMLEForApi) {
 
     this.merchantConfig.setRequestTarget(requestTarget);
     this.merchantConfig.setRequestType(httpMethod)
@@ -583,7 +584,7 @@ const agentPool = new Map();
     this.logger.info('Authentication Type : ' + this.merchantConfig.getAuthenticationType());
     this.logger.info(this.constants.REQUEST_TYPE + ' : ' + httpMethod.toUpperCase());
 
-    var token = Authorization.getToken(this.merchantConfig, this.logger);
+    var token = Authorization.getToken(this.merchantConfig, isResponseMLEForApi, this.logger);
 
     var clientId = getClientId();
 
@@ -658,13 +659,14 @@ const agentPool = new Map();
    * @param {Array.<String>} contentTypes An array of request MIME types.
    * @param {Array.<String>} accepts An array of acceptable response MIME types.
    * @param {(String|Array|ObjectFunction)} returnType The required type to return; can be a string for simple types or the
+   * @param {Boolean} isResponseMLEForApi - Flag indicating if MLE is enabled for this API
    * constructor for a complex type.{{^usePromises}}
    * @param {module:{{#invokerPackage}}{{invokerPackage}}/{{/invokerPackage}}ApiClient~callApiCallback} callback The callback function.{{/usePromises}}
    * @returns {{#usePromises}}{Promise} A {@link https://www.promisejs.org/|Promise} object{{/usePromises}}{{^usePromises}}{Object} The SuperAgent request object{{/usePromises}}.
    */
 {{/emitJSDoc}}  exports.prototype.callApi = function callApi(path, httpMethod, pathParams,
       queryParams, headerParams, formParams, bodyParam, authNames, contentTypes, accepts,
-      returnType{{^usePromises}}, callback{{/usePromises}}) {
+      returnType, isResponseMLEForApi{{^usePromises}}, callback{{/usePromises}}) {
 
     var _this = this;
     var url = this.buildUrl(path, pathParams);
@@ -741,7 +743,7 @@ const agentPool = new Map();
 
     if (this.merchantConfig.getAuthenticationType().toLowerCase() !== this.constants.MUTUAL_AUTH)
     {
-      headerParams = this.callAuthenticationHeader(httpMethod, requestTarget, bodyParam, headerParams);
+      headerParams = this.callAuthenticationHeader(httpMethod, requestTarget, bodyParam, headerParams, isResponseMLEForApi);
     }
 
     if(this.merchantConfig.getDefaultHeaders()) {
@@ -841,14 +843,27 @@ const agentPool = new Map();
     axiosConfig.url = requestTarget;
 
 {{#usePromises}}    return axios.request(axiosConfig).then(function(response) {
-      try {
-        var data = _this.deserialize(response, returnType);
-        response = _this.translateResponse(response);
-
-        resolve({data: data, response: response});
-      } catch(err) {
-          reject(err);
-      }
+      // Properly wait for the decryption to complete before proceeding
+      return MLEUtility.checkAndDecryptEncryptedResponse(response.data, _this.merchantConfig)
+        .then(function(decryptedData) {
+          response.data = decryptedData;
+
+          try {
+            var data = _this.deserialize(response, returnType);
+            response = _this.translateResponse(response);
+
+            resolve({data: data, response: response});
+          } catch(err) {
+              reject(err);
+          }
+        })
+        .catch(function(error) {
+          // Create a simple error object with descriptive message
+          const errorMsg = `Failed to decrypt response: ${error.message}`;
+
+          // Reject the promise for Promise-based usage
+          return Promise.reject(new Error(errorMsg));
+        });
     }).catch(function(error, response) {
       source.cancel('Stream ended.');
       var userError = {};
@@ -867,12 +882,26 @@ const agentPool = new Map();
       reject(userError);
     });{{/usePromises}}
 {{^usePromises}}    axios.request(axiosConfig).then(function(response) {
-      if (callback) {
-        var data = _this.deserialize(response, returnType);
-        response = _this.translateResponse(response);
-
-        callback(null, data, response);
-      }
+      // Properly wait for the decryption to complete before proceeding
+      return MLEUtility.checkAndDecryptEncryptedResponse(response.data, _this.merchantConfig)
+        .then(function(decryptedData) {
+          response.data = decryptedData;
+
+          if (callback) {
+            var data = _this.deserialize(response, returnType);
+            response = _this.translateResponse(response);
+
+            callback(null, data, response);
+          }
+        })
+        .catch(function(error) {
+          // Create a simple error object with descriptive message
+          const errorMsg = `Failed to decrypt response: ${error.message}`;
+
+          if (callback) {
+            callback(new Error(errorMsg), null, null);
+          }
+        });
     }).catch(function(error, response) {
       source.cancel('Stream ended.');
       var userError = {};

generator/cybersource-javascript-template/api.mustache

@@ -117,20 +117,21 @@
       //check isMLE for an api method 'this.<operationId>'
       var inboundMLEStatus = <#vendorExtensions.x-devcenter-metaData.mleForRequest>'<vendorExtensions.x-devcenter-metaData.mleForRequest>'</vendorExtensions.x-devcenter-metaData.mleForRequest><^vendorExtensions.x-devcenter-metaData.mleForRequest>'false'</vendorExtensions.x-devcenter-metaData.mleForRequest>;
       var isMLEForApi = MLEUtility.checkIsMLEForAPI(this.apiClient.merchantConfig, inboundMLEStatus, '<operationId>');
+      const isResponseMLEForApi = MLEUtility.checkIsResponseMLEForAPI(this.apiClient.merchantConfig, ['<operationId>']);
 
       if (isMLEForApi === true) {
         MLEUtility.encryptRequestPayload(this.apiClient.merchantConfig, postBody).then(postBody => {
           return this.apiClient.callApi(
             '<&path>', '<httpMethod>',
             pathParams, queryParams, headerParams, formParams, postBody,
-            authNames, contentTypes, accepts, returnType<^usePromises>, callback</usePromises>
+            authNames, contentTypes, accepts, returnType, isResponseMLEForApi<^usePromises>, callback</usePromises>
           );
         });
       } else {
         return this.apiClient.callApi(
           '<&path>', '<httpMethod>',
           pathParams, queryParams, headerParams, formParams, postBody,
-          authNames, contentTypes, accepts, returnType<^usePromises>, callback</usePromises>
+          authNames, contentTypes, accepts, returnType, isResponseMLEForApi<^usePromises>, callback</usePromises>
         );
       }
     }

package.json

@@ -26,7 +26,8 @@
     "promise": "^8.3.0",
     "winston": "^3.11.0",
     "winston-daily-rotate-file": "^4.7.1",
-    "node-jose": "^2.2.0"
+    "node-jose": "^2.2.0",
+    "jwk-to-pem": "^2.0.7"
   },
   "keywords": [
     "nodeJS"

src/ApiClient.js

@@ -21,18 +21,18 @@ const agentPool = new Map();
 (function(root, factory) {
   if (typeof define === 'function' && define.amd) {
     // AMD. Register as an anonymous module.
-    define(['axios', 'axios-cookiejar-support', 'https-proxy-agent', 'https', 'querystring', 'agentkeepalive', 'crypto', 'Authentication/MerchantConfig', 'Authentication/Logger', 'Authentication/Constants', 'Authentication/Authorization', 'Authentication/PayloadDigest'], factory);
+    define(['axios', 'axios-cookiejar-support', 'https-proxy-agent', 'https', 'querystring', 'agentkeepalive', 'crypto', 'Authentication/MerchantConfig', 'Authentication/Logger', 'Authentication/Constants', 'Authentication/Authorization', 'Authentication/PayloadDigest', 'Authentication/MLEUtility'], factory);
   } else if (typeof module === 'object' && module.exports) {
     // CommonJS-like environments that support module.exports, like Node.
-    module.exports = factory(require('axios'), require('axios-cookiejar-support'), require('https-proxy-agent'), require('https'), require('querystring'), require('agentkeepalive'), require('crypto'), require('./authentication/core/MerchantConfig'), require('./authentication/logging/Logger'), require('./authentication/util/Constants'), require('./authentication/core/Authorization'), require('./authentication/payloadDigest/DigestGenerator'));
+    module.exports = factory(require('axios'), require('axios-cookiejar-support'), require('https-proxy-agent'), require('https'), require('querystring'), require('agentkeepalive'), require('crypto'), require('./authentication/core/MerchantConfig'), require('./authentication/logging/Logger'), require('./authentication/util/Constants'), require('./authentication/core/Authorization'), require('./authentication/payloadDigest/DigestGenerator'), require('./authentication/util/MLEUtility'));
   } else {
     // Browser globals (root is window)
     if (!root.CyberSource) {
       root.CyberSource = {};
     }
-    root.CyberSource.ApiClient = factory(root.axios, root.axiosCookieJar, root.httpsProxyAgent, root.https, root.querystring, root.AgentKeepAlive, root.crypto, root.Authentication.MerchantConfig, root.Authentication.Logger, root.Authentication.Constants, root.Authentication.Authorization, root.Authentication.PayloadDigest);
+    root.CyberSource.ApiClient = factory(root.axios, root.axiosCookieJar, root.httpsProxyAgent, root.https, root.querystring, root.AgentKeepAlive, root.crypto, root.Authentication.MerchantConfig, root.Authentication.Logger, root.Authentication.Constants, root.Authentication.Authorization, root.Authentication.PayloadDigest, root.Authentication.MLEUtility);
   }
-}(this, function(axios, axiosCookieJar, HttpsProxyAgent, https, querystring, AgentKeepAlive, crypto, MerchantConfig, Logger, Constants, Authorization, PayloadDigest) {
+}(this, function(axios, axiosCookieJar, HttpsProxyAgent, https, querystring, AgentKeepAlive, crypto, MerchantConfig, Logger, Constants, Authorization, PayloadDigest, MLEUtility) {
   /**
    * @module ApiClient
    * @version 0.0.1
@@ -577,8 +577,9 @@ const agentPool = new Map();
    * @param {String} httpMethod
    * @param {String} requestTarget
    * @param {String} requestBody
+   * @param {Boolean} isResponseMLEForApi
    */
-  exports.prototype.callAuthenticationHeader = function (httpMethod, requestTarget, requestBody, headerParams) {
+  exports.prototype.callAuthenticationHeader = function (httpMethod, requestTarget, requestBody, headerParams, isResponseMLEForApi) {
 
     this.merchantConfig.setRequestTarget(requestTarget);
     this.merchantConfig.setRequestType(httpMethod)
@@ -587,7 +588,7 @@ const agentPool = new Map();
     this.logger.info('Authentication Type : ' + this.merchantConfig.getAuthenticationType());
     this.logger.info(this.constants.REQUEST_TYPE + ' : ' + httpMethod.toUpperCase());
 
-    var token = Authorization.getToken(this.merchantConfig, this.logger);
+    var token = Authorization.getToken(this.merchantConfig, isResponseMLEForApi, this.logger);
 
     var clientId = getClientId();
 
@@ -662,13 +663,14 @@ const agentPool = new Map();
    * @param {Array.<String>} contentTypes An array of request MIME types.
    * @param {Array.<String>} accepts An array of acceptable response MIME types.
    * @param {(String|Array|ObjectFunction)} returnType The required type to return; can be a string for simple types or the
+   * @param {Boolean} isResponseMLEForApi - Flag indicating if MLE is enabled for this API
    * constructor for a complex type.
    * @param {module:ApiClient~callApiCallback} callback The callback function.
    * @returns {Object} The SuperAgent request object.
    */
   exports.prototype.callApi = function callApi(path, httpMethod, pathParams,
       queryParams, headerParams, formParams, bodyParam, authNames, contentTypes, accepts,
-      returnType, callback) {
+      returnType, isResponseMLEForApi, callback) {
 
     var _this = this;
     var url = this.buildUrl(path, pathParams);
@@ -745,7 +747,7 @@ const agentPool = new Map();
 
     if (this.merchantConfig.getAuthenticationType().toLowerCase() !== this.constants.MUTUAL_AUTH)
     {
-      headerParams = this.callAuthenticationHeader(httpMethod, requestTarget, bodyParam, headerParams);
+      headerParams = this.callAuthenticationHeader(httpMethod, requestTarget, bodyParam, headerParams, isResponseMLEForApi);
     }
 
     if(this.merchantConfig.getDefaultHeaders()) {
@@ -846,12 +848,38 @@ const agentPool = new Map();
 
 
     axios.request(axiosConfig).then(function(response) {
-      if (callback) {
-        var data = _this.deserialize(response, returnType);
-        response = _this.translateResponse(response);
-
-        callback(null, data, response);
-      }
+      // Properly wait for the decryption to complete before proceeding
+      return MLEUtility.checkAndDecryptEncryptedResponse(response.data, _this.merchantConfig)
+        .then(function(decryptedData) {
+          response.data = decryptedData;
+
+          if (callback) {
+            var data = _this.deserialize(response, returnType);
+            _this.logger.debug(`Response data: ${JSON.stringify(data)}`);
+
+            response = _this.translateResponse(response);
+
+            callback(null, data, response);
+          }
+
+          // Return data for Promise-based usage
+          return {
+            data: data,
+            response: response
+          };
+        })
+        .catch(function(error) {
+
+          // Create a simple error object with descriptive message
+          const errorMsg = `Failed to decrypt response: ${error.message}`;
+
+          if (callback) {
+            callback(new Error(errorMsg), null, null);
+          }
+
+          // Reject the promise for Promise-based usage
+          return Promise.reject(new Error(errorMsg));
+        });
     }).catch(function(error, response) {
       source.cancel('Stream ended.');
       var userError = {};

src/authentication/core/Authorization.js

@@ -10,7 +10,7 @@ var ApiException = require('../util/ApiException');
  * This function calls for the generation of Signature message depending on the authentication type.
  * 
  */
-exports.getToken = function(merchantConfig, logger){
+exports.getToken = function(merchantConfig, isResponseMLEForApi, logger){
 
     var authenticationType = merchantConfig.getAuthenticationType().toLowerCase();
     var httpSigToken;
@@ -22,7 +22,7 @@ exports.getToken = function(merchantConfig, logger){
         return httpSigToken;
     }
     else if(authenticationType === Constants.JWT) {
-        jwtSingToken = JWTSigToken.getToken(merchantConfig, logger);
+        jwtSingToken = JWTSigToken.getToken(merchantConfig, isResponseMLEForApi, logger);
         return jwtSingToken;
     }
     else if(authenticationType === Constants.OAUTH) {