cybersource_rest_client 0.0.75 → 0.0.77

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0cc4b4570c87bc2e919ba22258de9cf700cd948e80365e22a9cb836662d26539
-  data.tar.gz: 1039c93e150231700b175bdceb16800b7b194174576ca7934372bd711179188b
+  metadata.gz: 6a4660ce3a2439827b4430b708a803b17fe917e318e7aed05da06f06fc6b12d1
+  data.tar.gz: a9bd3db3a6435bb1f41762888ebbeb183570abff85a7244963f2c924ed74c6c5
 SHA512:
-  metadata.gz: f2cd65e1d3f83449031b9a4a2784457c7f852deb743060fde4a30c305ba222f48ef8ff7abb57377a24066bdd6fc6a6ba212671572efb0d54a3b8b329eda5020b
-  data.tar.gz: bdfb74f86a6eedb592cccc8535766f384585535fbd29082e6ef4a0d2cbe459dc7a1eca80cbdfaf9e39354ad85768447b26465ef5fbe92d9ae78963804d18b731
+  metadata.gz: 79954c4037b3c493be01acfa324711fa40e3f434d953db784e3cea2f5dd79be0f04d1af185b99c16dc9f6dc2cfd3524ee9c714c1cd441f450eba503b327fa427
+  data.tar.gz: b6a82130c16579b41c618a5180c96c8aa1969058ef5bc0615c8fde44f2e24efaf9965bd8e75e650675ad1ddc469cd54ba429ad75a27f9c469986d160739e1cc8

data/lib/AuthenticationSDK/authentication/jwt/JwtToken.rb

@@ -21,29 +21,18 @@ public
 
       jwtBody = ''
       request_type = merchantconfig_obj.requestType.upcase
-      filePath = merchantconfig_obj.keysDirectory + '/' + merchantconfig_obj.keyFilename + '.p12'
-
-      if (!File.exist?(filePath))
-        raise Constants::ERROR_PREFIX + Constants::FILE_NOT_FOUND + File.expand_path(filePath)
-      end
-
-      p12File = File.binread(filePath)
+      
       jwtBody=getJwtBody(request_type, gmtDatetime, merchantconfig_obj)
       claimSet = JSON.parse(jwtBody)
-      p12FilePath = OpenSSL::PKCS12.new(p12File, merchantconfig_obj.keyPass)
-
-      # Generating certificate.
-      cacheObj = ActiveSupport::Cache::MemoryStore.new
-      x5Cert = Cache.new.fetchCachedCertificate(filePath, p12File, merchantconfig_obj.keyPass, merchantconfig_obj.keyAlias, cacheObj)
 
-      # Generating Public key.
-      publicKey = OpenSSL::PKey::RSA.new(p12FilePath.key.public_key)
+      cache_value = Cache.new.fetchCachedP12Certificate(merchantconfig_obj)
+      privateKey = cache_value.private_key
+      jwt_cert_obj = cache_value.cert
+      jwt_cert_in_der= Base64.strict_encode64(jwt_cert_obj.to_der)
 
-      #Generating Private Key
-      privateKey = OpenSSL::PKey::RSA.new(p12FilePath.key)
 
       # JWT token-Generates using RS256 algorithm only
-      x5clist = [x5Cert]
+      x5clist = [jwt_cert_in_der]
       customHeaders = {}
       customHeaders['v-c-merchant-id'] = merchantconfig_obj.keyAlias
       customHeaders['x5c'] = x5clist

data/lib/AuthenticationSDK/core/MerchantConfig.rb

@@ -2,60 +2,78 @@ require_relative '../util/Constants.rb'
 require_relative '../util/ExceptionHandler.rb'
 require_relative '../logging/log_factory.rb'
 require_relative '../logging/log_configuration.rb'
+require_relative '../util/CertificateUtility.rb'
 
 public
 # This fuction has all the merchantConfig properties getters and setters methods
   class Merchantconfig
     def initialize(cybsPropertyObj)
-    # Common Parameters
-    @merchantId = cybsPropertyObj['merchantID']
-    @runEnvironment = cybsPropertyObj['runEnvironment']
-    @intermediateHost = cybsPropertyObj['intermediateHost']
-    @defaultDeveloperId = cybsPropertyObj['defaultDeveloperId']
-    @authenticationType = cybsPropertyObj['authenticationType']
-    @proxyAddress = cybsPropertyObj['proxyAddress']
-    @proxyPort = cybsPropertyObj['proxyPort']
-    @getId = ''
-    @requestHost = ''
-    @requestTarget = ''
-    @requestJsonData = ''
-    # HTTP Parameters
-    @merchantSecretKey = cybsPropertyObj['merchantsecretKey']
-    @merchantKeyId = cybsPropertyObj['merchantKeyId']
-    # JWT Parameters
-    @keysDirectory = cybsPropertyObj['keysDirectory']
-    @keyAlias = cybsPropertyObj['keyAlias']
-    @keyPass = cybsPropertyObj['keyPass']
-    @keyFilename = cybsPropertyObj['keyFilename']
-    @useMetaKey = cybsPropertyObj['useMetaKey']
-    @portfolioID = cybsPropertyObj['portfolioID']
-    @solutionId = cybsPropertyObj['solutionId']
-    # MutualAuth & OAuth Parameters
-    @enableClientCert = cybsPropertyObj['enableClientCert']
-    @clientCertDirectory = cybsPropertyObj['clientCertDirectory']
-    @sslClientCert = cybsPropertyObj['sslClientCert']
-    @privateKey = cybsPropertyObj['privateKey']
-    @sslKeyPassword = cybsPropertyObj['sslKeyPassword']
-    @clientId = cybsPropertyObj['clientId']
-    @clientSecret = cybsPropertyObj['clientSecret']
-    @accessToken = cybsPropertyObj['accessToken']
-    @refreshToken = cybsPropertyObj['refreshToken']
-    # LogConfiguration
-    @log_config = LogConfiguration.new(cybsPropertyObj['logConfiguration'])
-    # Custom Default Headers
-    @defaultCustomHeaders = cybsPropertyObj['defaultCustomHeaders']
-    # Path to client JWE pem file directory
-    @pemFileDirectory = cybsPropertyObj['pemFileDirectory']
-    @mleKeyAlias = cybsPropertyObj['mleKeyAlias']
-    @useMLEGlobally = cybsPropertyObj['useMLEGlobally']
-    @mapToControlMLEonAPI = cybsPropertyObj['mapToControlMLEonAPI']
-    validateMerchantDetails
-    logAllProperties(cybsPropertyObj)
-    validateMLEConfiguration
+      # Common Parameters
+      @merchantId = cybsPropertyObj['merchantID']
+      @runEnvironment = cybsPropertyObj['runEnvironment']
+      @intermediateHost = cybsPropertyObj['intermediateHost']
+      @defaultDeveloperId = cybsPropertyObj['defaultDeveloperId']
+      @authenticationType = cybsPropertyObj['authenticationType']
+      @proxyAddress = cybsPropertyObj['proxyAddress']
+      @proxyPort = cybsPropertyObj['proxyPort']
+      @getId = ''
+      @requestHost = ''
+      @requestTarget = ''
+      @requestJsonData = ''
+      # HTTP Parameters
+      @merchantSecretKey = cybsPropertyObj['merchantsecretKey']
+      @merchantKeyId = cybsPropertyObj['merchantKeyId']
+      # JWT Parameters
+      @keysDirectory = cybsPropertyObj['keysDirectory']
+      @keyAlias = cybsPropertyObj['keyAlias']
+      @keyPass = cybsPropertyObj['keyPass']
+      @keyFilename = cybsPropertyObj['keyFilename']
+      @useMetaKey = cybsPropertyObj['useMetaKey']
+      @portfolioID = cybsPropertyObj['portfolioID']
+      @solutionId = cybsPropertyObj['solutionId']
+      @p12KeyFilePath = nil
+      # MutualAuth & OAuth Parameters
+      @enableClientCert = cybsPropertyObj['enableClientCert']
+      @clientCertDirectory = cybsPropertyObj['clientCertDirectory']
+      @sslClientCert = cybsPropertyObj['sslClientCert']
+      @privateKey = cybsPropertyObj['privateKey']
+      @sslKeyPassword = cybsPropertyObj['sslKeyPassword']
+      @clientId = cybsPropertyObj['clientId']
+      @clientSecret = cybsPropertyObj['clientSecret']
+      @accessToken = cybsPropertyObj['accessToken']
+      @refreshToken = cybsPropertyObj['refreshToken']
+      # LogConfiguration
+      @log_config = LogConfiguration.new(cybsPropertyObj['logConfiguration'])
+      # Custom Default Headers
+      @defaultCustomHeaders = cybsPropertyObj['defaultCustomHeaders']
+      # Keep Alive Time for Connection Pooling
+      @keepAliveTime = cybsPropertyObj['keepAliveTime'] || 118 # Default to 118 seconds as same as default of libcurl
+      # Path to client JWE pem file directory
+      @pemFileDirectory = cybsPropertyObj['pemFileDirectory']
+      @mleKeyAlias = cybsPropertyObj['mleKeyAlias']
+      @useMLEGlobally = cybsPropertyObj['useMLEGlobally']
+      @enableRequestMLEForOptionalApisGlobally = !!(cybsPropertyObj['enableRequestMLEForOptionalApisGlobally'] || cybsPropertyObj['useMLEGlobally'])
+      @disableRequestMLEForMandatoryApisGlobally = cybsPropertyObj['disableRequestMLEForMandatoryApisGlobally']
+
+      
+      if !cybsPropertyObj['mleForRequestPublicCertPath'].nil? && !cybsPropertyObj['mleForRequestPublicCertPath'].to_s.strip.empty?
+          @mleForRequestPublicCertPath = cybsPropertyObj['mleForRequestPublicCertPath'].to_s.strip
+      end
+
+      @mapToControlMLEonAPI = cybsPropertyObj['mapToControlMLEonAPI']
+      validateMerchantDetails
+      validateMLEConfiguration(cybsPropertyObj)
+      @p12KeyFilePath = File.join(@keysDirectory, @keyFilename + ".p12")
+      logAllProperties(cybsPropertyObj)
     end
 
     #fall back logic
     def validateMerchantDetails()
+      if !@keepAliveTime.is_a?(Integer)
+        err = StandardError.new(Constants::ERROR_PREFIX + "keepAliveTime must be an integer and in seconds")
+        raise err
+      end
+      
       logmessage = ''
       @log_config.validate(logmessage)
       @log_obj = Log.new @log_config, "MerchantConfig"
@@ -157,6 +175,9 @@ public
         elsif !@keyFilename.instance_of? String
           @keyFilename=@keyFilename.to_s
         end
+        if !check_key_file
+          @log_obj.logger.error(ExceptionHandler.new.new_custom_error "Error finding or accessing the Key Directory or Key File. Please review the values in the merchant configuration.")
+        end
       end
       if @authenticationType.upcase == Constants::AUTH_TYPE_MUTUAL_AUTH
         if @clientId.to_s.empty?
@@ -230,16 +251,30 @@ public
       end
     end
 
-    def validateMLEConfiguration
-      if @useMLEGlobally.nil?
-        @useMLEGlobally = false
+    def validateMLEConfiguration(cybsPropertyObj)
+
+      if !@useMLEGlobally.nil? && !cybsPropertyObj['enableRequestMLEForOptionalApisGlobally'].nil?
+        if @useMLEGlobally != cybsPropertyObj['enableRequestMLEForOptionalApisGlobally']
+          raise StandardError.new(Constants::ERROR_PREFIX + "useMLEGlobally and enableRequestMLEForOptionalApisGlobally must have the same value if both are set")
+        end
       end
 
-      unless [true, false].include?(@useMLEGlobally)
-        err = StandardError.new(Constants::ERROR_PREFIX + "useMLEGlobally must be a boolean")
+      if @disableRequestMLEForMandatoryApisGlobally.nil?
+        @disableRequestMLEForMandatoryApisGlobally = false
+      end
+
+      unless [true, false].include?(@disableRequestMLEForMandatoryApisGlobally)
+        err = StandardError.new(Constants::ERROR_PREFIX + "disableRequestMLEForMandatoryApisGlobally must be a boolean")
         @log_obj.logger.error(ExceptionHandler.new.new_api_exception err)
         raise err
       end
+
+      unless [true, false].include?(@enableRequestMLEForOptionalApisGlobally)
+        err = StandardError.new(Constants::ERROR_PREFIX + "enableRequestMLEForOptionalApisGlobally must be a boolean")
+        @log_obj.logger.error(ExceptionHandler.new.new_api_exception err)
+        raise err
+      end
+
       unless @mapToControlMLEonAPI.nil?
         unless @mapToControlMLEonAPI.is_a?(Hash) && @mapToControlMLEonAPI.keys.all? {|k| k.is_a?(String)} && @mapToControlMLEonAPI.values.all? { |v| [true, false].include?(v) }
           err = StandardError.new(Constants::ERROR_PREFIX + "mapToControlMLEonAPI must be a map with boolean values")
@@ -257,18 +292,27 @@ public
         @mleKeyAlias = Constants::DEFAULT_ALIAS_FOR_MLE_CERT
       end
 
-      mle_configured = @useMLEGlobally
+      if @mleForRequestPublicCertPath && !@mleForRequestPublicCertPath.to_s.strip.empty?
+        begin
+          CertificateUtility.validatePathAndFile(@mleForRequestPublicCertPath, "mleForRequestPublicCertPath", @log_config)
+        rescue => err
+          @log_obj.logger.error(ExceptionHandler.new.new_api_exception err)
+          raise err
+        end
+      end
+
+      request_mle_configured = @enableRequestMLEForOptionalApisGlobally
       if !@mapToControlMLEonAPI.nil? && !@mapToControlMLEonAPI.empty?
         @mapToControlMLEonAPI.each do |_, value|
           unless [true, false].include?(value) && value
-            mle_configured = true
+            request_mle_configured = true
             break
           end
         end
       end
 
-      if mle_configured && !Constants::AUTH_TYPE_JWT.eql?(@authenticationType)
-        err = StandardError.new(Constants::ERROR_PREFIX + "MLE can only be used with JWT authentication")
+      if request_mle_configured && !Constants::AUTH_TYPE_JWT.eql?(@authenticationType.upcase)
+        err = StandardError.new(Constants::ERROR_PREFIX + "Request MLE can only be used with JWT authentication")
         @log_obj.logger.error(ExceptionHandler.new.new_api_exception err)
         raise err
       end
@@ -292,6 +336,35 @@ public
       @log_obj.logger.info('Merchant Configuration :\n' + propertyObj.to_s)
     end
 
+    def check_key_file
+      # Directory exists?
+      unless Dir.exist?(@keysDirectory)
+        @log_obj.logger.error("Keys Directory not found. Entered directory : #{@keysDirectory}")
+        return false
+      end
+
+      key_file_pathname = File.join(@keysDirectory, @keyFilename + ".p12")
+
+      # File exists?
+      unless File.exist?(key_file_pathname)
+        @log_obj.logger.error("Key File not found. Check path/filename entered. Entered path/filename : #{key_file_pathname}")
+        return false
+      end
+
+      @log_obj.logger.info("Entered value for Key File Path : #{key_file_pathname}")
+
+      # Can file be opened for reading?
+      begin
+        File.open(key_file_pathname, 'rb') do |f|
+          # Just open and close
+        end
+        return true
+      rescue => e
+        @log_obj.logger.info("File cannot be accessed. Permission denied : #{key_file_pathname}")
+        return false
+      end
+    end
+
     # getter and setter methods
     attr_accessor :merchantId
     attr_accessor :merchantSecretKey
@@ -306,6 +379,7 @@ public
     attr_accessor :keyFilename
     attr_accessor :useMetaKey
     attr_accessor :portfolioID
+    attr_accessor :keepAliveTime
     attr_accessor :enableClientCert
     attr_accessor :clientCertDirectory
     attr_accessor :sslClientCert
@@ -329,6 +403,10 @@ public
     attr_accessor :defaultCustomHeaders
     attr_accessor :pemFileDirectory
     attr_accessor :useMLEGlobally
+    attr_accessor :enableRequestMLEForOptionalApisGlobally
+    attr_accessor :disableRequestMLEForMandatoryApisGlobally
+    attr_accessor :mleForRequestPublicCertPath
     attr_accessor :mapToControlMLEonAPI
     attr_accessor :mleKeyAlias
+    attr_accessor :p12KeyFilePath
   end

data/lib/AuthenticationSDK/util/Cache.rb

@@ -1,48 +1,153 @@
 require 'openssl'
 require 'base64'
+require 'active_support'
+require 'thread'
+require_relative 'CacheValue'
+require_relative 'CertificateUtility'
+require_relative '../util/Constants.rb'
+require_relative '../logging/log_factory.rb'
+require_relative '../logging/log_configuration.rb'
+
 public
 # P12 file certificate Cache
   class Cache
-    def fetchCachedCertificate(filePath, p12File, keyPass, keyAlias, cacheObj)
-      certCache = cacheObj.read(keyAlias.to_s.upcase)
-      cachedLastModifiedTimeStamp = cacheObj.read(keyAlias.to_s.upcase + '_LastModifiedTime')
-      if File.exist?(filePath)
-        currentFileLastModifiedTime = File.mtime(filePath)
-        if certCache.to_s.empty? || cachedLastModifiedTimeStamp.to_s.empty?
-          certificateFromP12File = getCertificate(p12File, keyPass, keyAlias, cacheObj, currentFileLastModifiedTime)
-          return certificateFromP12File
-        elsif currentFileLastModifiedTime > cachedLastModifiedTimeStamp
-        # Function call to read the file and put values to new cache
-          certificateFromP12File = getCertificate(p12File, keyPass, keyAlias, cacheObj, currentFileLastModifiedTime)
-          return certificateFromP12File
-        else
-          return certCache
+    @@cache_obj = ActiveSupport::Cache::MemoryStore.new
+    @@mutex = Mutex.new
+    @@logger
+
+    def fetchCachedP12Certificate(merchantConfig)
+      merchantId = merchantConfig.merchantId
+      certificateFilePath = merchantConfig.p12KeyFilePath
+
+      cacheKey = merchantConfig.keyFilename + "_JWT"
+
+      @@mutex.synchronize do
+        cachedCertificateInfo = @@cache_obj.read(cacheKey)
+        fileModifiedTime = File.mtime(certificateFilePath)
+
+        if !cachedCertificateInfo || cachedCertificateInfo.empty? || fileModifiedTime != cachedCertificateInfo.file_modified_time
+          setupCache(cacheKey, certificateFilePath, merchantConfig)
+          cachedCertificateInfo = @@cache_obj.read(cacheKey)
+        end
+
+        return cachedCertificateInfo
+      end
+    end
+
+    def setupCache(cacheKey, certificateFilePath, merchantConfig)
+      if !Cache.class_variable_defined?(:@@logger) || @@logger.nil?
+        @@logger = Log.new merchantConfig.log_config, "Cache"
+      end
+      logger = @@logger.logger
+      fileModifiedTime = File.mtime(certificateFilePath)
+
+      if (cacheKey.end_with?("_JWT"))
+        privateKey, certificateList = CertificateUtility.getCertificateCollectionAndPrivateKeyFromP12(certificateFilePath, merchantConfig)
+        jwtCertificate = CertificateUtility.getCertificateBasedOnKeyAlias(certificateList, merchantConfig.keyAlias)
+
+        cacheValue = CacheValue.new(privateKey, jwtCertificate, fileModifiedTime)
+
+        @@cache_obj.write(cacheKey, cacheValue)
+        return
+      end
+
+      if (cacheKey.end_with?(Constants::MLE_CACHE_IDENTIFIER_FOR_CONFIG_CERT))
+        certificateList = CertificateUtility.getCertificatesFromPemFile(certificateFilePath)
+        mleCertificate = CertificateUtility.getCertificateBasedOnKeyAlias(certificateList, merchantConfig.mleKeyAlias)
+        if (!mleCertificate)
+          fileName = File.basename(certificateFilePath)
+          logger.warn("No certificate found for the specified mle_key_alias '#{merchantConfig.mleKeyAlias}'. Using the first certificate from file #{fileName} as the MLE request certificate.")
+          mleCertificate = certificateList[0]
         end
+
+        cacheValue = CacheValue.new(nil, mleCertificate, fileModifiedTime)
+
+        @@cache_obj.write(cacheKey, cacheValue)
+        return
+      end
+
+      if (cacheKey.end_with?(Constants::MLE_CACHE_IDENTIFIER_FOR_P12_CERT))
+        privateKey, certificateList = CertificateUtility.getCertificateCollectionAndPrivateKeyFromP12(certificateFilePath, merchantConfig)
+        mleCertificate = CertificateUtility.getCertificateBasedOnKeyAlias(certificateList, merchantConfig.mleKeyAlias)
+        if (!mleCertificate)
+          fileName = File.basename(certificateFilePath)
+          logger.error("No certificate found for the specified mle_key_alias '#{merchantConfig.mleKeyAlias}' in file #{fileName}.")
+          raise ArgumentError, "No certificate found for the specified mle_key_alias '#{merchantConfig.mleKeyAlias}' in file #{fileName}."
+        end
+
+        cacheValue = CacheValue.new(privateKey, mleCertificate, fileModifiedTime)
+
+        @@cache_obj.write(cacheKey, cacheValue)
+        return
+      end
+    end
+
+    def getRequestMLECertificateFromCache(merchantConfig)
+      if !Cache.class_variable_defined?(:@@logger) || @@logger.nil?
+        @@logger = Log.new merchantConfig.log_config, "Cache"
+      end
+
+      logger = @@logger.logger
+      merchantId = merchantConfig.merchantId
+      certificate_identifier = nil
+      certificate_file_path = nil
+
+      # Priority #1: Get cert from merchantConfig.mleForRequestPublicCertPath if certPath is provided
+      if merchantConfig.mleForRequestPublicCertPath && !merchantConfig.mleForRequestPublicCertPath.strip.empty?
+        certificate_identifier = Constants::MLE_CACHE_IDENTIFIER_FOR_CONFIG_CERT
+        certificate_file_path = merchantConfig.mleForRequestPublicCertPath
+      # Priority #2: If mleForRequestPublicCertPath not provided, get mlecert from p12 if provided and jwt auth type
+      elsif Constants::AUTH_TYPE_JWT.downcase == merchantConfig.authenticationType.downcase && merchantConfig.p12KeyFilePath
+        certificate_identifier = Constants::MLE_CACHE_IDENTIFIER_FOR_P12_CERT
+        certificate_file_path = merchantConfig.p12KeyFilePath
+      # Priority #3: Get mlecert from default cert in SDK as per CAS or PROD env.
       else
-        raise Constants::ERROR_PREFIX + Constants::FILE_NOT_FOUND + filePath
+        logger.debug("The certificate to use for MLE for requests is not provided in the merchant configuration. Please ensure that the certificate path is provided.")
+        return nil
       end
+
+      cache_key = "#{merchantId}_#{certificate_identifier}"
+      mle_certificate = getMLECertificateBasedOnCacheKey(merchantConfig, cache_key, certificate_file_path)
+
+      CertificateUtility.validateCertificateExpiry(mle_certificate, merchantConfig.keyAlias, certificate_identifier, merchantConfig.log_config)
+
+      mle_certificate
     end
 
-    def getCertificate(p12File, keyPass, keyAlias, cacheObj, currentFileLastModifiedTime)
-      x5CertDer = Utility.new.fetchCert(keyPass, p12File, keyAlias)
-      cacheObj.write(keyAlias.to_s.upcase, x5CertDer)
-      cacheObj.write(keyAlias.to_s.upcase + '_LastModifiedTime', currentFileLastModifiedTime)
-      x5CertDer
+    def getMLECertificateBasedOnCacheKey(merchantConfig, cacheKey, certificateFilePath)
+      cachedCertificateInfo = nil
+      @@mutex.synchronize do
+        cachedCertificateInfo = @@cache_obj.read(cacheKey)
+        fileTimestamp = File.mtime(certificateFilePath)
+
+        if cachedCertificateInfo.nil? || cachedCertificateInfo.file_modified_time != fileTimestamp
+          setupCache(cacheKey, certificateFilePath, merchantConfig)
+          cachedCertificateInfo = @@cache_obj.read(cacheKey)
+        end
+      end
+
+      cachedCertificateInfo ? cachedCertificateInfo.cert : nil
     end
 
     # <b>DEPRECATED:</b> This method has been marked as Deprecated and will be removed in coming releases.
-    def fetchPEMFileForNetworkTokenization(filePath, cacheObj)
+    def fetchPEMFileForNetworkTokenization(filePath)
       warn("[DEPRECATED] 'fetchPEMFileForNetworkTokenization' method is deprecated and will be removed in coming releases.")
-      pem_file_cache = cacheObj.read('privateKeyFromPEMFile')
-      cached_pem_file_last_updated_time = cacheObj.read('cachedLastModifiedTimeOfPEMFile')
-      if File.exist?(filePath)
-        current_last_modified_time_of_PEM_file = File.mtime(filePath)
-        if pem_file_cache.nil? || pem_file_cache.to_s.empty? || current_last_modified_time_of_PEM_file > cached_pem_file_last_updated_time
-          private_key = JOSE::JWK.from_pem_file filePath
-          cacheObj.write('privateKeyFromPEMFile', private_key)
-          cacheObj.write('cachedLastModifiedTimeOfPEMFile', current_last_modified_time_of_PEM_file)
+
+      # Thread-safe cache access for deprecated method
+      @@mutex.synchronize do
+        pem_file_cache = @@cache_obj.read('privateKeyFromPEMFile')
+        cached_pem_file_last_updated_time = @@cache_obj.read('cachedLastModifiedTimeOfPEMFile')
+
+        if File.exist?(filePath)
+          current_last_modified_time_of_PEM_file = File.mtime(filePath)
+          if pem_file_cache.nil? || pem_file_cache.to_s.empty? || current_last_modified_time_of_PEM_file > cached_pem_file_last_updated_time
+            private_key = JOSE::JWK.from_pem_file filePath
+            @@cache_obj.write('privateKeyFromPEMFile', private_key)
+            @@cache_obj.write('cachedLastModifiedTimeOfPEMFile', current_last_modified_time_of_PEM_file)
+          end
         end
+
+        return @@cache_obj.read('privateKeyFromPEMFile')
       end
-      return cacheObj.read('privateKeyFromPEMFile')
     end
   end

data/lib/AuthenticationSDK/util/CacheValue.rb

@@ -0,0 +1,18 @@
+# Cache value object to store certificate data
+class CacheValue
+  attr_accessor :private_key, :cert, :file_modified_time
+
+  def initialize(private_key = nil, cert = nil, file_modified_time = nil)
+    @private_key = private_key
+    @cert = cert
+    @file_modified_time = file_modified_time
+  end
+
+  def to_s
+    "CacheValue(private_key: #{@private_key ? 'present' : 'nil'}, cert: #{@cert ? 'present' : 'nil'}, file_modified_time: #{@file_modified_time})"
+  end
+
+  def empty?
+    @private_key.nil? && @cert.nil? && @file_modified_time.nil?
+  end
+end

data/lib/AuthenticationSDK/util/CertificateUtility.rb

@@ -0,0 +1,124 @@
+require 'openssl'
+require_relative '../util/Constants.rb'
+require_relative '../logging/log_factory.rb'
+require_relative '../logging/log_configuration.rb'
+
+public
+  class CertificateUtility
+    @@logger
+
+    def self.getCertificateCollectionAndPrivateKeyFromP12(certificateFilePath, merchantConfig)
+      if !CertificateUtility.class_variable_defined?(:@@logger) || @@logger.nil?
+        @@logger = Log.new merchantConfig.log_config, "CertificateUtility"
+      end
+      logger = @@logger.logger
+
+      p12File = File.binread(certificateFilePath)
+      p12Object = OpenSSL::PKCS12.new(p12File, merchantConfig.keyPass)
+
+      privateKey = OpenSSL::PKey::RSA.new(p12Object.key)
+
+      primaryX5Certificate = p12Object.certificate
+      additionalX5Certificates = p12Object.ca_certs
+
+      certificateList = [primaryX5Certificate]
+      certificateList.concat(additionalX5Certificates) if additionalX5Certificates
+
+      return [privateKey, certificateList]
+    end
+
+    def self.getCertificateBasedOnKeyAlias(certificateList, keyAlias)
+      return nil if certificateList.nil?
+
+      certificateList.find do |cert|
+        cert.subject.to_a.any? { |_, value, _| value.include?(keyAlias) }
+      end
+    end
+
+    def self.getCertificatesFromPemFile(certificateFilePath)
+      pem_data = File.read(certificateFilePath)
+      certificateList = []
+
+      pem_data.scan(/-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m) do |certBlock|
+        certificateList << OpenSSL::X509::Certificate.new(certBlock)
+      end
+
+      certificateList
+    end
+
+    def self.validateCertificateExpiry(certificate, keyAlias, certificateIdentifier, logConfig)
+      if !CertificateUtility.class_variable_defined?(:@@logger) || @@logger.nil?
+        @@logger = Log.new logConfig, "CertificateUtility"
+      end
+      logger = @@logger.logger
+
+      warning_no_expiry_date = "Certificate does not have expiry date"
+      warning_expiring_soon = "Certificate with alias #{keyAlias} is going to expire on %s. Please update the certificate before then."
+      warning_expired = "Certificate with alias #{keyAlias} is expired as of %s. Please update the certificate."
+
+      if Constants::MLE_CACHE_IDENTIFIER_FOR_CONFIG_CERT == certificateIdentifier
+        warning_no_expiry_date = "Certificate for MLE Requests does not have expiry date from mleForRequestPublicCertPath in merchant configuration."
+        warning_expiring_soon = "Certificate for MLE Requests with alias #{keyAlias} is going to expire on %s. Please update the certificate provided in mleForRequestPublicCertPath in merchant configuration before then."
+        warning_expired = "Certificate for MLE Requests with alias #{keyAlias} is expired as of %s. Please update the certificate provided in mleForRequestPublicCertPath in merchant configuration."
+      end
+
+      if Constants::MLE_CACHE_IDENTIFIER_FOR_P12_CERT == certificateIdentifier
+        warning_no_expiry_date = "Certificate for MLE Requests does not have expiry date in the P12 file."
+        warning_expiring_soon = "Certificate for MLE Requests with alias #{keyAlias} is going to expire on %s. Please update the P12 file before then."
+        warning_expired = "Certificate for MLE Requests with alias #{keyAlias} is expired as of %s. Please update the P12 file."
+      end
+
+      not_after = certificate.not_after # This returns a Time object in Ruby's OpenSSL
+      if not_after.nil?
+        logger.warn(warning_no_expiry_date)
+      else
+        now = Time.now.utc
+        if not_after < now
+          logger.warn(warning_expired % [not_after])
+        else
+          time_to_expire = not_after - now
+          days_to_expire = (time_to_expire / 86400).to_i
+          if days_to_expire < Constants::CERTIFICATE_EXPIRY_DATE_WARNING_DAYS
+            logger.warn(warning_expiring_soon % [not_after])
+          end
+        end
+      end
+    end
+
+    def self.validatePathAndFile(filePath, pathType, logConfig)
+      if !CertificateUtility.class_variable_defined?(:@@logger) || @@logger.nil?
+        @@logger = Log.new logConfig, "CertificateUtility"
+      end
+      logger = @@logger.logger
+
+      if filePath.nil? || filePath.strip.empty?
+        logger.error("#{pathType} path cannot be null or empty.")
+        raise ArgumentError, "#{pathType} path cannot be null or empty."
+      end
+
+      normalized_path = filePath.dup
+      if File::SEPARATOR == '\\' && normalized_path =~ %r{^/[A-Za-z]:.*}
+        normalized_path = normalized_path[1..-1]
+      end
+
+      path = normalized_path
+
+      unless File.exist?(path)
+        logger.error("#{pathType} does not exist: #{path}")
+        raise IOError, "#{pathType} does not exist: #{path}"
+      end
+
+      if File.directory?(path)
+        logger.error("#{pathType} does not have valid file: #{path}")
+        raise IOError, "#{pathType} does not have valid file: #{path}"
+      end
+
+      begin
+        File.open(path, "rb") {} # Just to check readability
+        return path
+      rescue => e
+        logger.error("#{pathType} is not readable: #{path}")
+        raise IOError, "#{pathType} is not readable: #{path}"
+      end
+    end
+  end

data/lib/AuthenticationSDK/util/Constants.rb

@@ -169,4 +169,10 @@
       DEFAULT_ALIAS_FOR_MLE_CERT = 'CyberSource_SJC_US' unless const_defined?(:DEFAULT_ALIAS_FOR_MLE_CERT)
 
       CERTIFICATE_EXPIRY_DATE_WARNING_DAYS = 90 unless const_defined?(:CERTIFICATE_EXPIRY_DATE_WARNING_DAYS)
+
+      MLE_CACHE_IDENTIFIER_FOR_CONFIG_CERT = "mleCertFromMerchantConfig"
+
+      MLE_CACHE_IDENTIFIER_FOR_P12_CERT = "mleCertFromP12"
+
+      DEFAULT_KEY_FILE_PATH = File.join(Dir.pwd, "resources")
   end

data/lib/AuthenticationSDK/util/JWEUtility.rb

@@ -8,8 +8,7 @@ class AuthJWEUtility
   # <b>DEPRECATED:</b> This method has been marked as Deprecated and will be removed in coming releases. Use <tt>decrypt_jwe_using_private_key()</tt> instead.
   def self.decrypt_jwe_using_pem(merchant_config, encoded_response)
     warn("[DEPRECATED] `decrypt_jwe_using_pem()` method is deprecated and will be removed in coming releases. Use `decrypt_jwe_using_private_key()` instead.")
-    cache_obj = ActiveSupport::Cache::MemoryStore.new
-    key = Cache.new.fetchPEMFileForNetworkTokenization(merchant_config.pemFileDirectory, cache_obj)
+    key = Cache.new.fetchPEMFileForNetworkTokenization(merchant_config.pemFileDirectory)
     return JOSE::JWE.block_decrypt(key, encoded_response).first
   end