cybersource_rest_client 0.0.82 → 0.0.84

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 767094548594be059f30d46d1fe535a39ab426beec6ae36af8e1ba8f247ed2f5
-  data.tar.gz: ce79348dbc7437e34cddf73080911d5459bc1918b1268a66d3bee17585bd324d
+  metadata.gz: bb5d050b359e9fefb56a6f04e11510cc45f1c1b6f033a621495b4f82ff2d8a64
+  data.tar.gz: b8e37d57a3d3ec9a63ce79cb5115df8c41bedaeef333d774673f4ae07aafecc4
 SHA512:
-  metadata.gz: f6faecf8d5d693da9e10aacefd367096aa5f659fa0b5e1d09d82a7a383ad8b97aaf779e9cc6b1bbf33f8a16301cbb2a9d92ddbb7cc6a40ac1c4ace584d0deefe
-  data.tar.gz: b16e4826078f3ee87f886ecb1216610b71ee682c591491adde2768396a76b9869e2d4f8c31dc550071a7c8f5a1fa6254f7e7d3b2c9db87b1d900033cdc657116
+  metadata.gz: f712d7cca99ab978f9115b6dea2849c27c65ed3d899d5614d5687426f8d6b90d5b123f12647e7e3356f09028264f6a2a25f5a0dbeb3992af776533448f754836
+  data.tar.gz: bf26f45d42ad16decfe75998c29b338e0a111d36290064a2ac625f14627c47927e8828ca32e991bd067b07fdf5f21740f03278948f202f5192a569068321ea4e

data/lib/AuthenticationSDK/authentication/jwt/JwtToken.rb

@@ -4,6 +4,7 @@ require 'jwt'
 require 'json'
 require 'active_support'
 require 'time'
+require 'securerandom'
 require_relative '../../core/ITokenGeneration.rb'
 require_relative '../../util/Constants.rb'
 require_relative '../../util/ExceptionHandler.rb'
@@ -16,63 +17,118 @@ public
   class GenerateJwtToken
     @log_obj
 
-    #JWT Token-generated based  on the Request type
+    # JWT Token generation for JWTv2 specification
     def getToken(merchantconfig_obj, gmtDatetime, isResponseMLEForApi)
       @log_obj = Log.new merchantconfig_obj.log_config, "JwtToken"
 
-      jwtBody = ''
-      request_type = merchantconfig_obj.requestType.upcase
-      
-      jwtBody = getJwtBody(request_type, gmtDatetime, merchantconfig_obj, isResponseMLEForApi)
-      claimSet = JSON.parse(jwtBody)
-
-      cache_value = Cache.new.fetchCachedP12Certificate(merchantconfig_obj)
-      privateKey = cache_value.private_key
-      jwt_cert_obj = cache_value.cert
-      jwt_cert_in_der = Base64.strict_encode64(jwt_cert_obj.to_der)
-
-
-      # JWT token-Generates using RS256 algorithm only
-      x5clist = [jwt_cert_in_der]
-      customHeaders = {}
-      customHeaders['v-c-merchant-id'] = merchantconfig_obj.keyAlias
-      customHeaders['x5c'] = x5clist
-
-      # Generating JWT token
-      token = JWT.encode(claimSet, privateKey, 'RS256', customHeaders)
-      return token
-    rescue StandardError => err
-      if err.message.include? 'PKCS12_parse: mac verify failure'
-        @log_obj.logger.error(ExceptionHandler.new.new_custom_error Constants::ERROR_PREFIX + Constants::INCORRECT_KEY_PASS)
-        # exit!
-      else
-        @log_obj.logger.error(ExceptionHandler.new.new_api_exception err)
-        # exit!
+      begin
+        # Get payload claim set for JWTv2 (identical for both key types)
+        payload_claim_set = getPayloadClaimSet(merchantconfig_obj, isResponseMLEForApi)
+        token = ''
+        if merchantconfig_obj.is_shared_secret_key_type?
+          # Shared Secret (HMAC-SHA256) signing
+          @log_obj.logger.debug('Generating JWT token using shared secret (HS256)')
+
+          secret_key = merchantconfig_obj.merchantSecretKey
+          begin
+            secret_key_decoded = Base64.strict_decode64(secret_key)
+            rescue ArgumentError => e
+            raise StandardError.new("Invalid base64-encoded secret key: #{e.message}")
+          end
+
+          # Get header claim set with merchantKeyId as kid
+          header_claim_set = getHeaderClaimSet(merchant_key_id: merchantconfig_obj.merchantKeyId)
+
+          # Generate JWT token using HS256 algorithm
+          token = JWT.encode(payload_claim_set, secret_key_decoded, 'HS256', header_claim_set)
+        else
+          # P12 Certificate (RSA-SHA256) signing — existing behavior
+          @log_obj.logger.debug('Generating JWT token using P12 certificate (RS256)')
+
+          # Get cached certificate and private key
+          cache_value = Cache.new.fetchCachedP12Certificate(merchantconfig_obj)
+          private_key = cache_value.private_key
+          jwt_cert_obj = cache_value.cert
+
+          # Get header claim set with certificate serial number as kid
+          header_claim_set = getHeaderClaimSet(certificate: jwt_cert_obj)
+
+          # Generate JWT token using RS256 algorithm
+          token = JWT.encode(payload_claim_set, private_key, 'RS256', header_claim_set)
+        end
+
+        return token
+      rescue StandardError => err
+        if err.message.include? 'PKCS12_parse: mac verify failure'
+          @log_obj.logger.error(ExceptionHandler.new.new_custom_error Constants::ERROR_PREFIX + Constants::INCORRECT_KEY_PASS)
+        else
+          @log_obj.logger.error(ExceptionHandler.new.new_api_exception err)
+        end
+        raise err
       end
-      raise err
     end
 
-    def getJwtBody(request_type, gmtDatetime, merchantconfig_obj, isResponseMLEForApi=false)
-      jwtBody = "{\n "
-      
+    private
+
+    def getPayloadClaimSet(merchantconfig_obj, isResponseMLEForApi)
+      jwt_payload = {}
+      request_type = merchantconfig_obj.requestType.upcase
+
+      # Setting the JWT digest and digest Algorithm when a POST, PUT, or PATCH request is made
       if request_type == Constants::POST_REQUEST_TYPE || request_type == Constants::PUT_REQUEST_TYPE || request_type == Constants::PATCH_REQUEST_TYPE
         payload = merchantconfig_obj.requestJsonData
-
-        # Note: Digest is not passed for GET calls
         digest = DigestGeneration.new.generateDigest(payload)
-        jwtBody = jwtBody + "\"digest\":\"" + digest + "\", \"digestAlgorithm\":\"SHA-256\", \"iat\":" + Time.parse(gmtDatetime).to_i.to_s
-      elsif request_type == Constants::GET_REQUEST_TYPE || request_type == Constants::DELETE_REQUEST_TYPE
-        jwtBody = jwtBody + "\"iat\":" + Time.parse(gmtDatetime).to_i.to_s
+        jwt_payload['digest'] = digest
+        jwt_payload['digestAlgorithm'] = 'SHA-256'
+      end
+
+      # Set the iat and exp claims using Unix timestamps
+      current_time = Time.now.to_i
+      jwt_payload['iat'] = current_time
+      jwt_payload['exp'] = current_time + 120  # The exp claim is set to 2 mins more than the iat claim
+
+      # Set the request method, host and resource path in the JWT body as per the specification for all request types
+      jwt_payload['request-method'] = request_type
+      jwt_payload['request-host'] = merchantconfig_obj.requestHost
+      jwt_payload['request-resource-path'] = merchantconfig_obj.requestTarget
+
+      # Choose issuer claim in the JWT body as per the use_metakey flag in the config file
+      if merchantconfig_obj.useMetaKey
+        issuer = merchantconfig_obj.portfolioID
       else
-        raise StandardError.new(Constants::ERROR_PREFIX + Constants::INVALID_REQUEST_TYPE_METHOD)
+        issuer = merchantconfig_obj.merchantId
       end
 
+      jwt_payload['iss'] = issuer
+      jwt_payload['jti'] = SecureRandom.uuid  # Unique JWT ID
+      jwt_payload['v-c-jwt-version'] = '2'
+      jwt_payload['v-c-merchant-id'] = merchantconfig_obj.merchantId
+
       if isResponseMLEForApi
-        mleKid = MLEUtility.validate_and_auto_extract_response_mle_kid(merchantconfig_obj)
-        jwtBody = jwtBody + ", \"v-c-response-mle-kid\":\"" + mleKid + "\""
+        mle_kid = MLEUtility.validate_and_auto_extract_response_mle_kid(merchantconfig_obj)
+        jwt_payload['v-c-response-mle-kid'] = mle_kid
+      end
+
+      return jwt_payload
+    end
+
+    def getHeaderClaimSet(merchant_key_id: nil, certificate: nil)
+      kid_value = ''
+      if !certificate.nil?
+        kid_value = MLEUtility.extract_serial_number_from_certificate(certificate)
+      elsif !merchant_key_id.nil? && !merchant_key_id.to_s.empty?
+        kid_value = merchant_key_id
+      else
+        raise StandardError.new("Either certificate or merchant_key_id must be provided for JWT header")
       end
 
-      jwtBody = jwtBody + "\n}"
+      jwt_headers = {
+        'kid' => kid_value,
+        'typ' => 'JWT'
+      }
+
+      return jwt_headers
     end
+
     implements TokenInterface
   end

data/lib/AuthenticationSDK/core/MerchantConfig.rb

@@ -28,9 +28,11 @@ public
       @keyAlias = cybsPropertyObj['keyAlias']
       @keyPass = cybsPropertyObj['keyPass']
       @keyFilename = cybsPropertyObj['keyFilename']
+      @jwtKeyType = cybsPropertyObj['jwtKeyType'] ? cybsPropertyObj['jwtKeyType'].to_s.upcase : Constants::JWT_KEY_TYPE_P12
       @useMetaKey = cybsPropertyObj['useMetaKey']
       @portfolioID = cybsPropertyObj['portfolioID']
       @solutionId = cybsPropertyObj['solutionId']
+      @isSDK = cybsPropertyObj['isSDK'] == true || cybsPropertyObj['isSDK'].to_s.strip.casecmp?('true')
       @p12KeyFilePath = nil
       # MutualAuth & OAuth Parameters
       @enableClientCert = cybsPropertyObj['enableClientCert']
@@ -142,7 +144,9 @@ public
 
       validateMerchantDetails()
       validateMLEConfiguration(cybsPropertyObj)
-      @p12KeyFilePath = File.join(@keysDirectory, @keyFilename + ".p12")
+      if !@keysDirectory.nil? && !@keysDirectory.to_s.empty? && !@keyFilename.nil? && !@keyFilename.to_s.empty?
+        @p12KeyFilePath = File.join(@keysDirectory, @keyFilename + ".p12")
+      end
       logAllProperties(cybsPropertyObj)
     end
 
@@ -227,35 +231,52 @@ public
         elsif !@merchantId.instance_of? String
           @merchantId=@merchantId.to_s
         end
-        if @keyAlias.to_s.empty?
-          @keyAlias = @merchantId
-          @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::KEY_ALIAS_NULL_EMPTY)
-        elsif !@keyAlias.instance_of? String
-          @keyAlias=@keyAlias.to_s
-        elsif @keyAlias != @merchantId
-          @keyAlias = @merchantId
-          @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::INCORRECT_KEY_ALIAS)
-        end
-        if @keyPass.to_s.empty?
-          @keyPass = @merchantId
-          @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::KEY_PASS_NULL)
-        elsif !@keyPass.instance_of? String
-          @keyPass=@keyPass.to_s
-        end
-        if @keysDirectory.to_s.empty?
-          @keysDirectory = Constants::DEFAULT_KEY_DIRECTORY
-          @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::KEY_DIRECTORY_EMPTY + @keysDirectory)
-        elsif !@keysDirectory.instance_of? String
-          @keysDirectory=@keysDirectory.to_s
-        end
-        if @keyFilename.to_s.empty?
-          @keyFilename = @merchantId
-          @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::KEY_FILE_NAME_NULL_EMPTY)
-        elsif !@keyFilename.instance_of? String
-          @keyFilename=@keyFilename.to_s
-        end
-        if !check_key_file
-          @log_obj.logger.error(ExceptionHandler.new.new_custom_error "Error finding or accessing the Key Directory or Key File. Please review the values in the merchant configuration.")
+
+        # Validate jwtKeyType
+        check_jwt_key_type
+
+        if is_shared_secret_key_type?
+          # Shared Secret validation — same credentials as HTTP_SIGNATURE
+          validateSharedSecretKeyCredentials()
+        else
+          # P12 validation (existing behavior)
+          if @keyAlias.to_s.empty?
+            @keyAlias = @merchantId
+            @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::KEY_ALIAS_NULL_EMPTY)
+          elsif !@keyAlias.instance_of? String
+            @keyAlias=@keyAlias.to_s
+          end
+          if !@useMetaKey && @keyAlias != @merchantId
+            @keyAlias = @merchantId
+            @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::INCORRECT_KEY_ALIAS)
+          end
+          if @useMetaKey && @keyAlias != @portfolioID
+            @keyAlias = @portfolioID
+            @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::INCORRECT_KEY_ALIAS_USE_METAKEY)
+          end
+          if @keyPass.to_s.empty?
+            @keyPass = @merchantId
+            @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::KEY_PASS_NULL)
+          elsif !@keyPass.instance_of? String
+            @keyPass=@keyPass.to_s
+          end
+          if @keysDirectory.to_s.empty?
+            @keysDirectory = Constants::DEFAULT_KEY_DIRECTORY
+            @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::KEY_DIRECTORY_EMPTY + @keysDirectory)
+          elsif !@keysDirectory.instance_of? String
+            @keysDirectory=@keysDirectory.to_s
+          end
+          if @keyFilename.to_s.empty?
+            @keyFilename = @merchantId
+            @log_obj.logger.warn(ExceptionHandler.new.new_api_warning Constants::WARNING_PREFIX + Constants::KEY_FILE_NAME_NULL_EMPTY)
+          elsif !@keyFilename.instance_of? String
+            @keyFilename=@keyFilename.to_s
+          end
+          if !check_key_file
+            err = StandardError.new(Constants::ERROR_PREFIX + "Cannot find or access the Key Directory or Key File. Please review the values in the merchant configuration.")
+            @log_obj.logger.error(ExceptionHandler.new.new_api_exception err)
+            raise err
+          end
         end
       end
       if @authenticationType.upcase == Constants::AUTH_TYPE_MUTUAL_AUTH
@@ -298,20 +319,7 @@ public
         elsif !@merchantId.instance_of? String
           @merchantId=@merchantId.to_s
         end
-        if @merchantKeyId.to_s.empty?
-          err = StandardError.new(Constants::ERROR_PREFIX+ Constants::MERCHANT_KEY_ID_MANDATORY)
-          @log_obj.logger.error(ExceptionHandler.new.new_api_exception err)
-          raise err
-        elsif !@merchantKeyId.instance_of? String
-          @merchantKeyId=@merchantKeyId.to_s
-        end
-        if @merchantSecretKey.to_s.empty?
-          err = StandardError.new(Constants::ERROR_PREFIX+ Constants::MERCHANT_SECRET_KEY_MANDATORY)
-          @log_obj.logger.error(ExceptionHandler.new.new_api_exception err)
-          raise err
-        elsif !@merchantSecretKey.instance_of? String
-          @merchantSecretKey=@merchantSecretKey.to_s
-        end
+        validateSharedSecretKeyCredentials()
       end
       if @useMetaKey && @portfolioID.to_s.empty?
         err = StandardError.new(Constants::ERROR_PREFIX+ Constants::PORTFOLIO_ID_MANDATORY)
@@ -330,6 +338,23 @@ public
       end
     end
 
+    def validateSharedSecretKeyCredentials()
+      if @merchantKeyId.to_s.empty?
+        err = StandardError.new(Constants::ERROR_PREFIX+ Constants::MERCHANT_KEY_ID_MANDATORY)
+        @log_obj.logger.error(ExceptionHandler.new.new_api_exception err)
+        raise err
+      elsif !@merchantKeyId.instance_of? String
+        @merchantKeyId=@merchantKeyId.to_s
+      end
+      if @merchantSecretKey.to_s.empty?
+        err = StandardError.new(Constants::ERROR_PREFIX+ Constants::MERCHANT_SECRET_KEY_MANDATORY)
+        @log_obj.logger.error(ExceptionHandler.new.new_api_exception err)
+        raise err
+      elsif !@merchantSecretKey.instance_of? String
+        @merchantSecretKey=@merchantSecretKey.to_s
+      end
+    end
+
     def validateMLEConfiguration(cybsPropertyObj)
       if !@useMLEGlobally.nil? && !cybsPropertyObj['enableRequestMLEForOptionalApisGlobally'].nil?
         if @useMLEGlobally != cybsPropertyObj['enableRequestMLEForOptionalApisGlobally']
@@ -581,6 +606,20 @@ public
       @log_obj.logger.info('Merchant Configuration :\n' + propertyObj.to_s)
     end
 
+    # Returns true when jwtKeyType is SHARED_SECRET
+    def is_shared_secret_key_type?
+      !@jwtKeyType.nil? && @jwtKeyType.upcase == Constants::JWT_KEY_TYPE_SHARED_SECRET
+    end
+
+    # Validates that jwtKeyType is either P12 or SHARED_SECRET
+    def check_jwt_key_type
+      unless @jwtKeyType.upcase == Constants::JWT_KEY_TYPE_P12 || @jwtKeyType.upcase == Constants::JWT_KEY_TYPE_SHARED_SECRET
+        err = StandardError.new(Constants::ERROR_PREFIX + Constants::INVALID_JWT_KEY_TYPE)
+        @log_obj.logger.error(ExceptionHandler.new.new_api_exception err)
+        raise err
+      end
+    end
+
     def check_key_file
       # Directory exists?
       unless Dir.exist?(@keysDirectory)
@@ -622,6 +661,7 @@ public
     attr_accessor :keyAlias
     attr_accessor :keyPass
     attr_accessor :keyFilename
+    attr_accessor :jwtKeyType
     attr_accessor :useMetaKey
     attr_accessor :portfolioID
     attr_accessor :keepAliveTime
@@ -645,6 +685,7 @@ public
     attr_accessor :requestTarget
     attr_accessor :log_obj
     attr_accessor :solutionId
+    attr_accessor :isSDK
     attr_accessor :defaultCustomHeaders
     attr_accessor :pemFileDirectory
     attr_accessor :useMLEGlobally

data/lib/AuthenticationSDK/logging/log_configuration.rb

@@ -54,7 +54,8 @@ public
                 if @maxLogFiles.nil? || @maxLogFiles.to_s.empty?
                     @maxLogFiles = Constants::DEFAULT_MAX_LOG_FILES
                     log_message += Constants::WARNING_PREFIX + Constants::INVALID_MAX_LOG_FILES + @maxLogFiles
-                elsif !@maxLogFiles.instance_of? Integer
+                end
+                if !@maxLogFiles.instance_of? Integer
                     @maxLogFiles = @maxLogFiles.to_i
                 end
                 if @enableMasking == "true"

data/lib/AuthenticationSDK/util/AuthJWEUtility.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative './Cache'
+require 'stringio'
 require 'jose'
 
 public

data/lib/AuthenticationSDK/util/Cache.rb

@@ -126,8 +126,8 @@ public
       if merchantConfig.mleForRequestPublicCertPath && !merchantConfig.mleForRequestPublicCertPath.strip.empty?
         certificate_identifier = Constants::MLE_CACHE_IDENTIFIER_FOR_CONFIG_CERT
         certificate_file_path = merchantConfig.mleForRequestPublicCertPath
-      # Priority #2: If mleForRequestPublicCertPath not provided, get mlecert from p12 if provided and jwt auth type
-      elsif Constants::AUTH_TYPE_JWT.downcase == merchantConfig.authenticationType.downcase && merchantConfig.p12KeyFilePath
+      # Priority #2: If mleForRequestPublicCertPath not provided, get mlecert from p12 if provided and jwt auth type (only for P12 key type, not SHARED_SECRET)
+      elsif Constants::AUTH_TYPE_JWT.downcase == merchantConfig.authenticationType.downcase && !merchantConfig.is_shared_secret_key_type? && merchantConfig.p12KeyFilePath
         certificate_identifier = Constants::MLE_CACHE_IDENTIFIER_FOR_P12_CERT
         certificate_file_path = merchantConfig.p12KeyFilePath
       # Priority #3: Get mlecert from default cert in SDK as per CAS or PROD env.
@@ -224,10 +224,13 @@ public
           merchant_config.responseMlePrivateKeyFilePassword
         )
 
-        merchant_cert = Utility.getCertificateBasedOnKeyAlias(certificate_list, merchant_config.merchantId)
+        # Use correct alias for MetaKey mode: portfolioID when useMetaKey is true, merchantId otherwise
+        response_mle_key_alias = merchant_config.useMetaKey ? merchant_config.portfolioID : merchant_config.merchantId
+
+        merchant_cert = Utility.getCertificateBasedOnKeyAlias(certificate_list, response_mle_key_alias)
 
         if merchant_cert.nil?
-          raise StandardError.new("No certificate found for Response MLE Private Key file with merchant ID alias #{merchant_config.merchantId}")
+          raise StandardError.new("No certificate found for Response MLE Private Key file with alias '#{response_mle_key_alias}'")
         end
 
         # Check if this is a CyberSource-generated P12 file

data/lib/AuthenticationSDK/util/Constants.rb

@@ -66,6 +66,12 @@
 
       AUTH_TYPE_JWT = 'JWT' unless const_defined?(:AUTH_TYPE_JWT)
 
+      JWT_KEY_TYPE_P12 = 'P12' unless const_defined?(:JWT_KEY_TYPE_P12)
+
+      JWT_KEY_TYPE_SHARED_SECRET = 'SHARED_SECRET' unless const_defined?(:JWT_KEY_TYPE_SHARED_SECRET)
+
+      INVALID_JWT_KEY_TYPE = "Invalid jwtKeyType. Must be 'P12' or 'SHARED_SECRET'." unless const_defined?(:INVALID_JWT_KEY_TYPE)
+
       OLD_RUN_ENVIRONMENT_CONSTANTS = ['CYBERSOURCE.ENVIRONMENT.SANDBOX', 'CYBERSOURCE.ENVIRONMENT.PRODUCTION', 'CYBERSOURCE.IN.ENVIRONMENT.SANDBOX', 'CYBERSOURCE.IN.ENVIRONMENT.PRODUCTION', 'BANKOFAMERICA.ENVIRONMENT.SANDBOX', 'BANKOFAMERICA.ENVIRONMENT.PRODUCTION']
 
       # constants for fall back logic
@@ -146,6 +152,8 @@
 
       INCORRECT_KEY_ALIAS = 'The Entered KeyAlias is Incorrect. Assigining merchantID value' unless const_defined?(:INCORRECT_KEY_ALIAS)
 
+      INCORRECT_KEY_ALIAS_USE_METAKEY = 'The Entered KeyAlias is Incorrect with useMetaKey set to true. Assigining portfolioID value' unless const_defined?(:INCORRECT_KEY_ALIAS_USE_METAKEY)
+
       ENABLE_CLIENT_CERT_EMPTY = 'Enable Clientcert is Empty/Null.' unless const_defined?(:ENABLE_CLIENT_CERT_EMPTY)
 
       CLIENT_CERT_DIR_EMPTY = 'Client Cert Directory is Empty/Null' unless const_defined?(:CLIENT_CERT_DIR_EMPTY)

data/lib/AuthenticationSDK/util/MLEUtility.rb

@@ -48,6 +48,15 @@ public
         return requestBody
       end
 
+      # Check if using shared secret JWT without explicit MLE certificate path
+      if mleCertificate.nil? &&
+         Constants::AUTH_TYPE_JWT.downcase == merchantConfig.authenticationType.downcase &&
+         merchantConfig.is_shared_secret_key_type?
+        @log_obj.logger.debug("MLE for requests with JWT shared secret authentication requires mleForRequestPublicCertPath to be explicitly provided in merchant configuration.")
+        @log_obj.logger.debug("Please set mleForRequestPublicCertPath to the path of your MLE public certificate file.")
+        raise StandardError.new(Constants::ERROR_PREFIX + "Missing MLE certificate for JWT shared secret authentication. Please provide the MLE public certificate path in the configuration.")
+      end
+
       begin
         serial_number = self.extract_serial_number_from_certificate(mleCertificate)
 

data/lib/cybersource_rest_client/api/batches_api.rb

@@ -239,7 +239,7 @@ module CyberSource
       # header parameters
       header_params = {}
       # HTTP header 'Accept' (if needed)
-      header_params['Accept'] = @api_client.select_header_accept(['application/json;charset=utf-8'])
+      header_params['Accept'] = @api_client.select_header_accept(['application/json', 'application/json;charset=utf-8'])
       # HTTP header 'Content-Type'
       header_params['Content-Type'] = @api_client.select_header_content_type(['application/json;charset=utf-8'])
 

data/lib/cybersource_rest_client/api/create_new_webhooks_api.rb

@@ -138,7 +138,7 @@ module CyberSource
       # header parameters
       header_params = {}
       # HTTP header 'Accept' (if needed)
-      header_params['Accept'] = @api_client.select_header_accept(['application/hal+json;charset=utf-8'])
+      header_params['Accept'] = @api_client.select_header_accept(['application/json;charset=utf-8'])
       # HTTP header 'Content-Type'
       header_params['Content-Type'] = @api_client.select_header_content_type(['application/json;charset=utf-8'])
 
@@ -182,27 +182,27 @@ module CyberSource
     # Create Webhook Security Keys
     # Create security keys that CyberSource will use internally to connect to your servers and validate messages using a digital signature.  Select the CREATE example for CyberSource to generate the key on our server and maintain it for you as well. Remember to save the key in the API response, so that you can use it to validate messages later. 
     #
-    # @param v_c_sender_organization_id Sender organization id
-    # @param v_c_permissions Encoded user permissions returned by the CGK, for the entity user who initiated the boarding
     # @param [Hash] opts the optional parameters
     # @option opts [String] :v_c_correlation_id A globally unique id associated with your request
+    # @option opts [String] :v_c_sender_organization_id Sender organization id
+    # @option opts [String] :v_c_permissions Encoded user permissions returned by the CGK, for the entity user who initiated the boarding
     # @option opts [SaveSymEgressKey] :save_sym_egress_key Provide egress Symmetric key information to save (create or store or refresh)
     # @return [InlineResponse2015]
     #
-    def save_sym_egress_key(v_c_sender_organization_id, v_c_permissions, opts = {})
-      data, status_code, headers = save_sym_egress_key_with_http_info(v_c_sender_organization_id, v_c_permissions, opts)
+    def save_sym_egress_key(opts = {})
+      data, status_code, headers = save_sym_egress_key_with_http_info(opts)
       return data, status_code, headers
     end
 
     # Create Webhook Security Keys
     # Create security keys that CyberSource will use internally to connect to your servers and validate messages using a digital signature.  Select the CREATE example for CyberSource to generate the key on our server and maintain it for you as well. Remember to save the key in the API response, so that you can use it to validate messages later. 
-    # @param v_c_sender_organization_id Sender organization id
-    # @param v_c_permissions Encoded user permissions returned by the CGK, for the entity user who initiated the boarding
     # @param [Hash] opts the optional parameters
     # @option opts [String] :v_c_correlation_id A globally unique id associated with your request
+    # @option opts [String] :v_c_sender_organization_id Sender organization id
+    # @option opts [String] :v_c_permissions Encoded user permissions returned by the CGK, for the entity user who initiated the boarding
     # @option opts [SaveSymEgressKey] :save_sym_egress_key Provide egress Symmetric key information to save (create or store or refresh)
     # @return [Array<(InlineResponse2015, Fixnum, Hash)>] InlineResponse2015 data, response status code and response headers
-    def save_sym_egress_key_with_http_info(v_c_sender_organization_id, v_c_permissions, opts = {})
+    def save_sym_egress_key_with_http_info(opts = {})
 
       if @api_client.config.debugging
           begin
@@ -212,22 +212,14 @@ module CyberSource
                 puts 'Cannot write to log'
             end
       end
-      # verify the required parameter 'v_c_sender_organization_id' is set
-      if @api_client.config.client_side_validation && v_c_sender_organization_id.nil?
-        fail ArgumentError, "Missing the required parameter 'v_c_sender_organization_id' when calling CreateNewWebhooksApi.save_sym_egress_key"
-      end
-      #if @api_client.config.client_side_validation && v_c_sender_organization_id !~ Regexp.new(/^[A-Za-z0-9\\-_]+$/)
-        #fail ArgumentError, "invalid value for 'v_c_sender_organization_id' when calling CreateNewWebhooksApi.save_sym_egress_key, must conform to the pattern /^[A-Za-z0-9\\-_]+$/."
-      #end
-
-      # verify the required parameter 'v_c_permissions' is set
-      if @api_client.config.client_side_validation && v_c_permissions.nil?
-        fail ArgumentError, "Missing the required parameter 'v_c_permissions' when calling CreateNewWebhooksApi.save_sym_egress_key"
-      end
       #if @api_client.config.client_side_validation && !opts[:'v_c_correlation_id'].nil? && opts[:'v_c_correlation_id'] !~ Regexp.new(/^[A-Za-z0-9\\.\\-_:]+$/)
         #fail ArgumentError, "invalid value for 'opts[:\"v_c_correlation_id\"]' when calling CreateNewWebhooksApi.save_sym_egress_key, must conform to the pattern /^[A-Za-z0-9\\.\\-_:]+$/."
       #end
 
+      #if @api_client.config.client_side_validation && !opts[:'v_c_sender_organization_id'].nil? && opts[:'v_c_sender_organization_id'] !~ Regexp.new(/^[A-Za-z0-9\\-_]+$/)
+        #fail ArgumentError, "invalid value for 'opts[:\"v_c_sender_organization_id\"]' when calling CreateNewWebhooksApi.save_sym_egress_key, must conform to the pattern /^[A-Za-z0-9\\-_]+$/."
+      #end
+
       # resource path
       local_var_path = 'kms/egress/v2/keys-sym'
 
@@ -240,9 +232,9 @@ module CyberSource
       header_params['Accept'] = @api_client.select_header_accept(['application/hal+json;charset=utf-8'])
       # HTTP header 'Content-Type'
       header_params['Content-Type'] = @api_client.select_header_content_type(['application/json;charset=utf-8'])
-      header_params[:'v-c-sender-organization-id'] = v_c_sender_organization_id
-      header_params[:'v-c-permissions'] = v_c_permissions
       header_params[:'v-c-correlation-id'] = opts[:'v_c_correlation_id'] if !opts[:'v_c_correlation_id'].nil?
+      header_params[:'v-c-sender-organization-id'] = opts[:'v_c_sender_organization_id'] if !opts[:'v_c_sender_organization_id'].nil?
+      header_params[:'v-c-permissions'] = opts[:'v_c_permissions'] if !opts[:'v_c_permissions'].nil?
 
       # form parameters
       form_params = {}