Merge pull request #3 from Mastercard-Gateway/hotfix/1.1.3

Hotfix/1.1.3

Author: jhutch86

README.md

@@ -78,7 +78,7 @@ To configure the sample app, compile and run the app on your device. There are t
 ![Sample app configuration](./sample-configuration.png)
 
 1. The merchant id should have the prefix 'TEST'
-1. The region options include ASIA_PACIFIC, EUROPE, NORTH_AMERICA, or MTF
+1. The region options include ASIA_PACIFIC, EUROPE, NORTH_AMERICA, INDIA, CHINA, or MTF
 1. To find the Heroku test server URL, consult the **[Gateway Test Merchant Server]** (ex: https://{your-app-name}.herokuapp.com)
 
 

build.gradle

@@ -22,5 +22,5 @@ task clean(type: Delete) {
 }
 
 ext {
-    libraryVersionName = '1.1.2'
+    libraryVersionName = '1.1.3'
 }

gateway-android/src/debug/java/com/mastercard/gateway/android/sdk/BaseLogger.java

@@ -3,15 +3,16 @@
 
 import android.util.Log;
 
-import java.net.HttpURLConnection;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import javax.net.ssl.HttpsURLConnection;
+
 class BaseLogger implements Logger {
 
     @Override
-    public void logRequest(HttpURLConnection c, String data) {
+    public void logRequest(HttpsURLConnection c, String data) {
         String log = "REQUEST: " + c.getRequestMethod() + " " + c.getURL().toString();
 
         if (data != null) {
@@ -35,7 +36,7 @@ public void logRequest(HttpURLConnection c, String data) {
     }
 
     @Override
-    public void logResponse(HttpURLConnection c, String data) {
+    public void logResponse(HttpsURLConnection c, String data) {
         String log = "RESPONSE: ";
 
         // log response headers
@@ -59,6 +60,8 @@ public void logResponse(HttpURLConnection c, String data) {
             }
         }
 
+        log += "\n-- Cipher Suite: " + c.getCipherSuite();
+
         String[] parts = log.split("\n");
         for (String part : parts) {
             logDebug(part);

gateway-android/src/main/java/com/mastercard/gateway/android/sdk/Gateway.java

@@ -34,21 +34,15 @@
 import org.json.JSONObject;
 
 import java.io.BufferedReader;
-import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.OutputStream;
 import java.net.URL;
-import java.security.KeyStore;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
 
 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.SSLSocketFactory;
 
 import io.reactivex.Single;
 
@@ -70,11 +64,12 @@ public class Gateway {
      * The available gateway regions
      */
     public enum Region {
-        ASIA_PACIFIC("ap-"),
-        EUROPE("eu-"),
-        NORTH_AMERICA("na-"),
+        ASIA_PACIFIC("ap."),
+        EUROPE("eu."),
+        NORTH_AMERICA("na."),
         INDIA("in."),
-        MTF("test-");
+        CHINA("cn."),
+        MTF("mtf.");
 
         String prefix;
 
@@ -100,35 +95,6 @@ enum Method {
     static final int REQUEST_GOOGLE_PAY_LOAD_PAYMENT_DATA = 10001;
     static final String API_OPERATION = "UPDATE_PAYER_DATA";
     static final String USER_AGENT = "Gateway-Android-SDK/" + BuildConfig.VERSION_NAME;
-    static final String INTERMEDIATE_CA = "-----BEGIN CERTIFICATE-----\n" +
-            "MIIFAzCCA+ugAwIBAgIEUdNg7jANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC\n" +
-            "VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50\n" +
-            "cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs\n" +
-            "IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz\n" +
-            "dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMTQxMDIyMTcw\n" +
-            "NTE0WhcNMjQxMDIzMDczMzIyWjCBujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu\n" +
-            "dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt\n" +
-            "dGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0\n" +
-            "aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9u\n" +
-            "IEF1dGhvcml0eSAtIEwxSzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n" +
-            "ANo/ltBNuS9E59s5XptQ7lylYdpBZ1MJqgCajld/KWvbx+EhJKo60I1HI9Ltchbw\n" +
-            "kSHSXbe4S6iDj7eRMmjPziWTLLJ9l8j+wbQXugmeA5CTe3xJgyJoipveR8MxmHou\n" +
-            "fUAL0u8+07KMqo9Iqf8A6ClYBve2k1qUcyYmrVgO5UK41epzeWRoUyW4hM+Ueq4G\n" +
-            "RQyja03Qxr7qGKQ28JKyuhyIjzpSf/debYMcnfAf5cPW3aV4kj2wbSzqyc+UQRlx\n" +
-            "RGi6RzwE6V26PvA19xW2nvIuFR4/R8jIOKdzRV1NsDuxjhcpN+rdBQEiu5Q2Ko1b\n" +
-            "Nf5TGS8IRsEqsxpiHU4r2RsCAwEAAaOCAQkwggEFMA4GA1UdDwEB/wQEAwIBBjAP\n" +
-            "BgNVHRMECDAGAQH/AgEAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0\n" +
-            "cDovL29jc3AuZW50cnVzdC5uZXQwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL2Ny\n" +
-            "bC5lbnRydXN0Lm5ldC9nMmNhLmNybDA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggr\n" +
-            "BgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwHQYDVR0OBBYEFIKi\n" +
-            "cHTdvFM/z3vU981/p2DGCky/MB8GA1UdIwQYMBaAFGpyJnrQHu995ztpUdRsjZ+Q\n" +
-            "EmarMA0GCSqGSIb3DQEBCwUAA4IBAQA/HBpb/0AiHY81DC2qmSerwBEycNc2KGml\n" +
-            "jbEnmUK+xJPrSFdDcSPE5U6trkNvknbFGe/KvG9CTBaahqkEOMdl8PUM4ErfovrO\n" +
-            "GhGonGkvG9/q4jLzzky8RgzAiYDRh2uiz2vUf/31YFJnV6Bt0WRBFG00Yu0GbCTy\n" +
-            "BrwoAq8DLcIzBfvLqhboZRBD9Wlc44FYmc1r07jHexlVyUDOeVW4c4npXEBmQxJ/\n" +
-            "B7hlVtWNw6f1sbZlnsCDNn8WRTx0S5OKPPEr9TVwc3vnggSxGJgO1JxvGvz8pzOl\n" +
-            "u7sY82t6XTKH920l5OJ2hiEeEUbNdg5vT6QhcQqEpy02qUgiUX6C\n" +
-            "-----END CERTIFICATE-----\n";
 
 
     Logger logger = new BaseLogger();
@@ -490,48 +456,12 @@ GatewayMap executeGatewayRequest(GatewayRequest request) throws Exception {
         throw exception;
     }
 
-    SSLContext createSslContext() throws Exception {
-        // create and initialize a KeyStore
-        KeyStore keyStore = createSslKeyStore();
-
-        // create a TrustManager that trusts the INTERMEDIATE_CA in our KeyStore
-        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-        tmf.init(keyStore);
-
-        TrustManager[] trustManagers = tmf.getTrustManagers();
-
-        SSLContext context = SSLContext.getInstance("TLS");
-        context.init(null, trustManagers, null);
-
-        return context;
-    }
-
-    KeyStore createSslKeyStore() throws Exception {
-        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-        keyStore.load(null, null);
-
-        // add our trusted cert to the keystore
-        keyStore.setCertificateEntry("gateway.mastercard.com", readCertificate(INTERMEDIATE_CA));
-
-        return keyStore;
-    }
-
-    X509Certificate readCertificate(String cert) throws CertificateException {
-        byte[] bytes = cert.getBytes();
-        InputStream is = new ByteArrayInputStream(bytes);
-
-        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
-    }
-
     HttpsURLConnection createHttpsUrlConnection(GatewayRequest request) throws Exception {
         // parse url
         URL url = new URL(request.url);
 
-        // init ssl context with limiting trust managers
-        SSLContext context = createSslContext();
-
         HttpsURLConnection c = (HttpsURLConnection) url.openConnection();
-        c.setSSLSocketFactory(context.getSocketFactory());
+        c.setSSLSocketFactory(createSocketFactory());
         c.setConnectTimeout(CONNECTION_TIMEOUT);
         c.setReadTimeout(READ_TIMEOUT);
         c.setRequestMethod(request.method.name());
@@ -550,6 +480,14 @@ HttpsURLConnection createHttpsUrlConnection(GatewayRequest request) throws Excep
         return c;
     }
 
+    SSLSocketFactory createSocketFactory() throws Exception {
+        // custom ssl context to enforce certificate pinning
+        SSLContext sslContext = new GatewaySSLContextProvider().createSSLContext();
+
+        // custom socket factory to enable TLSv1.2 on all supported devices
+        return new GatewayTLSSocketFactory(sslContext);
+    }
+
     String createAuthHeader(String sessionId) {
         String value = "merchant." + merchantId + ":" + sessionId;
         return "Basic " + Base64.encodeToString(value.getBytes(), Base64.NO_WRAP);

gateway-android/src/main/java/com/mastercard/gateway/android/sdk/GatewaySSLContextProvider.java

@@ -0,0 +1,78 @@
+package com.mastercard.gateway.android.sdk;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+
+class GatewaySSLContextProvider {
+
+    static final String INTERMEDIATE_CA = "-----BEGIN CERTIFICATE-----\n" +
+            "MIIFAzCCA+ugAwIBAgIEUdNg7jANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC\n" +
+            "VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50\n" +
+            "cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs\n" +
+            "IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz\n" +
+            "dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMTQxMDIyMTcw\n" +
+            "NTE0WhcNMjQxMDIzMDczMzIyWjCBujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu\n" +
+            "dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt\n" +
+            "dGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0\n" +
+            "aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9u\n" +
+            "IEF1dGhvcml0eSAtIEwxSzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n" +
+            "ANo/ltBNuS9E59s5XptQ7lylYdpBZ1MJqgCajld/KWvbx+EhJKo60I1HI9Ltchbw\n" +
+            "kSHSXbe4S6iDj7eRMmjPziWTLLJ9l8j+wbQXugmeA5CTe3xJgyJoipveR8MxmHou\n" +
+            "fUAL0u8+07KMqo9Iqf8A6ClYBve2k1qUcyYmrVgO5UK41epzeWRoUyW4hM+Ueq4G\n" +
+            "RQyja03Qxr7qGKQ28JKyuhyIjzpSf/debYMcnfAf5cPW3aV4kj2wbSzqyc+UQRlx\n" +
+            "RGi6RzwE6V26PvA19xW2nvIuFR4/R8jIOKdzRV1NsDuxjhcpN+rdBQEiu5Q2Ko1b\n" +
+            "Nf5TGS8IRsEqsxpiHU4r2RsCAwEAAaOCAQkwggEFMA4GA1UdDwEB/wQEAwIBBjAP\n" +
+            "BgNVHRMECDAGAQH/AgEAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0\n" +
+            "cDovL29jc3AuZW50cnVzdC5uZXQwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL2Ny\n" +
+            "bC5lbnRydXN0Lm5ldC9nMmNhLmNybDA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggr\n" +
+            "BgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwHQYDVR0OBBYEFIKi\n" +
+            "cHTdvFM/z3vU981/p2DGCky/MB8GA1UdIwQYMBaAFGpyJnrQHu995ztpUdRsjZ+Q\n" +
+            "EmarMA0GCSqGSIb3DQEBCwUAA4IBAQA/HBpb/0AiHY81DC2qmSerwBEycNc2KGml\n" +
+            "jbEnmUK+xJPrSFdDcSPE5U6trkNvknbFGe/KvG9CTBaahqkEOMdl8PUM4ErfovrO\n" +
+            "GhGonGkvG9/q4jLzzky8RgzAiYDRh2uiz2vUf/31YFJnV6Bt0WRBFG00Yu0GbCTy\n" +
+            "BrwoAq8DLcIzBfvLqhboZRBD9Wlc44FYmc1r07jHexlVyUDOeVW4c4npXEBmQxJ/\n" +
+            "B7hlVtWNw6f1sbZlnsCDNn8WRTx0S5OKPPEr9TVwc3vnggSxGJgO1JxvGvz8pzOl\n" +
+            "u7sY82t6XTKH920l5OJ2hiEeEUbNdg5vT6QhcQqEpy02qUgiUX6C\n" +
+            "-----END CERTIFICATE-----\n";
+
+    public GatewaySSLContextProvider() {
+    }
+
+    SSLContext createSSLContext() throws Exception {
+        // create and initialize a KeyStore
+        KeyStore keyStore = createKeyStore();
+
+        // create a TrustManager that trusts the INTERMEDIATE_CA in our KeyStore
+        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        tmf.init(keyStore);
+
+        SSLContext context = SSLContext.getInstance("TLS");
+        context.init(null, tmf.getTrustManagers(), null);
+
+        return context;
+    }
+
+    KeyStore createKeyStore() throws Exception {
+        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        keyStore.load(null, null);
+
+        // add our trusted cert to the keystore
+        keyStore.setCertificateEntry("gateway.mastercard.com", readCertificate(INTERMEDIATE_CA));
+
+        return keyStore;
+    }
+
+    X509Certificate readCertificate(String cert) throws CertificateException {
+        byte[] bytes = cert.getBytes();
+        InputStream is = new ByteArrayInputStream(bytes);
+
+        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
+    }
+}

gateway-android/src/main/java/com/mastercard/gateway/android/sdk/GatewayTLSSocketFactory.java

@@ -0,0 +1,69 @@
+package com.mastercard.gateway.android.sdk;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
+/**
+ * Custom SSL socket factory required to enable TLSv1.2 on KitKat devices and below
+ */
+class GatewayTLSSocketFactory extends SSLSocketFactory {
+
+    private SSLSocketFactory internalSSLSocketFactory;
+
+    public GatewayTLSSocketFactory(SSLContext context) {
+        internalSSLSocketFactory = context.getSocketFactory();
+    }
+
+    @Override
+    public String[] getDefaultCipherSuites() {
+        return internalSSLSocketFactory.getDefaultCipherSuites();
+    }
+
+    @Override
+    public String[] getSupportedCipherSuites() {
+        return internalSSLSocketFactory.getSupportedCipherSuites();
+    }
+
+    @Override
+    public Socket createSocket() throws IOException {
+        return enableTLSOnSocket(internalSSLSocketFactory.createSocket());
+    }
+
+    @Override
+    public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
+        return enableTLSOnSocket(internalSSLSocketFactory.createSocket(s, host, port, autoClose));
+    }
+
+    @Override
+    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
+        return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port));
+    }
+
+    @Override
+    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {
+        return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port, localHost, localPort));
+    }
+
+    @Override
+    public Socket createSocket(InetAddress host, int port) throws IOException {
+        return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port));
+    }
+
+    @Override
+    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
+        return enableTLSOnSocket(internalSSLSocketFactory.createSocket(address, port, localAddress, localPort));
+    }
+
+    private Socket enableTLSOnSocket(Socket socket) {
+        if(socket != null && (socket instanceof SSLSocket)) {
+            ((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2"});
+        }
+        return socket;
+    }
+}

gateway-android/src/main/java/com/mastercard/gateway/android/sdk/Logger.java

@@ -16,10 +16,11 @@
 
 package com.mastercard.gateway.android.sdk;
 
-import java.net.HttpURLConnection;
+
+import javax.net.ssl.HttpsURLConnection;
 
 interface Logger {
-    void logRequest(HttpURLConnection c, String data);
-    void logResponse(HttpURLConnection c, String data);
+    void logRequest(HttpsURLConnection c, String data);
+    void logResponse(HttpsURLConnection c, String data);
     void logDebug(String message);
 }

gateway-android/src/release/java/com/mastercard/gateway/android/sdk/BaseLogger.java

@@ -1,18 +1,18 @@
 package com.mastercard.gateway.android.sdk;
 
 
-import java.net.HttpURLConnection;
+import javax.net.ssl.HttpsURLConnection;
 
 
 class BaseLogger implements Logger {
 
     @Override
-    public void logRequest(HttpURLConnection c, String data) {
+    public void logRequest(HttpsURLConnection c, String data) {
         // no-op
     }
 
     @Override
-    public void logResponse(HttpURLConnection c, String data) {
+    public void logResponse(HttpsURLConnection c, String data) {
         // no-op
     }