Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(core): Add mTLS certificates for each request #5636

Merged
merged 13 commits into from
Aug 27, 2024
Merged

Conversation

Sakilmostak
Copy link
Contributor

@Sakilmostak Sakilmostak commented Aug 15, 2024

Type of Change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates
  • Documentation
  • CI/CD

Description

Itau bank needs mTLS in production for verification of the request. Certificates (rootCA and pubkey) needs to be passed along with each request for Itau to verify.
Note: To send the certificates, all related certificates needs to be concatenated and put into .pem extenstion and then should be base64 encoded
Private key should also be base64 encoded before passing into the field

Additional Changes

  • This PR modifies the API contract
  • This PR modifies the database schema
  • This PR modifies application configuration/environment variables

Motivation and Context

How did you test it?

This can only be tested in production since sandbox doesn't support mTLS.

Note: Apple pay (with any enabled connector), Netcetera and normal payment (with any connector) should be tested in sandbox since it affects there flows.

The above flows have been sanity tested on integ environment for this PR

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed the submitted code
  • I added unit tests for my changes where possible

@Sakilmostak Sakilmostak added A-connector-integration Area: Connector integration C-feature Category: Feature request or enhancement labels Aug 15, 2024
@Sakilmostak Sakilmostak added this to the August 2024 Release milestone Aug 15, 2024
@Sakilmostak Sakilmostak self-assigned this Aug 15, 2024
@Sakilmostak Sakilmostak requested review from a team as code owners August 15, 2024 08:15
jarnura
jarnura previously approved these changes Aug 19, 2024
@Sakilmostak Sakilmostak changed the title feat(connector): [Itau Bank] Add mTLS certificates for each request feat(core): Add mTLS certificates for each request Aug 21, 2024
@Sakilmostak Sakilmostak added the A-core Area: Core flows label Aug 22, 2024
Copy link
Member

@SanchithHegde SanchithHegde left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There also seems to be another create_identity_from_certificate_and_key() defined in crates/router/src/core/admin.rs file?

@@ -93,7 +93,7 @@ rand = "0.8.5"
rand_chacha = "0.3.1"
rdkafka = "0.36.2"
regex = "1.10.4"
reqwest = { version = "0.11.27", features = ["json", "native-tls", "__rustls", "gzip", "multipart"] }
reqwest = { version = "0.11.27", features = ["json", "__rustls", "rustls-tls", "gzip", "multipart"] }
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should be sufficient to use rustls-tls alone, since that internally enables __rustls.

@@ -105,7 +105,8 @@ pub fn create_identity_from_certificate_and_key(
let certificate_key = String::from_utf8(decoded_certificate_key)
.change_context(errors::ApiClientError::CertificateDecodeFailed)?;

reqwest::Identity::from_pkcs8_pem(certificate.as_bytes(), certificate_key.as_bytes())
let key_chain = format!("{}{}", certificate_key, certificate);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can move create_identity_from_certificate_and_key() and create_certificate() to crates/router/src/services/api/client.rs file.

@hyperswitch-bot hyperswitch-bot bot added the M-api-contract-changes Metadata: This PR involves API contract changes label Aug 24, 2024
@Gnanasundari24 Gnanasundari24 added this pull request to the merge queue Aug 27, 2024
Merged via the queue into main with commit 716d76c Aug 27, 2024
26 checks passed
@Gnanasundari24 Gnanasundari24 deleted the itau_mtls branch August 27, 2024 10:31
pixincreate added a commit that referenced this pull request Aug 27, 2024
…-key-check

* 'main' of github.com:juspay/hyperswitch:
  feat(core): Add mTLS certificates for each request (#5636)
  refactor(open_banking): Added merchant data update in mca update (#5655)
  feat: add test_mode for quickly testing payout links (#5669)
  refactor: introduce a domain type for profile ID (#5687)
  ci(cypress): update paybox configs (#5664)
  feat(openapi):  Add open api routes for routing v2 (#5686)
  feat(connector): [NOVALNET] Add template code (#5670)
  feat(user): business email update (#5674)
  chore(config): add production connector-configs for netcetera external 3ds flow (#5698)
  chore(version): 2024.08.27.0
  refactor(euclid): make the disabled node's relation as negative (#5701)
  feat: populate payment method details in payments response (#5661)
  build(deps): bump `diesel` to `2.2.3` and `sqlx` to `0.8.1` (#5688)
  feat(customer_v2):  added list customer v2 end point (#5517)
  feat(business_profile): add tax_connector_id column in business_profile table (#5576)
  chore: create v2 route for organization (#5679)
  refactor(payments_response): remove setter from payments response (#5676)
  feat(payment_methods_v2): Payment methods v2 API models (#5564)
  chore(version): 2024.08.26.0
pixincreate added a commit that referenced this pull request Aug 28, 2024
* 'main' of github.com:juspay/hyperswitch:
  feat(connector): [FISERVEMEA] Integrate cards (#5672)
  ci(cypress): Add routing testcases (#5571)
  fix(router): skip external three_ds flow for recurring payments (#5730)
  refactor(customer_v2): fixed customer_v2 create panic issue (#5699)
  feat(user_roles): support switch for new hierarchy (#5692)
  refactor(router): add domain type for merchant_connector_account id (#5685)
  refactor(cypress_tests): handle api keys check in api key list call (#5719)
  feat(connector): [NEXIXPAY] Add template code (#5684)
  refactor(connector): [itau] refactor error reason and code mapping for itau (#5718)
  fix(core): fix merchant connector account create for v2  (#5716)
  chore(version): 2024.08.28.0
  fix(routing): fix routing routes to deserialise correctly (#5724)
  feat(euclid): add a new variant in payment type i.e ppt_mandate (#5681)
  feat(core): Add mTLS certificates for each request (#5636)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-connector-integration Area: Connector integration A-core Area: Core flows C-feature Category: Feature request or enhancement M-api-contract-changes Metadata: This PR involves API contract changes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants