Merge pull request #2421 from alphagov/PP_6712_remove_sha_in_passphra…

…se_from_EpdqTemplateData PP-6712 Remove SHA-IN passphrase from EpdqTemplateData
alphagov · Jul 2, 2020 · b1049b4 · b1049b4
2 parents 6c18765 + 2c8a84c
commit b1049b4
Show file tree

Hide file tree

Showing 10 changed files with 27 additions and 23 deletions.
diff --git a/src/main/java/uk/gov/pay/connector/gateway/epdq/EpdqCaptureHandler.java b/src/main/java/uk/gov/pay/connector/gateway/epdq/EpdqCaptureHandler.java
@@ -50,12 +50,12 @@ private GatewayOrder buildCaptureOrder(CaptureGatewayRequest request) {
         EpdqTemplateData templateData = new EpdqTemplateData();
         templateData.setUserId(request.getGatewayAccount().getCredentials().get(CREDENTIALS_USERNAME));
         templateData.setPassword(request.getGatewayAccount().getCredentials().get(CREDENTIALS_PASSWORD));
-        templateData.setShaInPassphrase(request.getGatewayAccount().getCredentials().get(CREDENTIALS_SHA_IN_PASSPHRASE));
         templateData.setMerchantCode(request.getGatewayAccount().getCredentials().get(CREDENTIALS_MERCHANT_ID));
         templateData.setTransactionId(request.getTransactionId());
 
         var epdqPayloadDefinitionForCaptureOrder = new EpdqPayloadDefinitionForCaptureOrder();
         epdqPayloadDefinitionForCaptureOrder.setEpdqTemplateData(templateData);
+        epdqPayloadDefinitionForCaptureOrder.setShaInPassphrase(request.getGatewayAccount().getCredentials().get(CREDENTIALS_SHA_IN_PASSPHRASE));
         return epdqPayloadDefinitionForCaptureOrder.createGatewayOrder();
     }
 }
diff --git a/src/main/java/uk/gov/pay/connector/gateway/epdq/EpdqPaymentProvider.java b/src/main/java/uk/gov/pay/connector/gateway/epdq/EpdqPaymentProvider.java
@@ -275,33 +275,33 @@ private GatewayOrder buildQueryOrderRequestFor(Auth3dsResponseGatewayRequest req
         EpdqTemplateData templateData = new EpdqTemplateData();
         templateData.setOrderId(request.getChargeExternalId());
         templateData.setPassword(request.getGatewayAccount().getCredentials().get(CREDENTIALS_PASSWORD));
-        templateData.setShaInPassphrase(request.getGatewayAccount().getCredentials().get(CREDENTIALS_SHA_IN_PASSPHRASE));
         templateData.setUserId(request.getGatewayAccount().getCredentials().get(CREDENTIALS_USERNAME));
         templateData.setMerchantCode(request.getGatewayAccount().getCredentials().get(CREDENTIALS_MERCHANT_ID));
 
         var epdqPayloadDefinitionForQueryOrder = new EpdqPayloadDefinitionForQueryOrder();
         epdqPayloadDefinitionForQueryOrder.setEpdqTemplateData(templateData);
+        epdqPayloadDefinitionForQueryOrder.setShaInPassphrase(request.getGatewayAccount().getCredentials().get(CREDENTIALS_SHA_IN_PASSPHRASE));
+
         return epdqPayloadDefinitionForQueryOrder.createGatewayOrder();
     }
 
     private GatewayOrder buildQueryOrderRequestFor(ChargeEntity charge) {
         EpdqTemplateData templateData = new EpdqTemplateData();
         templateData.setOrderId(charge.getExternalId());
         templateData.setPassword(charge.getGatewayAccount().getCredentials().get(CREDENTIALS_PASSWORD));
-        templateData.setShaInPassphrase(charge.getGatewayAccount().getCredentials().get(CREDENTIALS_SHA_IN_PASSPHRASE));
         templateData.setUserId(charge.getGatewayAccount().getCredentials().get(CREDENTIALS_USERNAME));
         templateData.setMerchantCode(charge.getGatewayAccount().getCredentials().get(CREDENTIALS_MERCHANT_ID));
 
         var epdqPayloadDefinitionForQueryOrder = new EpdqPayloadDefinitionForQueryOrder();
         epdqPayloadDefinitionForQueryOrder.setEpdqTemplateData(templateData);
+        epdqPayloadDefinitionForQueryOrder.setShaInPassphrase(charge.getGatewayAccount().getCredentials().get(CREDENTIALS_SHA_IN_PASSPHRASE));
         return epdqPayloadDefinitionForQueryOrder.createGatewayOrder();
     }
 
     private GatewayOrder buildAuthoriseOrder(CardAuthorisationGatewayRequest request, String frontendUrl) {
         EpdqTemplateData templateData = new EpdqTemplateData();
         templateData.setOrderId(request.getChargeExternalId());
         templateData.setPassword(request.getGatewayAccount().getCredentials().get(CREDENTIALS_PASSWORD));
-        templateData.setShaInPassphrase(request.getGatewayAccount().getCredentials().get(CREDENTIALS_SHA_IN_PASSPHRASE));
         templateData.setUserId(request.getGatewayAccount().getCredentials().get(CREDENTIALS_USERNAME));
         templateData.setMerchantCode(request.getGatewayAccount().getCredentials().get(CREDENTIALS_MERCHANT_ID));
         templateData.setDescription(request.getDescription());
@@ -321,14 +321,14 @@ private GatewayOrder buildAuthoriseOrder(CardAuthorisationGatewayRequest request
         }
 
         epdqPayloadDefinition.setEpdqTemplateData(templateData);
+        epdqPayloadDefinition.setShaInPassphrase(request.getGatewayAccount().getCredentials().get(CREDENTIALS_SHA_IN_PASSPHRASE));
         return epdqPayloadDefinition.createGatewayOrder();
     }
 
     private GatewayOrder buildCancelOrder(CancelGatewayRequest request) {
         EpdqTemplateData templateData = new EpdqTemplateData();
         templateData.setUserId(request.getGatewayAccount().getCredentials().get(CREDENTIALS_USERNAME));
         templateData.setPassword(request.getGatewayAccount().getCredentials().get(CREDENTIALS_PASSWORD));
-        templateData.setShaInPassphrase(request.getGatewayAccount().getCredentials().get(CREDENTIALS_SHA_IN_PASSPHRASE));
         templateData.setMerchantCode(request.getGatewayAccount().getCredentials().get(CREDENTIALS_MERCHANT_ID));
 
         Optional.ofNullable(request.getTransactionId())
@@ -338,6 +338,7 @@ private GatewayOrder buildCancelOrder(CancelGatewayRequest request) {
 
         var epdqPayloadDefinitionForCancelOrder = new EpdqPayloadDefinitionForCancelOrder();
         epdqPayloadDefinitionForCancelOrder.setEpdqTemplateData(templateData);
+        epdqPayloadDefinitionForCancelOrder.setShaInPassphrase(request.getGatewayAccount().getCredentials().get(CREDENTIALS_SHA_IN_PASSPHRASE));
         return epdqPayloadDefinitionForCancelOrder.createGatewayOrder();
     }
 }
diff --git a/src/main/java/uk/gov/pay/connector/gateway/epdq/EpdqRefundHandler.java b/src/main/java/uk/gov/pay/connector/gateway/epdq/EpdqRefundHandler.java
@@ -52,13 +52,13 @@ private GatewayOrder buildRefundOrder(RefundGatewayRequest request) {
         EpdqTemplateData templateData = new EpdqTemplateData();
         templateData.setUserId(request.getGatewayAccount().getCredentials().get(CREDENTIALS_USERNAME));
         templateData.setPassword(request.getGatewayAccount().getCredentials().get(CREDENTIALS_PASSWORD));
-        templateData.setShaInPassphrase(request.getGatewayAccount().getCredentials().get(CREDENTIALS_SHA_IN_PASSPHRASE));
         templateData.setMerchantCode(request.getGatewayAccount().getCredentials().get(CREDENTIALS_MERCHANT_ID));
         templateData.setTransactionId(request.getTransactionId());
         templateData.setAmount(request.getAmount());
 
         var epdqPayloadDefinitionForRefundOrder = new EpdqPayloadDefinitionForRefundOrder();
         epdqPayloadDefinitionForRefundOrder.setEpdqTemplateData(templateData);
+        epdqPayloadDefinitionForRefundOrder.setShaInPassphrase(request.getGatewayAccount().getCredentials().get(CREDENTIALS_SHA_IN_PASSPHRASE));
         return epdqPayloadDefinitionForRefundOrder.createGatewayOrder();
     }
 }
diff --git a/src/main/java/uk/gov/pay/connector/gateway/epdq/EpdqTemplateData.java b/src/main/java/uk/gov/pay/connector/gateway/epdq/EpdqTemplateData.java
@@ -7,7 +7,6 @@ public class EpdqTemplateData extends OrderRequestBuilder.TemplateData {
     private String orderId;
     private String password;
     private String userId;
-    private String shaInPassphrase;
     private String amount;
     private String frontendBaseUrl;
 
@@ -35,14 +34,6 @@ public void setUserId(String userId) {
         this.userId = userId;
     }
 
-    public String getShaInPassphrase() {
-        return shaInPassphrase;
-    }
-
-    public void setShaInPassphrase(String shaInPassphrase) {
-        this.shaInPassphrase = shaInPassphrase;
-    }
-
     @Override
     public String getAmount() {
         return amount;

diff --git a/src/main/java/uk/gov/pay/connector/gateway/epdq/payload/EpdqPayloadDefinition.java b/src/main/java/uk/gov/pay/connector/gateway/epdq/payload/EpdqPayloadDefinition.java
@@ -29,13 +29,14 @@ public abstract class EpdqPayloadDefinition {
     public static final Charset EPDQ_APPLICATION_X_WWW_FORM_URLENCODED_CHARSET = Charset.forName("windows-1252");
 
     protected EpdqTemplateData epdqTemplateData;
+
+    protected String shaInPassphrase;
 
     protected abstract List<NameValuePair> extract();
 
     public GatewayOrder createGatewayOrder() {
-        EpdqTemplateData templateData = getEpdqTemplateData();
         ArrayList<NameValuePair> params = new ArrayList<>(extract());
-        String signature = SIGNATURE_GENERATOR.sign(params, templateData.getShaInPassphrase());
+        String signature = SIGNATURE_GENERATOR.sign(params, getShaInPassphrase());
         params.add(new BasicNameValuePair("SHASIGN", signature));
         String payload = URLEncodedUtils.format(params, EPDQ_APPLICATION_X_WWW_FORM_URLENCODED_CHARSET);
         return new GatewayOrder(
@@ -53,8 +54,16 @@ public void setEpdqTemplateData(EpdqTemplateData epdqTemplateData) {
         this.epdqTemplateData = epdqTemplateData;
     }
 
-    public EpdqTemplateData getEpdqTemplateData() {
+    protected EpdqTemplateData getEpdqTemplateData() {
         return epdqTemplateData;
     }
 
+    public void setShaInPassphrase(String shaInPassphrase) {
+        this.shaInPassphrase = shaInPassphrase;
+    }
+
+    public String getShaInPassphrase() {
+        return shaInPassphrase;
+    }
+
 }
diff --git a/src/test/java/uk/gov/pay/connector/gateway/epdq/EpdqPayloadDefinitionForCancelOrderTest.java b/src/test/java/uk/gov/pay/connector/gateway/epdq/EpdqPayloadDefinitionForCancelOrderTest.java
@@ -16,13 +16,14 @@ public void assert_payload_and_order_request_type_are_as_expected() {
         EpdqTemplateData templateData = new EpdqTemplateData();
         templateData.setPassword("password");
         templateData.setUserId("username");
-        templateData.setShaInPassphrase("sha-passphrase");
         templateData.setMerchantCode("merchant-id");
         templateData.setTransactionId("payId");
 
         var epdqPayloadDefinitionForCancelOrder = new EpdqPayloadDefinitionForCancelOrder();
         epdqPayloadDefinitionForCancelOrder.setEpdqTemplateData(templateData);
+        epdqPayloadDefinitionForCancelOrder.setShaInPassphrase("sha-passphrase");
         GatewayOrder gatewayOrder = epdqPayloadDefinitionForCancelOrder.createGatewayOrder();
+
         assertEquals(TestTemplateResourceLoader.load(EPDQ_CANCEL_REQUEST), gatewayOrder.getPayload());
         assertEquals(OrderRequestType.CANCEL, gatewayOrder.getOrderRequestType());
     }

diff --git a/...test/java/uk/gov/pay/connector/gateway/epdq/EpdqPayloadDefinitionForCaptureOrderTest.java b/...test/java/uk/gov/pay/connector/gateway/epdq/EpdqPayloadDefinitionForCaptureOrderTest.java
@@ -16,12 +16,12 @@ public void assert_payload_and_order_request_type_are_as_expected() {
         EpdqTemplateData templateData = new EpdqTemplateData();
         templateData.setPassword("password");
         templateData.setUserId("username");
-        templateData.setShaInPassphrase("sha-passphrase");
         templateData.setMerchantCode("merchant-id");
         templateData.setTransactionId("payId");
 
         var epdqPayloadDefinitionForCaptureOrder = new EpdqPayloadDefinitionForCaptureOrder();
         epdqPayloadDefinitionForCaptureOrder.setEpdqTemplateData(templateData);
+        epdqPayloadDefinitionForCaptureOrder.setShaInPassphrase("sha-passphrase");
         GatewayOrder gatewayOrder = epdqPayloadDefinitionForCaptureOrder.createGatewayOrder();
 
         assertEquals(TestTemplateResourceLoader.load(EPDQ_CAPTURE_REQUEST), gatewayOrder.getPayload());

diff --git a/src/test/java/uk/gov/pay/connector/gateway/epdq/EpdqPayloadDefinitionForNew3dsOrderTest.java b/src/test/java/uk/gov/pay/connector/gateway/epdq/EpdqPayloadDefinitionForNew3dsOrderTest.java
@@ -118,14 +118,15 @@ public void assert_payload_and_order_request_type_are_as_expected() {
         templateData.setOrderId("mq4ht90j2oir6am585afk58kml");
         templateData.setPassword("password");
         templateData.setUserId("username");
-        templateData.setShaInPassphrase("sha-passphrase");
         templateData.setMerchantCode("merchant-id");
         templateData.setDescription("MyDescription");
         templateData.setAmount("500");
         templateData.setAuthCardDetails(authCardDetails);
 
         epdqPayloadDefinitionFor3dsNewOrder.setEpdqTemplateData(templateData);
+        epdqPayloadDefinitionFor3dsNewOrder.setShaInPassphrase("sha-passphrase");
         GatewayOrder gatewayOrder = epdqPayloadDefinitionFor3dsNewOrder.createGatewayOrder();
+
         assertEquals(TestTemplateResourceLoader.load(EPDQ_AUTHORISATION_3DS_REQUEST), gatewayOrder.getPayload());
         assertEquals(OrderRequestType.AUTHORISE_3DS, gatewayOrder.getOrderRequestType());
     }

diff --git a/src/test/java/uk/gov/pay/connector/gateway/epdq/EpdqPayloadDefinitionForNewOrderTest.java b/src/test/java/uk/gov/pay/connector/gateway/epdq/EpdqPayloadDefinitionForNewOrderTest.java
@@ -103,14 +103,15 @@ public void assert_payload_and_order_request_type_are_as_expected() {
         templateData.setOrderId("mq4ht90j2oir6am585afk58kml");
         templateData.setPassword("password");
         templateData.setUserId("username");
-        templateData.setShaInPassphrase("sha-passphrase");
         templateData.setMerchantCode("merchant-id");
         templateData.setDescription("MyDescription");
         templateData.setAmount("500");
         templateData.setAuthCardDetails(authCardDetails);
 
         epdqPayloadDefinitionForNewOrder.setEpdqTemplateData(templateData);
+        epdqPayloadDefinitionForNewOrder.setShaInPassphrase("sha-passphrase");
         GatewayOrder gatewayOrder = epdqPayloadDefinitionForNewOrder.createGatewayOrder();
+
         assertEquals(TestTemplateResourceLoader.load(EPDQ_AUTHORISATION_REQUEST), gatewayOrder.getPayload());
         assertEquals(OrderRequestType.AUTHORISE, gatewayOrder.getOrderRequestType());
     }

diff --git a/src/test/java/uk/gov/pay/connector/gateway/epdq/EpdqPayloadDefinitionForRefundOrderTest.java b/src/test/java/uk/gov/pay/connector/gateway/epdq/EpdqPayloadDefinitionForRefundOrderTest.java
@@ -16,13 +16,13 @@ public void assert_payload_and_order_request_type_are_as_expected() {
         EpdqTemplateData templateData = new EpdqTemplateData();
         templateData.setPassword("password");
         templateData.setUserId("username");
-        templateData.setShaInPassphrase("sha-passphrase");
         templateData.setMerchantCode("merchant-id");
         templateData.setTransactionId("payId");
         templateData.setAmount("400");
 
         var epdqPayloadDefinitionForRefundOrder = new EpdqPayloadDefinitionForRefundOrder();
         epdqPayloadDefinitionForRefundOrder.setEpdqTemplateData(templateData);
+        epdqPayloadDefinitionForRefundOrder.setShaInPassphrase("sha-passphrase");
         GatewayOrder gatewayOrder = epdqPayloadDefinitionForRefundOrder.createGatewayOrder();
 
         assertEquals(TestTemplateResourceLoader.load(EPDQ_REFUND_REQUEST), gatewayOrder.getPayload());