juspay · likhinbopanna · Oct 8, 2024 · Sep 25, 2024 · Sep 30, 2024 · Oct 1, 2024
@@ -580,6 +580,10 @@ apple_pay_ppc_key = "APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE_KEY" # Private key
 apple_pay_merchant_cert = "APPLE_PAY_MERCHNAT_CERTIFICATE"         # Merchant Certificate provided by Apple Pay (https://developer.apple.com/) Certificates, Identifiers & Profiles > Apple Pay Merchant Identity Certificate
 apple_pay_merchant_cert_key = "APPLE_PAY_MERCHNAT_CERTIFICATE_KEY" # Private key generated by RSA:2048 algorithm. Refer Hyperswitch Docs (https://docs.hyperswitch.io/hyperswitch-cloud/payment-methods-setup/wallets/apple-pay/ios-application/) to generate the private key
 
+[paze_decrypt_keys]
+paze_private_key = "PAZE_PRIVATE_KEY"                       # Base 64 Encoded Private Key File cakey.pem generated for Paze
+paze_private_key_passphrase = "PAZE_PRIVATE_KEY_PASSPHRASE" # PEM Passphrase used for generating Private Key File cakey.pem
+
 [applepay_merchant_configs]
 # Run below command to get common merchant identifier for applepay in shell
 #

@@ -29,6 +29,10 @@ apple_pay_ppc_key = "APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE_KEY" # Private key
 apple_pay_merchant_cert = "APPLE_PAY_MERCHNAT_CERTIFICATE"         # Merchant Certificate provided by Apple Pay (https://developer.apple.com/) Certificates, Identifiers & Profiles > Apple Pay Merchant Identity Certificate
 apple_pay_merchant_cert_key = "APPLE_PAY_MERCHNAT_CERTIFICATE_KEY" # Private key generated by RSA:2048 algorithm. Refer Hyperswitch Docs (https://docs.hyperswitch.io/hyperswitch-cloud/payment-methods-setup/wallets/apple-pay/ios-application/) to generate the private key
 
+[paze_decrypt_keys]
+paze_private_key = "PAZE_PRIVATE_KEY"                       # Base 64 Encoded Private Key File cakey.pem generated for Paze
+paze_private_key_passphrase = "PAZE_PRIVATE_KEY_PASSPHRASE" # PEM Passphrase used for generating Private Key File cakey.pem
+
 [applepay_merchant_configs]
 common_merchant_identifier = "APPLE_PAY_COMMON_MERCHANT_IDENTIFIER"                        # Refer to config.example.toml to learn how you can generate this value
 merchant_cert = "APPLE_PAY_MERCHANT_CERTIFICATE"                                           # Merchant Certificate provided by Apple Pay (https://developer.apple.com/) Certificates, Identifiers & Profiles > Apple Pay Merchant Identity Certificate

@@ -2894,7 +2894,7 @@ impl GetAddressFromPaymentMethodData for WalletData {
 #[derive(Eq, PartialEq, Clone, Debug, serde::Deserialize, serde::Serialize, ToSchema)]
 #[serde(rename_all = "snake_case")]
 pub struct PazeWalletData {
-    pub complete_response: String,
+    pub complete_response: Secret<String>,
 }
 
 #[derive(Eq, PartialEq, Clone, Debug, serde::Deserialize, serde::Serialize, ToSchema)]
@@ -5114,14 +5114,6 @@ pub struct PaymentProcessingDetails {
     pub payment_processing_certificate_key: Secret<String>,
 }
 
-#[derive(Debug, Clone, serde::Serialize, serde::Deserialize, PartialEq, Eq, ToSchema)]
-pub struct PazePaymentProcessingDetails {
-    #[schema(value_type = String)]
-    pub paze_private_key: Secret<String>,
-    #[schema(value_type = String)]
-    pub paze_private_key_passphrase: Secret<String>,
-}
-
 #[derive(Debug, Clone, serde::Serialize, serde::Deserialize, ToSchema)]
 pub struct SessionTokenForSimplifiedApplePay {
     pub initiative_context: String,

@@ -139,7 +139,7 @@ pub struct MifinityData {
 #[derive(Eq, PartialEq, Clone, Debug, serde::Deserialize, serde::Serialize)]
 #[serde(rename_all = "snake_case")]
 pub struct PazeWalletData {
-    pub complete_response: String,
+    pub complete_response: Secret<String>,
 }
 
 #[derive(Eq, PartialEq, Clone, Debug, serde::Deserialize, serde::Serialize)]

@@ -2718,6 +2718,14 @@ async fn decide_payment_method_tokenize_action(
     }
 }
 
+#[derive(Debug, Clone, serde::Serialize, serde::Deserialize, PartialEq, Eq, utoipa::ToSchema)]
+pub struct PazePaymentProcessingDetails {
+    #[schema(value_type = String)]
+    pub paze_private_key: Secret<String>,
+    #[schema(value_type = String)]
+    pub paze_private_key_passphrase: Secret<String>,
+}
+
 #[derive(Clone, Debug)]
 pub enum TokenizationAction {
     TokenizeInRouter,
@@ -2727,7 +2735,7 @@ pub enum TokenizationAction {
     SkipConnectorTokenization,
     DecryptApplePayToken(payments_api::PaymentProcessingDetails),
     TokenizeInConnectorAndApplepayPreDecrypt(payments_api::PaymentProcessingDetails),
-    DecryptPazeToken(payments_api::PazePaymentProcessingDetails),
+    DecryptPazeToken(PazePaymentProcessingDetails),
 }
 
 #[cfg(feature = "v2")]
@@ -2808,35 +2816,34 @@ where
                 payment_data.get_payment_attempt().merchant_id.clone(),
             );
 
-            let payment_method_action = if let Some(storage_enums::PaymentMethodType::Paze) =
-                payment_method_type
-            {
-                // Paze generates a one time use network token which should not be tokenized in the connector or router.
-                TokenizationAction::DecryptPazeToken(payments_api::PazePaymentProcessingDetails {
-                    paze_private_key: state
-                        .conf
-                        .paze_decrypt_keys
-                        .get_inner()
-                        .paze_private_key
-                        .clone(),
-                    paze_private_key_passphrase: state
-                        .conf
-                        .paze_decrypt_keys
-                        .get_inner()
-                        .paze_private_key_passphrase
-                        .clone(),
-                })
-            } else {
-                decide_payment_method_tokenize_action(
-                    state,
-                    &connector,
-                    payment_method,
-                    payment_data.get_token(),
-                    is_connector_tokenization_enabled,
-                    apple_pay_flow,
-                )
-                .await?
-            };
+            let payment_method_action =
+                if let Some(storage_enums::PaymentMethodType::Paze) = payment_method_type {
+                    // Paze generates a one time use network token which should not be tokenized in the connector or router.
+                    TokenizationAction::DecryptPazeToken(PazePaymentProcessingDetails {
+                        paze_private_key: state
+                            .conf
+                            .paze_decrypt_keys
+                            .get_inner()
+                            .paze_private_key
+                            .clone(),
+                        paze_private_key_passphrase: state
+                            .conf
+                            .paze_decrypt_keys
+                            .get_inner()
+                            .paze_private_key_passphrase
+                            .clone(),
+                    })
+                } else {
+                    decide_payment_method_tokenize_action(
+                        state,
+                        &connector,
+                        payment_method,
+                        payment_data.get_token(),
+                        is_connector_tokenization_enabled,
+                        apple_pay_flow,
+                    )
+                    .await?
+                };
 
             let connector_tokenization_action = match payment_method_action {
                 TokenizationAction::TokenizeInRouter => {

@@ -5012,7 +5012,11 @@ pub fn decrypt_paze_token(
         .decrypter_from_pem(decrypted_private_key_pem)
         .change_context(errors::PazeDecryptionError::CertificateParsingFailed)?;
 
-    let paze_complete_response: Vec<&str> = paze_wallet_data.complete_response.split('.').collect();
+    let paze_complete_response: Vec<&str> = paze_wallet_data
+        .complete_response
+        .peek()
+        .split('.')
+        .collect();
     let encrypted_jwe_key = paze_complete_response
         .get(1)
         .ok_or(errors::PazeDecryptionError::DecryptionFailed)?