feat(connector): [redsys] integrate 3ds card, refund, void, capture (#309)

Author: pixincreate

.typos.toml

@@ -4,11 +4,14 @@ extend-ignore-re = [
     "[0-9a-f]{7,40}", # ignore git commit hashes
 ]
 
+[default.extend-words]
+ede = "ede" # Encrypt-Decrypt-Encrypt (Triple DES EDE mode)
+
 [default.extend-identifiers]
 ACI = "ACI" # Name of a connector
 BA = "BA" # Bosnia and Herzegovina country code
 ACTIVITE = "ACTIVITE" # French translation of activity
-AUTORISATION = "AUTORISATION" # French translation of authorization 
+AUTORISATION = "AUTORISATION" # French translation of authorization
 CAF = "CAF" # Central African Republic (ISO 3166-1 alpha-3)
 FO = "FO" # Faroe Islands (the) country code
 JOD = "JOD" # Jordan
@@ -25,4 +28,3 @@ jus = "jus" # Juspay
 FPR = "FPR" # Fraud Prevention Rules
 Eto = "Eto" # Gigadat transaction type
 Cpi = "Cpi" # Gigadat transaction type
-

Cargo.lock

@@ -2095,6 +2095,15 @@ pub enum MitCategory {
     Resubmission,
 }
 
+/// Padding schemes used for cryptographic operations
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum CryptoPadding {
+    /// PKCS7 padding - adds bytes equal to the number of padding bytes needed
+    PKCS7,
+    /// Zero padding - pads with null bytes
+    ZeroPadding,
+}
+
 #[derive(Debug, Default, Clone, PartialEq, Eq, Serialize, Deserialize, strum::Display)]
 #[serde(rename_all = "snake_case")]
 pub enum MandateStatus {

backend/common_enums/src/enums.rs

@@ -40,6 +40,7 @@ rand = "0.8.5"
 nanoid = "0.4.0"
 regex = "1.11.1"
 semver = { version = "1.0.26", features = ["serde"] }
+openssl = { version = "0.10", features = ["vendored"] }
 
 # Optional features
 [features]

backend/common_utils/Cargo.toml

@@ -50,6 +50,24 @@ pub const X_FLOW_NAME: &str = "x-flow";
 /// Header key for shadow mode
 pub const X_SHADOW_MODE: &str = "x-shadow-mode";
 
+// =============================================================================
+// Base64 engine
+// =============================================================================
+
+/// General purpose base64 engine
+pub const BASE64_ENGINE: base64::engine::GeneralPurpose = base64::engine::general_purpose::STANDARD;
+/// General purpose base64 engine standard nopad
+pub const BASE64_ENGINE_STD_NO_PAD: base64::engine::GeneralPurpose =
+    base64::engine::general_purpose::STANDARD_NO_PAD;
+
+/// URL Safe base64 engine
+pub const BASE64_ENGINE_URL_SAFE: base64::engine::GeneralPurpose =
+    base64::engine::general_purpose::URL_SAFE;
+
+/// URL Safe base64 engine without padding
+pub const BASE64_ENGINE_URL_SAFE_NO_PAD: base64::engine::GeneralPurpose =
+    base64::engine::general_purpose::URL_SAFE_NO_PAD;
+
 // =============================================================================
 // Test Environment Headers
 // =============================================================================

backend/common_utils/src/consts.rs

@@ -623,6 +623,64 @@ pub type EncryptableName = Encryptable<Secret<String>>;
 /// Type alias for `Encryptable<Secret<String>>` used for `email` field
 pub type EncryptableEmail = Encryptable<Secret<String, pii::EmailStrategy>>;
 
+/// Triple DES (3DES) encryption using EDE3 CBC mode
+/// Used by connectors like Redsys for signature generation
+pub struct TripleDesEde3CBC {
+    padding: common_enums::CryptoPadding,
+    iv: Vec<u8>,
+}
+
+impl TripleDesEde3CBC {
+    /// Triple DES key length (24 bytes = 192 bits)
+    pub const TRIPLE_DES_KEY_LENGTH: usize = 24;
+    /// Triple DES IV length (8 bytes = 64 bits)
+    pub const TRIPLE_DES_IV_LENGTH: usize = 8;
+
+    /// Create a new TripleDesEde3CBC instance
+    ///
+    /// # Arguments
+    /// * `padding` - Optional padding scheme (defaults to PKCS7)
+    /// * `iv` - Initialization vector (must be 8 bytes)
+    ///
+    /// # Errors
+    /// Returns `CryptoError::InvalidIvLength` if IV is not 8 bytes
+    pub fn new(
+        padding: Option<common_enums::CryptoPadding>,
+        iv: Vec<u8>,
+    ) -> CustomResult<Self, errors::CryptoError> {
+        if iv.len() != Self::TRIPLE_DES_IV_LENGTH {
+            Err(errors::CryptoError::InvalidIvLength)?
+        };
+        let padding = padding.unwrap_or(common_enums::CryptoPadding::PKCS7);
+        Ok(Self { iv, padding })
+    }
+}
+
+impl EncodeMessage for TripleDesEde3CBC {
+    fn encode_message(
+        &self,
+        secret: &[u8],
+        msg: &[u8],
+    ) -> CustomResult<Vec<u8>, errors::CryptoError> {
+        if secret.len() != Self::TRIPLE_DES_KEY_LENGTH {
+            Err(errors::CryptoError::InvalidKeyLength)?
+        }
+        let mut buffer = msg.to_vec();
+
+        // Apply zero padding if specified
+        if let common_enums::CryptoPadding::ZeroPadding = self.padding {
+            let pad_len = Self::TRIPLE_DES_IV_LENGTH - (buffer.len() % Self::TRIPLE_DES_IV_LENGTH);
+            if pad_len != Self::TRIPLE_DES_IV_LENGTH {
+                buffer.extend(vec![0u8; pad_len]);
+            }
+        };
+
+        let cipher = openssl::symm::Cipher::des_ede3_cbc();
+        openssl::symm::encrypt(cipher, secret, Some(&self.iv), &buffer)
+            .change_context(errors::CryptoError::EncodingFailed)
+    }
+}
+
 #[cfg(test)]
 mod crypto_tests {
     #![allow(clippy::expect_used)]

backend/common_utils/src/crypto.rs

@@ -43,6 +43,7 @@ thiserror = "1.0.69"
 sha2 = "0.10"
 rand = "0.8"
 jsonwebtoken = "9.2"
+html-escape = "0.2"
 
 [lints]
 workspace = true

backend/connector-integration/Cargo.toml

@@ -170,6 +170,9 @@ pub use self::nexixpay::Nexixpay;
 pub mod airwallex;
 pub use self::airwallex::Airwallex;
 
+pub mod redsys;
+pub use self::redsys::Redsys;
+
 pub mod worldpayxml;
 pub use self::worldpayxml::Worldpayxml;
 

backend/connector-integration/src/connectors.rs

@@ -173,6 +173,9 @@ mod tests {
                     billing_descriptor: None,
                     enable_partial_authorization: None,
                     locale: None,
+                    continue_redirection_url: None,
+                    redirect_response: None,
+                    threeds_method_comp_ind: None,
                     tokenization: None,
                 },
                 response: Err(ErrorResponse::default()),
@@ -319,6 +322,9 @@ mod tests {
                     billing_descriptor: None,
                     enable_partial_authorization: None,
                     locale: None,
+                    continue_redirection_url: None,
+                    redirect_response: None,
+                    threeds_method_comp_ind: None,
                     tokenization: None,
                 },
                 response: Err(ErrorResponse::default()),

backend/connector-integration/src/connectors/adyen/test.rs

@@ -160,6 +160,9 @@ mod tests {
                     billing_descriptor: None,
                     enable_partial_authorization: None,
                     locale: None,
+                    continue_redirection_url: None,
+                    redirect_response: None,
+                    threeds_method_comp_ind: None,
                     tokenization: None,
                 },
                 response: Err(ErrorResponse::default()),
@@ -305,6 +308,9 @@ mod tests {
                     billing_descriptor: None,
                     enable_partial_authorization: None,
                     locale: None,
+                    continue_redirection_url: None,
+                    redirect_response: None,
+                    threeds_method_comp_ind: None,
                     tokenization: None,
                 },
                 response: Err(ErrorResponse::default()),