feat(core): add one-way TLS support with CA certificate for ArchiPEL UAT environment

[dgeee13]

Type of Change

• Bugfix
• New feature
• Enhancement
• Refactoring
• Dependency updates
• Documentation
• CI/CD

Description

ArchiPEL requires one-way TLS in their UAT environment to verify incoming requests. To support this:

A CA certificate must be provided and included with each request to enable proper server verification.

NOTE: The PEM certificate must be converted to a JSON-safe string format (i.e., escaped \n as \r\n or \n). (Please comment if you think there's any better way of doing this)

• This PR ensures that the CA certificate is properly parsed and integrated into the TLS client setup, supporting ArchiPEL’s verification requirements.
• This PR also adds wasm changes to add CA certificate PEM from the dashboard.
• This PR also adds postman collection changes for archipel to accomodate this new change @gbague

Additional Changes

• This PR modifies the API contract
• This PR modifies the database schema
• This PR modifies application configuration/environment variables

Motivation and Context

How did you test it?

Please note, testing needs to be done for the following scenarios

1. Itaubank connector payments - it uses mTLS flow
2. Archipel connector payment - it uses one way TLS flow (This PR introduces this flow)

1. Create Archipel connector

curl --location 'http://localhost:8080/account/flowbird/connectors' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --header 'api-key: dev_9BVJpIiKysTwOVEDlenKkv7JRiJed0NlzE6DSD2PPC0GwNgbQYkHlv1H14NybhW7' \ --data '{ "connector_type": "payment_processor", "connector_name": "archipel", "connector_account_details": { "auth_type": "HeaderKey", "api_key": "///PEM CERITIFICATE///", }, "metadata": { "tenant_id": "///Tenant ID///", "platform_url": "///Platform URL///", "apple_pay_combined": { "manual": { "session_token_data": { "initiative": "web", "certificate": "", "display_name": "Flowbird", "certificate_keys": "", "initiative_context": "", "merchant_identifier": "", "merchant_business_country": "", "payment_processing_details_at": "Hyperswitch", "payment_processing_certificate": "", "payment_processing_certificate_key": "" }, "payment_request_data": { "label": "Flowbird", "supported_networks": [ "visa", "masterCard", "amex", "discover" ], "merchant_capabilities": [ "supports3DS" ] } } } }, "profile_id": "pro_eIirKlZvlDj8sE0O1x6s", "test_mode": false, "disabled": false, "payment_methods_enabled": [ { "payment_method": "card", "payment_method_types": [ { "payment_method_type": "credit", "payment_experience": null, "card_networks": [ "AmericanExpress", "Discover", "Interac", "JCB", "Mastercard", "Visa", "DinersClub", "UnionPay", "RuPay" ], "accepted_currencies": null, "accepted_countries": null, "minimum_amount": 1, "maximum_amount": 68607706, "recurring_enabled": true, "installment_payment_enabled": true }, { "payment_method_type": "debit", "payment_experience": null, "card_networks": [ "AmericanExpress", "Discover", "Interac", "JCB", "Mastercard", "Visa", "DinersClub", "UnionPay", "RuPay" ], "accepted_currencies": null, "accepted_countries": null, "minimum_amount": 1, "maximum_amount": 68607706, "recurring_enabled": true, "installment_payment_enabled": true } ] }, { "payment_method": "wallet", "payment_method_types": [ { "payment_method_type": "apple_pay", "payment_experience": null, "card_networks": [ "AmericanExpress", "Discover", "Interac", "JCB", "Mastercard", "Visa", "DinersClub", "UnionPay", "RuPay" ], "accepted_currencies": null, "accepted_countries": null, "minimum_amount": 1, "maximum_amount": 68607706, "recurring_enabled": false, "installment_payment_enabled": true } ] } ] }'

2. Make /payments call

curl --location 'http://localhost:8080/payments' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --header 'api-key: dev_9BVJpIiKysTwOVEDlenKkv7JRiJed0NlzE6DSD2PPC0GwNgbQYkHlv1H14NybhW7' \ --data-raw '{ "amount": 500, "amount_to_capture": 500, "currency": "EUR", "confirm": true, "capture_method": "automatic", "authentication_type": "no_three_ds", "payment_method": "card", "payment_method_type": "credit", "payment_method_data": { "card": { "card_cvc": "123", "card_exp_month": "01", "card_exp_year": "50", "card_holder_name": "John Doe", "card_number": "5185570141917102" } }, "profile_id": "pro_eIirKlZvlDj8sE0O1x6s", "email": "[email protected]", "name": "John Doe", "phone": "8056594427", "phone_country_code": "+91", "description": "Illo dolore aliquid qui id eum voluptatem voluptatem ratione molestiae.", "billing": { "address": { "line1": "2 ter", "line2": "rue du château", "line3": "", "city": "Neuilly-sur-Seine", "state": "France", "zip": "92200", "country": "FR" }, "phone": { "number": "8056594427", "country_code": "+91" } }, "shipping": { "address": { "line1": "1467", "line2": "Harrison Street", "line3": "Harrison Street", "city": "San Fransico", "state": "California", "zip": "94122", "country": "US", "first_name": "joseph", "last_name": "Doe" }, "phone": { "number": "8056594427", "country_code": "+91" } }, "statement_descriptor_name": "Joseph Doe", "statement_descriptor_suffix": "JS" }'

Checklist

• I formatted the code cargo +nightly fmt --all
• I addressed lints thrown by cargo clippy
• I reviewed the submitted code
• I added unit tests for my changes where possible

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
crates/router/src/core/payment_methods/cards.rs	97% smaller
crates/external_services/src/http_client.rs	86% smaller
crates/hyperswitch_connectors/src/connectors/archipel/transformers.rs	70% smaller
postman/collection-dir/archipel/Flow Testcases/QuickStart/Payment Connector - Create/request.json	58% smaller
crates/external_services/src/http_client/client.rs	54% smaller
crates/hyperswitch_connectors/src/connectors/archipel.rs	1% smaller
crates/common_utils/src/request.rs	0% smaller
crates/connector_configs/toml/development.toml	Unsupported file format
crates/connector_configs/toml/production.toml	Unsupported file format
crates/connector_configs/toml/sandbox.toml	Unsupported file format
crates/router/src/services/openidconnect.rs	0% smaller
crates/router/tests/connectors/sample_auth.toml	Unsupported file format
postman/collection-json/archipel.postman_collection.json	0% smaller

[dgeee13]

Added Box::pin to fix "just clippy" error