CyberSource · gnongsie · Jun 18, 2025 · Jun 17, 2025 · Jun 17, 2025
diff --git a/src/main/java/Api/BatchUploadwithMTLSApi.java b/src/main/java/Api/BatchUploadwithMTLSApi.java
@@ -3,6 +3,7 @@
 import java.io.File;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
+import java.util.Collection;
 
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -30,9 +31,9 @@ public class BatchUploadwithMTLSApi {
      * @param inputFile The file to be uploaded.
      * @param environmentHostname The environment hostname (e.g., secure-batch-test.cybersource.com).
      * @param pgpEncryptionCertPath Path to the PGP encryption certificate.
-     * @param keystorePath Path to the JKS keystore file.
+     * @param keystorePath Path to the JKS keystore file containing client certificates.
      * @param keystorePassword Password for the keystore.
-     * @param truststorePath Path to the truststore file.
+     * @param truststorePath Path to the JKS truststore file containing trusted server certificates. <b>Optional</b>: Can be <code>null</code> if not required.
      * @param truststorePassword Password for the truststore.
      * @return ApiResponse containing the server response as a String.
      * @throws ApiException If an API error occurs.
@@ -56,9 +57,9 @@ public ApiResponse<String> uploadBatchAPI(File inputFile, String environmentHost
      * @param inputFile The file to be uploaded.
      * @param environmentHostname The environment hostname (e.g., api.cybersource.com).
      * @param pgpEncryptionCertPath Path to the PGP encryption certificate.
-     * @param clientCertP12FilePath Path to the PKCS#12 client certificate file.
+     * @param clientCertP12FilePath Path to the PKCS#12 client certificate file (.p12 or .pfx).
      * @param clientCertP12Password Password for the PKCS#12 client certificate.
-     * @param serverTrustCertPath Path to the server trust certificate.
+     * @param serverTrustCertPath Path to the server trust certificate(s) in PEM format. <b>Optional</b>: Can be <code>null</code> if not required.
      * @return ApiResponse containing the server response as a String.
      * @throws ApiException If an API error occurs.
      * @throws Exception If a general error occurs.
@@ -83,20 +84,20 @@ public ApiResponse<String> uploadBatchAPI(File inputFile, String environmentHost
      * @param pgpPublicKey The PGP public key for encryption.
      * @param clientPrivateKey The client's private key.
      * @param clientCert The client's X509 certificate.
-     * @param serverTrustCert The server's trust X509 certificate.
+     * @param serverTrustCerts A collection of server's trusted X509 certificates (can be a certificate chain). <b>Optional</b>: Can be <code>null</code> or empty if not required.
      * @return ApiResponse containing the server response as a String.
      * @throws ApiException If an API error occurs.
      * @throws Exception If a general error occurs.
      */
-    public ApiResponse<String> uploadBatchAPI(File inputFile, String environmentHostname, PGPPublicKey pgpPublicKey, PrivateKey clientPrivateKey, X509Certificate clientCert , X509Certificate serverTrustCert) throws ApiException, Exception {
+    public ApiResponse<String> uploadBatchAPI(File inputFile, String environmentHostname, PGPPublicKey pgpPublicKey, PrivateKey clientPrivateKey, X509Certificate clientCert , Collection<X509Certificate> serverTrustCerts) throws ApiException, Exception {
         logger.info("Starting batch upload with client private key and certs for given file");
-        BatchUploadUtility.validateBatchApiKeysInputs(inputFile, environmentHostname, pgpPublicKey, clientPrivateKey, clientCert, serverTrustCert);
+        BatchUploadUtility.validateBatchApiKeysInputs(inputFile, environmentHostname, pgpPublicKey, clientPrivateKey, clientCert, serverTrustCerts);
         String endpoint = "/pts/v1/transaction-batch-upload";
         String endpointUrl = BatchUploadUtility.getEndpointUrl(environmentHostname, endpoint);
         byte[] encryptedPgpBytes = PgpEncryptionUtility.handlePGPEncrypt(inputFile, pgpPublicKey);
         return MutualAuthUploadUtility.handleUploadOperationUsingPrivateKeyAndCerts(
             encryptedPgpBytes, endpointUrl, inputFile.getName(),
-            clientPrivateKey, clientCert, serverTrustCert
+            clientPrivateKey, clientCert, serverTrustCerts
         );
     }
 

diff --git a/src/main/java/utilities/pgpBatchUpload/BatchUploadUtility.java b/src/main/java/utilities/pgpBatchUpload/BatchUploadUtility.java
@@ -12,7 +12,10 @@
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collection;
 import java.util.Iterator;
+import java.util.List;
 
 import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.LogManager;
@@ -33,21 +36,27 @@ public class BatchUploadUtility {
 
 	private static final Logger logger = LogManager.getLogger(BatchUploadUtility.class);
 	private static final long MAX_FILE_SIZE_BYTES = 75 * 1024 * 1024;
-	
-	/**
-     * Loads an X509 certificate from a PEM file.
+    
+    /**
+     * Loads X509 certificates from a PEM file.
      *
      * @param certFilePath The file path to the PEM certificate file.
-     * @return The loaded X509Certificate object.
+     * @return The loaded X509Certificate(s) as a Collection.
      * @throws CertificateException If the certificate cannot be parsed or is invalid.
      * @throws IOException If the file cannot be read or does not exist.
      */
-    public static X509Certificate loadCertificateFromPemFile(String certFilePath) throws CertificateException, IOException {
-	    try (FileInputStream inStream = new FileInputStream(certFilePath)) {
-	        CertificateFactory cf = CertificateFactory.getInstance("X.509");
-	        return (X509Certificate) cf.generateCertificate(inStream);
-	    }
-	}
+    public static Collection<X509Certificate> loadCertificatesFromPemFile(String certFilePath) throws CertificateException, IOException {
+        try (FileInputStream inStream = new FileInputStream(certFilePath)) {
+            CertificateFactory cf = CertificateFactory.getInstance("X.509");
+            Collection<? extends java.security.cert.Certificate> certs = cf.generateCertificates(inStream);
+            // Cast to X509Certificate
+            List<X509Certificate> x509Certs = new ArrayList<>();
+            for (java.security.cert.Certificate cert : certs) {
+                x509Certs.add((X509Certificate) cert);
+            }
+            return x509Certs;
+        }
+    }
 
     /**
      * Reads a PGP public key from the specified file.
@@ -114,7 +123,8 @@ public static void validateBatchApiJKSInputs(File inputFile, String environmentH
     	}
     	validatePathAndFile(pgpEncryptionCertPath, "PGP Encryption Cert Path");
     	validatePathAndFile(keystorePath, "Keystore Path");
-    	validatePathAndFile(truststorePath, "Truststore Path");
+    	if (!StringUtils.isEmpty(truststorePath))
+    		validatePathAndFile(truststorePath, "Truststore Path");
     }
 
     /**
@@ -135,7 +145,8 @@ public static void validateBatchApiP12Inputs(File inputFile, String environmentH
     	}
     	validatePathAndFile(pgpEncryptionCertPath, "PGP Encryption Cert Path");
     	validatePathAndFile(clientCertP12FilePath, "Client Cert P12 File Path");
-    	validatePathAndFile(serverTrustCertPath, "Server Trust Cert Path");
+    	if (!StringUtils.isEmpty(serverTrustCertPath))
+    		validatePathAndFile(serverTrustCertPath, "Server Trust Cert Path");
     }
 
     /**
@@ -149,7 +160,7 @@ public static void validateBatchApiP12Inputs(File inputFile, String environmentH
      * @param serverTrustCert The server trust X509 certificate.
      * @throws Exception If any validation fails.
      */
-    public static void validateBatchApiKeysInputs(File inputFile, String environmentHostname, PGPPublicKey pgpPublicKey,  PrivateKey clientPrivateKey, X509Certificate clientCert , X509Certificate serverTrustCert) throws Exception{
+    public static void validateBatchApiKeysInputs(File inputFile, String environmentHostname, PGPPublicKey pgpPublicKey,  PrivateKey clientPrivateKey, X509Certificate clientCert , Collection<X509Certificate> serverTrustCert) throws Exception{
     	validateInputFile(inputFile);
     	if(StringUtils.isEmpty(environmentHostname)) {
     		logger.error("Environment Host Name for Batch Upload API cannot be null or empty.");
@@ -158,7 +169,7 @@ public static void validateBatchApiKeysInputs(File inputFile, String environment
     	if (pgpPublicKey == null) throw new IllegalArgumentException("PGP Public Key is null");
         if (clientPrivateKey == null) throw new IllegalArgumentException("Client Private Key is null");
         if (clientCert == null) throw new IllegalArgumentException("Client Certificate is null");
-        if (serverTrustCert == null) throw new IllegalArgumentException("Server Trust Certificate is null");
+        //if (serverTrustCert == null) throw new IllegalArgumentException("Server Trust Certificate is null"); serverTrustCert is optional so can be null
     }
 
     /**