From 52993d52a04ff8733fa0190fc4ef0c5ed6800901 Mon Sep 17 00:00:00 2001
From: Rakib Ansary <rakibansary@gmail.com>
Date: Wed, 13 Sep 2023 08:53:53 +0000
Subject: [PATCH 1/2] fix: add payoneer certificate to java truststore

Signed-off-by: Rakib Ansary <rakibansary@gmail.com>
---
 .circleci/config.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 70d30e7a4d..224538017e 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -8,7 +8,7 @@ install_dependency: &install_dependency
     command: |
       sed -i '/jessie-updates/d' /etc/apt/sources.list
       apt update
-      apt install -y  openssl ant git zip jq 
+      apt install -y openssl ant git zip jq 
       mkdir ~/awscli
       cd  ~/awscli
       curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
@@ -21,6 +21,10 @@ install_dependency: &install_dependency
       wget http://downloads.sourceforge.net/project/jboss/JBoss/JBoss-4.2.3.GA/jboss-4.2.3.GA-jdk6.zip
       unzip jboss-4.2.3.GA-jdk6.zip
       cd project
+      
+      echo -n | openssl s_client -connect api.payoneer.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > api.payoneer.com.crt
+      keytool -import -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -alias api.payoneer.com -file api.payoneer.com.crt
+
 install_deploysuite: &install_deploysuite
     name: Installation of install_deploysuite.
     command: |
@@ -106,7 +110,7 @@ workflows:
             - Hold [TC-Website-Build-Deploy]       
           filters:
             branches:
-              only: [dev, reskin-payment, universal-nav, ci-script-fix, feature/PLAT-1014, fix/PLAT-1432]
+              only: [dev, PS-138]
       - build-prod:
           context : org-global   
           requires:

From 482025a72187e91299c1f58a44e2282566f6a9b3 Mon Sep 17 00:00:00 2001
From: Rakib Ansary <rakibansary@gmail.com>
Date: Wed, 13 Sep 2023 09:27:16 +0000
Subject: [PATCH 2/2] fix: enforce TLSv1.2

---
 .circleci/config.yml                                |  2 +-
 .../web/tc/controller/PayoneerServiceV4.java        | 13 +++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 224538017e..0113dfee22 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -18,7 +18,7 @@ install_dependency: &install_dependency
       wget https://repo1.maven.org/maven2/org/codehaus/groovy/groovy-all/1.7.8/groovy-all-1.7.8.jar
       wget https://repo1.maven.org/maven2/ant-contrib/ant-contrib/1.0b3/ant-contrib-1.0b3.jar
       cd ~
-      wget http://downloads.sourceforge.net/project/jboss/JBoss/JBoss-4.2.3.GA/jboss-4.2.3.GA-jdk6.zip
+      wget https://downloads.sourceforge.net/project/jboss/JBoss/JBoss-4.2.3.GA/jboss-4.2.3.GA-jdk6.zip
       unzip jboss-4.2.3.GA-jdk6.zip
       cd project
       
diff --git a/src/main/com/topcoder/web/tc/controller/PayoneerServiceV4.java b/src/main/com/topcoder/web/tc/controller/PayoneerServiceV4.java
index 1d1f68337d..e5ced68032 100644
--- a/src/main/com/topcoder/web/tc/controller/PayoneerServiceV4.java
+++ b/src/main/com/topcoder/web/tc/controller/PayoneerServiceV4.java
@@ -20,6 +20,8 @@
 import java.text.DecimalFormatSymbols;
 import java.text.MessageFormat;
 import java.util.*;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
 
 
 /**
@@ -264,6 +266,17 @@ private static class HttpsRequest {
         public static final int HTTP_OK = HttpsURLConnection.HTTP_OK;
         public static final int HTTP_NOT_FOUND = HttpsURLConnection.HTTP_NOT_FOUND;
 
+        // set the default SSLContext for the whole JVM to use TLSv1.2
+        static {
+            try {
+                SSLContext context = SSLContext.getInstance("TLSv1.2");
+                context.init(null, null, null);
+                SSLContext.setDefault(context);
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+        }
+
         public static RequestResponse send(final RequestType reqType, final String urlString, final Map<String, String> headers, final Map<String, String> requestParams, final boolean isBodyTypeJSON) throws Exception {
             log.info(reqType.toString() + ": " + urlString);