Adding DCR gateway implementation

wso2 · Dec 12, 2024 · de8e85c · de8e85c
1 parent 2980a40
commit de8e85c
Show file tree

Hide file tree

Showing 18 changed files with 449 additions and 177 deletions.
diff --git a/...vices-accelerator/accelerators/fs-apim/carbon-home/repository/conf/financial-services.xml b/...vices-accelerator/accelerators/fs-apim/carbon-home/repository/conf/financial-services.xml
@@ -30,6 +30,12 @@
                 <CacheModifiedExpiry>60</CacheModifiedExpiry>
             </GatewayCache>
         </Cache>
+        <DCR>
+            <RequestJWTValidation>true</RequestJWTValidation>
+            <JWKSEndpointName>software_jwks_endpoint</JWKSEndpointName>
+            <SSAClientName>software_client_name</SSAClientName>
+            <UseSoftwareIdAsAppName>true</UseSoftwareIdAsAppName>
+        </DCR>
     </Gateway>
     <PublisherURL>https://localhost:9443</PublisherURL>
     <HTTPConnectionPool>

diff --git a/...carbon-home/repository/resources/conf/templates/repository/conf/financial-services.xml.j2 b/...carbon-home/repository/resources/conf/templates/repository/conf/financial-services.xml.j2
@@ -48,6 +48,28 @@
                 {% endif %}
             </GatewayCache>
         </Cache>
+         <DCR>
+            {% if financial_services.gateway.dcr.isRequestJWT is defined %}
+            <RequestJWTValidation>{{financial_services.gateway.dcr.isRequestJWT}}</RequestJWTValidation>
+            {% else %}
+            <RequestJWTValidation>true</RequestJWTValidation>
+            {% endif %}
+            {% if financial_services.gateway.dcr.jwks_endpoint_name is defined %}
+            <JWKSEndpointName>{{financial_services.gateway.dcr.jwks_endpoint_name}}</JWKSEndpointName>
+            {% else %}
+            <JWKSEndpointName>software_jwks_endpoint</JWKSEndpointName>
+            {% endif %}
+            {% if financial_services.gateway.dcr.ssa_client_name is defined %}
+            <SSAClientName>{{financial_services.gateway.dcr.ssa_client_name}}</SSAClientName>
+            {% else %}
+            <SSAClientName>software_client_name</SSAClientName>
+            {% endif %}
+            {% if financial_services.gateway.dcr.use_softwareId_for_appName is defined %}
+            <UseSoftwareIdAsAppName>{{financial_services.gateway.dcr.use_softwareId_for_appName}}</UseSoftwareIdAsAppName>
+            {% else %}
+            <UseSoftwareIdAsAppName>true</UseSoftwareIdAsAppName>
+            {% endif %}
+        </DCR>
     </Gateway>
     {% if financial_services.publisher_url is defined %}
     <PublisherURL>{{financial_services.publisher_url}}</PublisherURL>

diff --git a/...rvices-accelerator/accelerators/fs-apim/repository/resources/wso2am-4.4.0-deployment.toml b/...rvices-accelerator/accelerators/fs-apim/repository/resources/wso2am-4.4.0-deployment.toml
@@ -426,13 +426,28 @@ priority = 1
 name = "org.wso2.financial.services.accelerator.gateway.executor.impl.error.handling.DefaultErrorHandlingExecutor"
 priority = 1000
 
+[[financial_services.gateway.executors]]
+type = "DCR"
+[[financial_services.gateway.executors.executor]]
+name = "org.wso2.financial.services.accelerator.gateway.executor.impl.dcr.DCRExecutor"
+priority = 1
+[[financial_services.gateway.executors.executor]]
+name = "org.wso2.financial.services.accelerator.gateway.executor.impl.error.handling.DefaultErrorHandlingExecutor"
+priority = 1000
+
 [financial_services.gateway.consent.validation]
 endpoint="https://IS_HOSTNAME:9446/api/fs/consent/validate/validate"
 
 [financial_services.gateway.cache]
 cache_access_expiry_minutes=60
 cache_modified_expiry_minutes=60
 
+[financial_services.gateway.dcr]
+isRequestJWT= true
+jwks_endpoint_name= "software_jwks_endpoint"
+ssa_client_name= "software_client_name"
+use_softwareId_for_appName= true
+
 #===================for Connection pool====================
 [financial_services.http_connection_pool]
 max_connections = 2000

diff --git a/...services-accelerator/accelerators/fs-is/repository/resources/wso2is-7.0.0-deployment.toml b/...services-accelerator/accelerators/fs-is/repository/resources/wso2is-7.0.0-deployment.toml
@@ -277,6 +277,18 @@ grant_handler = "org.wso2.financial.services.accelerator.identity.extensions.gra
 enable = true
 grant_handler = "org.wso2.financial.services.accelerator.identity.extensions.grant.type.handlers.FSClientCredentialsGrantHandler"
 
+[oauth.dcr]
+enable_fapi_enforcement=true
+
+[oauth.oidc]
+id_token.signature_algorithm="PS256"
+
+[oauth.oidc.token_endpoint]
+signing_algorithms=["PS256","ES256"]
+
+[oauth.oidc.user_info]
+jwt_signature_algorithm="PS256"
+
 [oauth.oidc.extensions]
 claim_callback_handler = "org.wso2.financial.services.accelerator.identity.extensions.claims.FSDefaultOIDCClaimsCallbackHandler"
 request_object_validator = "org.wso2.financial.services.accelerator.identity.extensions.auth.extensions.request.validator.FSRequestObjectValidationExtension"
@@ -290,9 +302,15 @@ read_timeout = 5000
 [application_mgt]
 enable_role_validation = true
 
+[role_mgt]
+allow_system_prefix_for_role = true
+
 [transport.https.properties]
 maxHttpHeaderSize = "65536"
 
+[transport.https.sslHostConfig.properties]
+ciphers="TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
+
 #================configs related to financial-services.xml=============
 [[financial_services.jdbc_persistence_manager]]
 data_source.name = "WSO2FS_DB"
@@ -359,3 +377,25 @@ remove_tenant_domain_from_subject=false
 [financial_services.http_connection_pool]
 max_connections = 2000
 max_connections_per_route = 1500
+
+[financial_services.event.notifications]
+event_notification_generator="org.wso2.financial.services.accelerator.event.notifications.service.DefaultEventNotificationGenerator"
+token_issuer="www.wso2org.com"
+number_of_sets_to_return=5
+event_creation_handler="org.wso2.financial.services.accelerator.event.notifications.service.handler.DefaultEventCreationServiceHandler"
+event_polling_handler="org.wso2.financial.services.accelerator.event.notifications.service.handler.DefaultEventPollingServiceHandler"
+event_subscription_handler="org.wso2.financial.services.accelerator.event.notifications.service.handler.DefaultEventSubscriptionServiceHandler"
+set_sub_claim_included=true
+set_txn_claim_included=true
+set_toe_cliam_included=true
+
+[financial_services.event.notifications.realtime]
+enable=false
+periodic_cron_expression="0 0/1 0 ? * * *"
+request_timeout=60
+maximum_retry_count=5
+initial_retry_waiting_time=60
+retry_function="EX"
+circuit_breaker_open_timeout=500
+pool_size=20
+event_notification_request_generator="org.wso2.financial.services.accelerator.event.notifications.service.realtime.service.DefaultRealtimeEventNotificationRequestGenerator"
diff --git a/...al-services-accelerator/components/org.wso2.financial.services.accelerator.common/pom.xml b/...al-services-accelerator/components/org.wso2.financial.services.accelerator.common/pom.xml
@@ -88,8 +88,8 @@
             <artifactId>nimbus-jose-jwt</artifactId>
         </dependency>
         <dependency>
-            <groupId>net.minidev</groupId>
-            <artifactId>json-smart</artifactId>
+            <groupId>org.json.wso2</groupId>
+            <artifactId>json</artifactId>
         </dependency>
         <!-- Test Dependencies -->
         <dependency>
@@ -235,7 +235,7 @@
                             com.nimbusds.jose;version="${org.wso2.orbit.nimbus.version.range}",
                             com.nimbusds.jwt;version="${org.wso2.orbit.nimbus.version.range}",
                             javax.cache,
-                            net.minidev.json;version="${json-smart.version}",
+                            org.json;version="${org.json.version.range}",
                             org.apache.axiom.*;version="${axiom.osgi.version.range}",
                             org.apache.commons.lang3;version="${commons-lang3.version}",
                             org.apache.commons.logging;version="${commons.logging.version}",

diff --git a/.../org/wso2/financial/services/accelerator/common/config/FinancialServicesConfigParser.java b/.../org/wso2/financial/services/accelerator/common/config/FinancialServicesConfigParser.java
@@ -36,12 +36,10 @@
 import java.io.InputStream;
 import java.nio.file.Files;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.LinkedHashMap;
-import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.Stack;
@@ -63,8 +61,6 @@ public final class FinancialServicesConfigParser {
     private final Map<String, Object> configuration = new HashMap<>();
     private final Map<String, Map<Integer, String>> fsExecutors = new HashMap<>();
     private final Map<String, Map<Integer, String>> authorizeSteps = new HashMap<>();
-    private final Map<String, List<String>> allowedScopes = new HashMap<>();
-    private final Map<String, List<String>> allowedAPIs = new HashMap<>();
     private SecretResolver secretResolver;
     private OMElement rootElement;
     private static FinancialServicesConfigParser parser;
@@ -132,8 +128,6 @@ private void buildConfiguration() {
             readChildElements(rootElement, nameStack);
             buildFSExecutors();
             buildConsentAuthSteps();
-            buildAllowedScopes();
-            buildAllowedSubscriptions();
         } catch (IOException | XMLStreamException | OMException e) {
             throw new FinancialServicesRuntimeException("Error occurred while building configuration from " +
                     "financial-services.xml", e);
@@ -297,74 +291,6 @@ private void readChildElements(OMElement serverConfig, Stack<String> nameStack)
         }
     }
 
-    private void buildAllowedScopes() {
-        OMElement gatewayElement = rootElement.getFirstChildWithName(
-                new QName(FinancialServicesConstants.FS_CONFIG_QNAME, FinancialServicesConstants.GATEWAY_CONFIG_TAG));
-
-        if (gatewayElement != null) {
-            OMElement tppManagementElement = gatewayElement.getFirstChildWithName(
-                    new QName(FinancialServicesConstants.FS_CONFIG_QNAME,
-                            FinancialServicesConstants.TPP_MANAGEMENT_CONFIG_TAG));
-
-            if (tppManagementElement != null) {
-                OMElement allowedScopesElement = tppManagementElement.getFirstChildWithName(new QName(
-                        FinancialServicesConstants.FS_CONFIG_QNAME,
-                        FinancialServicesConstants.ALLOWED_SCOPES_CONFIG_TAG));
-
-                // obtaining each scope under allowed scopes
-                Iterator environmentIterator = allowedScopesElement
-                        .getChildrenWithLocalName(FinancialServicesConstants.SCOPE_CONFIG_TAG);
-
-                while (environmentIterator.hasNext()) {
-                    OMElement scopeElem = (OMElement) environmentIterator.next();
-                    String scopeName = scopeElem.getAttributeValue(new QName("name"));
-                    String rolesStr = scopeElem.getAttributeValue(new QName("roles"));
-                    if (StringUtils.isNotEmpty(rolesStr)) {
-                        List<String> rolesList = Arrays.stream(rolesStr.split(","))
-                                .map(String::trim)
-                                .collect(Collectors.toList());
-                        allowedScopes.put(scopeName, rolesList);
-                    }
-                }
-            }
-        }
-    }
-
-    private void buildAllowedSubscriptions() {
-
-        OMElement dcrElement = rootElement.getFirstChildWithName(
-                new QName(FinancialServicesConstants.FS_CONFIG_QNAME, FinancialServicesConstants.DCR_CONFIG_TAG));
-
-        if (dcrElement != null) {
-            OMElement regulatoryAPIs = dcrElement.getFirstChildWithName(
-                    new QName(FinancialServicesConstants.FS_CONFIG_QNAME,
-                            FinancialServicesConstants.REGULATORY_API_NAMES));
-
-            if (regulatoryAPIs != null) {
-
-                // obtaining each regulatory API under allowed regulatory APIs
-                Iterator environmentIterator = regulatoryAPIs
-                        .getChildrenWithLocalName(FinancialServicesConstants.REGULATORY_API);
-
-                while (environmentIterator.hasNext()) {
-                    OMElement regulatoryAPIElem = (OMElement) environmentIterator.next();
-                    String regulatoryAPIName = regulatoryAPIElem.getAttributeValue(new QName(
-                            FinancialServicesConstants.API_NAME));
-                    String rolesStr = regulatoryAPIElem.getAttributeValue(new QName(
-                            FinancialServicesConstants.API_ROLE));
-                    if (StringUtils.isNotEmpty(rolesStr)) {
-                        List<String> rolesList = Arrays.stream(rolesStr.split(","))
-                                .map(String::trim)
-                                .collect(Collectors.toList());
-                        allowedAPIs.put(regulatoryAPIName, rolesList);
-                    } else {
-                        allowedAPIs.put(regulatoryAPIName, Collections.emptyList());
-                    }
-                }
-            }
-        }
-    }
-
     /**
      * Method to obtain config key from stack.
      *
@@ -440,14 +366,6 @@ public Map<String, Map<Integer, String>> getConsentAuthorizeSteps() {
         return Collections.unmodifiableMap(authorizeSteps);
     }
 
-    public Map<String, List<String>> getAllowedScopes() {
-        return Collections.unmodifiableMap(allowedScopes);
-    }
-
-    public Map<String, List<String>> getAllowedAPIs() {
-        return Collections.unmodifiableMap(allowedAPIs);
-    }
-
     public String getDataSourceName() {
 
         Optional<String> source = getConfigurationFromKeyAsString(FinancialServicesConstants.JDBC_PERSISTENCE_CONFIG);

diff --git a/...2/financial/services/accelerator/common/config/FinancialServicesConfigurationService.java b/...2/financial/services/accelerator/common/config/FinancialServicesConfigurationService.java
@@ -18,7 +18,6 @@
 
 package org.wso2.financial.services.accelerator.common.config;
 
-import java.util.List;
 import java.util.Map;
 
 /**
@@ -32,8 +31,4 @@ public interface FinancialServicesConfigurationService {
 
     public Map<String, Map<Integer, String>> getAuthorizeSteps();
 
-    public Map<String, List<String>> getAllowedScopes();
-
-    public Map<String, List<String>> getAllowedAPIs();
-
 }
diff --git a/...nancial/services/accelerator/common/config/FinancialServicesConfigurationServiceImpl.java b/...nancial/services/accelerator/common/config/FinancialServicesConfigurationServiceImpl.java
@@ -18,7 +18,6 @@
 
 package org.wso2.financial.services.accelerator.common.config;
 
-import java.util.List;
 import java.util.Map;
 
 /**
@@ -45,14 +44,4 @@ public Map<String, Map<Integer, String>> getAuthorizeSteps() {
 
         return configParser.getConsentAuthorizeSteps();
     }
-
-    @Override
-    public Map<String, List<String>> getAllowedScopes() {
-        return configParser.getAllowedScopes();
-    }
-
-    @Override
-    public Map<String, List<String>> getAllowedAPIs() {
-        return configParser.getAllowedAPIs();
-    }
 }