Merge pull request #229 from Ashi1993/dcr-gateway

[Accelerator 4] Adding DCR gateway implementation
wso2 · Jan 24, 2025 · 6a2926f · 6a2926f
2 parents d8f2ef5 + 9aa8af7
commit 6a2926f
Show file tree

Hide file tree

Showing 31 changed files with 1,849 additions and 352 deletions.
diff --git a/...vices-accelerator/accelerators/fs-apim/carbon-home/repository/conf/financial-services.xml b/...vices-accelerator/accelerators/fs-apim/carbon-home/repository/conf/financial-services.xml
@@ -30,6 +30,12 @@
                 <CacheModifiedExpiry>60</CacheModifiedExpiry>
             </GatewayCache>
         </Cache>
+        <DCR>
+            <RequestJWTValidation>true</RequestJWTValidation>
+            <JWKSEndpointName>software_jwks_endpoint</JWKSEndpointName>
+            <SSAClientName>software_client_name</SSAClientName>
+            <UseSoftwareIdAsAppName>true</UseSoftwareIdAsAppName>
+        </DCR>
     </Gateway>
     <PublisherURL>https://localhost:9443</PublisherURL>
     <HTTPConnectionPool>

diff --git a/...carbon-home/repository/resources/conf/templates/repository/conf/financial-services.xml.j2 b/...carbon-home/repository/resources/conf/templates/repository/conf/financial-services.xml.j2
@@ -48,6 +48,33 @@
                 {% endif %}
             </GatewayCache>
         </Cache>
+         <DCR>
+            {% if financial_services.gateway.dcr.isRequestJWT is defined %}
+            <RequestJWTValidation>{{financial_services.gateway.dcr.isRequestJWT}}</RequestJWTValidation>
+            {% else %}
+            <RequestJWTValidation>true</RequestJWTValidation>
+            {% endif %}
+            {% if financial_services.gateway.dcr.jwks_endpoint_name is defined %}
+            <JWKSEndpointName>{{financial_services.gateway.dcr.jwks_endpoint_name}}</JWKSEndpointName>
+            {% else %}
+            <JWKSEndpointName>software_jwks_endpoint</JWKSEndpointName>
+            {% endif %}
+            {% if financial_services.gateway.dcr.ssa_client_name is defined %}
+            <SSAClientName>{{financial_services.gateway.dcr.ssa_client_name}}</SSAClientName>
+            {% else %}
+            <SSAClientName>software_client_name</SSAClientName>
+            {% endif %}
+            {% if financial_services.gateway.dcr.use_softwareId_for_appName is defined %}
+            <UseSoftwareIdAsAppName>{{financial_services.gateway.dcr.use_softwareId_for_appName}}</UseSoftwareIdAsAppName>
+            {% else %}
+            <UseSoftwareIdAsAppName>true</UseSoftwareIdAsAppName>
+            {% endif %}
+            <ResponseParams>
+                {% for param in financial_services.gateway.dcr.response_params %}
+                    <Param>{{param}}</Param>
+                {% endfor %}
+            </ResponseParams>
+        </DCR>
     </Gateway>
     {% if financial_services.publisher_url is defined %}
     <PublisherURL>{{financial_services.publisher_url}}</PublisherURL>

diff --git a/...rvices-accelerator/accelerators/fs-apim/repository/resources/wso2am-4.4.0-deployment.toml b/...rvices-accelerator/accelerators/fs-apim/repository/resources/wso2am-4.4.0-deployment.toml
@@ -426,13 +426,29 @@ priority = 1
 name = "org.wso2.financial.services.accelerator.gateway.executor.impl.error.handling.DefaultErrorHandlingExecutor"
 priority = 1000
 
+[[financial_services.gateway.executors]]
+type = "DCR"
+[[financial_services.gateway.executors.executor]]
+name = "org.wso2.financial.services.accelerator.gateway.executor.impl.dcr.DCRExecutor"
+priority = 1
+[[financial_services.gateway.executors.executor]]
+name = "org.wso2.financial.services.accelerator.gateway.executor.impl.error.handling.DefaultErrorHandlingExecutor"
+priority = 1000
+
 [financial_services.gateway.consent.validation]
 endpoint="https://IS_HOSTNAME:9446/api/fs/consent/validate/validate"
 
 [financial_services.gateway.cache]
 cache_access_expiry_minutes=60
 cache_modified_expiry_minutes=60
 
+[financial_services.gateway.dcr]
+isRequestJWT= true
+jwks_endpoint_name= "software_jwks_endpoint"
+ssa_client_name= "software_client_name"
+use_softwareId_for_appName= true
+response_params = ["software_statement", "software_id", "token_endpoint_auth_signing_alg", "grant_types", "scope", "redirect_uris", "request_object_signing_alg", "token_endpoint_auth_method", "id_token_signed_response_alg"]
+
 #===================for Connection pool====================
 [financial_services.http_connection_pool]
 max_connections = 2000

diff --git a/financial-services-accelerator/accelerators/fs-is/bin/configure.sh b/financial-services-accelerator/accelerators/fs-is/bin/configure.sh
@@ -120,7 +120,8 @@ create_mysql_databases() {
 
 create_mysql_database_tables() {
     mysql -u${DB_USER} ${DB_MYSQL_PASS} -D${DB_IDENTITY} -h${DB_HOST} -e "SOURCE ${WSO2_IS_HOME}/dbscripts/identity/mysql.sql";
-    echo "Database tables Created for: ${DB_APIMGT}"
+    mysql -u${DB_USER} ${DB_MYSQL_PASS} -D${DB_IDENTITY} -h${DB_HOST} -e "SOURCE ${WSO2_IS_HOME}/dbscripts/consent/mysql.sql";
+    echo "Database tables Created for: ${DB_IDENTITY}"
     mysql -u${DB_USER} ${DB_MYSQL_PASS} -D${DB_IS_CONFIG} -h${DB_HOST} -e "SOURCE ${WSO2_IS_HOME}/dbscripts/mysql.sql";
     echo "Database tables Created for: ${DB_IS_CONFIG}"
     mysql -u${DB_USER} ${DB_MYSQL_PASS} -D${DB_FS_STORE} -h${DB_HOST} -e "SOURCE ${WSO2_IS_HOME}/dbscripts/financial-services/consent/mysql.sql";

diff --git a/...carbon-home/repository/resources/conf/templates/repository/conf/financial-services.xml.j2 b/...carbon-home/repository/resources/conf/templates/repository/conf/financial-services.xml.j2
@@ -306,6 +306,6 @@
             {% else %}
             <RequestGenerator>org.wso2.financial.services.accelerator.event.notifications.service.realtime.service.DefaultRealtimeEventNotificationRequestGenerator</RequestGenerator>
             {% endif %}
-        </RealtimeEventNotification>
+        </Realtime>
     </EventNotifications>
 </Server>
diff --git a/...services-accelerator/accelerators/fs-is/repository/resources/wso2is-7.0.0-deployment.toml b/...services-accelerator/accelerators/fs-is/repository/resources/wso2is-7.0.0-deployment.toml
@@ -277,6 +277,18 @@ grant_handler = "org.wso2.financial.services.accelerator.identity.extensions.gra
 enable = true
 grant_handler = "org.wso2.financial.services.accelerator.identity.extensions.grant.type.handlers.FSClientCredentialsGrantHandler"
 
+[oauth.dcr]
+enable_fapi_enforcement=true
+
+[oauth.oidc]
+id_token.signature_algorithm="PS256"
+
+[oauth.oidc.token_endpoint]
+signing_algorithms=["PS256","ES256"]
+
+[oauth.oidc.user_info]
+jwt_signature_algorithm="PS256"
+
 [oauth.oidc.extensions]
 claim_callback_handler = "org.wso2.financial.services.accelerator.identity.extensions.claims.FSDefaultOIDCClaimsCallbackHandler"
 request_object_validator = "org.wso2.financial.services.accelerator.identity.extensions.auth.extensions.request.validator.FSRequestObjectValidationExtension"
@@ -290,9 +302,15 @@ read_timeout = 5000
 [application_mgt]
 enable_role_validation = true
 
+[role_mgt]
+allow_system_prefix_for_role = true
+
 [transport.https.properties]
 maxHttpHeaderSize = "65536"
 
+[transport.https.sslHostConfig.properties]
+ciphers="TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
+
 #================configs related to financial-services.xml=============
 [[financial_services.jdbc_persistence_manager]]
 data_source.name = "WSO2FS_DB"
@@ -359,3 +377,25 @@ remove_tenant_domain_from_subject=false
 [financial_services.http_connection_pool]
 max_connections = 2000
 max_connections_per_route = 1500
+
+[financial_services.event.notifications]
+event_notification_generator="org.wso2.financial.services.accelerator.event.notifications.service.DefaultEventNotificationGenerator"
+token_issuer="www.wso2org.com"
+number_of_sets_to_return=5
+event_creation_handler="org.wso2.financial.services.accelerator.event.notifications.service.handler.DefaultEventCreationServiceHandler"
+event_polling_handler="org.wso2.financial.services.accelerator.event.notifications.service.handler.DefaultEventPollingServiceHandler"
+event_subscription_handler="org.wso2.financial.services.accelerator.event.notifications.service.handler.DefaultEventSubscriptionServiceHandler"
+set_sub_claim_included=true
+set_txn_claim_included=true
+set_toe_cliam_included=true
+
+[financial_services.event.notifications.realtime]
+enable=false
+periodic_cron_expression="0 0/1 0 ? * * *"
+request_timeout=60
+maximum_retry_count=5
+initial_retry_waiting_time=60
+retry_function="EX"
+circuit_breaker_open_timeout=500
+pool_size=20
+event_notification_request_generator="org.wso2.financial.services.accelerator.event.notifications.service.realtime.service.DefaultRealtimeEventNotificationRequestGenerator"
diff --git a/...al-services-accelerator/components/org.wso2.financial.services.accelerator.common/pom.xml b/...al-services-accelerator/components/org.wso2.financial.services.accelerator.common/pom.xml
@@ -88,8 +88,8 @@
             <artifactId>nimbus-jose-jwt</artifactId>
         </dependency>
         <dependency>
-            <groupId>net.minidev</groupId>
-            <artifactId>json-smart</artifactId>
+            <groupId>org.json.wso2</groupId>
+            <artifactId>json</artifactId>
         </dependency>
         <!-- Test Dependencies -->
         <dependency>
@@ -235,7 +235,7 @@
                             com.nimbusds.jose;version="${org.wso2.orbit.nimbus.version.range}",
                             com.nimbusds.jwt;version="${org.wso2.orbit.nimbus.version.range}",
                             javax.cache,
-                            net.minidev.json;version="${json-smart.version}",
+                            org.json;version="${org.json.version.range}",
                             org.apache.axiom.*;version="${axiom.osgi.version.range}",
                             org.apache.commons.lang3;version="${commons-lang3.version}",
                             org.apache.commons.logging;version="${commons.logging.version}",