Merge branch 'main' into feat/iprod-416

.github/workflows/releaseWorkflow.yml

@@ -8,39 +8,39 @@ on:
       - main
 
 ##
-# Re-usable workflows can be found at https://github.com/modusbox/github-actions-node
+# Re-usable workflows can be found at https://github.com/infitx-org/github-actions-node
 ##
 
 jobs:
   test_lint:
-    uses: modusbox/github-actions-node/.github/workflows/[email protected]
+    uses: infitx-org/github-actions-node/.github/workflows/[email protected]
 
   test_dependencies:
-    uses: modusbox/github-actions-node/.github/workflows/[email protected]
+    uses: infitx-org/github-actions-node/.github/workflows/[email protected]
 
   test_audit:
-    uses: modusbox/github-actions-node/.github/workflows/[email protected]
+    uses: infitx-org/github-actions-node/.github/workflows/[email protected]
 
   test_license:
-    uses: modusbox/github-actions-node/.github/workflows/[email protected]
+    uses: infitx-org/github-actions-node/.github/workflows/[email protected]
 
   # TODO: Enable when there are unit tests
   #   test_unit:
-  #     uses: modusbox/github-actions-node/.github/workflows/[email protected]
+  #     uses: infitx-org/github-actions-node/.github/workflows/[email protected]
 
   # TODO: Enable when there is coveragte for unit tests
   #   test_coverage:
-  #     uses: modusbox/github-actions-node/.github/workflows/[email protected]
+  #     uses: infitx-org/github-actions-node/.github/workflows/[email protected]
 
   test_int:
-    uses: modusbox/github-actions-node/.github/workflows/[email protected]
+    uses: infitx-org/github-actions-node/.github/workflows/[email protected]
 
   test_func:
     uses: ./.github/workflows/testFuncJob.yml
 
 
   publish_image:
-    uses: modusbox/github-actions-node/.github/workflows/[email protected]
+    uses: infitx-org/github-actions-node/.github/workflows/[email protected]
     with:
       RELEASE_VERSION: ${{ github.event.release.tag_name }}
       RELEASE_URL: ${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ github.event.release.tag_name }}

.gitignore

@@ -113,3 +113,4 @@ localEnvs
 
 # tests
 **/junit.xml
+.token

.husky/commit-msg

@@ -1 +1 @@
-npx --no-install commitlint --edit $1
+commitlint --edit $1

.ncurc.yaml

@@ -2,4 +2,5 @@
 reject: [
   "chai", # Chai v.5 now only supports EcmaScript Modules (ESM) - no require('chi')
   "eslint", # Upgrade is breaking due to peer dependencies
+  "eslint-plugin-promise", # Upgrade is breaking due to peer dependencies
 ]

src/api/swagger.yaml

@@ -2715,7 +2715,6 @@ components:
     BaseJWSCert:
       required:
       - publicKey
-      - createdAt
       type: object
       properties:
         publicKey:
@@ -2777,6 +2776,9 @@ components:
         monetaryZoneId:
           type: string
           description: The monetary Zone
+        isProxy:
+          type: boolean
+          description: Proxy flag
         securityGroup:
           type: string
           description: OAuth role/group owner
@@ -2793,6 +2795,9 @@ components:
         monetaryZoneId:
           type: string
           description: The monetary Zone
+        isProxy:
+          type: boolean
+          description: Proxy flag
       example:
         name: DFSP 1
         monetaryZoneId: EUR
@@ -2808,6 +2813,9 @@ components:
         monetaryZoneId:
           type: string
           description: The monetary Zone
+        isProxy:
+          type: boolean
+          description: Proxy flag
         securityGroup:
           type: string
           description: DFSP Security group

src/controllers/JWSCerts.js

@@ -29,7 +29,7 @@ exports.createDfspJWSCerts = (req, res, next, body, dfspId) => {
 };
 
 exports.createDfspExternalJWSCerts = (req, res, next, body) => {
-  const sourceDfspId = req.headers['X-Source-DFSP-ID'];
+  const sourceDfspId = req.headers['X-DFSP-ID'];
   JWSCertsService.createDfspExternalJWSCerts(req.context, body, sourceDfspId)
     .then(response => {
       utils.writeJson(res, response);

src/db/migrations/20240801112400_add_isProxy_to_dfsp.js

@@ -0,0 +1,11 @@
+exports.up = function (knex, Promise) {
+  return knex.schema.table('dfsps', function (table) {
+    table.boolean('isProxy');
+  });
+};
+
+exports.down = function (knex, Promise) {
+  return knex.schema.table('dfsps', function (table) {
+    table.dropColumn('isProxy');
+  });
+};

src/db/seeds/03_dfsp.js

@@ -0,0 +1,33 @@
+// pass DFSP_SEED=DFSP1:KES,DFSP2:MWK,DFSP3:UGX to seed the dfsp with the given monetary zones
+exports.seed = async (knex) => {
+    if (process.env.DFSP_SEED) {
+        const Constants = require('../../constants/Constants');
+        const { createCSRAndDFSPOutboundEnrollment, getDFSPOutboundEnrollments } = require('../../service/DfspOutboundService');
+        const PKIEngine = require('../../pki_engine/VaultPKIEngine');
+        const dfsps = process.env.DFSP_SEED.split(',')
+            .map(dfsp => dfsp.split(':').map(s => s.trim()));
+
+        await knex('dfsps').insert(
+            dfsps.map(([dfsp_id, monetaryZoneId, isProxy]) => ({
+                dfsp_id,
+                name: dfsp_id,
+                monetaryZoneId: monetaryZoneId || null,
+                security_group: `Application/DFSP:${dfsp_id}`,
+                isProxy: isProxy === 'proxy'
+            }))
+        ).onConflict('dfsp_id').merge();
+
+        const pkiEngine = new PKIEngine(Constants.vault);
+        await pkiEngine.connect();
+        for (const [dfsp_id] of dfsps) {
+            const exists = await getDFSPOutboundEnrollments({pkiEngine}, dfsp_id);
+            if (exists.length === 0) {
+                await createCSRAndDFSPOutboundEnrollment(
+                    {pkiEngine},
+                    dfsp_id,
+                    Constants.clientCsrParameters
+                );
+            }
+        }
+    }
+};

src/models/DFSPModel.js

@@ -91,6 +91,7 @@ const rowToObject = (dfsp) => {
     dfspId: dfsp.dfsp_id,
     name: dfsp.name,
     monetaryZoneId: dfsp.monetaryZoneId ? dfsp.monetaryZoneId : undefined,
+    isProxy: dfsp.isProxy,
     securityGroup: dfsp.security_group
   };
 };

src/pki_engine/VaultPKIEngine.js

@@ -306,7 +306,7 @@ class VaultPKIEngine extends PKIEngine {
   }
   // endregion
 
-  async populateDFSPClientCertBundle (dfspId, dfspName, dfspMonetaryZoneId) {
+  async populateDFSPClientCertBundle (dfspId, dfspName, dfspMonetaryZoneId, isProxy) {
     this.validateId(dfspId, 'dfspId');
     const dfspCA = await this.getDFSPCA(dfspId);
     const enrollments = await this.getDFSPOutboundEnrollments(dfspId);
@@ -321,6 +321,7 @@ class VaultPKIEngine extends PKIEngine {
       fqdn: cert.subject.CN,
       host: dfspName,
       currency_code: dfspMonetaryZoneId,
+      isProxy,
     };
     await this.client.write(`${this.mounts.dfspClientCertBundle}/${dfspName}`, bundle);
   }
@@ -603,7 +604,7 @@ class VaultPKIEngine extends PKIEngine {
       const validation = new Validation(code, true);
       if (valid) {
         validation.result = ValidationCodes.VALID_STATES.VALID;
-         
+
         validation.messageTemplate = 'Certificate is valid for ${data.currentDate}';
         validation.data = {
           currentDate: {
@@ -614,7 +615,7 @@ class VaultPKIEngine extends PKIEngine {
         validation.message = `Certificate is valid for ${moment(validation.data.currentDate.value).format()}`;
       } else {
         validation.result = ValidationCodes.VALID_STATES.INVALID;
-         
+
         validation.messageTemplate = 'Certificate is not valid for ${data.currentDate}. It is not valid before ${data.notBeforeDate} and after ${data.notAfterDate}';
         validation.data = {
           currentDate: {
@@ -702,10 +703,10 @@ class VaultPKIEngine extends PKIEngine {
   validateCertificateKeyLength (serverCert, keyLength, code) {
     const { valid, reason } = this.verifyCertKeyLength(serverCert, keyLength);
     if (!valid) {
-       
+
       const validation = new Validation(code, true);
       validation.result = ValidationCodes.VALID_STATES.INVALID;
-       
+
       validation.messageTemplate = 'Certificate key length ${data.actualKeySize.value} invalid, should be ${data.keyLength.value}';
       validation.details = reason;
       validation.data = {

src/service/DfspOnboardService.js

@@ -28,8 +28,8 @@ const getIPsBundle = async () => {
 exports.onboardDFSP = async (ctx, dfspId) => {
   await PkiService.validateDfsp(ctx, dfspId);
   const { pkiEngine } = ctx;
-  const { id, monetaryZoneId } = await DFSPModel.findByDfspId(dfspId);
-  await pkiEngine.populateDFSPClientCertBundle(id, dfspId, monetaryZoneId);
+  const { id, monetaryZoneId, isProxy } = await DFSPModel.findByDfspId(dfspId);
+  await pkiEngine.populateDFSPClientCertBundle(id, dfspId, monetaryZoneId, !!isProxy);
 
   const ipsBundle = await getIPsBundle();
   await pkiEngine.populateDFSPInternalIPWhitelistBundle(ipsBundle);

src/service/JWSCertsService.js

@@ -58,12 +58,12 @@ exports.createDfspExternalJWSCerts = async (ctx, body, sourceDfspId) => {
   const result = [];
   for(let i = 0; i < externalDfspList.length; i++) {
     const dfspJwsItem = externalDfspList[i];
-    const { dfspId, publicKey, createdAt } = dfspJwsItem;
+    const { dfspId, publicKey } = dfspJwsItem;
     const { validations, validationState } = pkiEngine.validateJWSCertificate(publicKey);
     const jwsData = {
       dfspId,
       publicKey,
-      createdAt,
+      createdAt: dfspJwsItem.createdAt || 0,
       validations,
       validationState,
     };

src/service/PkiService.js

@@ -40,6 +40,7 @@ exports.createDFSP = async (ctx, body) => {
     dfsp_id: body.dfspId,
     name: body.name,
     monetaryZoneId: body.monetaryZoneId ? body.monetaryZoneId : undefined,
+    isProxy: body.isProxy,
     security_group: body.securityGroup || 'Application/DFSP:' + dfspIdNoSpaces
   };
 
@@ -108,6 +109,7 @@ exports.updateDFSP = async (ctx, dfspId, newDfsp) => {
   const values = {
     name: newDfsp.name,
     monetaryZoneId: newDfsp.monetaryZoneId,
+    isProxy: newDfsp.isProxy,
     security_group: newDfsp.securityGroup
   };
 
@@ -205,6 +207,7 @@ const dfspRowToObject = (row) => {
     id: row.dfsp_id,
     name: row.name,
     monetaryZoneId: row.monetaryZoneId ? row.monetaryZoneId : undefined,
+    isProxy: row.isProxy,
     securityGroup: row.security_group,
   };
 };

test/functional-tests/tests/mcm-api-endpoint.test.ts

@@ -21,6 +21,8 @@
  *       Miguel de Barros - [email protected]                **
  ************************************************************************* */
 
+import { isProxy } from "util/types";
+
 jest.setTimeout(999999)
 
 const { ApiHelper, MethodEnum, ApiHelperOptions } = require('../util/api-helper');
@@ -35,7 +37,8 @@ describe('MCM API Tests', () => {
   const dfspObject = {
     dfspId: `test${randomSeed}`,
     name: `test${randomSeed}`,
-    monetaryZoneId: 'XTS'
+    monetaryZoneId: 'XTS',
+    isProxy: false
   }
 
   const apiHelperOptions: typeof ApiHelperOptions = {};