From f36a63f65b8f889f5c69d71cf6897361e84b2414 Mon Sep 17 00:00:00 2001
From: imesh94 <imeshu@wso2.com>
Date: Sun, 27 Oct 2024 15:55:39 +0530
Subject: [PATCH 01/10] Revert changes done to introduce gateway proxy to
 infosec endpoints

---
 .../cds/gateway/utils/GatewayConstants.java   | 16 ++---
 .../default/api/_AuthorizeAPI_.xml            | 35 -----------
 .../default/api/_IntrospectAPI_.xml           | 35 -----------
 .../default/api/_OIDCDiscoveryAPI_.xml        | 35 -----------
 .../synapse-configs/default/api/_PARAPI_.xml  | 34 ----------
 .../default/api/_RevokeAPI_.xml               | 35 -----------
 .../default/api/_TokenAPI_.xml                | 36 -----------
 .../default/api/_UserInfoAPI_.xml             | 35 -----------
 .../siddhi-files/CDSCurrentPeakTPSApp.siddhi  |  3 +-
 .../CDSInvocationMetricsApp.siddhi            |  5 +-
 .../wso2is-6.0.0-deployment-cds.toml          | 62 ++++++++++++++++---
 11 files changed, 65 insertions(+), 266 deletions(-)
 delete mode 100644 toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_AuthorizeAPI_.xml
 delete mode 100644 toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_IntrospectAPI_.xml
 delete mode 100644 toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_OIDCDiscoveryAPI_.xml
 delete mode 100644 toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_PARAPI_.xml
 delete mode 100644 toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_RevokeAPI_.xml
 delete mode 100644 toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_TokenAPI_.xml
 delete mode 100644 toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_UserInfoAPI_.xml

diff --git a/components/org.wso2.openbanking.cds.gateway/src/main/java/org/wso2/openbanking/cds/gateway/utils/GatewayConstants.java b/components/org.wso2.openbanking.cds.gateway/src/main/java/org/wso2/openbanking/cds/gateway/utils/GatewayConstants.java
index 87aefe51..ae44ebf4 100644
--- a/components/org.wso2.openbanking.cds.gateway/src/main/java/org/wso2/openbanking/cds/gateway/utils/GatewayConstants.java
+++ b/components/org.wso2.openbanking.cds.gateway/src/main/java/org/wso2/openbanking/cds/gateway/utils/GatewayConstants.java
@@ -91,14 +91,14 @@ private GatewayConstants() {
     public static final String WELL_KNOWN_API = "WellKnownAPI";
     public static final String PAR_API = "PARAPI";
 
-    public static final String TOKEN_ENDPOINT = "/token";
-    public static final String AUTHORIZE_ENDPOINT = "/authorize";
-    public static final String JWKS_ENDPOINT = "/jwks";
-    public static final String USERINFO_ENDPOINT = "/userinfo";
-    public static final String REVOKE_ENDPOINT = "/revoke";
-    public static final String INTROSPECTION_ENDPOINT = "/token/introspect";
-    public static final String PAR_ENDPOINT = "/par";
-    public static final String WELL_KNOWN_ENDPOINT = "/.well-known/openid-configuration";
+    public static final String TOKEN_ENDPOINT = "/oauth2/token";
+    public static final String AUTHORIZE_ENDPOINT = "/oauth2/authorize";
+    public static final String JWKS_ENDPOINT = "/oauth2/jwks";
+    public static final String USERINFO_ENDPOINT = "/oauth2/userinfo";
+    public static final String REVOKE_ENDPOINT = "/oauth2/revoke";
+    public static final String INTROSPECTION_ENDPOINT = "/oauth2/introspect";
+    public static final String PAR_ENDPOINT = "/oauth2/par";
+    public static final String WELL_KNOWN_ENDPOINT = "/oauth2/token/.well-known/openid-configuration";
     public static final String REGISTER_ENDPOINT = "/register";
     public static final String REGISTER_CLIENT_ID_ENDPOINT = "/register/{ClientId}";
     public static final String CDR_ARRANGEMENT_ENDPOINT = "/{cdrArrangementId}";
diff --git a/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_AuthorizeAPI_.xml b/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_AuthorizeAPI_.xml
deleted file mode 100644
index da08bb58..00000000
--- a/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_AuthorizeAPI_.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
- ~ Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com). All Rights Reserved.
- ~
- ~ This software is the property of WSO2 LLC. and its suppliers, if any.
- ~ Dissemination of any information or reproduction of any material contained
- ~ herein in any form is strictly forbidden, unless permitted by WSO2 expressly.
- ~ You may not alter or remove any copyright or other notice from copies of this content.
- ~
--->
-
-<api xmlns="http://ws.apache.org/ns/synapse" name="_WSO2_AM_Authorize_API_" context="/authorize">
-    <resource methods="GET POST" url-mapping="/*" faultSequence="_token_fault_">
-        <inSequence>
-            <property name="uri.var.portnum" expression="get-property('keyManager.port')"/>
-            <property name="uri.var.hostname" expression="get-property('keyManager.hostname')"/>
-            <send>
-                <endpoint>
-                    <http uri-template="https://{uri.var.hostname}:{uri.var.portnum}/oauth2/authorize">
-                        <timeout>
-                            <duration>60000</duration>
-                            <responseAction>fault</responseAction>
-                        </timeout>
-                    </http>
-                </endpoint>
-            </send>
-        </inSequence>
-        <outSequence>
-            <send/>
-        </outSequence>
-    </resource>
-    <handlers>
-        <handler class="org.wso2.carbon.apimgt.gateway.handlers.common.SynapsePropertiesHandler"/>
-        <handler class="org.wso2.openbanking.cds.gateway.handlers.InfoSecDataPublishingHandler"/>
-    </handlers>
-</api>
diff --git a/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_IntrospectAPI_.xml b/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_IntrospectAPI_.xml
deleted file mode 100644
index af70e972..00000000
--- a/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_IntrospectAPI_.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
- ~ Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com). All Rights Reserved.
- ~
- ~ This software is the property of WSO2 LLC. and its suppliers, if any.
- ~ Dissemination of any information or reproduction of any material contained
- ~ herein in any form is strictly forbidden, unless permitted by WSO2 expressly.
- ~ You may not alter or remove any copyright or other notice from copies of this content.
- ~
--->
-
-<api xmlns="http://ws.apache.org/ns/synapse" name="_WSO2_AM_Introspect_API_" context="/token/introspect">
-    <resource methods="POST" url-mapping="/*" faultSequence="_token_fault_">
-        <inSequence>
-            <property name="uri.var.portnum" expression="get-property('keyManager.port')"/>
-            <property name="uri.var.hostname" expression="get-property('keyManager.hostname')"/>
-            <send>
-                <endpoint>
-                    <http uri-template="https://{uri.var.hostname}:{uri.var.portnum}/oauth2/introspect">
-                        <timeout>
-                            <duration>60000</duration>
-                            <responseAction>fault</responseAction>
-                        </timeout>
-                    </http>
-                </endpoint>
-            </send>
-        </inSequence>
-        <outSequence>
-            <send/>
-        </outSequence>
-    </resource>
-    <handlers>
-        <handler class="org.wso2.carbon.apimgt.gateway.handlers.common.SynapsePropertiesHandler"/>
-        <handler class="org.wso2.openbanking.cds.gateway.handlers.InfoSecDataPublishingHandler"/>
-    </handlers>
-</api>
diff --git a/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_OIDCDiscoveryAPI_.xml b/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_OIDCDiscoveryAPI_.xml
deleted file mode 100644
index b9836bf0..00000000
--- a/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_OIDCDiscoveryAPI_.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
- ~ Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com). All Rights Reserved.
- ~
- ~ This software is the property of WSO2 LLC. and its suppliers, if any.
- ~ Dissemination of any information or reproduction of any material contained
- ~ herein in any form is strictly forbidden, unless permitted by WSO2 expressly.
- ~ You may not alter or remove any copyright or other notice from copies of this content.
- ~
--->
-
-<api xmlns="http://ws.apache.org/ns/synapse" name="_WSO2_AM_OIDC_Discovery_API_" context="/.well-known/openid-configuration">
-    <resource methods="GET" url-mapping="/*" faultSequence="_token_fault_">
-        <inSequence>
-            <property name="uri.var.portnum" expression="get-property('keyManager.port')"/>
-            <property name="uri.var.hostname" expression="get-property('keyManager.hostname')"/>
-            <send>
-                <endpoint>
-                    <http uri-template="https://{uri.var.hostname}:{uri.var.portnum}/oauth2/token/.well-known/openid-configuration">
-                        <timeout>
-                            <duration>60000</duration>
-                            <responseAction>fault</responseAction>
-                        </timeout>
-                    </http>
-                </endpoint>
-            </send>
-        </inSequence>
-        <outSequence>
-            <send/>
-        </outSequence>
-    </resource>
-    <handlers>
-        <handler class="org.wso2.carbon.apimgt.gateway.handlers.common.SynapsePropertiesHandler"/>
-        <handler class="org.wso2.openbanking.cds.gateway.handlers.InfoSecDataPublishingHandler"/>
-    </handlers>
-</api>
diff --git a/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_PARAPI_.xml b/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_PARAPI_.xml
deleted file mode 100644
index bc4b42cc..00000000
--- a/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_PARAPI_.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
- ~ Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com). All Rights Reserved.
- ~
- ~ This software is the property of WSO2 LLC. and its suppliers, if any.
- ~ Dissemination of any information or reproduction of any material contained
- ~ herein in any form is strictly forbidden, unless permitted by WSO2 expressly.
- ~ You may not alter or remove any copyright or other notice from copies of this content.
- ~
--->
-
-<api xmlns="http://ws.apache.org/ns/synapse" name="_WSO2_AM_PAR_API_" context="/par">
-    <resource methods="POST" url-mapping="/*" faultSequence="_token_fault_">
-        <inSequence>
-            <property name="uri.var.portnum" expression="get-property('keyManager.port')"/>
-            <property name="uri.var.hostname" expression="get-property('keyManager.hostname')"/>
-            <send>
-                <endpoint>
-                    <http uri-template="https://{uri.var.hostname}:{uri.var.portnum}/api/openbanking/push-authorization/par">
-                        <timeout>
-                            <duration>60000</duration>
-                            <responseAction>fault</responseAction>
-                        </timeout>
-                    </http>
-                </endpoint>
-            </send>
-        </inSequence>
-        <outSequence>
-            <send/>
-        </outSequence>
-    </resource>
-    <handlers>
-        <handler class="org.wso2.carbon.apimgt.gateway.handlers.common.SynapsePropertiesHandler"/>
-    </handlers>
-</api>
diff --git a/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_RevokeAPI_.xml b/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_RevokeAPI_.xml
deleted file mode 100644
index 08188818..00000000
--- a/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_RevokeAPI_.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
- ~ Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com). All Rights Reserved.
- ~
- ~ This software is the property of WSO2 LLC. and its suppliers, if any.
- ~ Dissemination of any information or reproduction of any material contained
- ~ herein in any form is strictly forbidden, unless permitted by WSO2 expressly.
- ~ You may not alter or remove any copyright or other notice from copies of this content.
- ~
--->
-
-<api xmlns="http://ws.apache.org/ns/synapse" name="_WSO2_AM_Revoke_API_" context="/revoke">
-    <resource methods="POST" url-mapping="/*" faultSequence="_token_fault_">
-        <inSequence>
-            <property name="uri.var.portnum" expression="get-property('keyManager.port')"/>
-            <property name="uri.var.hostname" expression="get-property('keyManager.hostname')"/>
-            <send>
-                <endpoint>
-                    <http uri-template="https://{uri.var.hostname}:{uri.var.portnum}/oauth2/revoke">
-                        <timeout>
-                            <duration>60000</duration>
-                            <responseAction>fault</responseAction>
-                        </timeout>
-                    </http>
-                </endpoint>
-            </send>
-        </inSequence>
-        <outSequence>
-            <send/>
-        </outSequence>
-    </resource>
-    <handlers>
-        <handler class="org.wso2.carbon.apimgt.gateway.handlers.common.SynapsePropertiesHandler"/>
-        <handler class="org.wso2.openbanking.cds.gateway.handlers.InfoSecDataPublishingHandler"/>
-    </handlers>
-</api>
diff --git a/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_TokenAPI_.xml b/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_TokenAPI_.xml
deleted file mode 100644
index c24faaf5..00000000
--- a/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_TokenAPI_.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
- ~ Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com). All Rights Reserved.
- ~
- ~ This software is the property of WSO2 LLC. and its suppliers, if any.
- ~ Dissemination of any information or reproduction of any material contained
- ~ herein in any form is strictly forbidden, unless permitted by WSO2 expressly.
- ~ You may not alter or remove any copyright or other notice from copies of this content.
- ~
--->
-
-<api xmlns="http://ws.apache.org/ns/synapse" name="_WSO2_AM_Token_API_" context="/token">
-    <resource methods="POST" url-mapping="/*" faultSequence="_token_fault_">
-        <inSequence>
-            <property name="uri.var.portnum" expression="get-property('keyManager.port')"/>
-	        <property name="uri.var.hostname" expression="get-property('keyManager.hostname')"/>
-            <send>
-                <endpoint>
-                    <http uri-template="https://{uri.var.hostname}:{uri.var.portnum}/oauth2/token">
-                        <timeout>
-                            <duration>60000</duration>
-                            <responseAction>fault</responseAction>
-                        </timeout>
-                    </http>
-                </endpoint>
-            </send>
-        </inSequence>
-        <outSequence>
-            <send/>
-        </outSequence>
-    </resource>
-    <handlers>
-        <handler class="org.wso2.carbon.apimgt.gateway.handlers.common.SynapsePropertiesHandler"/>
-        <handler class="org.wso2.openbanking.cds.gateway.handlers.InfoSecDataPublishingHandler"/>
-        <handler class="com.wso2.openbanking.accelerator.gateway.handler.GatewayClientAuthenticationHandler"/>
-    </handlers>
-</api>
diff --git a/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_UserInfoAPI_.xml b/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_UserInfoAPI_.xml
deleted file mode 100644
index 44014002..00000000
--- a/toolkits/ob-apim/carbon-home/repository/deployment/server/synapse-configs/default/api/_UserInfoAPI_.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
- ~ Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com). All Rights Reserved.
- ~
- ~ This software is the property of WSO2 LLC. and its suppliers, if any.
- ~ Dissemination of any information or reproduction of any material contained
- ~ herein in any form is strictly forbidden, unless permitted by WSO2 expressly.
- ~ You may not alter or remove any copyright or other notice from copies of this content.
- ~
--->
-
-<api xmlns="http://ws.apache.org/ns/synapse" name="_WSO2_AM_UserInfo_API_" context="/userinfo">
-    <resource methods="GET POST" url-mapping="/*" faultSequence="_token_fault_">
-        <inSequence>
-            <property name="uri.var.portnum" expression="get-property('keyManager.port')"/>
-            <property name="uri.var.hostname" expression="get-property('keyManager.hostname')"/>
-            <send>
-                <endpoint>
-                    <http uri-template="https://{uri.var.hostname}:{uri.var.portnum}/oauth2/userinfo">
-                        <timeout>
-                            <duration>60000</duration>
-                            <responseAction>fault</responseAction>
-                        </timeout>
-                    </http>
-                </endpoint>
-            </send>
-        </inSequence>
-        <outSequence>
-            <send/>
-        </outSequence>
-    </resource>
-    <handlers>
-        <handler class="org.wso2.carbon.apimgt.gateway.handlers.common.SynapsePropertiesHandler"/>
-        <handler class="org.wso2.openbanking.cds.gateway.handlers.InfoSecDataPublishingHandler"/>
-    </handlers>
-</api>
diff --git a/toolkits/ob-bi/carbon-home/deployment/siddhi-files/CDSCurrentPeakTPSApp.siddhi b/toolkits/ob-bi/carbon-home/deployment/siddhi-files/CDSCurrentPeakTPSApp.siddhi
index 93a84937..84a68240 100644
--- a/toolkits/ob-bi/carbon-home/deployment/siddhi-files/CDSCurrentPeakTPSApp.siddhi
+++ b/toolkits/ob-bi/carbon-home/deployment/siddhi-files/CDSCurrentPeakTPSApp.siddhi
@@ -37,7 +37,8 @@ define function getAspect[JavaScript] return string {
 	var electedResource = data[0];
 	var unauthenticatedList = ["/banking/products", "/banking/products/{productId}", "/discovery/status", "/discovery/outages"];
 	var authenticatedList = ["/banking/accounts", "/common/customer", "/common/customer/detail", "/register", "/register/{ClientId}",
-	                         "/", "/token", "/authorize", "/revoke", "/userinfo", "/token/introspect", "/jwks", "/.well-known/openid-configuration",
+	                         "/", "/oauth2/token", "/oauth2/authorize", "/oauth2/revoke", "/oauth2/userinfo", "/oauth2/introspect",
+	                         "/oauth2/jwks", "/oauth2/token/.well-known/openid-configuration",
 	                         "/banking/accounts/{accountId}", "/banking/accounts/{accountId}/balance", "/banking/accounts/balances",
 	                         "/banking/accounts/{accountId}/transactions", "/banking/accounts/{accountId}/transactions/{transactionId}",
 	                         "/banking/payees", "/banking/payees/{payeeId}", "/banking/accounts/{accountId}/direct-debits",
diff --git a/toolkits/ob-bi/carbon-home/deployment/siddhi-files/CDSInvocationMetricsApp.siddhi b/toolkits/ob-bi/carbon-home/deployment/siddhi-files/CDSInvocationMetricsApp.siddhi
index a81c3cdd..feec793a 100644
--- a/toolkits/ob-bi/carbon-home/deployment/siddhi-files/CDSInvocationMetricsApp.siddhi
+++ b/toolkits/ob-bi/carbon-home/deployment/siddhi-files/CDSInvocationMetricsApp.siddhi
@@ -36,7 +36,7 @@ define function getPriorityTier[JavaScript] return string {
 	var customerStatus = data[1];
 	var unauthenticatedList = ["/banking/products", "/banking/products/{productId}"];
 	var highPriorityList = ["/banking/accounts", "/discovery/status", "/discovery/outages", "/common/customer", "/common/customer/detail", "/register",
-	        "/register/{ClientId}", "/", "/token", "/authorize", "/revoke", "/userinfo", "/token/introspect", "/jwks", "/.well-known/openid-configuration"];
+	        "/register/{ClientId}", "/", "/oauth2/token", "/oauth2/authorize", "/oauth2/revoke", "/oauth2/userinfo", "/oauth2/introspect", "/oauth2/jwks", "/oauth2/token/.well-known/openid-configuration"];
 	var lowPriorityList = ["/banking/accounts/{accountId}", "/banking/accounts/{accountId}/balance", "/banking/accounts/balances", "/banking/accounts/{accountId}/transactions",
 	        "/banking/accounts/{accountId}/transactions/{transactionId}", "/banking/payees", "/banking/payees/{payeeId}", "/banking/accounts/{accountId}/direct-debits",
 	        "/banking/accounts/{accountId}/payments/scheduled", "/banking/payments/scheduled"];
@@ -90,7 +90,8 @@ define function getAspect[JavaScript] return string {
 	var electedResource = data[0];
 	var unauthenticatedList = ['/banking/products', '/banking/products/{productId}', '/discovery/status', '/discovery/outages'];
 	var authenticatedList = ['/banking/accounts', '/common/customer', '/common/customer/detail', '/register', '/register/{ClientId}',
-            '/', '/token', '/authorize', '/revoke', '/userinfo', '/token/introspect', '/jwks', '/.well-known/openid-configuration',
+            '/', '/oauth2/token', '/oauth2/authorize', '/oauth2/revoke', '/oauth2/userinfo', '/oauth2/introspect',
+            '/oauth2/jwks', '/oauth2/token/.well-known/openid-configuration',
             '/banking/accounts/{accountId}', '/banking/accounts/{accountId}/balance', '/banking/accounts/balances',
             '/banking/accounts/{accountId}/transactions', '/banking/accounts/{accountId}/transactions/{transactionId}',
             '/banking/payees', '/banking/payees/{payeeId}', '/banking/accounts/{accountId}/direct-debits',
diff --git a/toolkits/ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml b/toolkits/ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml
index 4b65efae..62bf6168 100644
--- a/toolkits/ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml
+++ b/toolkits/ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml
@@ -173,7 +173,6 @@ allowed_scopes = ["OB.*", "profile"]
 renew_refresh_token = false
 
 [oauth.endpoints]
-oauth2_token_url = "${carbon.protocol}://APIM_HOSTNAME:8243/token"
 oauth2_consent_page = "${carbon.protocol}://IS_HOSTNAME:${carbon.management.port}/ob/authenticationendpoint/oauth2_authz.do"
 oidc_consent_page = "${carbon.protocol}://IS_HOSTNAME:${carbon.management.port}/ob/authenticationendpoint/oauth2_consent.do"
 
@@ -203,7 +202,7 @@ order = 1
 [event_listener.properties]
 PreventTokenReuse= false
 RejectBeforeInMinutes= "100"
-TokenEndpointAlias= "https://APIM_HOSTNAME:8243/token"
+TokenEndpointAlias= "https://IS_HOSTNAME:9446/oauth2/token"
 notification_endpoint = "https://APIM_HOSTNAME:9443/internal/data/v1/notify"
 username = "${admin.username}"
 password = "${admin.password}"
@@ -231,7 +230,7 @@ order = "894"
 enable = true
 
 [event_listener.properties]
-EndpointAlias = "https://APIM_HOSTNAME:8243/token/introspect"
+EndpointAlias = "https://IS_HOSTNAME:9446/oauth2/introspect"
 
 [[event_listener]]
 id = "cds_par_private_key_jwt_authenticator"
@@ -241,7 +240,7 @@ order = "895"
 enable = true
 
 [event_listener.properties]
-EndpointAlias = "https://APIM_HOSTNAME:8243/par"
+EndpointAlias = "https://IS_HOSTNAME:9446/api/openbanking/push-authorization/par"
 
 [[event_listener]]
 id = "cds_revoke_private_key_jwt_authenticator"
@@ -251,7 +250,7 @@ order = "896"
 enable = true
 
 [event_listener.properties]
-EndpointAlias = "https://APIM_HOSTNAME:8243/revoke"
+EndpointAlias = "https://IS_HOSTNAME:9446/oauth2/revoke"
 
 [[event_listener]]
 id = "cds_arrangement_private_key_jwt_authenticator"
@@ -261,7 +260,7 @@ order = "897"
 enable = true
 
 [event_listener.properties]
-EndpointAlias = "https://APIM_HOSTNAME:8243/arrangements/1.0.0"
+EndpointAlias = "https://IS_HOSTNAME:8243/arrangements/1.0.0"
 
 [[event_listener]]
 id = "cds_token_private_key_jwt_authenticator"
@@ -271,7 +270,7 @@ order = "898"
 enable = true
 
 [event_listener.properties]
-EndpointAlias = "https://APIM_HOSTNAME:8243/token"
+EndpointAlias = "https://IS_HOSTNAME:9446/oauth2/token"
 
 [[event_listener]]
 id = "private_key_jwt_authenticator"
@@ -302,8 +301,7 @@ order = "902"
 enable = false
 
 [event_listener.properties]
-EndpointAlias = "https://APIM_HOSTNAME:8243/token/introspect"
-
+EndpointAlias = "https://IS_HOSTNAME:9446/oauth2/introspect"
 [oauth.grant_type]
 iwa_ntlm.enable = false
 jwt_bearer.enable = true
@@ -546,7 +544,7 @@ step = 2
 allowed_values = ["authorization_code", "refresh_token", "client_credentials"]
 
 [open_banking.dcr.registration.audience]
-allowed_values = ["https://APIM_HOSTNAME:8243/token"]
+allowed_values = ["https://IS_HOSTNAME:9446/oauth2/token"]
 
 [open_banking.dcr.registration.token_endpoint_authentication]
 allowed_values = ["private_key_jwt"]
@@ -747,6 +745,46 @@ required=true
 type="long"
 
 #================custom filters and filter-mappings==============
+[[tomcat.filter]]
+name = "InfoSecDataPublishingFilter"
+class = "org.wso2.openbanking.cds.identity.filter.InfoSecDataPublishingFilter"
+
+[[tomcat.filter_mapping]]
+name = "InfoSecDataPublishingFilter"
+url_pattern = "/token"
+
+[[tomcat.filter_mapping]]
+name = "InfoSecDataPublishingFilter"
+url_pattern = "/.well-known/openid-configuration"
+
+[[tomcat.filter_mapping]]
+name = "InfoSecDataPublishingFilter"
+url_pattern = "/userinfo"
+
+[[tomcat.filter_mapping]]
+name = "InfoSecDataPublishingFilter"
+url_pattern = "/revoke"
+
+[[tomcat.filter_mapping]]
+name = "InfoSecDataPublishingFilter"
+url_pattern = "/introspect"
+
+[[tomcat.filter_mapping]]
+name = "InfoSecDataPublishingFilter"
+url_pattern = "/jwks"
+
+[[tomcat.filter_mapping]]
+name = "InfoSecDataPublishingFilter"
+url_pattern = "/par"
+
+[[tomcat.filter]]
+name = "AuthorizeDataPublishingFilter"
+class = "org.wso2.openbanking.cds.identity.filter.AuthorizeDataPublishingFilter"
+
+[[tomcat.filter_mapping]]
+name = "AuthorizeDataPublishingFilter"
+url_pattern = "/authorize"
+
 [[tomcat.filter]]
 name = "TokenFilter"
 class = "com.wso2.openbanking.accelerator.identity.token.TokenFilter"
@@ -930,3 +968,7 @@ enable = true
 server_url = "https://BI_HOSTNAME:7444"
 username = "$ref{super_admin.username}@carbon.super"
 password = "$ref{super_admin.password}"
+
+[open_banking_cds.external_traffic]
+header_name = "X-External-Traffic"
+expected_value = "true"

From a3730a729e643b579dc5e4a857735bc6adbfb4e5 Mon Sep 17 00:00:00 2001
From: imesh94 <imeshu@wso2.com>
Date: Sun, 27 Oct 2024 15:59:43 +0530
Subject: [PATCH 02/10] Add correct well known url

---
 .../ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/toolkits/ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml b/toolkits/ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml
index 62bf6168..cd17a03a 100644
--- a/toolkits/ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml
+++ b/toolkits/ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml
@@ -755,7 +755,7 @@ url_pattern = "/token"
 
 [[tomcat.filter_mapping]]
 name = "InfoSecDataPublishingFilter"
-url_pattern = "/.well-known/openid-configuration"
+url_pattern = "/oauth2/token/.well-known/openid-configuration"
 
 [[tomcat.filter_mapping]]
 name = "InfoSecDataPublishingFilter"

From 9b7c851297a81c611d548dfb8fa1c700172b3c6b Mon Sep 17 00:00:00 2001
From: imesh94 <imeshu@wso2.com>
Date: Sun, 27 Oct 2024 16:00:37 +0530
Subject: [PATCH 03/10] Add newline

---
 .../ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/toolkits/ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml b/toolkits/ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml
index cd17a03a..0ca59686 100644
--- a/toolkits/ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml
+++ b/toolkits/ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml
@@ -302,6 +302,7 @@ enable = false
 
 [event_listener.properties]
 EndpointAlias = "https://IS_HOSTNAME:9446/oauth2/introspect"
+
 [oauth.grant_type]
 iwa_ntlm.enable = false
 jwt_bearer.enable = true

From a2dd7e2ad9b509bd777042782bfca8ee5b0c1d22 Mon Sep 17 00:00:00 2001
From: imesh94 <imeshu@wso2.com>
Date: Sun, 27 Oct 2024 16:04:47 +0530
Subject: [PATCH 04/10] Add correct par endpoint

---
 .../wso2/openbanking/cds/gateway/utils/GatewayConstants.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/org.wso2.openbanking.cds.gateway/src/main/java/org/wso2/openbanking/cds/gateway/utils/GatewayConstants.java b/components/org.wso2.openbanking.cds.gateway/src/main/java/org/wso2/openbanking/cds/gateway/utils/GatewayConstants.java
index ae44ebf4..f70b3140 100644
--- a/components/org.wso2.openbanking.cds.gateway/src/main/java/org/wso2/openbanking/cds/gateway/utils/GatewayConstants.java
+++ b/components/org.wso2.openbanking.cds.gateway/src/main/java/org/wso2/openbanking/cds/gateway/utils/GatewayConstants.java
@@ -97,7 +97,7 @@ private GatewayConstants() {
     public static final String USERINFO_ENDPOINT = "/oauth2/userinfo";
     public static final String REVOKE_ENDPOINT = "/oauth2/revoke";
     public static final String INTROSPECTION_ENDPOINT = "/oauth2/introspect";
-    public static final String PAR_ENDPOINT = "/oauth2/par";
+    public static final String PAR_ENDPOINT = "/api/openbanking/push-authorization/par";
     public static final String WELL_KNOWN_ENDPOINT = "/oauth2/token/.well-known/openid-configuration";
     public static final String REGISTER_ENDPOINT = "/register";
     public static final String REGISTER_CLIENT_ID_ENDPOINT = "/register/{ClientId}";

From 36d2d7d5fc089d8d328c49e24f4dae163bab6794 Mon Sep 17 00:00:00 2001
From: imesh94 <imeshu@wso2.com>
Date: Sun, 27 Oct 2024 23:45:24 +0530
Subject: [PATCH 05/10] Remove InfoSecDataPublishingHandler

---
 .../InfoSecDataPublishingHandler.java         | 185 ------------------
 .../InfoSecDataPublishingHandlerTest.java     | 138 -------------
 .../src/test/resources/testng.xml             |   1 -
 3 files changed, 324 deletions(-)
 delete mode 100644 components/org.wso2.openbanking.cds.gateway/src/main/java/org/wso2/openbanking/cds/gateway/handlers/InfoSecDataPublishingHandler.java
 delete mode 100644 components/org.wso2.openbanking.cds.gateway/src/test/java/org/wso2/openbanking/cds/gateway/handlers/InfoSecDataPublishingHandlerTest.java

diff --git a/components/org.wso2.openbanking.cds.gateway/src/main/java/org/wso2/openbanking/cds/gateway/handlers/InfoSecDataPublishingHandler.java b/components/org.wso2.openbanking.cds.gateway/src/main/java/org/wso2/openbanking/cds/gateway/handlers/InfoSecDataPublishingHandler.java
deleted file mode 100644
index d6f8075f..00000000
--- a/components/org.wso2.openbanking.cds.gateway/src/main/java/org/wso2/openbanking/cds/gateway/handlers/InfoSecDataPublishingHandler.java
+++ /dev/null
@@ -1,185 +0,0 @@
-/**
- * Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com).
- *
- * WSO2 LLC. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.wso2.openbanking.cds.gateway.handlers;
-
-import org.apache.axis2.context.MessageContext;
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.synapse.core.axis2.Axis2MessageContext;
-import org.apache.synapse.rest.AbstractHandler;
-import org.wso2.openbanking.cds.common.data.publisher.CDSDataPublishingService;
-import org.wso2.openbanking.cds.gateway.utils.GatewayConstants;
-
-import java.time.Instant;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.UUID;
-
-/**
- * Handler to publish data related to infoSec endpoints.
- */
-public class InfoSecDataPublishingHandler extends AbstractHandler {
-
-    private static final Log LOG = LogFactory.getLog(InfoSecDataPublishingHandler.class);
-    private static final String REQUEST_IN_TIME = "REQUEST_IN_TIME";
-
-    @Override
-    public boolean handleRequest(org.apache.synapse.MessageContext messageContext) {
-
-        // Record the request-in time to be used when calculating response latency for APILatency data publishing
-        messageContext.setProperty(REQUEST_IN_TIME, System.currentTimeMillis());
-
-        return true;
-    }
-
-    @Override
-    public boolean handleResponse(org.apache.synapse.MessageContext messageContext) {
-
-        String messageId = UUID.randomUUID().toString();
-
-        // publish api endpoint invocation data
-        Map<String, Object> requestData = generateInvocationDataMap(messageContext, messageId);
-        CDSDataPublishingService.getCDSDataPublishingService().publishApiInvocationData(requestData);
-
-        // publish api endpoint latency data
-        Map<String, Object> latencyData = generateLatencyDataMap(messageContext, messageId);
-        CDSDataPublishingService.getCDSDataPublishingService().publishApiLatencyData(latencyData);
-
-        return true;
-    }
-
-    /**
-     * Create the APIInvocation data map.
-     *
-     * @param messageContext - Message context
-     * @param messageId      - Unique Id for the request
-     * @return requestData Map
-     */
-    protected Map<String, Object> generateInvocationDataMap(org.apache.synapse.MessageContext messageContext,
-                                                            String messageId) {
-
-        Map<String, Object> requestData = new HashMap<>();
-
-        MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
-        Map headers = (Map) axis2MessageContext.getProperty(MessageContext.TRANSPORT_HEADERS);
-        String contentLength = (String) headers.get(GatewayConstants.CONTENT_LENGTH);
-
-        // consumerId is not required for metrics calculations, hence publishing as null
-        requestData.put("consumerId", null);
-        requestData.put("userAgent", getUserAgent(messageContext));
-        requestData.put("statusCode", axis2MessageContext.getProperty(GatewayConstants.HTTP_SC));
-        requestData.put("httpMethod", messageContext.getProperty(GatewayConstants.REST_METHOD));
-        requestData.put("responsePayloadSize", contentLength != null ? Long.parseLong(contentLength) : 0);
-        String[] apiData = getApiData((String) messageContext.getProperty(GatewayConstants.REST_API_CONTEXT));
-        requestData.put("electedResource", apiData[0]);
-        requestData.put("apiName", apiData[1]);
-        // apiSpecVersion is not applicable to infoSec endpoints
-        requestData.put("apiSpecVersion", null);
-        requestData.put("timestamp", Instant.now().getEpochSecond());
-        requestData.put("messageId", messageId);
-        requestData.put("customerStatus", GatewayConstants.UNDEFINED);
-        requestData.put("accessToken", null);
-        return requestData;
-    }
-
-    /**
-     * Create the APIInvocation Latency data map.
-     *
-     * @param messageContext - Message context
-     * @param messageId      - Unique Id for the request
-     * @return latencyData Map
-     */
-    protected Map<String, Object> generateLatencyDataMap(org.apache.synapse.MessageContext messageContext,
-                                                         String messageId) {
-
-        Map<String, Object> latencyData = new HashMap<>();
-        long requestInTime = (long) messageContext.getProperty(REQUEST_IN_TIME);
-        long requestLatency = System.currentTimeMillis() - requestInTime;
-
-        latencyData.put("correlationId", messageId);
-        latencyData.put("requestTimestamp", String.valueOf(Instant.now().getEpochSecond()));
-        latencyData.put("backendLatency", 0L);
-        latencyData.put("requestMediationLatency", 0L);
-        latencyData.put("responseLatency", requestLatency >= 0 ? requestLatency : 0L);
-        latencyData.put("responseMediationLatency", 0L);
-        return latencyData;
-
-    }
-
-    private String[] getApiData(String context) {
-
-        String[] apiData = new String[2];
-        String apiName;
-        switch (StringUtils.lowerCase(context)) {
-            case GatewayConstants.TOKEN_ENDPOINT:
-                apiName = GatewayConstants.TOKEN_API;
-                break;
-            case GatewayConstants.AUTHORIZE_ENDPOINT:
-                apiName = GatewayConstants.AUTHORIZE_API;
-                break;
-            case GatewayConstants.USERINFO_ENDPOINT:
-                apiName = GatewayConstants.USERINFO_API;
-                break;
-            case GatewayConstants.INTROSPECTION_ENDPOINT:
-                apiName = GatewayConstants.INTROSPECT_API;
-                break;
-            case GatewayConstants.JWKS_ENDPOINT:
-                apiName = GatewayConstants.JWKS_API;
-                break;
-            case GatewayConstants.REVOKE_ENDPOINT:
-                apiName = GatewayConstants.TOKEN_REVOCATION_API;
-                break;
-            case GatewayConstants.WELL_KNOWN_ENDPOINT:
-                apiName = GatewayConstants.WELL_KNOWN_API;
-                break;
-            case GatewayConstants.PAR_ENDPOINT:
-                apiName = GatewayConstants.PAR_API;
-                break;
-            default:
-                apiName = StringUtils.EMPTY;
-        }
-        apiData[0] = context;
-        apiData[1] = apiName;
-        return apiData;
-    }
-
-    /**
-     * Extracts the user agent from the message context.
-     *
-     * @param messageContext - Message context
-     * @return clientId
-     */
-    private String getUserAgent(org.apache.synapse.MessageContext messageContext) {
-
-        MessageContext axis2MessageContext = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
-        Map headers = (Map) axis2MessageContext.getProperty(MessageContext.TRANSPORT_HEADERS);
-
-        String userAgent;
-        if (messageContext.getProperty(GatewayConstants.CLIENT_USER_AGENT) != null) {
-            userAgent = (String) messageContext.getProperty(GatewayConstants.CLIENT_USER_AGENT);
-        } else if (headers.get(GatewayConstants.CLIENT_USER_AGENT) != null) {
-            userAgent = (String) headers.get(GatewayConstants.CLIENT_USER_AGENT);
-        } else {
-            userAgent = GatewayConstants.UNKNOWN;
-        }
-
-        return userAgent;
-    }
-}
diff --git a/components/org.wso2.openbanking.cds.gateway/src/test/java/org/wso2/openbanking/cds/gateway/handlers/InfoSecDataPublishingHandlerTest.java b/components/org.wso2.openbanking.cds.gateway/src/test/java/org/wso2/openbanking/cds/gateway/handlers/InfoSecDataPublishingHandlerTest.java
deleted file mode 100644
index 805c14b1..00000000
--- a/components/org.wso2.openbanking.cds.gateway/src/test/java/org/wso2/openbanking/cds/gateway/handlers/InfoSecDataPublishingHandlerTest.java
+++ /dev/null
@@ -1,138 +0,0 @@
-/**
- * Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com).
- *
- * WSO2 LLC. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.wso2.openbanking.cds.gateway.handlers;
-
-import com.wso2.openbanking.accelerator.common.config.OpenBankingConfigParser;
-import com.wso2.openbanking.accelerator.data.publisher.common.util.OBDataPublisherUtil;
-import org.apache.axiom.om.OMElement;
-import org.apache.synapse.MessageContext;
-import org.apache.synapse.commons.json.JsonUtil;
-import org.apache.synapse.config.SynapseConfiguration;
-import org.apache.synapse.core.SynapseEnvironment;
-import org.apache.synapse.core.axis2.Axis2MessageContext;
-import org.mockito.Mockito;
-import org.powermock.core.classloader.annotations.PowerMockIgnore;
-import org.powermock.core.classloader.annotations.PrepareForTest;
-import org.powermock.modules.testng.PowerMockTestCase;
-import org.testng.annotations.BeforeMethod;
-import org.testng.annotations.Test;
-import org.wso2.openbanking.cds.gateway.utils.GatewayConstants;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.UUID;
-
-import static org.powermock.api.mockito.PowerMockito.doNothing;
-import static org.powermock.api.mockito.PowerMockito.mock;
-import static org.powermock.api.mockito.PowerMockito.mockStatic;
-import static org.powermock.api.mockito.PowerMockito.when;
-import static org.testng.Assert.assertEquals;
-import static org.testng.Assert.assertNotNull;
-
-/**
- * Test class for InfoSecDataPublishingHandler.
- */
-@PrepareForTest({OpenBankingConfigParser.class, OBDataPublisherUtil.class, JsonUtil.class})
-@PowerMockIgnore("jdk.internal.reflect.*")
-public class InfoSecDataPublishingHandlerTest extends PowerMockTestCase {
-
-    MessageContext messageContext;
-
-    @BeforeMethod
-    public void beforeMethod() throws Exception {
-
-        Map<String, Object> configs = new HashMap<>();
-        configs.put("DataPublishing.Enabled", "true");
-        configs.put(GatewayConstants.CLIENT_USER_AGENT, "dummyAgent");
-
-        mockStatic(OpenBankingConfigParser.class);
-        OpenBankingConfigParser openBankingConfigParserMock = mock(OpenBankingConfigParser.class);
-        when(OpenBankingConfigParser.getInstance()).thenReturn(openBankingConfigParserMock);
-        when(openBankingConfigParserMock.getConfiguration()).thenReturn(configs);
-
-        SynapseConfiguration synapseConfigurationMock = mock(SynapseConfiguration.class);
-        SynapseEnvironment synapseEnvironmentMock = mock(SynapseEnvironment.class);
-        org.apache.axis2.context.MessageContext messageContextMock =
-                mock(org.apache.axis2.context.MessageContext.class);
-        messageContext = new Axis2MessageContext(messageContextMock, synapseConfigurationMock,
-                synapseEnvironmentMock);
-
-        messageContext.setProperty(GatewayConstants.HTTP_RESPONSE_STATUS_CODE, 500);
-        messageContext.setProperty(GatewayConstants.REST_API_CONTEXT, "/token");
-        messageContext.setProperty(GatewayConstants.REST_METHOD, "POST");
-        org.apache.axis2.context.MessageContext axis2MessageContext = new org.apache.axis2.context.MessageContext();
-        axis2MessageContext.setProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS, configs);
-
-        axis2MessageContext.setProperty(GatewayConstants.HTTP_SC, "500");
-        ((Axis2MessageContext) messageContext).setAxis2MessageContext(axis2MessageContext);
-
-        mockStatic(OBDataPublisherUtil.class);
-        doNothing().when(OBDataPublisherUtil.class, "publishData", Mockito.anyString(), Mockito.anyString(),
-                Mockito.anyObject());
-
-        mockStatic(JsonUtil.class);
-        OMElement omElementMock = mock(OMElement.class);
-        when(JsonUtil.getNewJsonPayload(Mockito.anyObject(), Mockito.anyString(), Mockito.anyBoolean(),
-                Mockito.anyBoolean())).thenReturn(omElementMock);
-    }
-
-    @Test(description = "Test the attributes in the invocation data map")
-    public void invocationDataMapAttributesTest() {
-
-        InfoSecDataPublishingHandler handler = Mockito.spy(InfoSecDataPublishingHandler.class);
-        String messageId = UUID.randomUUID().toString();
-        messageContext.setProperty("REQUEST_IN_TIME", System.currentTimeMillis());
-        Map<String, Object> latencyData = handler.generateInvocationDataMap(messageContext, messageId);
-        assertEquals(latencyData.get("messageId"), messageId);
-        assertEquals(latencyData.get("customerStatus"), GatewayConstants.UNDEFINED);
-        assertEquals(latencyData.get("apiName"), GatewayConstants.TOKEN_API);
-        assertEquals(latencyData.get("electedResource"), GatewayConstants.TOKEN_ENDPOINT);
-        assertNotNull(latencyData.get("timestamp"));
-        assertNotNull(latencyData.get("responsePayloadSize"));
-        assertNotNull(latencyData.get("httpMethod"));
-        assertNotNull(latencyData.get("statusCode"));
-        assertNotNull(latencyData.get("userAgent"));
-    }
-
-    @Test(description = "Test the attributes in the latency data map")
-    public void latencyDataMapAttributesTest() {
-
-        InfoSecDataPublishingHandler handler = Mockito.spy(InfoSecDataPublishingHandler.class);
-        String messageId = UUID.randomUUID().toString();
-        messageContext.setProperty("REQUEST_IN_TIME", System.currentTimeMillis());
-        Map<String, Object> latencyData = handler.generateLatencyDataMap(messageContext, messageId);
-        assertEquals(latencyData.get("correlationId"), messageId);
-        assertNotNull(latencyData.get("requestTimestamp"));
-        assertNotNull(latencyData.get("backendLatency"));
-        assertNotNull(latencyData.get("requestMediationLatency"));
-        assertNotNull(latencyData.get("responseLatency"));
-        assertNotNull(latencyData.get("responseMediationLatency"));
-    }
-
-    @Test(description = "Test the ResponseLatency attribute in the latency data map")
-    public void latencyDataMapNegativeResponseLatencyTest() {
-
-        InfoSecDataPublishingHandler handler = Mockito.spy(InfoSecDataPublishingHandler.class);
-        String messageId = UUID.randomUUID().toString();
-        messageContext.setProperty("REQUEST_IN_TIME", System.currentTimeMillis() + (60 * 1000));
-        Map<String, Object> latencyData = handler.generateLatencyDataMap(messageContext, messageId);
-        assertEquals(latencyData.get("responseLatency"), 0L);
-    }
-
-}
diff --git a/components/org.wso2.openbanking.cds.gateway/src/test/resources/testng.xml b/components/org.wso2.openbanking.cds.gateway/src/test/resources/testng.xml
index e01cfaa0..69af762c 100644
--- a/components/org.wso2.openbanking.cds.gateway/src/test/resources/testng.xml
+++ b/components/org.wso2.openbanking.cds.gateway/src/test/resources/testng.xml
@@ -27,7 +27,6 @@
             <class name="org.wso2.openbanking.cds.gateway.executors.core.CDSAPIRequestRouterTest"/>
             <class name="org.wso2.openbanking.cds.gateway.throttling.CDSThrottleDataPublisherImplTest"/>
             <class name="org.wso2.openbanking.cds.gateway.mediators.GatewayErrorMediatorTest"/>
-            <class name="org.wso2.openbanking.cds.gateway.handlers.InfoSecDataPublishingHandlerTest"/>
             <class name="org.wso2.openbanking.cds.gateway.executors.reporting.CDSCommonDataReportingExecutorTest"/>
             <class name="org.wso2.openbanking.cds.gateway.executors.header.validation.CDSHeaderValidationExecutorTest"/>
             <class name="org.wso2.openbanking.cds.gateway.executors.jwt.authentication.JWTAuthenticationExecutorTest"/>

From 8038786925d11efd825d1b0092782cef0ed5fa65 Mon Sep 17 00:00:00 2001
From: imesh94 <imeshu@wso2.com>
Date: Sun, 27 Oct 2024 23:49:51 +0530
Subject: [PATCH 06/10] Add toml changes

---
 .../repository/resources/wso2am-4.2.0-deployment-cds.toml        | 1 -
 .../ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml  | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/toolkits/ob-apim/repository/resources/wso2am-4.2.0-deployment-cds.toml b/toolkits/ob-apim/repository/resources/wso2am-4.2.0-deployment-cds.toml
index 3a61a02b..78075fad 100644
--- a/toolkits/ob-apim/repository/resources/wso2am-4.2.0-deployment-cds.toml
+++ b/toolkits/ob-apim/repository/resources/wso2am-4.2.0-deployment-cds.toml
@@ -150,7 +150,6 @@ websub_event_receiver_http_endpoint = "http://APIM_HOSTNAME:9021"
 websub_event_receiver_https_endpoint = "https://APIM_HOSTNAME:8021"
 
 [apim.sync_runtime_artifacts.gateway]
-skip_list.apis = ["_AuthorizeAPI_.xml", "_TokenAPI_.xml", "_OIDCDiscoveryAPI_.xml", "_UserInfoAPI_.xml", "_RevokeAPI_.xml", "_IntrospectAPI_.xml", "_PARAPI_.xml"]
 skip_list.sequences = ["jsonConverter.xml"]
 gateway_labels =["Default"]
 
diff --git a/toolkits/ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml b/toolkits/ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml
index 0ca59686..a59a9255 100644
--- a/toolkits/ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml
+++ b/toolkits/ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml
@@ -173,6 +173,7 @@ allowed_scopes = ["OB.*", "profile"]
 renew_refresh_token = false
 
 [oauth.endpoints]
+oauth2_token_url = "${carbon.protocol}://IS_HOSTNAME:${carbon.management.port}/oauth2/token"
 oauth2_consent_page = "${carbon.protocol}://IS_HOSTNAME:${carbon.management.port}/ob/authenticationendpoint/oauth2_authz.do"
 oidc_consent_page = "${carbon.protocol}://IS_HOSTNAME:${carbon.management.port}/ob/authenticationendpoint/oauth2_consent.do"
 

From 415bcb88bf59a89667da1a90836c4b574c8ca78e Mon Sep 17 00:00:00 2001
From: imesh94 <imeshu@wso2.com>
Date: Mon, 28 Oct 2024 00:41:01 +0530
Subject: [PATCH 07/10] Fix not detenting infosec requests as high priority

---
 .../siddhi-files/CDSCurrentPeakTPSApp.siddhi      | 15 +++++++--------
 .../siddhi-files/CDSInvocationMetricsApp.siddhi   |  5 ++---
 2 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/toolkits/ob-bi/carbon-home/deployment/siddhi-files/CDSCurrentPeakTPSApp.siddhi b/toolkits/ob-bi/carbon-home/deployment/siddhi-files/CDSCurrentPeakTPSApp.siddhi
index 84a68240..34f60e91 100644
--- a/toolkits/ob-bi/carbon-home/deployment/siddhi-files/CDSCurrentPeakTPSApp.siddhi
+++ b/toolkits/ob-bi/carbon-home/deployment/siddhi-files/CDSCurrentPeakTPSApp.siddhi
@@ -36,14 +36,13 @@ define function getAspect[JavaScript] return string {
 	var aspect;
 	var electedResource = data[0];
 	var unauthenticatedList = ["/banking/products", "/banking/products/{productId}", "/discovery/status", "/discovery/outages"];
-	var authenticatedList = ["/banking/accounts", "/common/customer", "/common/customer/detail", "/register", "/register/{ClientId}",
-	                         "/", "/oauth2/token", "/oauth2/authorize", "/oauth2/revoke", "/oauth2/userinfo", "/oauth2/introspect",
-	                         "/oauth2/jwks", "/oauth2/token/.well-known/openid-configuration",
-	                         "/banking/accounts/{accountId}", "/banking/accounts/{accountId}/balance", "/banking/accounts/balances",
-	                         "/banking/accounts/{accountId}/transactions", "/banking/accounts/{accountId}/transactions/{transactionId}",
-	                         "/banking/payees", "/banking/payees/{payeeId}", "/banking/accounts/{accountId}/direct-debits",
-                             "/banking/accounts/{accountId}/payments/scheduled", "/banking/payments/scheduled", "/register/metadata",
-                             "/metrics", "/banking/accounts/direct-debits"];
+	var authenticatedList = ['/banking/accounts', '/common/customer', '/common/customer/detail', '/register', '/register/{ClientId}',
+                '/', '/token', '/authorize', '/revoke', '/userinfo', '/introspect', '/jwks', '/.well-known/openid-configuration',
+                '/banking/accounts/{accountId}', '/banking/accounts/{accountId}/balance', '/banking/accounts/balances',
+                '/banking/accounts/{accountId}/transactions', '/banking/accounts/{accountId}/transactions/{transactionId}',
+                '/banking/payees', '/banking/payees/{payeeId}', '/banking/accounts/{accountId}/direct-debits',
+                '/banking/accounts/{accountId}/payments/scheduled', '/banking/payments/scheduled', '/register/metadata',
+                '/metrics', '/banking/accounts/direct-debits'];
 
     if (unauthenticatedList.indexOf(electedResource) > -1) {
         aspect = "unauthenticated";
diff --git a/toolkits/ob-bi/carbon-home/deployment/siddhi-files/CDSInvocationMetricsApp.siddhi b/toolkits/ob-bi/carbon-home/deployment/siddhi-files/CDSInvocationMetricsApp.siddhi
index feec793a..3adb5dbc 100644
--- a/toolkits/ob-bi/carbon-home/deployment/siddhi-files/CDSInvocationMetricsApp.siddhi
+++ b/toolkits/ob-bi/carbon-home/deployment/siddhi-files/CDSInvocationMetricsApp.siddhi
@@ -36,7 +36,7 @@ define function getPriorityTier[JavaScript] return string {
 	var customerStatus = data[1];
 	var unauthenticatedList = ["/banking/products", "/banking/products/{productId}"];
 	var highPriorityList = ["/banking/accounts", "/discovery/status", "/discovery/outages", "/common/customer", "/common/customer/detail", "/register",
-	        "/register/{ClientId}", "/", "/oauth2/token", "/oauth2/authorize", "/oauth2/revoke", "/oauth2/userinfo", "/oauth2/introspect", "/oauth2/jwks", "/oauth2/token/.well-known/openid-configuration"];
+	        "/register/{ClientId}", "/", "/token", "/authorize", "/revoke", "/userinfo", "/introspect", "/jwks", "/.well-known/openid-configuration"];
 	var lowPriorityList = ["/banking/accounts/{accountId}", "/banking/accounts/{accountId}/balance", "/banking/accounts/balances", "/banking/accounts/{accountId}/transactions",
 	        "/banking/accounts/{accountId}/transactions/{transactionId}", "/banking/payees", "/banking/payees/{payeeId}", "/banking/accounts/{accountId}/direct-debits",
 	        "/banking/accounts/{accountId}/payments/scheduled", "/banking/payments/scheduled"];
@@ -90,8 +90,7 @@ define function getAspect[JavaScript] return string {
 	var electedResource = data[0];
 	var unauthenticatedList = ['/banking/products', '/banking/products/{productId}', '/discovery/status', '/discovery/outages'];
 	var authenticatedList = ['/banking/accounts', '/common/customer', '/common/customer/detail', '/register', '/register/{ClientId}',
-            '/', '/oauth2/token', '/oauth2/authorize', '/oauth2/revoke', '/oauth2/userinfo', '/oauth2/introspect',
-            '/oauth2/jwks', '/oauth2/token/.well-known/openid-configuration',
+            '/', '/token', '/authorize', '/revoke', '/userinfo', '/introspect', '/jwks', '/.well-known/openid-configuration',
             '/banking/accounts/{accountId}', '/banking/accounts/{accountId}/balance', '/banking/accounts/balances',
             '/banking/accounts/{accountId}/transactions', '/banking/accounts/{accountId}/transactions/{transactionId}',
             '/banking/payees', '/banking/payees/{payeeId}', '/banking/accounts/{accountId}/direct-debits',

From 74f54a280856f02ff29ac25104b9bbae425f73dc Mon Sep 17 00:00:00 2001
From: imesh94 <imeshu@wso2.com>
Date: Mon, 28 Oct 2024 00:46:44 +0530
Subject: [PATCH 08/10] Update CDSCurrentPeakTPSApp.siddhi

---
 .../siddhi-files/CDSCurrentPeakTPSApp.siddhi       | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/toolkits/ob-bi/carbon-home/deployment/siddhi-files/CDSCurrentPeakTPSApp.siddhi b/toolkits/ob-bi/carbon-home/deployment/siddhi-files/CDSCurrentPeakTPSApp.siddhi
index 34f60e91..1129ee76 100644
--- a/toolkits/ob-bi/carbon-home/deployment/siddhi-files/CDSCurrentPeakTPSApp.siddhi
+++ b/toolkits/ob-bi/carbon-home/deployment/siddhi-files/CDSCurrentPeakTPSApp.siddhi
@@ -36,13 +36,13 @@ define function getAspect[JavaScript] return string {
 	var aspect;
 	var electedResource = data[0];
 	var unauthenticatedList = ["/banking/products", "/banking/products/{productId}", "/discovery/status", "/discovery/outages"];
-	var authenticatedList = ['/banking/accounts', '/common/customer', '/common/customer/detail', '/register', '/register/{ClientId}',
-                '/', '/token', '/authorize', '/revoke', '/userinfo', '/introspect', '/jwks', '/.well-known/openid-configuration',
-                '/banking/accounts/{accountId}', '/banking/accounts/{accountId}/balance', '/banking/accounts/balances',
-                '/banking/accounts/{accountId}/transactions', '/banking/accounts/{accountId}/transactions/{transactionId}',
-                '/banking/payees', '/banking/payees/{payeeId}', '/banking/accounts/{accountId}/direct-debits',
-                '/banking/accounts/{accountId}/payments/scheduled', '/banking/payments/scheduled', '/register/metadata',
-                '/metrics', '/banking/accounts/direct-debits'];
+	var authenticatedList = ["/banking/accounts", "/common/customer", "/common/customer/detail", "/register", "/register/{ClientId}",
+	                         "/", "/token", "/authorize", "/revoke", "/userinfo", "/introspect", "/jwks", "/.well-known/openid-configuration",
+	                         "/banking/accounts/{accountId}", "/banking/accounts/{accountId}/balance", "/banking/accounts/balances",
+	                         "/banking/accounts/{accountId}/transactions", "/banking/accounts/{accountId}/transactions/{transactionId}",
+	                         "/banking/payees", "/banking/payees/{payeeId}", "/banking/accounts/{accountId}/direct-debits",
+                             "/banking/accounts/{accountId}/payments/scheduled", "/banking/payments/scheduled", "/register/metadata",
+                             "/metrics", "/banking/accounts/direct-debits"];
 
     if (unauthenticatedList.indexOf(electedResource) > -1) {
         aspect = "unauthenticated";

From ca3667388cf5a0f928772e944b1639f2279ef0ff Mon Sep 17 00:00:00 2001
From: imesh94 <imeshu@wso2.com>
Date: Mon, 28 Oct 2024 12:46:24 +0530
Subject: [PATCH 09/10] Fix invalid priority for cdr arrangement revocation
 endpoint

---
 .../wso2/openbanking/cds/gateway/utils/GatewayConstants.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/org.wso2.openbanking.cds.gateway/src/main/java/org/wso2/openbanking/cds/gateway/utils/GatewayConstants.java b/components/org.wso2.openbanking.cds.gateway/src/main/java/org/wso2/openbanking/cds/gateway/utils/GatewayConstants.java
index f70b3140..03049089 100644
--- a/components/org.wso2.openbanking.cds.gateway/src/main/java/org/wso2/openbanking/cds/gateway/utils/GatewayConstants.java
+++ b/components/org.wso2.openbanking.cds.gateway/src/main/java/org/wso2/openbanking/cds/gateway/utils/GatewayConstants.java
@@ -101,7 +101,7 @@ private GatewayConstants() {
     public static final String WELL_KNOWN_ENDPOINT = "/oauth2/token/.well-known/openid-configuration";
     public static final String REGISTER_ENDPOINT = "/register";
     public static final String REGISTER_CLIENT_ID_ENDPOINT = "/register/{ClientId}";
-    public static final String CDR_ARRANGEMENT_ENDPOINT = "/{cdrArrangementId}";
+    public static final String CDR_ARRANGEMENT_ENDPOINT = "/arrangements/1.0.0";
     public static final String DISCOVERY_OUTAGES_ENDPOINT = "/discovery/outages";
     public static final String DISCOVERY_STATUS_ENDPOINT = "/discovery/status";
     public static final String PRODUCTS_ENDPOINT = "/banking/products";

From c20855a283669b7163ae2ae037fc2bfdccce185f Mon Sep 17 00:00:00 2001
From: imesh94 <imeshu@wso2.com>
Date: Mon, 28 Oct 2024 14:51:41 +0530
Subject: [PATCH 10/10] Check HttpServletRequest before casting

---
 .../cds/identity/filter/InfoSecDataPublishingFilter.java   | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/components/org.wso2.openbanking.cds.identity/src/main/java/org/wso2/openbanking/cds/identity/filter/InfoSecDataPublishingFilter.java b/components/org.wso2.openbanking.cds.identity/src/main/java/org/wso2/openbanking/cds/identity/filter/InfoSecDataPublishingFilter.java
index 522284ec..3b705681 100644
--- a/components/org.wso2.openbanking.cds.identity/src/main/java/org/wso2/openbanking/cds/identity/filter/InfoSecDataPublishingFilter.java
+++ b/components/org.wso2.openbanking.cds.identity/src/main/java/org/wso2/openbanking/cds/identity/filter/InfoSecDataPublishingFilter.java
@@ -263,7 +263,10 @@ public void destroy() {
     public boolean shouldPublishCurrentRequestData(ServletRequest request) {
 
         // If the request is internal traffic, no need to publish data
-        return expectedExternalTrafficHeaderValue.equalsIgnoreCase(
-                ((HttpServletRequest) request).getHeader(externalTrafficHeaderName));
+        if (request instanceof HttpServletRequest) {
+            return expectedExternalTrafficHeaderValue.equalsIgnoreCase(
+                    ((HttpServletRequest) request).getHeader(externalTrafficHeaderName));
+        }
+        return false;
     }
 }