PC reference guide

Reference guide contains information about PC server components configuration

PC Server

Configuration parameters setting up

Configuration params values is set up by adding records to PCS Database, to pc_sys_property table by SQL Request. Records consist of setting_name, setting_value, and setting_id counter fields. Acceptable names and values listed below

PC Server should be restarted after changing params.

Examples of SQL requests for set params

PostgreSQL

insert into pc_sys_property values (nextval('pc_setting_seq'), 'DEBUG_INFO', '1');

Oracle

insert into pc_sys_property values (PC_SETTING_SEQ.NEXTVAL, 'DEBUG_INFO', '1');

MS SQL

insert into pc_sys_property values (NEXT VALUE FOR PC_SETTING_SEQ, 'DEBUG_INFO', '1');

Changing param value example

You can change existing value by SQL-request, for example:

update pc_sys_property set setting_value = '1' where setting_name='DEBUG_INFO';

PC Server Configuration params

setting_name Default value Description
DEBUG_INFO 0 Enable Debug and Info output to logs (0 — disabled, 1 — enabled)
KEY_QR_SIZE 300 Key QR-code size (in pixels)
TRANSACTION_QR_SIZE 300 Transaction QR-code size (in pixels)
CLEAN_TRANSACTION 1 Очищать данные транзакции после подтверждения.
DEFAULT_TRANSACTION_TTL 0 Default transaction time to live in seconds. 0 — unlimited.
COLLECT_EVENTS 1 Enable events data collection
COLLECT_DEVICE_INFORMATION 1 Enable mobile device information collection
NETWORK_TIMEOUT 1000 Timeout for getting up connection (for callback, events, and etc. sending)
QR_LOGO_LOCATION /opt/pc/qr_logo.png Path for QR-code logo file. If it leaved blank, there will be no logo in QR. Acceptable file types is png and jpg. Recomended logo size — up to 10% of QR-code area. But with approaching to 10% of area, QR-code error protection mechanism will triggers much frequently for prevent generating QR with errors.
QR_COLOR #066AB2 QR-code color. Will be applied only if QR_LOGO_LOCATION is set
ARM_RKS_ENABLED 1 Enable Conflict Resolving Tool
LICENSE_FILE_LOCATION — C:\wildfly\
— /opt/wildfly/
— C:\pc\
— /opt/pc/		 Location for search license file in.
For Windows you SHOULD use double backslashs for directories separation:
C:\\custom_path\\
SET_APP_ID_FOR_TRANSACTION_CALLBACK 0 Add mobile AppID/BundleID to confirm transaction callback
SEND_EVENT_IN_CALLBACK 1 Add event information into callbacks
ONLINE_ACTIVATION_ATTEMPTS 5 Key activation retries count before key will be locked
ONLINE_PASSWORD_ATTEMPTS 10 Key pin-code/password enter attempt before key will be locked
HTTP_HEADERS_PASSTHROUGH 0 Enable retransmit all received HTTP header, including callbacks and events sending (except headers, which must have another values by standards)

PC Pusher

PC Pusher 5.x and 6.x is designed to send push-notifications to mobile applications.

Push-notifications are sent to notify a user about a new transaction created. It's optional feature, not necessary to implement, especially when PC SDK is integrated into a customer’s mobile app.

To serve different apps with different needs PC Pusher can be configured in following ways:

  • to send different push-notification content at transaction creating moment;
  • to send push-notifications to different apps via Apple Push Notification Service (APNS) / Google Firebase (FB) / Huawei Messaging Service (HMS) with different credentials.

If you use PayControl / PayConfirm app you have not to customize PC Pusher config.

Config files

Location

By default PC Pusher is trying to find config-files by following paths:

/opt/pc/pc_pusher # for linux-based systems
C:\\pc\\pc_pusher # for Windows-based systems

Config files location can be changed

  • for PC Pusher 5.x via pcp_config environment variable for JVM (for example by picking -Dpcp_config=/my/configs/path/)
  • for PC Pusher 6.x via application.yml file, param pc.pusher.config_path

Config content

Config folder content will be interpreted as following

config_root
  |- apps
       |- [app-bundle-id-1].json
       |- [app-bundle-id-2].json
       |- [app-bundle-id-N].json
  |- systems
       |- default.json
       |- [system-id-1].json
       |- [system-id-N].json
  |- pusher.conf.json
  • apps folder contains credentials to send notification to different apps
  • systems folder contains push-notifications templates
  • pusher.conf.json is general config

General config

To customize general PC Pusher options do following

  1. Create a folder with default config location or pick your own config location (see config location)
  2. Create file [config_root]/pusher.conf.json
  3. Put in the file customized values

Default config is following

{
  "debug_info": false,
  "notification_status_buffer_size": 1000,
  "proxy": {
    "host": null,
    "port": 3128,
    "username": null,
    "password": null
  },
  "push_tasks_pool": {
    "core_size": 5,
    "max_core_size": 50,
    "queue_size": 500
  },
  "performance_log": false,
  "performance_log_period": 1000
}
Param name Meaning
debug_info Applicable for version 5.x only - turns on/off debug output
notification_status_buffer_size How many notifications to store in cache
proxy Proxy settings to communicate with APNS / FB / HMS
push_tasks_pool Notifications queue settings
performance_log Turns on/off performance log. Works with debug_info
performance_log_period How ofter to output performance data, ms

You can pick required param only. No need to pick all of the params.
For example, if you want to turn on debug output only, create config-file with following content

{
    "debug_info": true
}

Apps credentials for your own apps

To add your own app credentials to PC Pusher config do following:

  1. Create a folder with default config location or pick your own config location (see config location)
  2. Create file [config_root]/apps/[your-app-bundle-id].json (for example com.example.my-best-app.json)
  3. Put in the file your credentials

Credentials file content

{
  "android": {
    "type": "service_account",
    "project_id": "...",
    "private_key_id": "...",
    "private_key": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
    "client_email": "...",
    "client_id": "...",
    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    "token_uri": "https://oauth2.googleapis.com/token",
    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    "client_x509_cert_url": "...",
    "universe_domain": "googleapis.com"
  },
  "ios": {
    "use_fcm": false,
    "apns_p8": {
      "use_dev_gate": false,
      "apns_key_id": "...",
      "apns_team_id": "...",
      "apns_key": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----"
    }
  },
  "huawei": {
    "client_secret": "...",
    "client_id": "..."
  }
}
  1. Your iOS / Android / Huawei apps can have different bundle-ids. In this case, you should pick required section only in credentials-file (for example, only andoird or android and huawei)
  2. How to to get android section content - see here
  3. apns_key content should be copied from p8-file, provided by APNS configuration in Apple's developer account for your app
  4. use_dev_gate param in ios section configures PC Pusher to use APNS Developer Gate (true value) or Production Gate (false value)
  5. If you use FCM to send push-notifications to iOS, then set use_fcm value to true in ios section. In this case android section will be used as credentials for iOS-pushes via FCM. Other fields in ios section will be ignored.
  6. Values for huawei section should be gathered from Huawei Developer Console for you app

Push-notifications content configuration

Default config

By default PC Pusher is configured to send push-notifications to following apps:

  • PayControl (APNS / FB / HMS)
  • PayConfirm (APNS / FB / HMS)

Push-notifications content is designed for this apps and can be found in sample Templates file content below.

Set your own push-templates

To set your own push template do following:

  1. Create a folder with default config location or pick your own config location (see config location)
  2. Create file [config_root]/systems/default.json (for all of system-ids in PC) or [config_root]/systems/[system-id].json (for particular system-id in PC)
  3. Put in the file your push templates

Templates file content

{
  "android": {
    "templates": {
      "transaction": [
        {
          "message": {
            "token": "%DEVICE_TOKEN%",
            "android" : {
              "data": {
                "type": "PayControl_v2"
              },
              "notification": {
                "tag": "%USER_ID%",
                "title": "PayControl",
                "body": "Новая операция для подтверждения",
                "icon": "paycontrol_push",
                "sound": "default"
              }
            }
          }
        },
        {
          "message": {
            "token": "%DEVICE_TOKEN%",
            "data": {
              "type": "PayControl_v2",
              "userid": "%USER_ID%",
              "transactionid": "%TRANSACTION_ID%"
            }
          }
        }
      ]
    }
  },
  "ios": {
    "templates": {
      "transaction": [
        {
          "aps": {
            "alert": "Новая операция для подтверждения",
            "sound": "default",
            "badge": 1,
            "mutable-content": 1,
            "category": "NEW_OPERATION"
          },
          "type": "PayControl",
          "userid": "%USER_ID%",
          "transactionid": "%TRANSACTION_ID%",
          "pc_notification_type": "alert",
          "pc_notification_priority": 10,
          "pc_notification_timeout": 600,
          "pc_collapse_id": "%USER_ID%"
        }
      ]
    }
  },
  "huawei": {
    "templates": {
      "transaction": [
        {
          "validate_only": false,
          "message": {
            "android": {
              "notification": {
                "tag": "%USER_ID%",
                "title": "PayControl",
                "body": "Новая операция для подтверждения",
                "icon": "paycontrol_push",
                "click_action": {
                  "type": 3
                }
              }
            },
            "token": [
              "%DEVICE_TOKEN%"
            ]
          }
        },
        {
          "validate_only": false,
          "message": {
            "android": {
              "collapse_key": -1,
              "urgency": "HIGH",
              "ttl": "86400",
              "data": "{\"type\": \"PayControl_v2\",\n\"userid\": \"%USER_ID%\",\"transactionid\": \"%TRANSACTION_ID%\"}"
            },
            "token": [
              "%DEVICE_TOKEN%"
            ]
          }
        }
      ]
    }
  }
}

Templates should be placed in [os-type]->templates->transaction array and MUST be corresponded with APNS / FB / HMS specifications.
Each value in the array is interpreted as particular push-notification (e.g. you can sent a few notifications for one transaction).

Following variables can be used in templates

Variable Meaning
%DEVICE_TOKEN% Push-token, provided by PC Server (usually, registered by PC SDK)
%USER_ID% PC User Id
%TRANSACTION_ID% PC Transaction Id
%SYSTEM_ID% PC System Id

Appendix

Where to get credentials for Android

PC Pusher does use FCM API to send push-notifications.

To get credentials, please, do following:

  1. Open Firebase Console https://console.firebase.google.com/
  2. Open your project page
  3. Open Project settings for the App or create a new App
  4. Go to Cloud Messaging tab
  5. Be sure that Firebase Cloud Messaging API (V1) is enabled for your App
  6. Click Manage Service Accounts link, Google Cloud Console will be opened
  7. Click on your service-account record (should be like firebase-adminsdk-AAAAAA@AAAAAAAA.iam.gserviceaccount.com)
  8. Go to Keys tab
  9. Click ADD KEY and choose JSON option
  10. Save JSON-file, provided by the Console, to your computer
  11. Open this file in text-editor, copy its content to android section of your app's credentials-file

Where to get credentials for Huawei

Please, follow the official Huawei docs

Where to get credentials for APNS

  1. Go to your Apple Developer Account
  2. Click "Certificates"
  3. Click "Keys"
  4. Click the "+" button
  5. Name the Key
  6. Click "Enable" on "Apple Push Notifications Service (APNs)"
  7. Click "Continue"
  8. Click "Register"
  9. Click "Download", p8-file will be downloaded

Key ID will be provided to you during key creation process.

Team ID is identifier of your team in Apple Developer program.

HTTPS Setup

To add/update a certificate, follow these steps:

  1. Create a chain of certificates. From certificate files in PEM (Base-64) format, create a chain by concatenating Root CA, Intermediate CA and Host certificates in a new file with the .crt extension, for example, fullchain.crt. To do this, you need to copy the content of each PEM certificate itself to the new file using a text editor.

  2. Create a PKCS12 format container with the private key:

    openssl pkcs12 -export -in fullchain.crt -inkey private_key.key -out keycontainer.p12

    in this export-step, set some password <password> for private container.

  3. Create JKS-container from PKCS12 format container:

    keytool -importkeystore -srckeystore keycontainer.p12 \
    -srcstoretype PKCS12 \
    -destkeystore <container-name>.jks \
    -deststoretype JKS

    now for import you need to enter container <password> which you set on previous step.

  4. Copy <container-name>.jks to /opt/wildfly/standalone/configuration/ (for Linux), or to C:\wildfly\standalone\configuration\ (for Windows).

  5. Set name of the container file (relative path from configuration directory) and passwords to file /opt/wildfly/standalone/configuration/standalone.xml (for Linux), or to C:\wildfly\standalone\configuration\standalone.xml (for Windows), to object keystore (in case if alias was not set, enter the default value "1"):

            <tls>
            <key-stores>
                <key-store name="applicationKS">
                    <credential-reference clear-text="<<<CONTAINER PASSWORD>>>"/>
                    <implementation type="JKS"/>
                    <file path="<<<CONTAINER FILENAME>>>.jks" relative-to="jboss.server.config.dir"/>
                </key-store>
            </key-stores>
            <key-managers>
                <key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
                    <credential-reference clear-text="<<<PRIVATE KEY PASSWORD>>>"/>
                </key-manager>
            </key-managers>
            <server-ssl-contexts>
                <server-ssl-context name="applicationSSC" key-manager="applicationKM"/>
            </server-ssl-contexts>
        </tls>

  6. Restart WildFly service.

  7. Check connection by command:

    openssl s_client -connect <server-name>:8443

    Verify Result must be 0.

WildFly

Additional headers

For switching on additional HTTP-headers you need add to files

  • Linux: /opt/wildfly/standalone/configuration/standalone.xml
  • Windows: C:\wildfly\standalone\configuration\standalone.xml
  • Docker: /opt/jboss/wildfly/standalone/configuration/standalone.xml

  1. filter to section <subsystem xmlns="urn:jboss:domain:undertow:X.X"> by adding block (in case if it not presented) <filters></filters> with next content:

            <filters>
            <response-header name="transport-security" header-name="Strict-Transport-Security" header-value="max-age=31536000"/>
            <response-header name="x-frame-options" header-name="X-Frame-Options" header-value="DENY"/>
            <response-header name="x-content-type-options" header-name="X-Content-Type-Options" header-value="nosniff"/>
            <response-header name="Content-Security-Policy" header-name="Content-Security-Policy" header-value="default-src 'self'"/>
        </filters>

  2. and than add links to this filters to section <subsystem xmlns="urn:jboss:domain:undertow:X.X"> in <server name="default-server"> in <host name="default-host" alias="localhost"> by adding the next lines:

                    <filter-ref name="transport-security"/>
                <filter-ref name="x-frame-options"/>
                <filter-ref name="x-content-type-options"/>
                <filter-ref name="Content-Security-Policy"/>

Example:

<subsystem xmlns="urn:jboss:domain:undertow:11.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other">
    <buffer-cache name="default"/>
    <server name="default-server">
        <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
        <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true" enabled-cipher-suites="ALL:!kRSA" enabled-protocols="TLSv1.2"/>
        <host name="default-host" alias="localhost">
            <http-invoker security-realm="ApplicationRealm"/>
            <filter-ref name="transport-security"/>
            <filter-ref name="x-frame-options"/>
            <filter-ref name="x-content-type-options"/>
            <filter-ref name="Content-Security-Policy"/>
        </host>
    </server>
    <servlet-container name="default">
        <jsp-config/>
        <websockets/>
    </servlet-container>
    <filters>
        <response-header name="transport-security" header-name="Strict-Transport-Security" header-value="max-age=31536000"/>
        <response-header name="x-frame-options" header-name="X-Frame-Options" header-value="DENY"/>
        <response-header name="x-content-type-options" header-name="X-Content-Type-Options" header-value="nosniff"/>
        <response-header name="Content-Security-Policy" header-name="Content-Security-Policy" header-value="default-src 'self'"/>
    </filters>
</subsystem>