diff --git a/docs/Deploying-PowerAuth-Standard-RESTful-API.md b/docs/Deploying-PowerAuth-Standard-RESTful-API.md index 922a308d..7774d90a 100644 --- a/docs/Deploying-PowerAuth-Standard-RESTful-API.md +++ b/docs/Deploying-PowerAuth-Standard-RESTful-API.md @@ -1,52 +1,9 @@ -# Deploying PowerAuth Standard RESTful API Bootstrap +# Deploying PowerAuth RESTful API This chapter explains how to deploy PowerAuth Standard RESTful API. -PowerAuth Standard RESTful API is a Java EE application (packaged as an executable WAR file) responsible for exposing the [RESTful API according to the specification](https://github.com/wultra/powerauth-crypto/blob/develop/docs/Standard-RESTful-API.md). It exposes services for end-user applications (PowerAuth Clients), such as the mobile banking app or mobile token app. +Enrollment Server is a Spring application (packaged as an executable WAR file) responsible for exposing the [RESTful API according to the specification](https://github.com/wultra/powerauth-crypto/blob/develop/docs/Standard-RESTful-API.md). It exposes services for end-user applications (PowerAuth Clients), such as the mobile banking app or mobile token app. You can use this application in case you need to use PowerAuth and cannot integrate it in your own API using our integration libraries. -## Downloading PowerAuth Standard RESTful API - -You can download the latest `powerauth-restful-server.war` at the releases page: - -- https://github.com/wultra/powerauth-restful-integration/releases - -## Configuring PowerAuth Standard RESTful API - -The default implementation of a PowerAuth Standard RESTful API has only one compulsory configuration parameter `powerauth.service.url` that configures the REST endpoint location of a PowerAuth Server. The default value for this property points to `localhost`: - -```bash -powerauth.service.url=http://localhost:8080/powerauth-java-server/rest -``` - -## Setting Up Credentials - -_(optional)_ In case PowerAuth Server uses a [restricted access flag in the server configuration](https://github.com/wultra/powerauth-server/blob/develop/docs/Deploying-PowerAuth-Server.md#enabling-powerauth-server-security), you need to configure credentials for the PowerAuth Standard RESTful API so that it can connect to the service: - -```sh -powerauth.service.security.clientToken= -powerauth.service.security.clientSecret= -``` - -The credentials are stored in the `pa_integration` table. - -_Note: The RESTful interface is secured using Basic HTTP Authentication (pre-emptive). For SOAP interface used in the Java EE integration, PowerAuth Server uses WS-Security, `UsernameToken` validation (plain text password)._ - -## Deploying PowerAuth Standard RESTful API - -You can deploy PowerAuth Standard RESTful API WAR into any Java EE container. - -The default configuration works best with Apache Tomcat server running on default port 8080. In this case, the deployed server is accessible on `http://localhost:8080/powerauth-restful-server/`. - -To deploy PowerAuth Standard RESTful API to Apache Tomcat, simply copy the WAR file in your `webapps` folder or deploy it using the "Tomcat Web Application Manager" application (usually deployed on default Tomcat address `http://localhost:8080/manager`). - -## Deploying PowerAuth Standard RESTful API Outside the Container - -You can also execute WAR file directly using the following command: - -```bash -java -jar powerauth-restful-server.war -``` - -_Note: You can overwrite the port using `-Dserver.port=8090` parameter to avoid port conflicts._ +Detailed information about deploying Enrollment Server is available in [Enrollment Server documentation](https://github.com/wultra/enrollment-server/blob/develop/docs/Deploying-Enrollment-Server.md). diff --git a/docs/Introduction.md b/docs/Introduction.md index be983cf2..ce3fe15e 100644 --- a/docs/Introduction.md +++ b/docs/Introduction.md @@ -5,4 +5,3 @@ Mobile banking applications usually connect to a RESTful APIs with some end-poin In order to integrate PowerAuth Server with your RESTful API, follow one of these tutorials: - [Integration with RESTful API (Spring)](./RESTful-API-for-Spring.md) -- [Integration with RESTful API (JAX-RS)](./RESTful-API-for-JavaEE.md) diff --git a/docs/RESTful-API-for-JavaEE.md b/docs/RESTful-API-for-JavaEE.md deleted file mode 100644 index 0a9a7f04..00000000 --- a/docs/RESTful-API-for-JavaEE.md +++ /dev/null @@ -1,433 +0,0 @@ -# Integration Libraries for Java EE (JAX-RS) - -This tutorial shows the way mobile API developers who build their applications with JAX-RS integrate with PowerAuth Server. - -## Prerequisites for the tutorial - -- Running PowerAuth Server with available SOAP interface. -- Knowledge of Java EE applications based on JAX-RS. -- Software: IDE - Spring Tool Suite, Java EE Application Server (Pivotal Server, Tomcat, ...) - -## Add Maven Dependency - -To add PowerAuth support in your RESTful API, add Maven dependency for PowerAuth RESTful Security module in your `pom.xml` file: - -```xml - - io.getlime.security - powerauth-restful-security-javaee - ${powerauth.version} - -``` - -## Register Bouncy Castle Provider - -This step is technically required only in case your server uses end-to-end encryption, but performing it anyway will not cause any harm. First, make sure you include Bouncy Castle libraries in your dependencies: - -```xml - - org.bouncycastle - bcprov-ext-jdk15on - ${bouncycastle.version} - -``` - -Then, you can then register Bouncy Castle provider in your `Application` class (or an equivalent class in case you use Jersey or some similar technology): - -```java -@ApplicationPath("/") -public class JavaEEApplication extends Application { - - public JavaEEApplication() { - super(); - - // Register BC provider - Security.addProvider(new BouncyCastleProvider()); - } - - @Override - public Set> getClasses() { - // ... see more information below - return resources; - } -} -``` - -## Produce Required Beans - -In order to connect to the correct PowerAuth Server, you need to add a producer that configures SOAP service endpoint and default application configuration. - -```java -@Dependent -public class PowerAuthBeanFactory { - - @Produces - public PowerAuthServiceClient buildClient() { - try { - return new PowerAuthServiceClient("http://localhost:8080/powerauth-java-server/soap"); - } catch (AxisFault axisFault) { - return null; - } - } - - @Produces - public PowerAuthApplicationConfiguration buildApplicationConfiguration() { - return new DefaultApplicationConfiguration(); - } - -} -``` - -## Setting Up Credentials - -// TODO: Describe SOAP client WS-Security configuration - -_Note: For SOAP interface, PowerAuth Server uses WS-Security, `UsernameToken` validation (plain text password). The RESTful interface is secured using Basic HTTP Authentication (pre-emptive)._ - -## Register Resources - -In order to automatically use resources, exception resolvers and filters, you need to register them in your application. For plain JAX-RS application, this is how to do it: - -```java -@ApplicationPath("/") -public class JavaEEApplication extends Application { - - @Override - public Set> getClasses() { - Set> resources = new HashSet<>(); - - // Your resources - // ... - // ... - - // PowerAuth Controllers - resources.add(io.getlime.security.powerauth.rest.api.jaxrs.controller.v3.ActivationController.class); - resources.add(io.getlime.security.powerauth.rest.api.jaxrs.controller.v3.SecureVaultController.class); - resources.add(io.getlime.security.powerauth.rest.api.jaxrs.controller.v3.SignatureController.class); - resources.add(io.getlime.security.powerauth.rest.api.jaxrs.controller.v3.TokenController.class); - resources.add(io.getlime.security.powerauth.rest.api.jaxrs.controller.v3.UpgradeController.class); - resources.add(io.getlime.security.powerauth.rest.api.jaxrs.controller.v3.RecoveryController.class); - - // PowerAuth Exception Resolvers - resources.add(PowerAuthActivationExceptionResolver.class); - resources.add(PowerAuthRecoveryExceptionResolver.class); - resources.add(PowerAuthAuthenticationExceptionResolver.class); - resources.add(PowerAuthEncryptionExceptionResolver.class); - resources.add(PowerAuthSecureVaultExceptionResolver.class); - resources.add(PowerAuthUpgradeExceptionResolver.class); - - // PowerAuth Filters - resources.add(PowerAuthRequestFilter.class); - - return resources; - } - -} -``` - -In case you still need to use legacy `v2` controllers, you can also register these controllers: -```java - resources.add(io.getlime.security.powerauth.rest.api.jaxrs.controller.v2.ActivationController.class); - resources.add(io.getlime.security.powerauth.rest.api.jaxrs.controller.v2.SignatureController.class); - resources.add(io.getlime.security.powerauth.rest.api.jaxrs.controller.v2.SecureVaultController.class); - resources.add(io.getlime.security.powerauth.rest.api.jaxrs.controller.v2.TokenController.class); -``` - - -Note that Jersey uses `ResourceConfig` subclass for a similar purpose... - -## Custom PowerAuth Application Configuration - -_(optional)_ - -PowerAuth uses the concept of `application ID` and `application secret`. While `applicationId` attribute is transmitted with requests in `X-PowerAuth-Authorization` header, `applicationSecret` is shared implicitly between client and server and is a part of the actual signature value. Applications are a first class citizen in PowerAuth protocol. Intermediate application, however, may influence which applications are accepted by implementing following configuration. - -```java -public class ApplicationConfiguration implements PowerAuthApplicationConfiguration { - - @Override - public Map statusServiceCustomObject() { - return null; // default implementation - } - -} -``` - -You can then return instance of this class in the producer method mentioned above, instead of `DefaultApplicationConfiguration` instance. - -## Validate Signatures - -In order to validate request signatures, you need to: - -- inject a `HttpServletRequest` instance using the `@Context` annotation -- inject a `PowerAuthAuthenticationProvider` instance -- add `@HeaderParam(value = PowerAuthSignatureHttpHeader.HEADER_NAME) String authHeader` in resource methods - -Then, you can process the header and request using the authentication provider. - -Here is the source code example: - -```java -@Path("pa/signature") -@Produces(MediaType.APPLICATION_JSON) -public class AuthenticationController { - - @Context - private HttpServletRequest request; - - @Inject - private PowerAuthAuthenticationProvider authenticationProvider; - - @POST - @Path("validate") - @Consumes("*/*") - @Produces(MediaType.APPLICATION_JSON) - public PowerAuthApiResponse login(String body, @HeaderParam(value = PowerAuthSignatureHttpHeader.HEADER_NAME) String authHeader) throws PowerAuthAuthenticationException { - - // ##EXAMPLE: Here, we could store the authentication in the session like this: - // ##EXAMPLE: SecurityContextHolder.getContext().setAuthentication(apiAuthentication); - // ##EXAMPLE: ... or you can grab a user ID like this and use it for querying back-end: - // ##EXAMPLE: String userId = apiAuthentication.getUserId(); - - PowerAuthApiAuthentication auth = authenticationProvider.validateRequestSignature( - request, - "/pa/signature/validate", - authHeader - ); - - if (auth == null || auth.getUserId() == null) { - return new PowerAuthApiResponse<>("ERROR", "Authentication failed."); - } - return new PowerAuthApiResponse<>("OK", "Hooray! User: " + auth.getUserId()); - } -} -``` - -### Use Token Based Authentication - -This sample resource implementation illustrates how to use simple token based authentication. In case the authentication is not successful, the `PowerAuthApiAuthentication` object is null. - -Please note that token based authentication should be used only for endpoints with lower sensitivity, such as simplified account information for widgets or smart watch, that are also not prone to replay attack. - -```java -@Path("secure/account") -@Produces(MediaType.APPLICATION_JSON) -public class AuthenticationController { - - @Inject - private PowerAuthAuthenticationProvider authenticationProvider; - - @Inject - private CustomService service; - - @POST - @Path("widget/balance") - @Consumes("*/*") - @Produces(MediaType.APPLICATION_JSON) - public PowerAuthApiResponse getBalance(@HeaderParam(value = PowerAuthTokenHttpHeader.HEADER_NAME) String tokenHeader) throws PowerAuthAuthenticationException { - PowerAuthApiAuthentication auth = authenticationProvider.validateToken(tokenHeader); - if (apiAuthentication == null) { - throw new PowerAuthTokenInvalidException(); - } else { - String userId = apiAuthentication.getUserId(); - String balance = service.getBalanceForUser(userId); - return new PowerAuthAPIResponse("OK", balance); - } - } - -} -``` - -## Use End-To-End Encryption - -You can use end-to-end encryption to add an additional encryption layer on top of the basic HTTPS encryption to protect the request body contents better. - -End-to-end encryption provided by PowerAuth uses `POST` method for all data transport and it requires predefined request / response structure. - -### Encryption in Application Scope - -You can encrypt data in `application` scope (non-personalized) using following pattern: - -```java -@Path("/exchange") -@Produces(MediaType.APPLICATION_JSON) -public class EncryptedDataExchangeController { - - @Inject - private PowerAuthEncryptionProvider encryptionProvider; - - @POST - @Path("application") - @Consumes(MediaType.APPLICATION_JSON) - @Produces(MediaType.APPLICATION_JSON) - public EciesEncryptedResponse exchangeInApplicationScope() throws PowerAuthEncryptionException { - // Decrypt request - PowerAuthEciesEncryption eciesEncryption = encryptionProvider.decryptRequest(httpServletRequest, - DataExchangeRequest.class, EciesScope.APPLICATION_SCOPE); - DataExchangeRequest request = eciesEncryption.getRequestObject(); - EciesEncryptionContext eciesContext = eciesEncryption.getContext(); - - if (eciesContext == null) { - throw new PowerAuthEncryptionException(); - } - - // Prepare response object - DataExchangeResponse exchangeResponse = new DataExchangeResponse("Server successfully decrypted signed data: " + (request == null ? "''" : request.getData()) + ", scope: " + eciesContext.getEciesScope()); - - // Encrypt response - return encryptionProvider.encryptResponse(exchangeResponse, eciesEncryption); - } -} -``` - -The encryption provider decrypts the request data using ECIES decryptor in `application` scope. In case the decryption succeeds, a response object is created and encrypted using previously created ECIES decryptor. - -### Encryption in Activation Scope - -You can encrypt data in `activation` scope (personalized) using following pattern: - -```java -@Path("/exchange") -@Produces(MediaType.APPLICATION_JSON) -public class EncryptedDataExchangeController { - - @Inject - private PowerAuthEncryptionProvider encryptionProvider; - - @POST - @Path("activation") - @Consumes(MediaType.APPLICATION_JSON) - @Produces(MediaType.APPLICATION_JSON) - public EciesEncryptedResponse exchangeInActivationScope() throws PowerAuthEncryptionException { - // Decrypt request - PowerAuthEciesEncryption eciesEncryption = encryptionProvider.decryptRequest(httpServletRequest, - DataExchangeRequest.class, EciesScope.ACTIVATION_SCOPE); - DataExchangeRequest request = eciesEncryption.getRequestObject(); - EciesEncryptionContext eciesContext = eciesEncryption.getContext(); - - if (eciesContext == null) { - throw new PowerAuthEncryptionException(); - } - - // Prepare response object - DataExchangeResponse exchangeResponse = new DataExchangeResponse("Server successfully decrypted signed data: " + (request == null ? "''" : request.getData()) + ", scope: " + eciesContext.getEciesScope()); - - // Encrypt response - return encryptionProvider.encryptResponse(exchangeResponse, eciesEncryption); - } -} -``` - -The encryption provider decrypts the request data using ECIES decryptor in `activation` scope. In case the decryption succeeds, a response object is created and encrypted using previously created ECIES decryptor. - -### Signed and Encrypted Requests - -You can also sign the data before encryption and perform signature verification of decrypted data using following pattern: - -```java -@RestController -@RequestMapping(value = "/exchange") -public class EncryptedDataExchangeController { - - @Inject - private PowerAuthEncryptionProvider encryptionProvider; - - @Inject - private PowerAuthAuthenticationProvider authenticationProvider; - - @POST - @Path("signed") - @Consumes(MediaType.APPLICATION_JSON) - @Produces(MediaType.APPLICATION_JSON) - public EciesEncryptedResponse exchangeSignedAndEncryptedData(@HeaderParam(value = PowerAuthSignatureHttpHeader.HEADER_NAME) String authHeader) throws PowerAuthEncryptionException, PowerAuthAuthenticationException { - // Decrypt request - PowerAuthEciesEncryption eciesEncryption = encryptionProvider.decryptRequest(httpServletRequest, - DataExchangeRequest.class, EciesScope.ACTIVATION_SCOPE); - DataExchangeRequest request = eciesEncryption.getRequestObject(); - - if (eciesEncryption.getContext() == null) { - throw new PowerAuthEncryptionException(); - } - - // Verify PowerAuth signature - PowerAuthApiAuthentication auth = authenticationProvider.validateRequestSignature( - httpServletRequest, - "/exchange/signed", - authHeader - ); - - if (auth == null || auth.getUserId() == null) { - throw new PowerAuthSignatureInvalidException(); - } - // Prepare response object - DataExchangeResponse exchangeResponse = new DataExchangeResponse("Server successfully decrypted data and verified signature, request data: " + (request == null ? "''" : request.getData()) + ", user ID: " + auth.getUserId()); - - // Encrypt response - return encryptionProvider.encryptResponse(exchangeResponse, eciesEncryption); - } -} -``` - -The encryption provider decrypts the request data using ECIES decryptor in `activation` scope. In case the decryption succeeds, the signature received in PowerAuth HTTP signature header is verified. -If the signature verification succeeds a response is encrypted using previously created ECIES decryptor. - -_Note: You can also use `String` or `byte[]` data types instead of using request/response objects for encryption of raw data._ - -### Non-Personalized End-To-End Encryption (v2 - legacy) - -To use legacy non-personalized (application specific) encryption, use following pattern: - -```java -@Path("pa/custom/activation") -@Produces(MediaType.APPLICATION_JSON) -public class EncryptedController { - - @Inject - private EncryptorFactory encryptorFactory; - - @POST - @Path("create") - @Consumes(MediaType.APPLICATION_JSON) - @Produces(MediaType.APPLICATION_JSON) - public PowerAuthApiResponse createNewActivation( PowerAuthApiRequest encryptedRequest) throws PowerAuthActivationException { - try { - - // Prepare an encryptor - final PowerAuthNonPersonalizedEncryptor encryptor = encryptorFactory.buildNonPersonalizedEncryptor(encryptedRequest); - if (encryptor == null) { - throw new PowerAuthEncryptionException(); - } - - // Decrypt the request object - OriginalRequest request = encryptor.decrypt(object, OriginalRequest.class); - - if (request == null) { - throw new PowerAuthEncryptionException(); - } - - // ... do your business logic with OriginalRequest instance - - // Create original response object - OriginalResponse response = new OriginalResponse(); - response.setAttribute1("attribute1"); - response.setAttribute2("attribute2"); - response.setAttribute3("attribute3"); - - // Encrypt response object - final PowerAuthApiResponse encryptedResponse = encryptor.encrypt(response); - - if (encryptedResponse == null) { - throw new PowerAuthEncryptionException(); - } - - // Return response - return encryptedResponse; - - } catch (IOException ex) { - throw new PowerAuthActivationException(); - } - - } - -} -``` diff --git a/docs/RESTful-API-for-Spring.md b/docs/RESTful-API-for-Spring.md index 44e27375..829834b4 100644 --- a/docs/RESTful-API-for-Spring.md +++ b/docs/RESTful-API-for-Spring.md @@ -51,11 +51,15 @@ public class ServletInitializer extends SpringBootServletInitializer { ## Configure PowerAuth REST Client + +Make sure to add both `io.getlime.security.powerauth` and `com.wultra.security.powerauth` packages in the `@ComponentScan` annotation. At this moment, both packages need to be scanned. We are already the process of package name migration. In the future library versions, we will only use the `com.wultra.security.powerauth`. + + In order to connect to the correct PowerAuth Server, you need to add following configuration: ```java @Configuration -@ComponentScan(basePackages = {"com.wultra.security.powerauth"}) +@ComponentScan(basePackages = {"io.getlime.security.powerauth","com.wultra.security.powerauth"}) public class PowerAuthWebServiceConfiguration { @Value("${powerauth.rest.url}") @@ -163,14 +167,14 @@ Finally, the `FilterRegistrationBean` (with the `PowerAuthRequestFilter` filter) _(optional)_ -PowerAuth uses the concept of `application ID` and `application secret`. While `applicationId` attribute is transmitted with requests in `X-PowerAuth-Authorization` header, `applicationSecret` is shared implicitly between the client and server and is a part of the actual signature value. Applications are a first class citizen in PowerAuth protocol. Intermediate application, however, may influence which applications are accepted by implementing following configuration. +PowerAuth application configuration can be used to customize additional data returned in activation status calls. Attributes obtained from activation detail are available in the activation context for additional processing. These attributes can be used to return any custom attributes to the mobile application using the `customObject` map. Note that such processing of activation attributes can have impact on performance because it is executed during each activation status call. ```java @Configuration public class ApplicationConfiguration implements PowerAuthApplicationConfiguration { @Override - public Map statusServiceCustomObject() { + public Map statusServiceCustomObject(ActivationContext context) { return null; // suggested default implementation } @@ -259,7 +263,7 @@ public class AuthenticationController { @PowerAuth(resourceId = "/secured/account/${id}?filter=${filter}") @ResponseBody public MyAccountApiResponse changeAccountSettings( - @PathVariable("id") String accountId, @RequestParam("filter") String filter, PowerAuthApiAuthentication auth) { + @PathVariable("id") String accountId, @RequestParam("filter") String filter, PowerAuthApiAuthentication auth, PowerAuthActivation activation) { if (auth == null) { // handle authentication failure @@ -268,7 +272,9 @@ public class AuthenticationController { // use userId for business logic ... final String userId = auth.getUserId(); - final Account account = myService.updateAccount(accountId, userId, filter); + final String activationId = activation.getActivationId(); + final List activationFlags = activation.getActivationFlags(); + final Account account = myService.updateAccount(accountId, userId, filter, activationId, activationFlags); // return OK response return new MyAccountApiResponse(Status.OK, userId); @@ -310,6 +316,30 @@ public class AuthenticationController { } ``` +In case you want to process the failed signature verification results and obtain additional information about the activation, you can use the `authenticationProvider.validateRequestSignatureWithActivationDetails()` method: + +```java + final PowerAuthApiAuthentication apiAuthentication = authenticationProvider.validateRequestSignatureWithActivationDetails( + "POST", + "Any data".getBytes(StandardCharsets.UTF_8), + "/session/login", + signatureHeader + ); + + final AuthenticationContext auth = apiAuthentication.getAuthenticationContext(); + final PowerAuthActivation activation = apiAuthentication.getActivationContext(); + + if (!auth.isValid() || auth.getUserId() == null) { + throw new PowerAuthSignatureInvalidException(); + } + + Integer remainingAttempts = auth.getRemainingAttempts(); + String activationId = activation.getActivationId(); + ActivationStatus activationStatus = activation.getActivationStatus(); + ... + +``` + ### Use Token Based Authentication This sample `@Controller` implementation illustrates how to use `@PowerAuthToken` annotation to verify simple token based authentication headers. In case the authentication is not successful, the `PowerAuthApiAuthentication` object is null. diff --git a/docs/Readme.md b/docs/Readme.md index d7c48c3e..2d1b8b95 100644 --- a/docs/Readme.md +++ b/docs/Readme.md @@ -6,7 +6,6 @@ In order to easily secure your RESTful APIs with PowerAuth, you can use our easy - [Introduction](./Introduction.md) - [Build Secure RESTful API (Spring)](./RESTful-API-for-Spring.md) -- [Build Secure RESTful API (JAX-RS)](./RESTful-API-for-JavaEE.md) **Deployment Tutorials** diff --git a/docs/_Sidebar.md b/docs/_Sidebar.md index 1332a928..55301862 100644 --- a/docs/_Sidebar.md +++ b/docs/_Sidebar.md @@ -6,4 +6,3 @@ - [Introduction](./Introduction.md) - [RESTful API (Spring)](./RESTful-API-for-Spring.md) -- [RESTful API (JAX-RS)](./RESTful-API-for-JavaEE.md) diff --git a/pom.xml b/pom.xml index 9d44a3b4..18416349 100644 --- a/pom.xml +++ b/pom.xml @@ -28,7 +28,7 @@ io.getlime.security powerauth-restful-integration-parent - 1.1.0 + 1.2.0 pom 2017 @@ -69,10 +69,8 @@ powerauth-restful-model - powerauth-restful-security-base powerauth-restful-security-spring powerauth-restful-security-spring-annotation - powerauth-restful-server-spring @@ -81,15 +79,15 @@ 1.8 3.2.0 3.0.0-M1 - 3.3.0 + 3.3.1 3.2.1 - 3.3.1 + 3.3.2 4.0.1 - 2.4.5 + 2.6.1 1.9 - 2.12.3 - 1.68 - 1.3.0 + 2.13.0 + 1.69 + 1.4.0 @@ -154,13 +152,11 @@ - org.apache.maven.plugins - maven-gpg-plugin - 1.6 + org.kohsuke + pgp-maven-plugin + 1.1 - sign-artifacts - verify sign diff --git a/powerauth-restful-model/pom.xml b/powerauth-restful-model/pom.xml index 549e74f8..92c08f27 100644 --- a/powerauth-restful-model/pom.xml +++ b/powerauth-restful-model/pom.xml @@ -24,14 +24,14 @@ 4.0.0 powerauth-restful-model - 1.1.0 + 1.2.0 powerauth-restful-model Model classes PowerAuth Standard RESTful API io.getlime.security powerauth-restful-integration-parent - 1.1.0 + 1.2.0 ../pom.xml diff --git a/powerauth-restful-security-base/pom.xml b/powerauth-restful-security-base/pom.xml deleted file mode 100644 index 2f2a8acf..00000000 --- a/powerauth-restful-security-base/pom.xml +++ /dev/null @@ -1,75 +0,0 @@ - - - - - - 4.0.0 - powerauth-restful-security-base - 1.1.0 - - - powerauth-restful-integration-parent - io.getlime.security - 1.1.0 - ../pom.xml - - - - - - - io.getlime.security - powerauth-java-crypto - 1.1.0 - - - io.getlime.security - powerauth-java-http - 1.1.0 - - - io.getlime.security - powerauth-restful-model - 1.1.0 - - - - - javax.servlet - javax.servlet-api - ${javax.servlet-api.version} - - - com.fasterxml.jackson.core - jackson-databind - ${jackson-databind.version} - - - org.apache.commons - commons-text - ${commons-text.version} - - - - - diff --git a/powerauth-restful-security-spring-annotation/pom.xml b/powerauth-restful-security-spring-annotation/pom.xml index 6285bcd2..68e91702 100644 --- a/powerauth-restful-security-spring-annotation/pom.xml +++ b/powerauth-restful-security-spring-annotation/pom.xml @@ -24,14 +24,14 @@ 4.0.0 powerauth-restful-security-spring-annotation - 1.1.0 + 1.2.0 powerauth-restful-security-spring-annotation PowerAuth RESTful API Security Annotations for Spring io.getlime.security powerauth-restful-integration-parent - 1.1.0 + 1.2.0 ../pom.xml @@ -42,6 +42,12 @@ org.springframework.boot spring-boot-starter-web ${spring-boot.version} + + + log4j-to-slf4j + org.apache.logging.log4j + + org.springframework.boot @@ -52,13 +58,30 @@ io.getlime.security - powerauth-restful-security-base - 1.1.0 + powerauth-java-crypto + 1.2.0 + + + io.getlime.security + powerauth-java-http + 1.2.0 + + + io.getlime.security + powerauth-restful-model + 1.2.0 io.getlime.security powerauth-rest-client-spring - 1.1.0 + 1.2.0 + + + + + org.apache.commons + commons-text + ${commons-text.version} diff --git a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/annotation/PowerAuthAnnotationInterceptor.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/annotation/support/PowerAuthAnnotationInterceptor.java similarity index 90% rename from powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/annotation/PowerAuthAnnotationInterceptor.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/annotation/support/PowerAuthAnnotationInterceptor.java index 715b76a0..1e6b9e2a 100644 --- a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/annotation/PowerAuthAnnotationInterceptor.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/annotation/support/PowerAuthAnnotationInterceptor.java @@ -17,15 +17,19 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.spring.annotation; +package io.getlime.security.powerauth.rest.api.spring.annotation.support; import io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes; import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader; import io.getlime.security.powerauth.http.PowerAuthTokenHttpHeader; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthEncryptionException; -import io.getlime.security.powerauth.rest.api.base.model.PowerAuthRequestObjects; +import io.getlime.security.powerauth.rest.api.spring.annotation.EncryptedRequestBody; +import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuth; +import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthEncryption; +import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthToken; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthEncryptionException; +import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestObjects; import io.getlime.security.powerauth.rest.api.spring.provider.PowerAuthAuthenticationProvider; import io.getlime.security.powerauth.rest.api.spring.provider.PowerAuthEncryptionProvider; import org.apache.commons.text.StringSubstitutor; @@ -43,6 +47,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.lang.reflect.Type; import java.util.Arrays; import java.util.List; import java.util.Map; @@ -105,10 +110,10 @@ public boolean preHandle(@NonNull HttpServletRequest request, @NonNull HttpServl // Resolve @PowerAuthEncryption annotation. The order of processing is important, PowerAuth expects // sign-then-encrypt sequence in case both authorization and encryption are used. if (powerAuthEncryptionAnnotation != null) { - final Class requestType = resolveGenericParameterTypeForEcies(handlerMethod); + final Type requestType = resolveGenericParameterTypeForEcies(handlerMethod); try { encryptionProvider.decryptRequest(request, requestType, powerAuthEncryptionAnnotation.scope()); - // Encryption object is saved in HTTP servlet request by encryption provider, so that it is available for both Spring and Java EE + // Encryption object is saved in HTTP servlet request by encryption provider, so that it is available for Spring } catch (PowerAuthEncryptionException ex) { logger.warn("Decryption failed, error: {}", ex.getMessage()); logger.debug("Error details", ex); @@ -121,7 +126,7 @@ public boolean preHandle(@NonNull HttpServletRequest request, @NonNull HttpServl final String resourceId = expandResourceId(powerAuthSignatureAnnotation.resourceId(), request, handlerMethod); final String header = request.getHeader(PowerAuthSignatureHttpHeader.HEADER_NAME); final List signatureTypes = Arrays.asList(powerAuthSignatureAnnotation.signatureType()); - final PowerAuthApiAuthentication authentication = authenticationProvider.validateRequestSignature( + final PowerAuthApiAuthentication authentication = authenticationProvider.validateRequestSignatureWithActivationDetails( request, resourceId, header, signatureTypes ); request.setAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT, authentication); @@ -136,7 +141,7 @@ public boolean preHandle(@NonNull HttpServletRequest request, @NonNull HttpServl try { final String header = request.getHeader(PowerAuthTokenHttpHeader.HEADER_NAME); final List signatureTypes = Arrays.asList(powerAuthTokenAnnotation.signatureType()); - final PowerAuthApiAuthentication authentication = authenticationProvider.validateToken( + final PowerAuthApiAuthentication authentication = authenticationProvider.validateTokenWithActivationDetails( header, signatureTypes ); request.setAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT, authentication); @@ -158,10 +163,10 @@ public boolean preHandle(@NonNull HttpServletRequest request, @NonNull HttpServl * @param handlerMethod Handler method. * @return Resolved type of request object. */ - private Class resolveGenericParameterTypeForEcies(HandlerMethod handlerMethod) { + private Type resolveGenericParameterTypeForEcies(HandlerMethod handlerMethod) { for (MethodParameter parameter: handlerMethod.getMethodParameters()) { if (parameter.hasParameterAnnotation(EncryptedRequestBody.class)) { - return parameter.getParameterType(); + return parameter.getGenericParameterType(); } } return Object.class; diff --git a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/annotation/PowerAuthEncryptionArgumentResolver.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/annotation/support/PowerAuthEncryptionArgumentResolver.java similarity index 82% rename from powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/annotation/PowerAuthEncryptionArgumentResolver.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/annotation/support/PowerAuthEncryptionArgumentResolver.java index 99258508..4774c998 100644 --- a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/annotation/PowerAuthEncryptionArgumentResolver.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/annotation/support/PowerAuthEncryptionArgumentResolver.java @@ -17,12 +17,16 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.spring.annotation; +package io.getlime.security.powerauth.rest.api.spring.annotation.support; +import com.fasterxml.jackson.databind.JavaType; import com.fasterxml.jackson.databind.ObjectMapper; -import io.getlime.security.powerauth.rest.api.base.encryption.EciesEncryptionContext; -import io.getlime.security.powerauth.rest.api.base.encryption.PowerAuthEciesEncryption; -import io.getlime.security.powerauth.rest.api.base.model.PowerAuthRequestObjects; +import com.fasterxml.jackson.databind.type.TypeFactory; +import io.getlime.security.powerauth.rest.api.spring.annotation.EncryptedRequestBody; +import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthEncryption; +import io.getlime.security.powerauth.rest.api.spring.encryption.EciesEncryptionContext; +import io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEciesEncryption; +import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestObjects; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.core.MethodParameter; @@ -34,6 +38,7 @@ import javax.servlet.http.HttpServletRequest; import java.io.IOException; +import java.lang.reflect.Type; /** * Argument resolver for {@link PowerAuthEciesEncryption} objects. It enables automatic @@ -56,15 +61,18 @@ public boolean supportsParameter(@NonNull MethodParameter parameter) { @Override public Object resolveArgument(@NonNull MethodParameter parameter, ModelAndViewContainer mavContainer, @NonNull NativeWebRequest webRequest, WebDataBinderFactory binderFactory) { final HttpServletRequest request = (HttpServletRequest) webRequest.getNativeRequest(); - final PowerAuthEciesEncryption eciesObject = (PowerAuthEciesEncryption) request.getAttribute(PowerAuthRequestObjects.ENCRYPTION_OBJECT); + final PowerAuthEciesEncryption eciesObject = (PowerAuthEciesEncryption) request.getAttribute(PowerAuthRequestObjects.ENCRYPTION_OBJECT); // Decrypted object is inserted into parameter annotated by @EncryptedRequestBody annotation if (parameter.hasParameterAnnotation(EncryptedRequestBody.class) && eciesObject != null && eciesObject.getDecryptedRequest() != null) { - final Class parameterType = parameter.getParameterType(); - if (parameterType.equals(byte[].class)) { + final Type requestType = parameter.getGenericParameterType(); + if (requestType.equals(byte[].class)) { return eciesObject.getDecryptedRequest(); } else { try { - return objectMapper.readValue(eciesObject.getDecryptedRequest(), parameterType); + // Object is deserialized from JSON based on request type + final TypeFactory typeFactory = objectMapper.getTypeFactory(); + final JavaType requestJavaType = typeFactory.constructType(requestType); + return objectMapper.readValue(eciesObject.getDecryptedRequest(), requestJavaType); } catch (IOException ex) { logger.warn("Invalid request, error: {}", ex.getMessage()); logger.debug("Error details", ex); diff --git a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/annotation/PowerAuthWebArgumentResolver.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/annotation/support/PowerAuthWebArgumentResolver.java similarity index 52% rename from powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/annotation/PowerAuthWebArgumentResolver.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/annotation/support/PowerAuthWebArgumentResolver.java index ea62d731..e3b9260c 100644 --- a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/annotation/PowerAuthWebArgumentResolver.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/annotation/support/PowerAuthWebArgumentResolver.java @@ -17,10 +17,12 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.spring.annotation; +package io.getlime.security.powerauth.rest.api.spring.annotation.support; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication; -import io.getlime.security.powerauth.rest.api.base.model.PowerAuthRequestObjects; +import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuth; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthActivation; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication; +import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestObjects; import org.springframework.core.MethodParameter; import org.springframework.lang.NonNull; import org.springframework.web.bind.support.WebDataBinderFactory; @@ -40,13 +42,33 @@ public class PowerAuthWebArgumentResolver implements HandlerMethodArgumentResolv @Override public boolean supportsParameter(@NonNull MethodParameter parameter) { - return PowerAuthApiAuthentication.class.isAssignableFrom(parameter.getParameterType()); + return PowerAuthApiAuthentication.class.isAssignableFrom(parameter.getParameterType()) + || PowerAuthActivation.class.isAssignableFrom(parameter.getParameterType()); } @Override public Object resolveArgument(@NonNull MethodParameter parameter, ModelAndViewContainer mavContainer, @NonNull NativeWebRequest webRequest, WebDataBinderFactory binderFactory) { - HttpServletRequest request = (HttpServletRequest) webRequest.getNativeRequest(); - return request.getAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT); + if (parameter.getParameterType().isAssignableFrom(PowerAuthApiAuthentication.class)) { + HttpServletRequest request = (HttpServletRequest) webRequest.getNativeRequest(); + PowerAuthApiAuthentication apiAuthentication = (PowerAuthApiAuthentication) request.getAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT); + if (apiAuthentication == null) { + return null; + } + if (apiAuthentication.getAuthenticationContext().isValid()) { + // Return PowerAuthApiAuthentication instance only for successful authentication due to compatibility reasons + return apiAuthentication; + } + } + if (parameter.getParameterType().isAssignableFrom(PowerAuthActivation.class)) { + HttpServletRequest request = (HttpServletRequest) webRequest.getNativeRequest(); + PowerAuthApiAuthentication apiAuthentication = (PowerAuthApiAuthentication) request.getAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT); + if (apiAuthentication == null) { + return null; + } + // Activation context is returned for both successful and failed authentication + return apiAuthentication.getActivationContext(); + } + return null; } } diff --git a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthActivation.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthActivation.java new file mode 100644 index 00000000..7a96969a --- /dev/null +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthActivation.java @@ -0,0 +1,120 @@ +/* + * PowerAuth integration libraries for RESTful API applications, examples and + * related software components + * + * Copyright (C) 2021 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package io.getlime.security.powerauth.rest.api.spring.authentication; + +import io.getlime.security.powerauth.rest.api.spring.model.ActivationStatus; +import io.getlime.security.powerauth.rest.api.spring.model.AuthenticationContext; + +import java.util.List; + +/** + * Interface for obtaining PowerAuth activation detail during signature verification. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +public interface PowerAuthActivation { + + /** + * Get user ID. + * @return User ID. + */ + String getUserId(); + + /** + * Set user ID. + * @param userId User ID. + */ + void setUserId(String userId); + + /** + * Get activation ID. + * @return Activation ID. + */ + String getActivationId(); + + /** + * Set activation ID. + * @param activationId Activation ID. + */ + void setActivationId(String activationId); + + /** + * Get activation status. + * @return Activation status. + */ + ActivationStatus getActivationStatus(); + + /** + * Set activation status. + * @param activationStatus Activation status. + */ + void setActivationStatus(ActivationStatus activationStatus); + + /** + * Get the reason why activation was blocked. + * @return Reason why activation was blocked. + */ + String getBlockedReason(); + + /** + * Set the reason why activation was blocked. + * @param blockedReason Reason why activation was blocked. + */ + void setBlockedReason(String blockedReason); + + /** + * Get activation flags. + * @return Activation flags. + */ + List getActivationFlags(); + + /** + * Set activation flags. + * @param activationFlags Activation flags. + */ + void setActivationFlags(List activationFlags); + + /** + * Get PowerAuth authentication context. + * @return PowerAuth authentication context. + */ + AuthenticationContext getAuthenticationContext(); + + /** + * Set PowerAuth authentication context. + * @param authenticationContext PowerAuth authentication context. + */ + void setAuthenticationContext(AuthenticationContext authenticationContext); + + /** + * Get PowerAuth protocol version. + * + * @return PowerAuth protocol version. + */ + String getVersion(); + + /** + * Set PowerAuth protocol version. + * + * @param version PowerAuth protocol version. + */ + void setVersion(String version); + +} \ No newline at end of file diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/authentication/PowerAuthApiAuthentication.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthApiAuthentication.java similarity index 65% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/authentication/PowerAuthApiAuthentication.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthApiAuthentication.java index b4bcd9c1..cfdef49e 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/authentication/PowerAuthApiAuthentication.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthApiAuthentication.java @@ -17,10 +17,11 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.authentication; +package io.getlime.security.powerauth.rest.api.spring.authentication; import io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes; import io.getlime.security.powerauth.http.PowerAuthHttpHeader; +import io.getlime.security.powerauth.rest.api.spring.model.AuthenticationContext; import java.util.List; @@ -34,8 +35,8 @@ public interface PowerAuthApiAuthentication { /** - * Get user ID - * @return User ID + * Get user ID. + * @return User ID. */ String getUserId(); @@ -46,15 +47,19 @@ public interface PowerAuthApiAuthentication { void setUserId(String userId); /** - * Get activation ID - * @return Activation ID + * Get activation ID. + * This method is deprecated, use {@link PowerAuthApiAuthentication#getActivationContext()} instead. + * @return Activation ID. */ + @Deprecated String getActivationId(); /** - * Set activation ID - * @param activationId Activation ID + * Set activation ID. + * This method is deprecated, use {@link PowerAuthApiAuthentication#getActivationContext()} instead. + * @param activationId Activation ID. */ + @Deprecated void setActivationId(String activationId); /** @@ -83,30 +88,50 @@ public interface PowerAuthApiAuthentication { /** * Get activation flags. + * This method is deprecated, use {@link PowerAuthApiAuthentication#getActivationContext()} instead. * @return Activation flags. */ + @Deprecated List getActivationFlags(); /** * Set activation flags. + * This method is deprecated, use {@link PowerAuthApiAuthentication#getActivationContext()} instead. * @param activationFlags Activation flags. */ + @Deprecated void setActivationFlags(List activationFlags); /** * Return authentication factors related to the signature that was used to produce * this authentication object. + * This method is deprecated, use {@link PowerAuthApiAuthentication#getAuthenticationContext()} ()} instead. * @return Signature type (signature factors). */ + @Deprecated PowerAuthSignatureTypes getSignatureFactors(); /** * Set authentication factors related to the signature that was used to produce * this authentication object. + * This method is deprecated, use {@link PowerAuthApiAuthentication#getAuthenticationContext()} ()} instead. * @param factors Signature type (signature factors). */ + @Deprecated void setSignatureFactors(PowerAuthSignatureTypes factors); + /** + * Get PowerAuth authentication context. + * @return PowerAuth authentication context. + */ + AuthenticationContext getAuthenticationContext(); + + /** + * Set PowerAuth authentication context. + * @param authenticationContext PowerAuth authentication context. + */ + void setAuthenticationContext(AuthenticationContext authenticationContext); + /** * Get PowerAuth protocol version. * @return PowerAuth protocol version. @@ -130,4 +155,17 @@ public interface PowerAuthApiAuthentication { * @param httpHeader PowerAuth HTTP header. */ void setHttpHeader(PowerAuthHttpHeader httpHeader); + + /** + * Get the activation context. + * @return Activation context. + */ + PowerAuthActivation getActivationContext(); + + /** + * Set the activation context. + * @param activationContext Activation context. + */ + void setActivationContext(PowerAuthActivation activationContext); + } diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/authentication/PowerAuthAuthentication.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthAuthentication.java similarity index 93% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/authentication/PowerAuthAuthentication.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthAuthentication.java index 9e684a4a..d6b42475 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/authentication/PowerAuthAuthentication.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthAuthentication.java @@ -17,7 +17,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.authentication; +package io.getlime.security.powerauth.rest.api.spring.authentication; /** * Base interface for all PowerAuth inbound authentication interfaces. diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/authentication/PowerAuthSignatureAuthentication.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthSignatureAuthentication.java similarity index 98% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/authentication/PowerAuthSignatureAuthentication.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthSignatureAuthentication.java index a9ac45e7..506d0e9c 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/authentication/PowerAuthSignatureAuthentication.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthSignatureAuthentication.java @@ -17,7 +17,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.authentication; +package io.getlime.security.powerauth.rest.api.spring.authentication; import io.getlime.security.powerauth.http.PowerAuthHttpHeader; diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/authentication/PowerAuthTokenAuthentication.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthTokenAuthentication.java similarity index 97% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/authentication/PowerAuthTokenAuthentication.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthTokenAuthentication.java index 3c96042f..7d58d15c 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/authentication/PowerAuthTokenAuthentication.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthTokenAuthentication.java @@ -17,7 +17,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.authentication; +package io.getlime.security.powerauth.rest.api.spring.authentication; import io.getlime.security.powerauth.http.PowerAuthHttpHeader; diff --git a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/impl/PowerAuthActivationImpl.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/impl/PowerAuthActivationImpl.java new file mode 100644 index 00000000..52becd95 --- /dev/null +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/impl/PowerAuthActivationImpl.java @@ -0,0 +1,149 @@ +/* + * PowerAuth integration libraries for RESTful API applications, examples and + * related software components + * + * Copyright (C) 2021 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package io.getlime.security.powerauth.rest.api.spring.authentication.impl; + +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthActivation; +import io.getlime.security.powerauth.rest.api.spring.model.ActivationStatus; +import io.getlime.security.powerauth.rest.api.spring.model.AuthenticationContext; + +import java.io.Serializable; +import java.util.ArrayList; +import java.util.List; + +/** + * Class representing PowerAuth activation detail in context of signature verification. + * + * @author Roman Strobl, roman.strobl@wultra.com + * + */ +public class PowerAuthActivationImpl implements PowerAuthActivation, Serializable { + + private static final long serialVersionUID = -2171754572617130041L; + + /** + * User ID. + */ + private String userId; + + /** + * Activation ID. + */ + private String activationId; + + /** + * Activation status. + */ + private ActivationStatus activationStatus; + + /** + * Activation blocked reason. + */ + private String blockedReason; + + /** + * Activation flags. + */ + private List activationFlags; + + /** + * PowerAuth authentication context. + */ + private AuthenticationContext authenticationContext; + + /** + * PowerAuth version. + */ + private String version; + + @Override + public String getUserId() { + return userId; + } + + @Override + public void setUserId(String userId) { + this.userId = userId; + } + + @Override + public String getActivationId() { + return activationId; + } + + @Override + public void setActivationId(String activationId) { + this.activationId = activationId; + } + + @Override + public ActivationStatus getActivationStatus() { + return activationStatus; + } + + @Override + public void setActivationStatus(ActivationStatus activationStatus) { + this.activationStatus = activationStatus; + } + + @Override + public String getBlockedReason() { + return blockedReason; + } + + @Override + public void setBlockedReason(String blockedReason) { + this.blockedReason = blockedReason; + } + + @Override + public List getActivationFlags() { + return activationFlags; + } + + @Override + public void setActivationFlags(List activationFlags) { + if (activationFlags == null) { + this.activationFlags = null; + } else { + this.activationFlags = new ArrayList<>(activationFlags); + } + } + + @Override + public AuthenticationContext getAuthenticationContext() { + return authenticationContext; + } + + @Override + public void setAuthenticationContext(AuthenticationContext authenticationContext) { + this.authenticationContext = authenticationContext; + } + + @Override + public String getVersion() { + return version; + } + + @Override + public void setVersion(String version) { + this.version = version; + } + +} \ No newline at end of file diff --git a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthApiAuthenticationImpl.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/impl/PowerAuthApiAuthenticationImpl.java similarity index 61% rename from powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthApiAuthenticationImpl.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/impl/PowerAuthApiAuthenticationImpl.java index c150b188..62c6053e 100644 --- a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthApiAuthenticationImpl.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/impl/PowerAuthApiAuthenticationImpl.java @@ -17,11 +17,13 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.spring.authentication; +package io.getlime.security.powerauth.rest.api.spring.authentication.impl; import io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes; import io.getlime.security.powerauth.http.PowerAuthHttpHeader; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthActivation; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication; +import io.getlime.security.powerauth.rest.api.spring.model.AuthenticationContext; import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; @@ -61,18 +63,23 @@ public class PowerAuthApiAuthenticationImpl extends AbstractAuthenticationToken /** * List of application roles. */ - private List applicationRoles; + private List applicationRoles = new ArrayList<>(); /** * List of activation flags. */ - private List activationFlags; + private List activationFlags = new ArrayList<>(); /** * Signature type, representing used authentication factor. */ private PowerAuthSignatureTypes factors; + /** + * PowerAuth authentication context. + */ + private AuthenticationContext authenticationContext; + /** * Signature version. */ @@ -83,6 +90,11 @@ public class PowerAuthApiAuthenticationImpl extends AbstractAuthenticationToken */ private PowerAuthHttpHeader httpHeader; + /** + * PowerAuth activation instance representing activation context. + */ + private PowerAuthActivation activationContext; + /** * Default constructor */ @@ -96,14 +108,34 @@ public PowerAuthApiAuthenticationImpl() { * @param userId User ID. * @param applicationId Application ID. * @param applicationRoles Application roles. - * @param factors Authentication factors. + * @param activationFlags Activation flags. + * @param authenticationContext Authentication context. */ - public PowerAuthApiAuthenticationImpl(String activationId, String userId, Long applicationId, List applicationRoles, PowerAuthSignatureTypes factors) { + public PowerAuthApiAuthenticationImpl(String activationId, String userId, Long applicationId, List applicationRoles, + List activationFlags, AuthenticationContext authenticationContext) { super(null); + // Deprecated field, updated for compatibility reason this.activationId = activationId; this.userId = userId; this.applicationId = applicationId; - this.factors = factors; + if (applicationRoles != null) { + this.applicationRoles = new ArrayList<>(applicationRoles); + } + if (activationFlags != null) { + // Deprecated field, updated for compatibility reason + this.activationFlags = new ArrayList<>(activationFlags); + } + this.authenticationContext = authenticationContext; + if (authenticationContext != null) { + // Deprecated field, updated for compatibility reason + this.factors = authenticationContext.getSignatureType(); + } + this.activationContext = new PowerAuthActivationImpl(); + activationContext.setActivationId(activationId); + activationContext.setUserId(userId); + activationContext.setActivationFlags(activationFlags); + activationContext.setAuthenticationContext(authenticationContext); + activationContext.setVersion(version); } @Override @@ -165,7 +197,11 @@ public List getApplicationRoles() { @Override public void setApplicationRoles(List applicationRoles) { - this.applicationRoles = applicationRoles; + if (applicationRoles == null) { + this.applicationRoles = Collections.emptyList(); + } else { + this.applicationRoles = new ArrayList<>(applicationRoles); + } } @Override @@ -175,10 +211,13 @@ public List getActivationFlags() { @Override public void setActivationFlags(List activationFlags) { - this.activationFlags = activationFlags; + if (activationFlags == null) { + this.activationFlags = Collections.emptyList(); + } else { + this.activationFlags = new ArrayList<>(activationFlags); + } } - @Override public PowerAuthSignatureTypes getSignatureFactors() { return factors; @@ -189,6 +228,20 @@ public void setSignatureFactors(PowerAuthSignatureTypes factors) { this.factors = factors; } + @Override + public AuthenticationContext getAuthenticationContext() { + return authenticationContext; + } + + @Override + public void setAuthenticationContext(AuthenticationContext authenticationContext) { + this.authenticationContext = authenticationContext; + if (authenticationContext != null) { + // Update deprecated signatureFactors to ensure compatibility + setSignatureFactors(authenticationContext.getSignatureType()); + } + } + @Override public String getVersion() { return version; @@ -208,4 +261,20 @@ public PowerAuthHttpHeader getHttpHeader() { public void setHttpHeader(PowerAuthHttpHeader httpHeader) { this.httpHeader = httpHeader; } + + @Override + public PowerAuthActivation getActivationContext() { + return activationContext; + } + + @Override + public void setActivationContext(PowerAuthActivation activationContext) { + this.activationContext = activationContext; + // Update deprecated activationId and activationFlags to ensure compatibility + if (activationContext != null) { + setActivationId(activationContext.getActivationId()); + setActivationFlags(activationContext.getActivationFlags()); + } + } + } diff --git a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthSignatureAuthenticationImpl.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/impl/PowerAuthSignatureAuthenticationImpl.java similarity index 98% rename from powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthSignatureAuthenticationImpl.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/impl/PowerAuthSignatureAuthenticationImpl.java index c9bf4d3b..70cc1c50 100644 --- a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthSignatureAuthenticationImpl.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/impl/PowerAuthSignatureAuthenticationImpl.java @@ -17,10 +17,10 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.spring.authentication; +package io.getlime.security.powerauth.rest.api.spring.authentication.impl; import io.getlime.security.powerauth.http.PowerAuthHttpHeader; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthSignatureAuthentication; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthSignatureAuthentication; import org.springframework.security.authentication.AbstractAuthenticationToken; /** diff --git a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthTokenAuthenticationImpl.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/impl/PowerAuthTokenAuthenticationImpl.java similarity index 97% rename from powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthTokenAuthenticationImpl.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/impl/PowerAuthTokenAuthenticationImpl.java index b2659d81..c444eec1 100644 --- a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/PowerAuthTokenAuthenticationImpl.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/authentication/impl/PowerAuthTokenAuthenticationImpl.java @@ -17,10 +17,10 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.spring.authentication; +package io.getlime.security.powerauth.rest.api.spring.authentication.impl; import io.getlime.security.powerauth.http.PowerAuthHttpHeader; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthTokenAuthentication; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthTokenAuthentication; import org.springframework.security.authentication.AbstractAuthenticationToken; /** diff --git a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/converter/v3/ActivationContextConverter.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/converter/v3/ActivationContextConverter.java new file mode 100644 index 00000000..c140f9eb --- /dev/null +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/converter/v3/ActivationContextConverter.java @@ -0,0 +1,84 @@ +/* + * PowerAuth integration libraries for RESTful API applications, examples and + * related software components + * + * Copyright (C) 2021 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package io.getlime.security.powerauth.rest.api.spring.converter.v3; + +import com.wultra.security.powerauth.client.v3.GetActivationStatusResponse; +import io.getlime.security.powerauth.rest.api.spring.model.ActivationContext; +import org.springframework.stereotype.Component; + +import javax.xml.datatype.XMLGregorianCalendar; +import java.util.List; + +/** + * Converter class for conversions of activation context. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Component +public class ActivationContextConverter { + + private final ActivationStatusConverter activationStatusConverter; + + /** + * Converter constructor. + * @param activationStatusConverter Activation status converter. + */ + public ActivationContextConverter(ActivationStatusConverter activationStatusConverter) { + this.activationStatusConverter = activationStatusConverter; + } + + /** + * Convert new activation context from activation status response. + * + * @param source Activation status response. + * @return Activation context. + */ + public ActivationContext fromActivationDetailResponse(GetActivationStatusResponse source) { + final ActivationContext destination = new ActivationContext(); + destination.setActivationId(source.getActivationId()); + destination.setActivationName(source.getActivationName()); + destination.setActivationStatus(activationStatusConverter.convertFrom(source.getActivationStatus())); + destination.setBlockedReason(source.getBlockedReason()); + destination.setApplicationId(source.getApplicationId()); + destination.setUserId(source.getUserId()); + destination.setVersion(source.getVersion()); + destination.setPlatform(source.getPlatform()); + destination.setDeviceInfo(source.getDeviceInfo()); + destination.setExtras(source.getExtras()); + final List activationFlags = source.getActivationFlags(); + if (activationFlags != null) { + destination.getActivationFlags().addAll(activationFlags); + } + final XMLGregorianCalendar timestampCreated = source.getTimestampCreated(); + if (timestampCreated != null) { + destination.setTimestampCreated(timestampCreated.toGregorianCalendar().toInstant()); + } + final XMLGregorianCalendar timestampLastUsed = source.getTimestampLastUsed(); + if (timestampLastUsed != null) { + destination.setTimestampLastUsed(timestampLastUsed.toGregorianCalendar().toInstant()); + } + final XMLGregorianCalendar timestampLastChange = source.getTimestampLastChange(); + if (timestampLastChange != null) { + destination.setTimestampLastChange(timestampLastChange.toGregorianCalendar().toInstant()); + } + return destination; + } + +} diff --git a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/converter/v3/ActivationStatusConverter.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/converter/v3/ActivationStatusConverter.java new file mode 100644 index 00000000..dd974ff0 --- /dev/null +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/converter/v3/ActivationStatusConverter.java @@ -0,0 +1,67 @@ +/* + * PowerAuth integration libraries for RESTful API applications, examples and + * related software components + * + * Copyright (C) 2021 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package io.getlime.security.powerauth.rest.api.spring.converter.v3; + +import io.getlime.security.powerauth.rest.api.spring.model.ActivationStatus; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Component; + +/** + * Converter class for conversions of activation status. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Component +public class ActivationStatusConverter { + + private static final Logger logger = LoggerFactory.getLogger(ActivationStatusConverter.class); + + /** + * Convert {@link ActivationStatus} from a {@link com.wultra.security.powerauth.client.v3.ActivationStatus} value. + * @param activationStatus Activation status from PowerAuth client model. + * @return Activation status from Restful integration model. + */ + public ActivationStatus convertFrom(com.wultra.security.powerauth.client.v3.ActivationStatus activationStatus) { + if (activationStatus == null) { + return null; + } + + switch (activationStatus) { + case CREATED: + return ActivationStatus.CREATED; + + case PENDING_COMMIT: + return ActivationStatus.PENDING_COMMIT; + + case ACTIVE: + return ActivationStatus.ACTIVE; + + case BLOCKED: + return ActivationStatus.BLOCKED; + + case REMOVED: + return ActivationStatus.REMOVED; + } + + return null; + } + +} diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/encryption/EciesEncryptionContext.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/encryption/EciesEncryptionContext.java similarity index 98% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/encryption/EciesEncryptionContext.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/encryption/EciesEncryptionContext.java index 2ea5b66c..a02c9382 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/encryption/EciesEncryptionContext.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/encryption/EciesEncryptionContext.java @@ -17,7 +17,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.encryption; +package io.getlime.security.powerauth.rest.api.spring.encryption; import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesScope; import io.getlime.security.powerauth.http.PowerAuthHttpHeader; diff --git a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/encryption/EncryptorFactory.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/encryption/EncryptorFactory.java index 7e81b2fb..2d99fc9f 100644 --- a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/encryption/EncryptorFactory.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/encryption/EncryptorFactory.java @@ -23,9 +23,8 @@ import com.wultra.security.powerauth.client.model.error.PowerAuthClientException; import com.wultra.security.powerauth.client.v2.GetNonPersonalizedEncryptionKeyResponse; import io.getlime.core.rest.model.base.request.ObjectRequest; -import io.getlime.security.powerauth.rest.api.base.encryption.PowerAuthNonPersonalizedEncryptor; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthEncryptionException; import io.getlime.security.powerauth.rest.api.model.entity.NonPersonalizedEncryptedPayloadModel; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthEncryptionException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/encryption/PowerAuthEciesDecryptorParameters.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/encryption/PowerAuthEciesDecryptorParameters.java similarity index 96% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/encryption/PowerAuthEciesDecryptorParameters.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/encryption/PowerAuthEciesDecryptorParameters.java index 2536cf66..acdc2aa6 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/encryption/PowerAuthEciesDecryptorParameters.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/encryption/PowerAuthEciesDecryptorParameters.java @@ -17,7 +17,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.encryption; +package io.getlime.security.powerauth.rest.api.spring.encryption; /** * Class used for storing ECIES decryptor parameters. diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/encryption/PowerAuthEciesEncryption.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/encryption/PowerAuthEciesEncryption.java similarity index 93% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/encryption/PowerAuthEciesEncryption.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/encryption/PowerAuthEciesEncryption.java index a45f5834..9a23808e 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/encryption/PowerAuthEciesEncryption.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/encryption/PowerAuthEciesEncryption.java @@ -17,7 +17,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.encryption; +package io.getlime.security.powerauth.rest.api.spring.encryption; import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.EciesDecryptor; @@ -29,13 +29,13 @@ * * @author Roman Strobl, roman.strobl@wultra.com */ -public class PowerAuthEciesEncryption { +public class PowerAuthEciesEncryption { private final EciesEncryptionContext context; private EciesDecryptor eciesDecryptor; private byte[] encryptedRequest; private byte[] decryptedRequest; - private T requestObject; + private Object requestObject; /** * Initialize ECIES encryption object from either encryption or signature HTTP header. @@ -106,7 +106,7 @@ public void setDecryptedRequest(byte[] decryptedRequest) { * Get decrypted request object. * @return Decrypted request object. */ - public T getRequestObject() { + public Object getRequestObject() { return requestObject; } @@ -114,7 +114,7 @@ public T getRequestObject() { * Set decrypted request object. * @param requestObject Decrypted request object. */ - public void setRequestObject(T requestObject) { + public void setRequestObject(Object requestObject) { this.requestObject = requestObject; } diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/encryption/PowerAuthNonPersonalizedEncryptor.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/encryption/PowerAuthNonPersonalizedEncryptor.java similarity index 99% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/encryption/PowerAuthNonPersonalizedEncryptor.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/encryption/PowerAuthNonPersonalizedEncryptor.java index 820722cc..c36e8cd2 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/encryption/PowerAuthNonPersonalizedEncryptor.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/encryption/PowerAuthNonPersonalizedEncryptor.java @@ -17,7 +17,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.encryption; +package io.getlime.security.powerauth.rest.api.spring.encryption; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/PowerAuthActivationException.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthActivationException.java similarity index 97% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/PowerAuthActivationException.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthActivationException.java index 89ef2b76..fa201ca5 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/PowerAuthActivationException.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthActivationException.java @@ -17,7 +17,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.exception; +package io.getlime.security.powerauth.rest.api.spring.exception; /** * Exception related to processes during a new activation process. diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/PowerAuthAuthenticationException.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthAuthenticationException.java similarity index 97% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/PowerAuthAuthenticationException.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthAuthenticationException.java index a77cf89f..cbd8b8a8 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/PowerAuthAuthenticationException.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthAuthenticationException.java @@ -17,7 +17,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.exception; +package io.getlime.security.powerauth.rest.api.spring.exception; /** * Exception raised in case PowerAuth authentication fails. diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/PowerAuthEncryptionException.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthEncryptionException.java similarity index 97% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/PowerAuthEncryptionException.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthEncryptionException.java index 87111890..64ae1c04 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/PowerAuthEncryptionException.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthEncryptionException.java @@ -17,7 +17,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.exception; +package io.getlime.security.powerauth.rest.api.spring.exception; /** * Exception raised in case encryption or decryption fails. diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/PowerAuthRecoveryException.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthRecoveryException.java similarity index 98% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/PowerAuthRecoveryException.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthRecoveryException.java index 33bed644..80721ccc 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/PowerAuthRecoveryException.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthRecoveryException.java @@ -17,7 +17,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.exception; +package io.getlime.security.powerauth.rest.api.spring.exception; /** * Exception thrown in case PowerAuth recovery fails, with optional current PUK index. diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/PowerAuthSecureVaultException.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthSecureVaultException.java similarity index 97% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/PowerAuthSecureVaultException.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthSecureVaultException.java index ee0d6232..e676947c 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/PowerAuthSecureVaultException.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthSecureVaultException.java @@ -17,7 +17,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.exception; +package io.getlime.security.powerauth.rest.api.spring.exception; /** * Exception related to processes during a new secure vault unlocking. diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/PowerAuthUpgradeException.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthUpgradeException.java similarity index 96% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/PowerAuthUpgradeException.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthUpgradeException.java index 91eb3ab0..d5af05f7 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/PowerAuthUpgradeException.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthUpgradeException.java @@ -17,7 +17,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.exception; +package io.getlime.security.powerauth.rest.api.spring.exception; /** * Exception raised in case PowerAuth upgrade fails. diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthHeaderMissingException.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthHeaderMissingException.java similarity index 91% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthHeaderMissingException.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthHeaderMissingException.java index 6ac87fbd..cc2a8652 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthHeaderMissingException.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthHeaderMissingException.java @@ -17,9 +17,9 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.exception.authentication; +package io.getlime.security.powerauth.rest.api.spring.exception.authentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; /** * Exception raised in case PowerAuth HTTP header is missing. diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthInvalidRequestException.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthInvalidRequestException.java similarity index 91% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthInvalidRequestException.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthInvalidRequestException.java index e3b95a4e..42ab5a21 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthInvalidRequestException.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthInvalidRequestException.java @@ -17,9 +17,9 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.exception.authentication; +package io.getlime.security.powerauth.rest.api.spring.exception.authentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; /** * Exception raised in case PowerAuth authentication request is invalid. diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthRecoveryConfirmationException.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthRecoveryConfirmationException.java similarity index 91% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthRecoveryConfirmationException.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthRecoveryConfirmationException.java index c6238b24..5fd70d88 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthRecoveryConfirmationException.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthRecoveryConfirmationException.java @@ -17,9 +17,9 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.exception.authentication; +package io.getlime.security.powerauth.rest.api.spring.exception.authentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; /** * Exception raised in case PowerAuth recovery confirmation fails with an error. diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthRequestFilterException.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthRequestFilterException.java similarity index 91% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthRequestFilterException.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthRequestFilterException.java index b2df43ac..571368b1 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthRequestFilterException.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthRequestFilterException.java @@ -17,9 +17,9 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.exception.authentication; +package io.getlime.security.powerauth.rest.api.spring.exception.authentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; /** * Exception raised in case PowerAuth authentication request filter is missing. diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthSignatureErrorException.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthSignatureErrorException.java similarity index 91% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthSignatureErrorException.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthSignatureErrorException.java index 638ea253..0a818b8e 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthSignatureErrorException.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthSignatureErrorException.java @@ -17,9 +17,9 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.exception.authentication; +package io.getlime.security.powerauth.rest.api.spring.exception.authentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; /** * Exception raised in case PowerAuth signature validation fails with an error. diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthSignatureInvalidException.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthSignatureInvalidException.java similarity index 91% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthSignatureInvalidException.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthSignatureInvalidException.java index 53964857..253ca895 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthSignatureInvalidException.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthSignatureInvalidException.java @@ -17,9 +17,9 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.exception.authentication; +package io.getlime.security.powerauth.rest.api.spring.exception.authentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; /** * Exception raised in case PowerAuth signature validation fails. diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthSignatureTypeInvalidException.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthSignatureTypeInvalidException.java similarity index 91% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthSignatureTypeInvalidException.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthSignatureTypeInvalidException.java index 49b3d40c..678a7849 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthSignatureTypeInvalidException.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthSignatureTypeInvalidException.java @@ -17,9 +17,9 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.exception.authentication; +package io.getlime.security.powerauth.rest.api.spring.exception.authentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; /** * Exception raised in case PowerAuth signature type is invalid. diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthTokenErrorException.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthTokenErrorException.java similarity index 91% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthTokenErrorException.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthTokenErrorException.java index 922feacd..7d386678 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthTokenErrorException.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthTokenErrorException.java @@ -17,9 +17,9 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.exception.authentication; +package io.getlime.security.powerauth.rest.api.spring.exception.authentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; /** * Exception raised in case PowerAuth token validation fails with an error. diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthTokenInvalidException.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthTokenInvalidException.java similarity index 91% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthTokenInvalidException.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthTokenInvalidException.java index 59478a83..50596161 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/exception/authentication/PowerAuthTokenInvalidException.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/authentication/PowerAuthTokenInvalidException.java @@ -17,9 +17,9 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.exception.authentication; +package io.getlime.security.powerauth.rest.api.spring.exception.authentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; /** * Exception raised in case PowerAuth token validation fails. diff --git a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/filter/EncryptionResponseBodyAdvice.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/filter/EncryptionResponseBodyAdvice.java index c3488ea9..fe13db0f 100644 --- a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/filter/EncryptionResponseBodyAdvice.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/filter/EncryptionResponseBodyAdvice.java @@ -23,13 +23,14 @@ import com.google.common.io.BaseEncoding; import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.EciesDecryptor; import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesCryptogram; -import io.getlime.security.powerauth.rest.api.base.encryption.PowerAuthEciesEncryption; -import io.getlime.security.powerauth.rest.api.base.model.PowerAuthRequestObjects; +import io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEciesEncryption; +import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestObjects; import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse; import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthEncryption; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.core.MethodParameter; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpOutputMessage; @@ -73,7 +74,7 @@ public class EncryptionResponseBodyAdvice implements ResponseBodyAdvice * @param requestMappingHandlerAdapter Request mapping handler adapter. */ @Autowired - public void setRequestMappingHandlerAdapter(RequestMappingHandlerAdapter requestMappingHandlerAdapter) { + public void setRequestMappingHandlerAdapter(@Lazy RequestMappingHandlerAdapter requestMappingHandlerAdapter) { this.requestMappingHandlerAdapter = requestMappingHandlerAdapter; } @@ -111,7 +112,7 @@ public Object beforeBodyWrite(Object response, @NonNull MethodParameter methodPa // Extract ECIES encryption object from HTTP request final HttpServletRequest httpServletRequest = ((ServletServerHttpRequest) serverHttpRequest).getServletRequest(); - final PowerAuthEciesEncryption eciesEncryption = (PowerAuthEciesEncryption) httpServletRequest.getAttribute(PowerAuthRequestObjects.ENCRYPTION_OBJECT); + final PowerAuthEciesEncryption eciesEncryption = (PowerAuthEciesEncryption) httpServletRequest.getAttribute(PowerAuthRequestObjects.ENCRYPTION_OBJECT); if (eciesEncryption == null) { return null; } diff --git a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/filter/PowerAuthRequestFilter.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/filter/PowerAuthRequestFilter.java index 26f733b7..dcb9fb55 100644 --- a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/filter/PowerAuthRequestFilter.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/filter/PowerAuthRequestFilter.java @@ -19,7 +19,6 @@ */ package io.getlime.security.powerauth.rest.api.spring.filter; -import io.getlime.security.powerauth.rest.api.base.filter.PowerAuthRequestFilterBase; import org.springframework.lang.NonNull; import org.springframework.web.filter.OncePerRequestFilter; diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/filter/PowerAuthRequestFilterBase.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/filter/PowerAuthRequestFilterBase.java similarity index 95% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/filter/PowerAuthRequestFilterBase.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/filter/PowerAuthRequestFilterBase.java index bb1a3ad6..58c68d98 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/filter/PowerAuthRequestFilterBase.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/filter/PowerAuthRequestFilterBase.java @@ -17,13 +17,13 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.filter; +package io.getlime.security.powerauth.rest.api.spring.filter; import io.getlime.security.powerauth.http.PowerAuthEncryptionHttpHeader; import io.getlime.security.powerauth.http.PowerAuthRequestCanonizationUtils; import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader; -import io.getlime.security.powerauth.rest.api.base.model.PowerAuthRequestBody; -import io.getlime.security.powerauth.rest.api.base.model.PowerAuthRequestObjects; +import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestBody; +import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestObjects; import javax.servlet.http.HttpServletRequest; import java.io.IOException; diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/filter/ResettableStreamHttpServletRequest.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/filter/ResettableStreamHttpServletRequest.java similarity index 98% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/filter/ResettableStreamHttpServletRequest.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/filter/ResettableStreamHttpServletRequest.java index 40dcd6b4..fadc265a 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/filter/ResettableStreamHttpServletRequest.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/filter/ResettableStreamHttpServletRequest.java @@ -17,7 +17,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.filter; +package io.getlime.security.powerauth.rest.api.spring.filter; import com.google.common.io.ByteStreams; diff --git a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/model/ActivationContext.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/model/ActivationContext.java new file mode 100644 index 00000000..e462a4fc --- /dev/null +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/model/ActivationContext.java @@ -0,0 +1,268 @@ +/* + * PowerAuth integration libraries for RESTful API applications, examples and + * related software components + * + * Copyright (C) 2021 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package io.getlime.security.powerauth.rest.api.spring.model; + +import java.time.Instant; +import java.util.ArrayList; +import java.util.List; + +/** + * Class representing the activation context data. It maps detailed activation attributes + * to a class that is supposed to be used by the developers in various scenarios. + * + * @author Petr Dvorak, petr@wultra.com + */ +public class ActivationContext { + + private String activationId; + private String activationName; + private final List activationFlags; + private ActivationStatus activationStatus; + private String blockedReason; + private long applicationId; + private String userId; + private long version; + private Instant timestampCreated; + private Instant timestampLastUsed; + private Instant timestampLastChange; + private String platform; + private String deviceInfo; + private String extras; + + public ActivationContext() { + this.activationFlags = new ArrayList<>(); + } + + /** + * Set activation ID. + * @param activationId Activation ID. + */ + public void setActivationId(String activationId) { + this.activationId = activationId; + } + + /** + * Get activation ID. + * @return Activation ID. + */ + public String getActivationId() { + return activationId; + } + + /** + * Set activation name. + * @param activationName Activation name. + */ + public void setActivationName(String activationName) { + this.activationName = activationName; + } + + /** + * Get activation name. + * @return Activation name. + */ + public String getActivationName() { + return activationName; + } + + /** + * Get activation flags. + * @return Activation flags. + */ + public List getActivationFlags() { + return activationFlags; + } + + /** + * Set activation status. + * @param activationStatus Activation status. + */ + public void setActivationStatus(ActivationStatus activationStatus) { + this.activationStatus = activationStatus; + } + + /** + * Get activation status. + * @return Activation status. + */ + public ActivationStatus getActivationStatus() { + return activationStatus; + } + + /** + * Set blocked reason. + * @param blockedReason Blocked reason. + */ + public void setBlockedReason(String blockedReason) { + this.blockedReason = blockedReason; + } + + /** + * Get blocked reason. + * @return Blocked reason. + */ + public String getBlockedReason() { + return blockedReason; + } + + /** + * Set application ID. + * @param applicationId Application ID. + */ + public void setApplicationId(long applicationId) { + this.applicationId = applicationId; + } + + /** + * Get application ID. + * @return Application ID. + */ + public long getApplicationId() { + return applicationId; + } + + /** + * Set user ID. + * @param userId User ID. + */ + public void setUserId(String userId) { + this.userId = userId; + } + + /** + * Get user ID. + * @return User ID. + */ + public String getUserId() { + return userId; + } + + /** + * Set version. + * @param version Version. + */ + public void setVersion(long version) { + this.version = version; + } + + /** + * Get version. + * @return Version. + */ + public long getVersion() { + return version; + } + + /** + * Set timestamp created. + * @param timestampCreated Timestamp created. + */ + public void setTimestampCreated(Instant timestampCreated) { + this.timestampCreated = timestampCreated; + } + + /** + * Get timestamp created. + * @return Timestamp created. + */ + public Instant getTimestampCreated() { + return timestampCreated; + } + + /** + * Set timestamp last used. + * @param timestampLastUsed Timestamp last used. + */ + public void setTimestampLastUsed(Instant timestampLastUsed) { + this.timestampLastUsed = timestampLastUsed; + } + + /** + * Get timestamp last used. + * @return Timestamp last used. + */ + public Instant getTimestampLastUsed() { + return timestampLastUsed; + } + + /** + * Set timestamp last change. + * @param timestampLastChange Timestamp last change. + */ + public void setTimestampLastChange(Instant timestampLastChange) { + this.timestampLastChange = timestampLastChange; + } + + /** + * Get timestamp last change. + * @return Timestamp last change. + */ + public Instant getTimestampLastChange() { + return timestampLastChange; + } + + /** + * Set platform. + * @param platform Platform. + */ + public void setPlatform(String platform) { + this.platform = platform; + } + + /** + * Get platform. + * @return Platform. + */ + public String getPlatform() { + return platform; + } + + /** + * Set device info. + * @param deviceInfo Device info. + */ + public void setDeviceInfo(String deviceInfo) { + this.deviceInfo = deviceInfo; + } + + /** + * Get device info. + * @return Device info. + */ + public String getDeviceInfo() { + return deviceInfo; + } + + /** + * Set extras. + * @param extras Extras. + */ + public void setExtras(String extras) { + this.extras = extras; + } + + /** + * Get extras. + * @return Extras. + */ + public String getExtras() { + return extras; + } +} diff --git a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/PowerAuthApiJavaApplication.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/model/ActivationStatus.java similarity index 54% rename from powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/PowerAuthApiJavaApplication.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/model/ActivationStatus.java index d43ba90a..2be20e04 100644 --- a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/PowerAuthApiJavaApplication.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/model/ActivationStatus.java @@ -2,7 +2,7 @@ * PowerAuth integration libraries for RESTful API applications, examples and * related software components * - * Copyright (C) 2018 Wultra s.r.o. + * Copyright (C) 2021 Wultra s.r.o. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as published @@ -17,22 +17,38 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.app.rest.api.spring; - -import org.springframework.boot.SpringApplication; -import org.springframework.boot.autoconfigure.SpringBootApplication; +package io.getlime.security.powerauth.rest.api.spring.model; /** - * Spring Boot main class + * Activation status enumeration. + * + * @author Roman Strobl, roman.strobl@wultra.com */ -@SpringBootApplication -public class PowerAuthApiJavaApplication { +public enum ActivationStatus { + + /** + * CREATED - status after the activation record was initialized. + */ + CREATED, + + /** + * PENDING_COMMIT - status after key exchange, the activation is waiting for commit. + */ + PENDING_COMMIT, /** - * Main method - * @param args Arguments + * ACTIVE - the activation was committed, and it is ready for signature verification. */ - public static void main(String[] args) { - SpringApplication.run(PowerAuthApiJavaApplication.class, args); - } + ACTIVE, + + /** + * BLOCKED - the activation is blocked. + */ + BLOCKED, + + /** + * REMOVED - the activation is removed. + */ + REMOVED + } diff --git a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/model/AuthenticationContext.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/model/AuthenticationContext.java new file mode 100644 index 00000000..8738014c --- /dev/null +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/model/AuthenticationContext.java @@ -0,0 +1,83 @@ +/* + * PowerAuth integration libraries for RESTful API applications, examples and + * related software components + * + * Copyright (C) 2021 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package io.getlime.security.powerauth.rest.api.spring.model; + +import io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes; + +/** + * Class representing PowerAuth authentication context. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +public class AuthenticationContext { + + private boolean isValid; + private Integer remainingAttempts; + private PowerAuthSignatureTypes signatureType; + + /** + * Get whether PowerAuth authentication succeeded. + * @return Whether PowerAuth authentication succeeded. + */ + public boolean isValid() { + return isValid; + } + + /** + * Set whether PowerAuth authentication succeeded. + * @param signatureValid Whether PowerAuth authentication succeeded. + */ + public void setValid(boolean signatureValid) { + this.isValid = signatureValid; + } + + /** + * Get remaining attempts for signature verification before activation gets blocked. + * @return Remaining attempts for signature verification before activation gets blocked. + */ + public Integer getRemainingAttempts() { + return remainingAttempts; + } + + /** + * Set remaining attempts for signature verification before activation gets blocked. + * @param remainingAttempts Remaining attempts for signature verification before activation gets blocked. + */ + public void setRemainingAttempts(Integer remainingAttempts) { + this.remainingAttempts = remainingAttempts; + } + + /** + * Get PowerAuth signature type. + * @return PowerAuth signature type. + */ + public PowerAuthSignatureTypes getSignatureType() { + return signatureType; + } + + /** + * Set PowerAuth signature type. + * @param signatureType PowerAuth signature type. + */ + public void setSignatureType(PowerAuthSignatureTypes signatureType) { + this.signatureType = signatureType; + } + +} \ No newline at end of file diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/model/PowerAuthRequestBody.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/model/PowerAuthRequestBody.java similarity index 96% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/model/PowerAuthRequestBody.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/model/PowerAuthRequestBody.java index f1f29e5a..8c50acac 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/model/PowerAuthRequestBody.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/model/PowerAuthRequestBody.java @@ -17,7 +17,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.model; +package io.getlime.security.powerauth.rest.api.spring.model; /** * Class representing HTTP request body. diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/model/PowerAuthRequestObjects.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/model/PowerAuthRequestObjects.java similarity index 92% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/model/PowerAuthRequestObjects.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/model/PowerAuthRequestObjects.java index 083e2f69..195d36a4 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/model/PowerAuthRequestObjects.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/model/PowerAuthRequestObjects.java @@ -1,4 +1,4 @@ -package io.getlime.security.powerauth.rest.api.base.model; +package io.getlime.security.powerauth.rest.api.spring.model; /** * Class defining request objects stored in HTTP servlet request. diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/provider/CustomActivationProvider.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/provider/CustomActivationProvider.java similarity index 98% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/provider/CustomActivationProvider.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/provider/CustomActivationProvider.java index 125eb735..afb6c8d8 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/provider/CustomActivationProvider.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/provider/CustomActivationProvider.java @@ -17,9 +17,9 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.provider; +package io.getlime.security.powerauth.rest.api.spring.provider; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthActivationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthActivationException; import io.getlime.security.powerauth.rest.api.model.entity.ActivationType; import java.util.Collections; diff --git a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/provider/PowerAuthAuthenticationProvider.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/provider/PowerAuthAuthenticationProvider.java index 3a54dfc7..f588a3bc 100644 --- a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/provider/PowerAuthAuthenticationProvider.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/provider/PowerAuthAuthenticationProvider.java @@ -31,18 +31,21 @@ import io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException; import io.getlime.security.powerauth.http.validator.PowerAuthSignatureHttpHeaderValidator; import io.getlime.security.powerauth.http.validator.PowerAuthTokenHttpHeaderValidator; -import io.getlime.security.powerauth.rest.api.base.application.PowerAuthApplicationConfiguration; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthHeaderMissingException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureInvalidException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureTypeInvalidException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthTokenInvalidException; -import io.getlime.security.powerauth.rest.api.base.provider.PowerAuthAuthenticationProviderBase; -import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthenticationImpl; -import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthSignatureAuthenticationImpl; -import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthTokenAuthenticationImpl; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthActivation; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication; +import io.getlime.security.powerauth.rest.api.spring.authentication.impl.PowerAuthActivationImpl; +import io.getlime.security.powerauth.rest.api.spring.authentication.impl.PowerAuthApiAuthenticationImpl; +import io.getlime.security.powerauth.rest.api.spring.authentication.impl.PowerAuthSignatureAuthenticationImpl; +import io.getlime.security.powerauth.rest.api.spring.authentication.impl.PowerAuthTokenAuthenticationImpl; +import io.getlime.security.powerauth.rest.api.spring.converter.v3.ActivationStatusConverter; import io.getlime.security.powerauth.rest.api.spring.converter.v3.SignatureTypeConverter; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthHeaderMissingException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureInvalidException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureTypeInvalidException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthTokenInvalidException; +import io.getlime.security.powerauth.rest.api.spring.model.ActivationStatus; +import io.getlime.security.powerauth.rest.api.spring.model.AuthenticationContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -50,6 +53,7 @@ import org.springframework.security.core.AuthenticationException; import org.springframework.stereotype.Component; +import javax.annotation.Nonnull; import javax.annotation.Nullable; import java.util.List; @@ -64,16 +68,18 @@ public class PowerAuthAuthenticationProvider extends PowerAuthAuthenticationProv private static final Logger logger = LoggerFactory.getLogger(PowerAuthAuthenticationProvider.class); - private PowerAuthClient powerAuthClient; + private final PowerAuthClient powerAuthClient; + private final ActivationStatusConverter activationStatusConverter; /** - * Set PowerAuth service client via setter injection. - * - * @param powerAuthClient PowerAuth service client. + * Provider constructor. + * @param powerAuthClient PowerAuth client. + * @param activationStatusConverter Activation status converter. */ @Autowired - public void setPowerAuthClient(PowerAuthClient powerAuthClient) { + public PowerAuthAuthenticationProvider(PowerAuthClient powerAuthClient, ActivationStatusConverter activationStatusConverter) { this.powerAuthClient = powerAuthClient; + this.activationStatusConverter = activationStatusConverter; } /** @@ -139,14 +145,17 @@ private PowerAuthApiAuthenticationImpl validateSignatureAuthentication(PowerAuth logger.debug("Error details", ex); return null; } - if (response.isSignatureValid()) { - return copyAuthenticationAttributes(response.getActivationId(), response.getUserId(), - response.getApplicationId(), response.getApplicationRoles(), response.getActivationFlags(), PowerAuthSignatureTypes.getEnumFromString(response.getSignatureType().value()), - authentication.getVersion(), authentication.getHttpHeader()); - } else { - return null; - } - + final AuthenticationContext authenticationContext = new AuthenticationContext(); + authenticationContext.setValid(response.isSignatureValid()); + authenticationContext.setRemainingAttempts(response.getRemainingAttempts() != null ? response.getRemainingAttempts().intValue() : null); + authenticationContext.setSignatureType(response.getSignatureType() != null ? PowerAuthSignatureTypes.getEnumFromString(response.getSignatureType().value()) : null); + final PowerAuthActivation activationContext = copyActivationAttributes(response.getActivationId(), response.getUserId(), + activationStatusConverter.convertFrom(response.getActivationStatus()), response.getBlockedReason(), + response.getActivationFlags(), authenticationContext, authentication.getVersion()); + return copyAuthenticationAttributes(response.getActivationId(), response.getUserId(), + response.getApplicationId(), response.getApplicationRoles(), response.getActivationFlags(), + authenticationContext, authentication.getVersion(), authentication.getHttpHeader(), + activationContext); } else { return null; } @@ -160,20 +169,31 @@ private PowerAuthApiAuthenticationImpl validateSignatureAuthentication(PowerAuth */ private PowerAuthApiAuthenticationImpl validateTokenAuthentication(PowerAuthTokenAuthenticationImpl authentication) { try { - final ValidateTokenRequest soapRequest = new ValidateTokenRequest(); - soapRequest.setTokenId(authentication.getTokenId()); - soapRequest.setTokenDigest(authentication.getTokenDigest()); - soapRequest.setNonce(authentication.getNonce()); - soapRequest.setTimestamp(Long.parseLong(authentication.getTimestamp())); - - final ValidateTokenResponse soapResponse = powerAuthClient.validateToken(soapRequest); - if (soapResponse.isTokenValid()) { - return copyAuthenticationAttributes(soapResponse.getActivationId(), soapResponse.getUserId(), - soapResponse.getApplicationId(), soapResponse.getApplicationRoles(), soapResponse.getActivationFlags(), PowerAuthSignatureTypes.getEnumFromString(soapResponse.getSignatureType().value()), - authentication.getVersion(), authentication.getHttpHeader()); + final ValidateTokenRequest request = new ValidateTokenRequest(); + request.setTokenId(authentication.getTokenId()); + request.setTokenDigest(authentication.getTokenDigest()); + request.setNonce(authentication.getNonce()); + request.setTimestamp(Long.parseLong(authentication.getTimestamp())); + + final ValidateTokenResponse response = powerAuthClient.validateToken(request); + final ActivationStatus activationStatus; + if (response.isTokenValid()) { + activationStatus = ActivationStatus.ACTIVE; } else { - return null; + // Detailed activation status in case of token authentication failure needs to be obtained from PA server + activationStatus = null; } + final AuthenticationContext authenticationContext = new AuthenticationContext(); + authenticationContext.setValid(response.isTokenValid()); + authenticationContext.setRemainingAttempts(null); + authenticationContext.setSignatureType(response.getSignatureType() != null ? PowerAuthSignatureTypes.getEnumFromString(response.getSignatureType().value()) : null); + final PowerAuthActivation activationContext = copyActivationAttributes(response.getActivationId(), response.getUserId(), + activationStatus, null, + response.getActivationFlags(), authenticationContext, authentication.getVersion()); + return copyAuthenticationAttributes(response.getActivationId(), response.getUserId(), + response.getApplicationId(), response.getApplicationRoles(), response.getActivationFlags(), + authenticationContext, authentication.getVersion(), authentication.getHttpHeader(), + activationContext); } catch (NumberFormatException ex) { logger.warn("Invalid timestamp format, error: {}", ex.getMessage()); logger.debug("Error details", ex); @@ -192,27 +212,53 @@ private PowerAuthApiAuthenticationImpl validateTokenAuthentication(PowerAuthToke * @param applicationId Application ID. * @param applicationRoles Application roles. * @param activationFlags Activation flags. - * @param signatureType Signature Type. + * @param authenticationContext Authentication context. * @param version PowerAuth protocol version. * @param httpHeader Raw PowerAuth http header. + * @param activationContext PowerAuth activation context. * @return Initialized instance of API authentication. */ private PowerAuthApiAuthenticationImpl copyAuthenticationAttributes(String activationId, String userId, Long applicationId, List applicationRoles, - List activationFlags, PowerAuthSignatureTypes signatureType, String version, - PowerAuthHttpHeader httpHeader) { + List activationFlags, AuthenticationContext authenticationContext, + String version, PowerAuthHttpHeader httpHeader, PowerAuthActivation activationContext) { final PowerAuthApiAuthenticationImpl apiAuthentication = new PowerAuthApiAuthenticationImpl(); apiAuthentication.setActivationId(activationId); apiAuthentication.setUserId(userId); apiAuthentication.setApplicationId(applicationId); apiAuthentication.setApplicationRoles(applicationRoles); apiAuthentication.setActivationFlags(activationFlags); - apiAuthentication.setSignatureFactors(signatureType); + apiAuthentication.setAuthenticationContext(authenticationContext); apiAuthentication.setAuthenticated(true); apiAuthentication.setVersion(version); apiAuthentication.setHttpHeader(httpHeader); + apiAuthentication.setActivationContext(activationContext); return apiAuthentication; } + /** + * Prepare activation detail with provided attributes. + * @param activationId Activation ID. + * @param userId User ID. + * @param activationStatus Activation status. + * @param blockedReason Reason why activation was blocked. + * @param activationFlags Activation flags. + * @param authenticationContext Authentication context. + * @param version PowerAuth protocol version. + * @return Initialized instance of API authentication. + */ + private PowerAuthActivationImpl copyActivationAttributes(String activationId, String userId, ActivationStatus activationStatus, String blockedReason, + List activationFlags, AuthenticationContext authenticationContext, String version) { + final PowerAuthActivationImpl activationContext = new PowerAuthActivationImpl(); + activationContext.setActivationId(activationId); + activationContext.setUserId(userId); + activationContext.setActivationStatus(activationStatus); + activationContext.setBlockedReason(blockedReason); + activationContext.setActivationFlags(activationFlags); + activationContext.setAuthenticationContext(authenticationContext); + activationContext.setVersion(version); + return activationContext; + } + /** * Validate the signature from the PowerAuth HTTP header against the provided HTTP method, request body and URI identifier. * Make sure to accept only allowed signatures. @@ -226,16 +272,25 @@ private PowerAuthApiAuthenticationImpl copyAuthenticationAttributes(String activ * @throws PowerAuthAuthenticationException In case authorization fails, exception is raised. */ public PowerAuthApiAuthentication validateRequestSignature( - String httpMethod, - byte[] httpBody, - String requestUriIdentifier, - String httpAuthorizationHeader, - List allowedSignatureTypes, + @Nonnull String httpMethod, + @Nullable byte[] httpBody, + @Nonnull String requestUriIdentifier, + @Nonnull String httpAuthorizationHeader, + @Nonnull List allowedSignatureTypes, @Nullable Integer forcedSignatureVersion ) throws PowerAuthAuthenticationException { + final PowerAuthApiAuthentication apiAuthentication = validateRequestSignatureWithActivationDetails(httpMethod, httpBody, requestUriIdentifier, httpAuthorizationHeader, allowedSignatureTypes, forcedSignatureVersion); + if (!apiAuthentication.getAuthenticationContext().isValid()) { + // Traditionally, failed signature validation returns null value for PowerAuthApiAuthentication + return null; + } + return apiAuthentication; + } + @Override + public @Nonnull PowerAuthApiAuthentication validateRequestSignatureWithActivationDetails(@Nonnull String httpMethod, @Nullable byte[] httpBody, @Nonnull String requestUriIdentifier, @Nonnull String httpAuthorizationHeader, @Nonnull List allowedSignatureTypes, @Nullable Integer forcedSignatureVersion) throws PowerAuthAuthenticationException { // Check for HTTP PowerAuth signature header - if (httpAuthorizationHeader == null || httpAuthorizationHeader.equals("undefined")) { + if (httpAuthorizationHeader.equals("undefined")) { logger.warn("Signature HTTP header is missing"); throw new PowerAuthHeaderMissingException(); } @@ -293,10 +348,20 @@ public PowerAuthApiAuthentication validateRequestSignature( * @return Authentication object in case authentication is correctly obtained. * @throws PowerAuthAuthenticationException In case of authentication failure. */ - public PowerAuthApiAuthentication validateToken(String tokenHeader, List allowedSignatureTypes) throws PowerAuthAuthenticationException { + public @Nullable PowerAuthApiAuthentication validateToken(@Nonnull String tokenHeader, @Nonnull List allowedSignatureTypes) throws PowerAuthAuthenticationException { + final PowerAuthApiAuthentication apiAuthentication = validateTokenWithActivationDetails(tokenHeader, allowedSignatureTypes); + if (!apiAuthentication.getAuthenticationContext().isValid()) { + // Traditionally, failed token validation returns null value for PowerAuthApiAuthentication + return null; + } + return apiAuthentication; + } + @Nonnull + @Override + public PowerAuthApiAuthentication validateTokenWithActivationDetails(@Nonnull String tokenHeader, @Nonnull List allowedSignatureTypes) throws PowerAuthAuthenticationException { // Check for HTTP PowerAuth signature header - if (tokenHeader == null || tokenHeader.equals("undefined")) { + if (tokenHeader.equals("undefined")) { logger.warn("Token HTTP header is missing"); throw new PowerAuthHeaderMissingException(); } @@ -332,14 +397,13 @@ public PowerAuthApiAuthentication validateToken(String tokenHeader, List. */ -package io.getlime.security.powerauth.rest.api.base.provider; +package io.getlime.security.powerauth.rest.api.spring.provider; import io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication; -import io.getlime.security.powerauth.rest.api.base.encryption.PowerAuthEciesEncryption; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthRequestFilterException; -import io.getlime.security.powerauth.rest.api.base.model.PowerAuthRequestBody; -import io.getlime.security.powerauth.rest.api.base.model.PowerAuthRequestObjects; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication; +import io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEciesEncryption; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthRequestFilterException; +import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestBody; +import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestObjects; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.annotation.Nonnull; import javax.annotation.Nullable; import javax.servlet.http.HttpServletRequest; import java.util.ArrayList; @@ -46,7 +47,24 @@ public abstract class PowerAuthAuthenticationProviderBase { /** * Validate the signature from the PowerAuth HTTP header against the provided HTTP method, request body and URI identifier. - * Make sure to accept only allowed signatures. + * Make sure to accept only allowed signatures. Return an instance of PowerAuthApiAuthentication on successful authorization, + * null value is returned on failed authorization. A check of null return value is used to determine the authorization result. + * @param httpMethod HTTP method (GET, POST, ...) + * @param httpBody Body of the HTTP request. + * @param requestUriIdentifier Request URI identifier. + * @param httpAuthorizationHeader PowerAuth HTTP authorization header. + * @param allowedSignatureTypes Allowed types of the signature. + * @param forcedSignatureVersion Forced signature version during upgrade. + * @return Instance of a PowerAuthApiAuthentication on successful authorization, null value on failed authorization. + * @throws PowerAuthAuthenticationException In case authorization fails, exception is raised. + */ + public abstract @Nullable PowerAuthApiAuthentication validateRequestSignature(@Nonnull String httpMethod, @Nullable byte[] httpBody, @Nonnull String requestUriIdentifier, @Nonnull String httpAuthorizationHeader, @Nonnull List allowedSignatureTypes, @Nullable Integer forcedSignatureVersion) throws PowerAuthAuthenticationException; + + /** + * Validate the signature from the PowerAuth HTTP header against the provided HTTP method, request body and URI identifier. + * Make sure to accept only allowed signatures. Return an instance of PowerAuthApiAuthentication on both successful and + * failed authorization. A check of null return value cannot be used to determine the authorization result, the actual + * result is available in the authorization context. * @param httpMethod HTTP method (GET, POST, ...) * @param httpBody Body of the HTTP request. * @param requestUriIdentifier Request URI identifier. @@ -56,7 +74,7 @@ public abstract class PowerAuthAuthenticationProviderBase { * @return Instance of a PowerAuthApiAuthentication on successful authorization. * @throws PowerAuthAuthenticationException In case authorization fails, exception is raised. */ - public abstract PowerAuthApiAuthentication validateRequestSignature(String httpMethod, byte[] httpBody, String requestUriIdentifier, String httpAuthorizationHeader, List allowedSignatureTypes, @Nullable Integer forcedSignatureVersion) throws PowerAuthAuthenticationException; + public abstract @Nonnull PowerAuthApiAuthentication validateRequestSignatureWithActivationDetails(@Nonnull String httpMethod, @Nullable byte[] httpBody, @Nonnull String requestUriIdentifier, @Nonnull String httpAuthorizationHeader, @Nonnull List allowedSignatureTypes, @Nullable Integer forcedSignatureVersion) throws PowerAuthAuthenticationException; /** * Validate the token digest from PowerAuth authentication header. @@ -65,7 +83,16 @@ public abstract class PowerAuthAuthenticationProviderBase { * @return Instance of a PowerAuthApiAuthentication on successful authorization. * @throws PowerAuthAuthenticationException In case authorization fails, exception is raised. */ - public abstract PowerAuthApiAuthentication validateToken(String httpAuthorizationHeader, List allowedSignatureTypes) throws PowerAuthAuthenticationException; + public abstract @Nullable PowerAuthApiAuthentication validateToken(@Nonnull String httpAuthorizationHeader, @Nonnull List allowedSignatureTypes) throws PowerAuthAuthenticationException; + + /** + * Validate the token digest from PowerAuth authentication header. + * @param httpAuthorizationHeader HTTP header with token digest. + * @param allowedSignatureTypes Allowed types of the signature. + * @return Instance of a PowerAuthApiAuthentication on successful authorization. + * @throws PowerAuthAuthenticationException In case authorization fails, exception is raised. + */ + public abstract @Nonnull PowerAuthApiAuthentication validateTokenWithActivationDetails(@Nonnull String httpAuthorizationHeader, @Nonnull List allowedSignatureTypes) throws PowerAuthAuthenticationException; /** * The same as {{@link #validateRequestSignature(String, byte[], String, String, List, Integer)} but uses default accepted signature type (2FA or 3FA) and does not specify forced signature version. @@ -76,7 +103,7 @@ public abstract class PowerAuthAuthenticationProviderBase { * @return Instance of a PowerAuthApiAuthentication on successful authorization. * @throws PowerAuthAuthenticationException In case authorization fails, exception is raised. */ - public PowerAuthApiAuthentication validateRequestSignature(String httpMethod, byte[] httpBody, String requestUriIdentifier, String httpAuthorizationHeader) throws PowerAuthAuthenticationException { + public @Nullable PowerAuthApiAuthentication validateRequestSignature(@Nonnull String httpMethod, @Nullable byte[] httpBody, @Nonnull String requestUriIdentifier, @Nonnull String httpAuthorizationHeader) throws PowerAuthAuthenticationException { List defaultAllowedSignatureTypes = new ArrayList<>(); defaultAllowedSignatureTypes.add(PowerAuthSignatureTypes.POSSESSION_KNOWLEDGE); defaultAllowedSignatureTypes.add(PowerAuthSignatureTypes.POSSESSION_BIOMETRY); @@ -93,13 +120,29 @@ public PowerAuthApiAuthentication validateRequestSignature(String httpMethod, by * @return Instance of a PowerAuthApiAuthentication on successful authorization. * @throws PowerAuthAuthenticationException In case authorization fails, exception is raised. */ - public PowerAuthApiAuthentication validateRequestSignature(HttpServletRequest servletRequest, String requestUriIdentifier, String httpAuthorizationHeader, List allowedSignatureTypes) throws PowerAuthAuthenticationException { + public @Nullable PowerAuthApiAuthentication validateRequestSignature(@Nonnull HttpServletRequest servletRequest, @Nonnull String requestUriIdentifier, @Nonnull String httpAuthorizationHeader, @Nonnull List allowedSignatureTypes) throws PowerAuthAuthenticationException { // Get HTTP method and body bytes String requestMethod = servletRequest.getMethod().toUpperCase(); byte[] requestBodyBytes = extractRequestBodyBytes(servletRequest); return this.validateRequestSignature(requestMethod, requestBodyBytes, requestUriIdentifier, httpAuthorizationHeader, allowedSignatureTypes, null); } + /** + * Validate a request signature, make sure only supported signature types are used, do not use forced signature version during upgrade. + * @param servletRequest HTTPServletRequest with signed data. + * @param requestUriIdentifier Request URI identifier. + * @param httpAuthorizationHeader PowerAuth HTTP authorization header. + * @param allowedSignatureTypes Allowed types of signatures. + * @return Instance of a PowerAuthApiAuthentication on successful authorization. + * @throws PowerAuthAuthenticationException In case authorization fails, exception is raised. + */ + public @Nonnull PowerAuthApiAuthentication validateRequestSignatureWithActivationDetails(@Nonnull HttpServletRequest servletRequest, @Nonnull String requestUriIdentifier, @Nonnull String httpAuthorizationHeader, @Nonnull List allowedSignatureTypes) throws PowerAuthAuthenticationException { + // Get HTTP method and body bytes + String requestMethod = servletRequest.getMethod().toUpperCase(); + byte[] requestBodyBytes = extractRequestBodyBytes(servletRequest); + return this.validateRequestSignatureWithActivationDetails(requestMethod, requestBodyBytes, requestUriIdentifier, httpAuthorizationHeader, allowedSignatureTypes, null); + } + /** * Validate a request signature, make sure only supported signature types are used and allow specification of forced signature version. * @param servletRequest HTTPServletRequest with signed data. @@ -110,7 +153,7 @@ public PowerAuthApiAuthentication validateRequestSignature(HttpServletRequest se * @return Instance of a PowerAuthApiAuthentication on successful authorization. * @throws PowerAuthAuthenticationException In case authorization fails, exception is raised. */ - public PowerAuthApiAuthentication validateRequestSignature(HttpServletRequest servletRequest, String requestUriIdentifier, String httpAuthorizationHeader, List allowedSignatureTypes, @Nullable Integer forcedSignatureVersion) throws PowerAuthAuthenticationException { + public @Nullable PowerAuthApiAuthentication validateRequestSignature(@Nonnull HttpServletRequest servletRequest, @Nonnull String requestUriIdentifier, @Nonnull String httpAuthorizationHeader, @Nonnull List allowedSignatureTypes, @Nullable Integer forcedSignatureVersion) throws PowerAuthAuthenticationException { // Get HTTP method and body bytes String requestMethod = servletRequest.getMethod().toUpperCase(); byte[] requestBodyBytes = extractRequestBodyBytes(servletRequest); @@ -125,7 +168,7 @@ public PowerAuthApiAuthentication validateRequestSignature(HttpServletRequest se * @return Instance of a PowerAuthApiAuthentication on successful authorization. * @throws PowerAuthAuthenticationException In case authorization fails, exception is raised. */ - public PowerAuthApiAuthentication validateRequestSignature(HttpServletRequest servletRequest, String requestUriIdentifier, String httpAuthorizationHeader) throws PowerAuthAuthenticationException { + public @Nullable PowerAuthApiAuthentication validateRequestSignature(@Nonnull HttpServletRequest servletRequest, @Nonnull String requestUriIdentifier, @Nonnull String httpAuthorizationHeader) throws PowerAuthAuthenticationException { List defaultAllowedSignatureTypes = new ArrayList<>(); defaultAllowedSignatureTypes.add(PowerAuthSignatureTypes.POSSESSION_KNOWLEDGE); defaultAllowedSignatureTypes.add(PowerAuthSignatureTypes.POSSESSION_BIOMETRY); @@ -139,7 +182,7 @@ public PowerAuthApiAuthentication validateRequestSignature(HttpServletRequest se * @return Instance of a PowerAuthApiAuthentication on successful authorization. * @throws PowerAuthAuthenticationException In case authorization fails, exception is raised. */ - public PowerAuthApiAuthentication validateToken(String tokenHeader) throws PowerAuthAuthenticationException { + public @Nullable PowerAuthApiAuthentication validateToken(@Nonnull String tokenHeader) throws PowerAuthAuthenticationException { List defaultAllowedSignatureTypes = new ArrayList<>(); defaultAllowedSignatureTypes.add(PowerAuthSignatureTypes.POSSESSION_KNOWLEDGE); defaultAllowedSignatureTypes.add(PowerAuthSignatureTypes.POSSESSION_BIOMETRY); @@ -153,10 +196,10 @@ public PowerAuthApiAuthentication validateToken(String tokenHeader) throws Power * @return Request body bytes. * @throws PowerAuthAuthenticationException In case request body is invalid. */ - public byte[] extractRequestBodyBytes(HttpServletRequest servletRequest) throws PowerAuthAuthenticationException { + public @Nullable byte[] extractRequestBodyBytes(@Nonnull HttpServletRequest servletRequest) throws PowerAuthAuthenticationException { if (servletRequest.getAttribute(PowerAuthRequestObjects.ENCRYPTION_OBJECT) != null) { // Implementation of sign-then-encrypt - in case the encryption object is present and signature is validate, use decrypted request data - PowerAuthEciesEncryption eciesEncryption = (PowerAuthEciesEncryption) servletRequest.getAttribute(PowerAuthRequestObjects.ENCRYPTION_OBJECT); + PowerAuthEciesEncryption eciesEncryption = (PowerAuthEciesEncryption) servletRequest.getAttribute(PowerAuthRequestObjects.ENCRYPTION_OBJECT); return eciesEncryption.getDecryptedRequest(); } else { // Request data was not encrypted - use regular PowerAuth request body for signature validation diff --git a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/provider/PowerAuthEncryptionProvider.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/provider/PowerAuthEncryptionProvider.java index 9c575d04..422a59b6 100644 --- a/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/provider/PowerAuthEncryptionProvider.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/provider/PowerAuthEncryptionProvider.java @@ -22,14 +22,16 @@ import com.wultra.security.powerauth.client.PowerAuthClient; import com.wultra.security.powerauth.client.v3.GetEciesDecryptorRequest; import com.wultra.security.powerauth.client.v3.GetEciesDecryptorResponse; -import io.getlime.security.powerauth.rest.api.base.encryption.PowerAuthEciesDecryptorParameters; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthEncryptionException; -import io.getlime.security.powerauth.rest.api.base.provider.PowerAuthEncryptionProviderBase; +import io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEciesDecryptorParameters; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthEncryptionException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import javax.annotation.Nonnull; +import javax.annotation.Nullable; + /** * Implementation of PowerAuth encryption provider. * @@ -54,7 +56,7 @@ public void setPowerAuthClient(PowerAuthClient powerAuthClient) { } @Override - public PowerAuthEciesDecryptorParameters getEciesDecryptorParameters(String activationId, String applicationKey, String ephemeralPublicKey) throws PowerAuthEncryptionException { + public @Nonnull PowerAuthEciesDecryptorParameters getEciesDecryptorParameters(@Nullable String activationId, @Nonnull String applicationKey, @Nonnull String ephemeralPublicKey) throws PowerAuthEncryptionException { try { GetEciesDecryptorRequest eciesDecryptorRequest = new GetEciesDecryptorRequest(); eciesDecryptorRequest.setActivationId(activationId); diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/provider/PowerAuthEncryptionProviderBase.java b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/provider/PowerAuthEncryptionProviderBase.java similarity index 86% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/provider/PowerAuthEncryptionProviderBase.java rename to powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/provider/PowerAuthEncryptionProviderBase.java index 904ade93..bd68f626 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/provider/PowerAuthEncryptionProviderBase.java +++ b/powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/provider/PowerAuthEncryptionProviderBase.java @@ -17,10 +17,12 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.provider; +package io.getlime.security.powerauth.rest.api.spring.provider; import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.JavaType; import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.type.TypeFactory; import com.google.common.io.BaseEncoding; import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.EciesDecryptor; import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.EciesEnvelopeKey; @@ -32,19 +34,22 @@ import io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException; import io.getlime.security.powerauth.http.validator.PowerAuthEncryptionHttpHeaderValidator; import io.getlime.security.powerauth.http.validator.PowerAuthSignatureHttpHeaderValidator; -import io.getlime.security.powerauth.rest.api.base.encryption.EciesEncryptionContext; -import io.getlime.security.powerauth.rest.api.base.encryption.PowerAuthEciesDecryptorParameters; -import io.getlime.security.powerauth.rest.api.base.encryption.PowerAuthEciesEncryption; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthEncryptionException; -import io.getlime.security.powerauth.rest.api.base.model.PowerAuthRequestBody; -import io.getlime.security.powerauth.rest.api.base.model.PowerAuthRequestObjects; +import io.getlime.security.powerauth.rest.api.spring.encryption.EciesEncryptionContext; +import io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEciesDecryptorParameters; +import io.getlime.security.powerauth.rest.api.spring.encryption.PowerAuthEciesEncryption; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthEncryptionException; +import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestBody; +import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestObjects; import io.getlime.security.powerauth.rest.api.model.request.v3.EciesEncryptedRequest; import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.annotation.Nonnull; +import javax.annotation.Nullable; import javax.servlet.http.HttpServletRequest; import java.io.IOException; +import java.lang.reflect.Type; /** * Abstract class for PowerAuth encryption provider with common HTTP header parsing logic. The class is available for @@ -69,20 +74,19 @@ public abstract class PowerAuthEncryptionProviderBase { * @return ECIES decryptor parameters. * @throws PowerAuthEncryptionException In case PowerAuth server call fails. */ - public abstract PowerAuthEciesDecryptorParameters getEciesDecryptorParameters(String activationId, String applicationKey, String ephemeralPublicKey) throws PowerAuthEncryptionException; + public abstract @Nonnull PowerAuthEciesDecryptorParameters getEciesDecryptorParameters(@Nullable String activationId, @Nonnull String applicationKey, @Nonnull String ephemeralPublicKey) throws PowerAuthEncryptionException; /** * Decrypt HTTP request body and construct object with ECIES data. Use the requestType parameter to specify * the type of decrypted object. * - * @param Generic request object type. * @param request HTTP request. * @param requestType Class of request object. * @param eciesScope ECIES scope. * @return Object with ECIES data. * @throws PowerAuthEncryptionException In case request decryption fails. */ - public PowerAuthEciesEncryption decryptRequest(HttpServletRequest request, Class requestType, EciesScope eciesScope) throws PowerAuthEncryptionException { + public @Nonnull PowerAuthEciesEncryption decryptRequest(@Nonnull HttpServletRequest request, @Nonnull Type requestType, @Nonnull EciesScope eciesScope) throws PowerAuthEncryptionException { // Only POST HTTP method is supported for ECIES if (!"POST".equals(request.getMethod())) { logger.warn("Invalid HTTP method: {}", request.getMethod()); @@ -93,7 +97,7 @@ public PowerAuthEciesEncryption decryptRequest(HttpServletRequest request final EciesEncryptionContext encryptionContext = extractEciesEncryptionContext(request); // Construct ECIES encryption object from HTTP header - final PowerAuthEciesEncryption eciesEncryption = new PowerAuthEciesEncryption<>(encryptionContext); + final PowerAuthEciesEncryption eciesEncryption = new PowerAuthEciesEncryption(encryptionContext); // Save ECIES scope in context eciesEncryption.getContext().setEciesScope(eciesScope); @@ -192,7 +196,7 @@ public PowerAuthEciesEncryption decryptRequest(HttpServletRequest request * @param eciesEncryption PowerAuth encryption object. * @return ECIES encrypted response. */ - public EciesEncryptedResponse encryptResponse(Object responseObject, PowerAuthEciesEncryption eciesEncryption) { + public @Nullable EciesEncryptedResponse encryptResponse(@Nonnull Object responseObject, @Nonnull PowerAuthEciesEncryption eciesEncryption) { try { final byte[] responseData = serializeResponseData(responseObject); // Encrypt response using decryptor and return ECIES cryptogram @@ -210,20 +214,19 @@ public EciesEncryptedResponse encryptResponse(Object responseObject, PowerAuthEc * Convert byte[] request data to Object with given type. * * @param requestData Raw request data. - * @param requestType Class specifying request type. - * @param Type of request object. + * @param requestType Request type. * @return Request object. * @throws IOException In case request object could not be deserialized. */ - @SuppressWarnings("unchecked") // byte[] conversion to T is unchecked, detected when compiling with new Java - private T deserializeRequestData(byte[] requestData, Class requestType) throws IOException { + private Object deserializeRequestData(byte[] requestData, Type requestType) throws IOException { if (requestType.equals(byte[].class)) { - // Raw data without deserialization from JSON - return (T) requestData; - } else { - // Object is deserialized from JSON based on request type - return objectMapper.readValue(requestData, requestType); + // Raw byte[] data without deserialization from JSON + return requestData; } + // Object is deserialized from JSON based on request type + final TypeFactory typeFactory = objectMapper.getTypeFactory(); + final JavaType requestJavaType = typeFactory.constructType(requestType); + return objectMapper.readValue(requestData, requestJavaType); } /** @@ -256,7 +259,7 @@ private EciesEncryptionContext extractEciesEncryptionContext(HttpServletRequest // Check that at least one PowerAuth HTTP header with parameters for ECIES is present if (encryptionHttpHeader == null && signatureHttpHeader == null) { - logger.warn("Signature HTTP header is invalid"); + logger.warn("Neither signature nor encryption HTTP header is present"); throw new PowerAuthEncryptionException(); } diff --git a/powerauth-restful-security-spring/pom.xml b/powerauth-restful-security-spring/pom.xml index fdc1afcf..f69f019e 100644 --- a/powerauth-restful-security-spring/pom.xml +++ b/powerauth-restful-security-spring/pom.xml @@ -24,14 +24,14 @@ 4.0.0 powerauth-restful-security-spring - 1.1.0 + 1.2.0 powerauth-restful-security-spring PowerAuth RESTful API Security Additions for Spring io.getlime.security powerauth-restful-integration-parent - 1.1.0 + 1.2.0 ../pom.xml @@ -41,12 +41,18 @@ io.getlime.security powerauth-restful-security-spring-annotation - 1.1.0 + 1.2.0 io.getlime.security powerauth-rest-client-spring - 1.1.0 + 1.2.0 + + + log4j-to-slf4j + org.apache.logging.log4j + + diff --git a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/application/PowerAuthApplicationConfiguration.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/application/PowerAuthApplicationConfiguration.java similarity index 68% rename from powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/application/PowerAuthApplicationConfiguration.java rename to powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/application/PowerAuthApplicationConfiguration.java index 228153de..d830ef80 100644 --- a/powerauth-restful-security-base/src/main/java/io/getlime/security/powerauth/rest/api/base/application/PowerAuthApplicationConfiguration.java +++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/application/PowerAuthApplicationConfiguration.java @@ -17,7 +17,9 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package io.getlime.security.powerauth.rest.api.base.application; +package io.getlime.security.powerauth.rest.api.spring.application; + +import io.getlime.security.powerauth.rest.api.spring.model.ActivationContext; import java.util.Map; @@ -32,9 +34,14 @@ public interface PowerAuthApplicationConfiguration { /** * In order to minimize number of up-front request, /pa/activation/status end-point may return * any custom state-less object with an information about the service (such as current timestamp, - * service outage info, etc.). Default implementation may simply return null. + * service outage info, etc.), or an activation-scoped object. When fetching the activation scoped + * object, developers should pay attention to the performance. Status endpoint is a frequently called + * endpoint and hence any queries should use low-latency services. Default implementation may simply + * return null. + * + * @param activationContext Activation context. * @return Custom object with state-less information about the API server status. */ - Map statusServiceCustomObject(); + Map statusServiceCustomObject(ActivationContext activationContext); } diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v2/ActivationController.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v2/ActivationController.java index 2f1457af..145335b0 100644 --- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v2/ActivationController.java +++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v2/ActivationController.java @@ -22,11 +22,11 @@ import io.getlime.core.rest.model.base.request.ObjectRequest; import io.getlime.core.rest.model.base.response.ObjectResponse; import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthActivationException; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthInvalidRequestException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureInvalidException; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthActivationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureInvalidException; import io.getlime.security.powerauth.rest.api.model.request.v2.ActivationCreateRequest; import io.getlime.security.powerauth.rest.api.model.request.v3.ActivationStatusRequest; import io.getlime.security.powerauth.rest.api.model.response.v2.ActivationCreateResponse; @@ -138,7 +138,7 @@ public ObjectResponse removeActivation( ) throws PowerAuthActivationException, PowerAuthAuthenticationException { // Request body needs to be set to null because the SDK uses null for the signature, although {} is sent as request body PowerAuthApiAuthentication apiAuthentication = authenticationProvider.validateRequestSignature("POST", null, "/pa/activation/remove", signatureHeader); - if (apiAuthentication == null || apiAuthentication.getActivationId() == null) { + if (apiAuthentication == null || apiAuthentication.getActivationContext().getActivationId() == null) { logger.debug("Signature validation failed"); throw new PowerAuthSignatureInvalidException(); } diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v2/SecureVaultController.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v2/SecureVaultController.java index 7397fb63..bfd57d36 100644 --- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v2/SecureVaultController.java +++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v2/SecureVaultController.java @@ -24,10 +24,10 @@ import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader; import io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException; import io.getlime.security.powerauth.http.validator.PowerAuthSignatureHttpHeaderValidator; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthSecureVaultException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthInvalidRequestException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureInvalidException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthSecureVaultException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureInvalidException; import io.getlime.security.powerauth.rest.api.model.request.v2.VaultUnlockRequest; import io.getlime.security.powerauth.rest.api.model.response.v2.VaultUnlockResponse; import io.getlime.security.powerauth.rest.api.spring.service.v2.SecureVaultService; diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v2/SignatureController.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v2/SignatureController.java index 88986ffc..751b6166 100644 --- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v2/SignatureController.java +++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v2/SignatureController.java @@ -21,10 +21,10 @@ import io.getlime.core.rest.model.base.response.Response; import io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthInvalidRequestException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureInvalidException; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureInvalidException; import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuth; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -64,7 +64,7 @@ public class SignatureController { }) public Response validateSignature(PowerAuthApiAuthentication auth) throws PowerAuthAuthenticationException { - if (auth == null || auth.getActivationId() == null) { + if (auth == null || auth.getActivationContext().getActivationId() == null) { logger.debug("Signature validation failed"); throw new PowerAuthSignatureInvalidException(); } diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v2/TokenController.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v2/TokenController.java index 1a38dae2..837be333 100644 --- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v2/TokenController.java +++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v2/TokenController.java @@ -22,10 +22,10 @@ import io.getlime.core.rest.model.base.request.ObjectRequest; import io.getlime.core.rest.model.base.response.ObjectResponse; import io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthInvalidRequestException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureInvalidException; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureInvalidException; import io.getlime.security.powerauth.rest.api.model.request.v2.TokenCreateRequest; import io.getlime.security.powerauth.rest.api.model.request.v3.TokenRemoveRequest; import io.getlime.security.powerauth.rest.api.model.response.v2.TokenCreateResponse; @@ -97,7 +97,7 @@ public ObjectResponse createToken( logger.warn("Invalid request object in create token"); throw new PowerAuthInvalidRequestException(); } - if (authentication == null || authentication.getActivationId() == null) { + if (authentication == null || authentication.getActivationContext().getActivationId() == null) { logger.debug("Signature validation failed"); throw new PowerAuthSignatureInvalidException(); } @@ -128,7 +128,7 @@ public ObjectResponse removeToken(@RequestBody ObjectReques logger.warn("Invalid request object in create token"); throw new PowerAuthInvalidRequestException(); } - if (authentication == null || authentication.getActivationId() == null) { + if (authentication == null || authentication.getActivationContext().getActivationId() == null) { logger.debug("Signature validation failed"); throw new PowerAuthSignatureInvalidException(); } diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/ActivationController.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/ActivationController.java index 4e54ce4a..ab6f80a9 100644 --- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/ActivationController.java +++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/ActivationController.java @@ -23,13 +23,13 @@ import io.getlime.core.rest.model.base.response.ObjectResponse; import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesScope; import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication; -import io.getlime.security.powerauth.rest.api.base.encryption.EciesEncryptionContext; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthActivationException; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthRecoveryException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthInvalidRequestException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureInvalidException; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication; +import io.getlime.security.powerauth.rest.api.spring.encryption.EciesEncryptionContext; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthActivationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthRecoveryException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureInvalidException; import io.getlime.security.powerauth.rest.api.model.request.v3.ActivationLayer1Request; import io.getlime.security.powerauth.rest.api.model.request.v3.ActivationStatusRequest; import io.getlime.security.powerauth.rest.api.model.response.v3.ActivationLayer1Response; @@ -137,7 +137,7 @@ public ObjectResponse removeActivation( throws PowerAuthActivationException, PowerAuthAuthenticationException { byte[] requestBodyBytes = authenticationProvider.extractRequestBodyBytes(httpServletRequest); PowerAuthApiAuthentication apiAuthentication = authenticationProvider.validateRequestSignature("POST", requestBodyBytes, "/pa/activation/remove", signatureHeader); - if (apiAuthentication == null || apiAuthentication.getActivationId() == null) { + if (apiAuthentication == null || apiAuthentication.getActivationContext().getActivationId() == null) { logger.debug("Signature validation failed"); throw new PowerAuthSignatureInvalidException(); } diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/RecoveryController.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/RecoveryController.java index 41aada3b..b4794e98 100644 --- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/RecoveryController.java +++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/RecoveryController.java @@ -20,10 +20,10 @@ package io.getlime.security.powerauth.rest.api.spring.controller.v3; import io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthInvalidRequestException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureInvalidException; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureInvalidException; import io.getlime.security.powerauth.rest.api.model.request.v3.EciesEncryptedRequest; import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse; import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuth; @@ -80,7 +80,7 @@ public EciesEncryptedResponse confirmRecoveryCode(@RequestBody EciesEncryptedReq logger.warn("Invalid request object in confirm recovery"); throw new PowerAuthInvalidRequestException(); } - if (authentication == null || authentication.getActivationId() == null) { + if (authentication == null || authentication.getActivationContext().getActivationId() == null) { throw new PowerAuthSignatureInvalidException(); } if (!"3.0".equals(authentication.getVersion()) && !"3.1".equals(authentication.getVersion())) { diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/SecureVaultController.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/SecureVaultController.java index d41ebc8b..d74593f3 100644 --- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/SecureVaultController.java +++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/SecureVaultController.java @@ -22,10 +22,10 @@ import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader; import io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException; import io.getlime.security.powerauth.http.validator.PowerAuthSignatureHttpHeaderValidator; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthSecureVaultException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthInvalidRequestException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureInvalidException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthSecureVaultException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureInvalidException; import io.getlime.security.powerauth.rest.api.model.request.v3.EciesEncryptedRequest; import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse; import io.getlime.security.powerauth.rest.api.spring.service.v3.SecureVaultService; diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/SignatureController.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/SignatureController.java index 77809eb5..242cc9d8 100644 --- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/SignatureController.java +++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/SignatureController.java @@ -21,10 +21,10 @@ import io.getlime.core.rest.model.base.response.Response; import io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthInvalidRequestException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureInvalidException; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureInvalidException; import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuth; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -64,7 +64,7 @@ public class SignatureController { }) public Response validateSignature(PowerAuthApiAuthentication auth) throws PowerAuthAuthenticationException { - if (auth == null || auth.getActivationId() == null) { + if (auth == null || auth.getActivationContext().getActivationId() == null) { logger.debug("Signature validation failed"); throw new PowerAuthSignatureInvalidException(); } diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/TokenController.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/TokenController.java index b353bc98..48f3d8e7 100644 --- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/TokenController.java +++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/TokenController.java @@ -22,10 +22,10 @@ import io.getlime.core.rest.model.base.request.ObjectRequest; import io.getlime.core.rest.model.base.response.ObjectResponse; import io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthInvalidRequestException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureInvalidException; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureInvalidException; import io.getlime.security.powerauth.rest.api.model.request.v3.EciesEncryptedRequest; import io.getlime.security.powerauth.rest.api.model.request.v3.TokenRemoveRequest; import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse; @@ -88,7 +88,7 @@ public EciesEncryptedResponse createToken(@RequestBody EciesEncryptedRequest req logger.warn("Invalid request object in create token"); throw new PowerAuthInvalidRequestException(); } - if (authentication == null || authentication.getActivationId() == null) { + if (authentication == null || authentication.getActivationContext().getActivationId() == null) { logger.debug("Signature validation failed"); throw new PowerAuthSignatureInvalidException(); } @@ -123,7 +123,7 @@ public ObjectResponse removeToken(@RequestBody ObjectReques logger.warn("Invalid request object in remove token"); throw new PowerAuthInvalidRequestException(); } - if (authentication == null || authentication.getActivationId() == null) { + if (authentication == null || authentication.getActivationContext().getActivationId() == null) { throw new PowerAuthSignatureInvalidException(); } if (!"3.0".equals(authentication.getVersion()) && !"3.1".equals(authentication.getVersion())) { diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/UpgradeController.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/UpgradeController.java index 4c5ce2f1..f0938ffd 100644 --- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/UpgradeController.java +++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/controller/v3/UpgradeController.java @@ -25,9 +25,9 @@ import io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException; import io.getlime.security.powerauth.http.validator.PowerAuthEncryptionHttpHeaderValidator; import io.getlime.security.powerauth.http.validator.PowerAuthSignatureHttpHeaderValidator; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthUpgradeException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthInvalidRequestException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthUpgradeException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException; import io.getlime.security.powerauth.rest.api.model.request.v3.EciesEncryptedRequest; import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse; import io.getlime.security.powerauth.rest.api.spring.service.v3.UpgradeService; diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthExceptionHandler.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthExceptionHandler.java index 1ec4e4b6..c1a0967d 100644 --- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthExceptionHandler.java +++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthExceptionHandler.java @@ -20,7 +20,6 @@ package io.getlime.security.powerauth.rest.api.spring.exception; import io.getlime.core.rest.model.base.response.ErrorResponse; -import io.getlime.security.powerauth.rest.api.base.exception.*; import io.getlime.security.powerauth.rest.api.model.exception.RecoveryErrorResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v2/ActivationService.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v2/ActivationService.java index dea94d87..d012da36 100644 --- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v2/ActivationService.java +++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v2/ActivationService.java @@ -21,7 +21,7 @@ import com.wultra.security.powerauth.client.PowerAuthClient; import com.wultra.security.powerauth.client.v2.PrepareActivationResponse; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthActivationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthActivationException; import io.getlime.security.powerauth.rest.api.model.request.v2.ActivationCreateRequest; import io.getlime.security.powerauth.rest.api.model.response.v2.ActivationCreateResponse; import org.slf4j.Logger; diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v2/SecureVaultService.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v2/SecureVaultService.java index a8cf4fae..29dc6bcf 100644 --- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v2/SecureVaultService.java +++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v2/SecureVaultService.java @@ -26,10 +26,10 @@ import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader; import io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException; import io.getlime.security.powerauth.http.validator.PowerAuthSignatureHttpHeaderValidator; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthSecureVaultException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureInvalidException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureTypeInvalidException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthSecureVaultException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureInvalidException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureTypeInvalidException; import io.getlime.security.powerauth.rest.api.model.request.v2.VaultUnlockRequest; import io.getlime.security.powerauth.rest.api.model.response.v2.VaultUnlockResponse; import io.getlime.security.powerauth.rest.api.spring.converter.v2.SignatureTypeConverter; diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v2/TokenService.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v2/TokenService.java index 51f7718c..1b3fcf5c 100644 --- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v2/TokenService.java +++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v2/TokenService.java @@ -22,9 +22,9 @@ import com.wultra.security.powerauth.client.PowerAuthClient; import com.wultra.security.powerauth.client.v2.CreateTokenResponse; import io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthTokenErrorException; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthTokenErrorException; import io.getlime.security.powerauth.rest.api.model.request.v2.TokenCreateRequest; import io.getlime.security.powerauth.rest.api.model.response.v2.TokenCreateResponse; import io.getlime.security.powerauth.rest.api.spring.converter.v2.SignatureTypeConverter; @@ -71,8 +71,8 @@ public void setPowerAuthClient(PowerAuthClient powerAuthClient) { public TokenCreateResponse createToken(TokenCreateRequest request, PowerAuthApiAuthentication authentication) throws PowerAuthAuthenticationException { try { // Fetch activation ID and signature type - final String activationId = authentication.getActivationId(); - final PowerAuthSignatureTypes signatureFactors = authentication.getSignatureFactors(); + final String activationId = authentication.getActivationContext().getActivationId(); + final PowerAuthSignatureTypes signatureFactors = authentication.getAuthenticationContext().getSignatureType(); // Fetch data from the request final String ephemeralPublicKey = request.getEphemeralPublicKey(); diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v3/ActivationService.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v3/ActivationService.java index 7a97234a..b25b7d65 100644 --- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v3/ActivationService.java +++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v3/ActivationService.java @@ -23,13 +23,15 @@ import com.wultra.security.powerauth.client.model.error.PowerAuthClientException; import com.wultra.security.powerauth.client.model.error.PowerAuthErrorRecovery; import com.wultra.security.powerauth.client.v3.*; -import io.getlime.security.powerauth.rest.api.base.application.PowerAuthApplicationConfiguration; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication; -import io.getlime.security.powerauth.rest.api.base.encryption.EciesEncryptionContext; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthActivationException; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthRecoveryException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthInvalidRequestException; -import io.getlime.security.powerauth.rest.api.base.provider.CustomActivationProvider; +import io.getlime.security.powerauth.rest.api.spring.application.PowerAuthApplicationConfiguration; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication; +import io.getlime.security.powerauth.rest.api.spring.converter.v3.ActivationContextConverter; +import io.getlime.security.powerauth.rest.api.spring.encryption.EciesEncryptionContext; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthActivationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthRecoveryException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException; +import io.getlime.security.powerauth.rest.api.spring.model.ActivationContext; +import io.getlime.security.powerauth.rest.api.spring.provider.CustomActivationProvider; import io.getlime.security.powerauth.rest.api.model.entity.ActivationType; import io.getlime.security.powerauth.rest.api.model.request.v3.ActivationLayer1Request; import io.getlime.security.powerauth.rest.api.model.request.v3.ActivationStatusRequest; @@ -65,6 +67,8 @@ public class ActivationService { private CustomActivationProvider activationProvider; + private ActivationContextConverter activationContextConverter; + private static final Logger logger = LoggerFactory.getLogger(ActivationService.class); /** @@ -94,6 +98,15 @@ public void setPowerAuthActivationProvider(CustomActivationProvider activationPr this.activationProvider = activationProvider; } + /** + * Set activation context converter via setter injection. + * @param activationContextConverter Activation context converter. + */ + @Autowired + public void setActivationContextConverter(ActivationContextConverter activationContextConverter) { + this.activationContextConverter = activationContextConverter; + } + /** * Create activation. * @@ -353,7 +366,8 @@ public ActivationStatusResponse getActivationStatus(ActivationStatusRequest requ response.setEncryptedStatusBlob(paResponse.getEncryptedStatusBlob()); response.setNonce(paResponse.getEncryptedStatusBlobNonce()); if (applicationConfiguration != null) { - response.setCustomObject(applicationConfiguration.statusServiceCustomObject()); + final ActivationContext activationContext = activationContextConverter.fromActivationDetailResponse(paResponse); + response.setCustomObject(applicationConfiguration.statusServiceCustomObject(activationContext)); } return response; } catch (Exception ex) { @@ -374,7 +388,7 @@ public ActivationRemoveResponse removeActivation(PowerAuthApiAuthentication apiA try { // Fetch context information - final String activationId = apiAuthentication.getActivationId(); + final String activationId = apiAuthentication.getActivationContext().getActivationId(); final String userId = apiAuthentication.getUserId(); final Long applicationId = apiAuthentication.getApplicationId(); diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v3/RecoveryService.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v3/RecoveryService.java index bc6e0054..cef2733a 100644 --- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v3/RecoveryService.java +++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v3/RecoveryService.java @@ -22,10 +22,10 @@ import com.wultra.security.powerauth.client.PowerAuthClient; import com.wultra.security.powerauth.client.v3.ConfirmRecoveryCodeResponse; import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthInvalidRequestException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthRecoveryConfirmationException; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthRecoveryConfirmationException; import io.getlime.security.powerauth.rest.api.model.request.v3.EciesEncryptedRequest; import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse; import org.slf4j.Logger; @@ -69,7 +69,7 @@ public RecoveryService(PowerAuthClient powerAuthClient) { public EciesEncryptedResponse confirmRecoveryCode(EciesEncryptedRequest request, PowerAuthApiAuthentication authentication) throws PowerAuthAuthenticationException { try { - final String activationId = authentication.getActivationId(); + final String activationId = authentication.getActivationContext().getActivationId(); final PowerAuthSignatureHttpHeader httpHeader = (PowerAuthSignatureHttpHeader) authentication.getHttpHeader(); final String applicationKey = httpHeader.getApplicationKey(); if (activationId == null || applicationKey == null || request.getEphemeralPublicKey() == null diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v3/SecureVaultService.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v3/SecureVaultService.java index 6941eda9..3a8d513e 100644 --- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v3/SecureVaultService.java +++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v3/SecureVaultService.java @@ -25,10 +25,10 @@ import com.wultra.security.powerauth.client.v3.VaultUnlockResponse; import io.getlime.security.powerauth.http.PowerAuthHttpBody; import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthSecureVaultException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureInvalidException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureTypeInvalidException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthSecureVaultException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureInvalidException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureTypeInvalidException; import io.getlime.security.powerauth.rest.api.model.request.v3.EciesEncryptedRequest; import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse; import io.getlime.security.powerauth.rest.api.spring.converter.v3.SignatureTypeConverter; diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v3/TokenService.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v3/TokenService.java index ec28f210..92e51b12 100644 --- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v3/TokenService.java +++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v3/TokenService.java @@ -24,10 +24,10 @@ import com.wultra.security.powerauth.client.v3.SignatureType; import io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes; import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureTypeInvalidException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthTokenErrorException; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureTypeInvalidException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthTokenErrorException; import io.getlime.security.powerauth.rest.api.model.request.v3.EciesEncryptedRequest; import io.getlime.security.powerauth.rest.api.model.request.v3.TokenRemoveRequest; import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse; @@ -77,7 +77,7 @@ public EciesEncryptedResponse createToken(EciesEncryptedRequest request, throws PowerAuthAuthenticationException { try { // Fetch activation ID and signature type - final PowerAuthSignatureTypes signatureFactors = authentication.getSignatureFactors(); + final PowerAuthSignatureTypes signatureFactors = authentication.getAuthenticationContext().getSignatureType(); // Fetch data from the request final String ephemeralPublicKey = request.getEphemeralPublicKey(); @@ -94,7 +94,7 @@ public EciesEncryptedResponse createToken(EciesEncryptedRequest request, } // Get ECIES headers - final String activationId = authentication.getActivationId(); + final String activationId = authentication.getActivationContext().getActivationId(); final PowerAuthSignatureHttpHeader httpHeader = (PowerAuthSignatureHttpHeader) authentication.getHttpHeader(); final String applicationKey = httpHeader.getApplicationKey(); @@ -125,7 +125,7 @@ public EciesEncryptedResponse createToken(EciesEncryptedRequest request, public TokenRemoveResponse removeToken(TokenRemoveRequest request, PowerAuthApiAuthentication authentication) throws PowerAuthAuthenticationException { try { // Fetch activation ID - final String activationId = authentication.getActivationId(); + final String activationId = authentication.getActivationContext().getActivationId(); // Fetch token ID from the request final String tokenId = request.getTokenId(); diff --git a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v3/UpgradeService.java b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v3/UpgradeService.java index ea59ec39..57f9711d 100644 --- a/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v3/UpgradeService.java +++ b/powerauth-restful-security-spring/src/main/java/io/getlime/security/powerauth/rest/api/spring/service/v3/UpgradeService.java @@ -26,11 +26,11 @@ import io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes; import io.getlime.security.powerauth.http.PowerAuthEncryptionHttpHeader; import io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthUpgradeException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthInvalidRequestException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureInvalidException; +import io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthApiAuthentication; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthUpgradeException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException; +import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureInvalidException; import io.getlime.security.powerauth.rest.api.model.request.v3.EciesEncryptedRequest; import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse; import io.getlime.security.powerauth.rest.api.spring.provider.PowerAuthAuthenticationProvider; @@ -139,16 +139,16 @@ public Response upgradeCommit(String signatureHeader, // Verify signature, force signature version during upgrade to version 3 final List allowedSignatureTypes = Collections.singletonList(PowerAuthSignatureTypes.POSSESSION); - final PowerAuthApiAuthentication authentication = authenticationProvider.validateRequestSignature("POST", requestBodyBytes, "/pa/upgrade/commit", signatureHeader, allowedSignatureTypes, 3); + final PowerAuthApiAuthentication authentication = authenticationProvider.validateRequestSignatureWithActivationDetails("POST", requestBodyBytes, "/pa/upgrade/commit", signatureHeader, allowedSignatureTypes, 3); // In case signature verification fails, upgrade fails, too - if (authentication == null || authentication.getActivationId() == null) { + if (!authentication.getAuthenticationContext().isValid() || authentication.getActivationContext().getActivationId() == null) { logger.debug("Signature validation failed"); throw new PowerAuthSignatureInvalidException(); } // Get signature HTTP headers - final String activationId = authentication.getActivationId(); + final String activationId = authentication.getActivationContext().getActivationId(); final PowerAuthSignatureHttpHeader httpHeader = (PowerAuthSignatureHttpHeader) authentication.getHttpHeader(); final String applicationKey = httpHeader.getApplicationKey(); diff --git a/powerauth-restful-server-spring/.gitignore b/powerauth-restful-server-spring/.gitignore deleted file mode 100644 index 99d2bb15..00000000 --- a/powerauth-restful-server-spring/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -/target/ -/build/ diff --git a/powerauth-restful-server-spring/pom.xml b/powerauth-restful-server-spring/pom.xml deleted file mode 100644 index e0a1fe87..00000000 --- a/powerauth-restful-server-spring/pom.xml +++ /dev/null @@ -1,118 +0,0 @@ - - - - - 4.0.0 - - powerauth-restful-server-spring - PowerAuth Standard RESTful API - powerauth-restful-server-spring - 1.1.0 - war - - - org.springframework.boot - spring-boot-starter-parent - 2.4.5 - - - - - - - - org.springframework.boot - spring-boot-starter-tomcat - provided - - - org.springframework.boot - spring-boot-starter-test - test - - - org.springframework.ws - spring-ws-security - - - bcprov-jdk15on - org.bouncycastle - - - ehcache - net.sf.ehcache - - - geronimo-javamail_1.4_mail - org.apache.geronimo.javamail - - - - - - - io.getlime.security - powerauth-restful-security-spring - 1.1.0 - - - - - com.google.guava - guava - 30.1.1-jre - - - org.bouncycastle - bcprov-jdk15on - 1.68 - provided - - - - - - - - org.springframework.boot - spring-boot-maven-plugin - - - build-info - - build-info - - - - - - org.apache.maven.plugins - maven-deploy-plugin - 3.0.0-M1 - - true - - - - - - diff --git a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/ServletInitializer.java b/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/ServletInitializer.java deleted file mode 100644 index c3aac79d..00000000 --- a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/ServletInitializer.java +++ /dev/null @@ -1,39 +0,0 @@ -/* - * PowerAuth integration libraries for RESTful API applications, examples and - * related software components - * - * Copyright (C) 2018 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package io.getlime.security.powerauth.app.rest.api.spring; - -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.springframework.boot.builder.SpringApplicationBuilder; -import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; - -import java.security.Security; - -/** - * Servlet initializer - */ -public class ServletInitializer extends SpringBootServletInitializer { - - @Override - protected SpringApplicationBuilder configure(SpringApplicationBuilder application) { - Security.addProvider(new BouncyCastleProvider()); - return application.sources(PowerAuthApiJavaApplication.class); - } - -} diff --git a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/configuration/ApplicationConfiguration.java b/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/configuration/ApplicationConfiguration.java deleted file mode 100644 index ecee2ae2..00000000 --- a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/configuration/ApplicationConfiguration.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * PowerAuth integration libraries for RESTful API applications, examples and - * related software components - * - * Copyright (C) 2018 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package io.getlime.security.powerauth.app.rest.api.spring.configuration; - -import io.getlime.security.powerauth.rest.api.base.application.PowerAuthApplicationConfiguration; -import org.springframework.context.annotation.Configuration; - -import java.util.Map; - -/** - * Default implementation of PowerAuthApplicationConfiguration interface. - * @author Petr Dvorak - * - */ -@Configuration -public class ApplicationConfiguration implements PowerAuthApplicationConfiguration { - - @Override - public Map statusServiceCustomObject() { - return null; - } - -} diff --git a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/configuration/PowerAuthWebServiceConfiguration.java b/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/configuration/PowerAuthWebServiceConfiguration.java deleted file mode 100644 index ec311933..00000000 --- a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/configuration/PowerAuthWebServiceConfiguration.java +++ /dev/null @@ -1,101 +0,0 @@ -/* - * PowerAuth integration libraries for RESTful API applications, examples and - * related software components - * - * Copyright (C) 2018 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package io.getlime.security.powerauth.app.rest.api.spring.configuration; - -import com.wultra.security.powerauth.client.PowerAuthClient; -import com.wultra.security.powerauth.client.model.error.PowerAuthClientException; -import com.wultra.security.powerauth.rest.client.PowerAuthRestClient; -import com.wultra.security.powerauth.rest.client.PowerAuthRestClientConfiguration; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.ComponentScan; -import org.springframework.context.annotation.Configuration; - -/** - * Default PowerAuth Service configuration. - * - * @author Petr Dvorak - * - */ -@Configuration -@ComponentScan(basePackages = {"io.getlime.security.powerauth"}) -public class PowerAuthWebServiceConfiguration { - - private static final Logger logger = LoggerFactory.getLogger(PowerAuthWebServiceConfiguration.class); - - @Value("${powerauth.service.url}") - private String powerAuthRestUrl; - - @Value("${powerauth.service.security.clientToken}") - private String clientToken; - - @Value("${powerauth.service.security.clientSecret}") - private String clientSecret; - - @Value("${powerauth.integration.service.applicationName}") - private String applicationName; - - @Value("${powerauth.integration.service.applicationDisplayName}") - private String applicationDisplayName; - - @Value("${powerauth.integration.service.applicationEnvironment}") - private String applicationEnvironment; - - @Bean - public PowerAuthClient powerAuthClient() { - PowerAuthRestClientConfiguration config = new PowerAuthRestClientConfiguration(); - config.setPowerAuthClientToken(clientToken); - config.setPowerAuthClientSecret(clientSecret); - try { - return new PowerAuthRestClient(powerAuthRestUrl, config); - } catch (PowerAuthClientException ex) { - // Log the error in case Rest client initialization failed - logger.error(ex.getMessage(), ex); - return null; - } - } - - public String getApplicationName() { - return applicationName; - } - - public void setApplicationName(String applicationName) { - this.applicationName = applicationName; - } - - public String getApplicationDisplayName() { - return applicationDisplayName; - } - - public void setApplicationDisplayName(String applicationDisplayName) { - this.applicationDisplayName = applicationDisplayName; - } - - public String getApplicationEnvironment() { - return applicationEnvironment; - } - - public void setApplicationEnvironment(String applicationEnvironment) { - this.applicationEnvironment = applicationEnvironment; - } - -} diff --git a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/configuration/SecurityConfig.java b/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/configuration/SecurityConfig.java deleted file mode 100644 index 0c8ef0c5..00000000 --- a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/configuration/SecurityConfig.java +++ /dev/null @@ -1,55 +0,0 @@ -/* - * PowerAuth integration libraries for RESTful API applications, examples and - * related software components - * - * Copyright (C) 2018 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package io.getlime.security.powerauth.app.rest.api.spring.configuration; - -import io.getlime.security.powerauth.rest.api.spring.entrypoint.PowerAuthApiAuthenticationEntryPoint; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; - -/** - * Spring Security default configuration maps the default "entry-point" to all - * end-points on /secured/** context path, disables HTTP basic and disables CSRF. - * - * @author Petr Dvorak - * - */ -@Configuration -@EnableWebSecurity -public class SecurityConfig extends WebSecurityConfigurerAdapter { - - private PowerAuthApiAuthenticationEntryPoint apiAuthenticationEntryPoint; - - @Autowired - public void setApiAuthenticationEntryPoint(PowerAuthApiAuthenticationEntryPoint apiAuthenticationEntryPoint) { - this.apiAuthenticationEntryPoint = apiAuthenticationEntryPoint; - } - - @Override - protected void configure(HttpSecurity http) throws Exception { - http.httpBasic().disable(); - http.csrf().disable(); - http.authorizeRequests().antMatchers("/secured/**").fullyAuthenticated(); - http.exceptionHandling().authenticationEntryPoint(apiAuthenticationEntryPoint); - } - -} diff --git a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/configuration/WebApplicationConfig.java b/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/configuration/WebApplicationConfig.java deleted file mode 100644 index cb468dad..00000000 --- a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/configuration/WebApplicationConfig.java +++ /dev/null @@ -1,104 +0,0 @@ -/* - * PowerAuth integration libraries for RESTful API applications, examples and - * related software components - * - * Copyright (C) 2018 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package io.getlime.security.powerauth.app.rest.api.spring.configuration; - -import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthAnnotationInterceptor; -import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthEncryptionArgumentResolver; -import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthWebArgumentResolver; -import io.getlime.security.powerauth.rest.api.spring.filter.PowerAuthRequestFilter; -import org.springframework.boot.web.servlet.FilterRegistrationBean; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.web.method.support.HandlerMethodArgumentResolver; -import org.springframework.web.servlet.config.annotation.InterceptorRegistry; -import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; - -import java.util.List; - -/** - * Default implementation of WebMvcConfigurer, maps PowerAuthRequestFilter instance - * (that passes HTTP request body to the request as an attribute, so that it's available - * in the controller) to /pa/signature/validate demo end-point. - * - * @author Petr Dvorak - * - */ -@Configuration -public class WebApplicationConfig implements WebMvcConfigurer { - - /** - * Register a new @PowerAuth annotation interceptor. - * @return New annotation interceptor bean. - */ - @Bean - public PowerAuthAnnotationInterceptor powerAuthInterceptor() { - return new PowerAuthAnnotationInterceptor(); - } - - /** - * Register new method argument resolvers. - * @return New PowerAuthWebArgumentResolver bean. - */ - @Bean - public PowerAuthWebArgumentResolver powerAuthWebArgumentResolver() { - return new PowerAuthWebArgumentResolver(); - } - - /** - * Register new method argument resolver for encryption. - * @return New PowerAuthEncryptionArgumentResolver bean. - */ - @Bean - public PowerAuthEncryptionArgumentResolver powerAuthEncryptionArgumentResolver() { - return new PowerAuthEncryptionArgumentResolver(); - } - - /** - * Register a new PowerAuthRequestFilter and map it to /* end-point. - * @return PowerAuthRequestFilter instance. - */ - @Bean - public FilterRegistrationBean powerAuthFilterRegistration() { - FilterRegistrationBean registrationBean = new FilterRegistrationBean<>(); - registrationBean.setFilter(new PowerAuthRequestFilter()); - registrationBean.setMatchAfter(true); - return registrationBean; - } - - /** - * Add method argument resolver for PowerAuthApiAuthentication. - * @param argumentResolvers List of argument resolvers. - */ - @Override - public void addArgumentResolvers(List argumentResolvers) { - argumentResolvers.add(powerAuthWebArgumentResolver()); - argumentResolvers.add(powerAuthEncryptionArgumentResolver()); - } - - /** - * Add annotation interceptor. - * @param registry Registry of annotation interceptors. - */ - @Override - public void addInterceptors(InterceptorRegistry registry) { - registry.addInterceptor(powerAuthInterceptor()); - } - -} diff --git a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/controller/AuthenticationController.java b/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/controller/AuthenticationController.java deleted file mode 100644 index f50d665a..00000000 --- a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/controller/AuthenticationController.java +++ /dev/null @@ -1,118 +0,0 @@ -/* - * PowerAuth integration libraries for RESTful API applications, examples and - * related software components - * - * Copyright (C) 2018 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package io.getlime.security.powerauth.app.rest.api.spring.controller; - -import io.getlime.core.rest.model.base.response.ObjectResponse; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureInvalidException; -import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuth; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.*; - -import java.util.HashMap; -import java.util.Map; - -/** - * Sample end-point demonstrating how PowerAuth signature validation works. - * - * @author Petr Dvorak - * - */ -@Controller -public class AuthenticationController { - - /** - * Validate any data sent to this end-point. - * @param auth Automatically injected PowerAuth authentication object. - * @return API response with success. - * @throws PowerAuthAuthenticationException In case any error occurs, including during signature validation. - */ - @RequestMapping(value = "login", method = RequestMethod.POST) - @PowerAuth(resourceId = "/login") - public @ResponseBody ObjectResponse login(PowerAuthApiAuthentication auth) throws PowerAuthAuthenticationException { - - // ##EXAMPLE: Here, we could store the authentication in the session like this: - // ##EXAMPLE: SecurityContextHolder.getContext().setAuthentication(apiAuthentication); - // ##EXAMPLE: ... or you can grab a user ID like this and use it for querying back-end: - // ##EXAMPLE: String userId = apiAuthentication.getUserId(); - - if (auth == null || auth.getUserId() == null) { - throw new PowerAuthSignatureInvalidException(); - } - return new ObjectResponse<>("Hooray! " - + " User: " + auth.getUserId() - + " (activation: " + auth.getActivationId() + ")" - + " successfully verified via app with ID: " + auth.getApplicationId() - + " using factor: " + auth.getSignatureFactors() - ); - } - - /** - * Validate any data sent to this end-point. - * @param auth Automatically injected PowerAuth authentication object. - * @return API response with success. - * @throws PowerAuthAuthenticationException In case any error occurs, including during signature validation. - */ - @RequestMapping(value = "login", method = RequestMethod.GET) - @PowerAuth(resourceId = "/login") - public @ResponseBody ObjectResponse getLogin(PowerAuthApiAuthentication auth) throws PowerAuthAuthenticationException { - - // ##EXAMPLE: Here, we could store the authentication in the session like this: - // ##EXAMPLE: SecurityContextHolder.getContext().setAuthentication(apiAuthentication); - // ##EXAMPLE: ... or you can grab a user ID like this and use it for querying back-end: - // ##EXAMPLE: String userId = apiAuthentication.getUserId(); - - if (auth == null || auth.getUserId() == null) { - throw new PowerAuthSignatureInvalidException(); - } - return new ObjectResponse<>("Hooray! User: " + auth.getUserId()); - } - - /** - * Validate any data sent to this end-point, uses substitutes in resource ID. - * @param id Identifier - testing object for @PathVariable annotation. - * @param value Value - testing object for @RequestParam annotation. - * @param auth Automatically injected PowerAuth authentication object. - * @return API response with success. - * @throws PowerAuthAuthenticationException In case any error occurs, including during signature validation. - */ - @RequestMapping(value = "submit/{id}/test", method = RequestMethod.POST) - @PowerAuth(resourceId = "/submit/${id}/test?value=${value}") - public @ResponseBody ObjectResponse dynamicResourceId(@PathVariable("id") String id, @RequestParam("value") String value, PowerAuthApiAuthentication auth) throws PowerAuthAuthenticationException { - - // ##EXAMPLE: Here, we could store the authentication in the session like this: - // ##EXAMPLE: SecurityContextHolder.getContext().setAuthentication(apiAuthentication); - // ##EXAMPLE: ... or you can grab a user ID like this and use it for querying back-end: - // ##EXAMPLE: String userId = apiAuthentication.getUserId(); - - if (auth == null || auth.getUserId() == null) { - throw new PowerAuthSignatureInvalidException(); - } - - final Map map = new HashMap<>(); - map.put("user", auth.getUserId()); - map.put("id", id); - map.put("value", value); - - return new ObjectResponse<>(map); - } - -} diff --git a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/controller/ServiceController.java b/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/controller/ServiceController.java deleted file mode 100644 index 5353af86..00000000 --- a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/controller/ServiceController.java +++ /dev/null @@ -1,73 +0,0 @@ -/* - * PowerAuth integration libraries for RESTful API applications, examples and - * related software components - * - * Copyright (C) 2018 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package io.getlime.security.powerauth.app.rest.api.spring.controller; - -import io.getlime.core.rest.model.base.response.ObjectResponse; -import io.getlime.security.powerauth.app.rest.api.spring.configuration.PowerAuthWebServiceConfiguration; -import io.getlime.security.powerauth.rest.api.model.response.v3.ServiceStatusResponse; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.info.BuildProperties; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.ResponseBody; - -import java.util.Date; - -/** - * Class representing controller used for service and maintenance purpose. - * - * @author Roman Strobl, roman.strobl@wultra.com - */ -@Controller -@RequestMapping(value = "/api/service") -public class ServiceController { - - private final PowerAuthWebServiceConfiguration powerAuthWebServiceConfiguration; - private BuildProperties buildProperties; - - @Autowired - public ServiceController(PowerAuthWebServiceConfiguration powerAuthWebServiceConfiguration) { - this.powerAuthWebServiceConfiguration = powerAuthWebServiceConfiguration; - } - - @Autowired(required = false) - public void setBuildProperties(BuildProperties buildProperties) { - this.buildProperties = buildProperties; - } - - /** - * Controller resource with system information. - * @return System status info. - */ - @RequestMapping(value = "status", method = RequestMethod.GET) - public @ResponseBody ObjectResponse getServiceStatus() { - ServiceStatusResponse response = new ServiceStatusResponse(); - response.setApplicationName(powerAuthWebServiceConfiguration.getApplicationName()); - response.setApplicationDisplayName(powerAuthWebServiceConfiguration.getApplicationDisplayName()); - response.setApplicationEnvironment(powerAuthWebServiceConfiguration.getApplicationEnvironment()); - if (buildProperties != null) { - response.setVersion(buildProperties.getVersion()); - response.setBuildTime(Date.from(buildProperties.getTime())); - } - response.setTimestamp(new Date()); - return new ObjectResponse<>(response); - } -} diff --git a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/controller/v2/CustomActivationController.java b/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/controller/v2/CustomActivationController.java deleted file mode 100644 index ce12e42f..00000000 --- a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/controller/v2/CustomActivationController.java +++ /dev/null @@ -1,175 +0,0 @@ -/* - * PowerAuth integration libraries for RESTful API applications, examples and - * related software components - * - * Copyright (C) 2018 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package io.getlime.security.powerauth.app.rest.api.spring.controller.v2; - -import com.wultra.security.powerauth.client.PowerAuthClient; -import com.wultra.security.powerauth.client.v2.CreateActivationResponse; -import io.getlime.core.rest.model.base.request.ObjectRequest; -import io.getlime.core.rest.model.base.response.ObjectResponse; -import io.getlime.security.powerauth.rest.api.base.encryption.PowerAuthNonPersonalizedEncryptor; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthActivationException; -import io.getlime.security.powerauth.rest.api.base.provider.CustomActivationProvider; -import io.getlime.security.powerauth.rest.api.model.entity.ActivationType; -import io.getlime.security.powerauth.rest.api.model.entity.NonPersonalizedEncryptedPayloadModel; -import io.getlime.security.powerauth.rest.api.model.request.v2.ActivationCreateCustomRequest; -import io.getlime.security.powerauth.rest.api.model.request.v2.ActivationCreateRequest; -import io.getlime.security.powerauth.rest.api.model.response.v2.ActivationCreateResponse; -import io.getlime.security.powerauth.rest.api.spring.encryption.EncryptorFactory; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.RestController; - -import java.util.LinkedHashMap; -import java.util.Map; - -/** - * Sample controller for a custom activation implementation. - * - *

PowerAuth protocol versions: - *

    - *
  • 2.0
    • - *
  • 2.1
    • - *
- * - * @author Petr Dvorak, petr@wultra.com - */ -@RestController("customActivationControllerV2") -@RequestMapping(value = "/pa/activation/direct") -public class CustomActivationController { - - private static final Logger logger = LoggerFactory.getLogger(CustomActivationController.class); - - private PowerAuthClient powerAuthClient; - - private EncryptorFactory encryptorFactory; - - private CustomActivationProvider activationProvider; - - @Autowired - public void setPowerAuthClient(PowerAuthClient powerAuthClient) { - this.powerAuthClient = powerAuthClient; - } - - @Autowired - public void setEncryptorFactory(EncryptorFactory encryptorFactory) { - this.encryptorFactory = encryptorFactory; - } - - @Autowired(required = false) - public void setPowerAuthActivationProvider(CustomActivationProvider activationProvider) { - this.activationProvider = activationProvider; - } - - /** - * Sample custom activation implementation for version 2 of activations. - * - * @param encryptedRequest Activation request encrypted using non-personalised end-to-end encryption. - * @return Encrypted activation response. - * @throws PowerAuthActivationException In case custom activation fails. - */ - @RequestMapping(value = "create", method = RequestMethod.POST) - public ObjectResponse createActivationV2( - @RequestBody ObjectRequest encryptedRequest - ) throws PowerAuthActivationException { - try { - - // Check if there is any user provider to be autowired - if (activationProvider == null) { - logger.warn("Activation provider is missing"); - throw new PowerAuthActivationException(); - } - - // Prepare an encryptor - final PowerAuthNonPersonalizedEncryptor encryptor = encryptorFactory.buildNonPersonalizedEncryptor(encryptedRequest); - if (encryptor == null) { - logger.warn("Encryptor is not available"); - throw new PowerAuthActivationException(); - } - - // Decrypt the request object - ActivationCreateCustomRequest request = encryptor.decrypt(encryptedRequest, ActivationCreateCustomRequest.class); - - if (request == null) { - logger.warn("Invalid request in activation create"); - throw new PowerAuthActivationException(); - } - - // Create context for passing parameters between activation provider calls - Map context = new LinkedHashMap<>(); - - // Lookup user ID using a provided identity - final Map identity = request.getIdentity(); - String userId = activationProvider.lookupUserIdForAttributes(identity, context); - - // If no user was found or user ID is invalid, return error - if (userId == null || userId.equals("") || userId.length() > 255) { - logger.warn("User ID is invalid: {}", userId); - throw new PowerAuthActivationException(); - } - - // Create activation for a looked up user and application related to the given application key - ActivationCreateRequest acr = request.getPowerauth(); - CreateActivationResponse response = powerAuthClient.v2().createActivation( - acr.getApplicationKey(), - userId, - acr.getActivationIdShort(), - acr.getActivationName(), - acr.getActivationNonce(), - acr.getEphemeralPublicKey(), - acr.getEncryptedDevicePublicKey(), - acr.getExtras(), - acr.getApplicationSignature() - ); - - // Process custom attributes using a custom logic - final Map customAttributes = request.getCustomAttributes(); - activationProvider.processCustomActivationAttributes(customAttributes, response.getActivationId(), userId, null, ActivationType.CUSTOM, context); - - // Prepare the created activation response data - ActivationCreateResponse createResponse = new ActivationCreateResponse(); - createResponse.setActivationId(response.getActivationId()); - createResponse.setEphemeralPublicKey(response.getEphemeralPublicKey()); - createResponse.setActivationNonce(response.getActivationNonce()); - createResponse.setEncryptedServerPublicKey(response.getEncryptedServerPublicKey()); - createResponse.setEncryptedServerPublicKeySignature(response.getEncryptedServerPublicKeySignature()); - - // Encrypt response object - final ObjectResponse powerAuthApiResponse = encryptor.encrypt(createResponse); - - // Check if activation should be committed instantly and if yes, perform commit - if (activationProvider.shouldAutoCommitActivation(identity, customAttributes, response.getActivationId(), userId, null, ActivationType.CUSTOM, context)) { - powerAuthClient.commitActivation(response.getActivationId(), null); - } - - // Return response - return powerAuthApiResponse; - - } catch (Exception ex) { - logger.warn("Create activation failed, error: {}", ex.getMessage()); - logger.debug(ex.getMessage(), ex); - throw new PowerAuthActivationException(); - } - - } -} diff --git a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/controller/v2/EncryptedDataExchangeController.java b/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/controller/v2/EncryptedDataExchangeController.java deleted file mode 100644 index efb308c4..00000000 --- a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/controller/v2/EncryptedDataExchangeController.java +++ /dev/null @@ -1,118 +0,0 @@ -/* - * PowerAuth integration libraries for RESTful API applications, examples and - * related software components - * - * Copyright (C) 2018 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package io.getlime.security.powerauth.app.rest.api.spring.controller.v2; - -import io.getlime.core.rest.model.base.request.ObjectRequest; -import io.getlime.core.rest.model.base.response.ObjectResponse; -import io.getlime.security.powerauth.crypto.lib.model.exception.CryptoProviderException; -import io.getlime.security.powerauth.crypto.lib.model.exception.GenericCryptoException; -import io.getlime.security.powerauth.rest.api.base.encryption.PowerAuthNonPersonalizedEncryptor; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthEncryptionException; -import io.getlime.security.powerauth.rest.api.model.entity.NonPersonalizedEncryptedPayloadModel; -import io.getlime.security.powerauth.rest.api.spring.encryption.EncryptorFactory; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.RestController; - -import java.security.InvalidKeyException; - -/** - * Sample end-point demonstrating how to receive and send encrypted data. - * - *

PowerAuth protocol versions: - *

    - *
  • 2.0
    • - *
  • 2.1
    • - *
- * - * @author Roman Strobl, roman.strobl@wultra.com - */ -@RestController("encryptedDataExchangeControllerV2") -public class EncryptedDataExchangeController { - - private static final Logger logger = LoggerFactory.getLogger(EncryptedDataExchangeController.class); - - private EncryptorFactory encryptorFactory; - - @Autowired - public void setEncryptorFactory(EncryptorFactory encryptorFactory) { - this.encryptorFactory = encryptorFactory; - } - - /** - * Sample encrypted data exchange. - * - * @param request Encrypted request. - * @return Encrypted response. - * @throws PowerAuthEncryptionException In case encryption or decryption fails. - */ - @RequestMapping(value = "exchange", method = RequestMethod.POST) - public ObjectResponse exchange(@RequestBody ObjectRequest request) throws PowerAuthEncryptionException { - if (request == null) { - logger.warn("Invalid request in exchange method"); - throw new PowerAuthEncryptionException(); - } - - // Prepare an encryptor - final PowerAuthNonPersonalizedEncryptor encryptor = encryptorFactory.buildNonPersonalizedEncryptor(request); - if (encryptor == null) { - logger.warn("Encryptor is not available"); - throw new PowerAuthEncryptionException(); - } - - // Decrypt the request object - byte[] requestDataBytes; - try { - requestDataBytes = encryptor.decrypt(request); - } catch (GenericCryptoException | CryptoProviderException | InvalidKeyException ex) { - logger.warn("Encryption failed, error: {}", ex.getMessage()); - logger.debug(ex.getMessage(), ex); - throw new PowerAuthEncryptionException(); - } - - if (requestDataBytes == null) { - logger.warn("Invalid request data in exchange method"); - throw new PowerAuthEncryptionException(); - } - - String requestData = new String(requestDataBytes); - - // Return a slightly different String containing original data in response - String responseData = "Server successfully decrypted data: " + requestData; - - // Encrypt response data - ObjectResponse encryptedResponse; - try { - encryptedResponse = encryptor.encrypt(responseData.getBytes()); - } catch (GenericCryptoException | CryptoProviderException | InvalidKeyException ex) { - logger.warn("Encryption failed, error: {}", ex.getMessage()); - logger.debug(ex.getMessage(), ex); - throw new PowerAuthEncryptionException(); - } - - return encryptedResponse; - } - - -} diff --git a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/controller/v3/EncryptedDataExchangeController.java b/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/controller/v3/EncryptedDataExchangeController.java deleted file mode 100644 index 5c3aa594..00000000 --- a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/controller/v3/EncryptedDataExchangeController.java +++ /dev/null @@ -1,192 +0,0 @@ -/* - * PowerAuth integration libraries for RESTful API applications, examples and - * related software components - * - * Copyright (C) 2018 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package io.getlime.security.powerauth.app.rest.api.spring.controller.v3; - -import io.getlime.security.powerauth.app.rest.api.spring.model.request.DataExchangeRequest; -import io.getlime.security.powerauth.app.rest.api.spring.model.response.DataExchangeResponse; -import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesScope; -import io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication; -import io.getlime.security.powerauth.rest.api.base.encryption.EciesEncryptionContext; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException; -import io.getlime.security.powerauth.rest.api.base.exception.PowerAuthEncryptionException; -import io.getlime.security.powerauth.rest.api.base.exception.authentication.PowerAuthSignatureInvalidException; -import io.getlime.security.powerauth.rest.api.spring.annotation.EncryptedRequestBody; -import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuth; -import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthEncryption; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.RestController; - -/** - * Sample end-point demonstrating how to receive and send encrypted data. - * - *

PowerAuth protocol versions: - *

    - *
  • 3.0
    • - *
- * - * @author Roman Strobl, roman.strobl@wultra.com - */ -@RestController("encryptedDataExchangeControllerV3") -@RequestMapping(value = "/exchange") -public class EncryptedDataExchangeController { - - private final static Logger logger = LoggerFactory.getLogger(EncryptedDataExchangeController.class); - - /** - * Sample encrypted data exchange in application scope. - * - * @param request Data exchange request. - * @param eciesContext ECIES context. - * @return Data exchange response. - * @throws PowerAuthEncryptionException In case encryption or decryption fails. - */ - @RequestMapping(value = "v3/application", method = RequestMethod.POST) - @PowerAuthEncryption(scope = EciesScope.APPLICATION_SCOPE) - public DataExchangeResponse exchangeInApplicationScope(@EncryptedRequestBody DataExchangeRequest request, - EciesEncryptionContext eciesContext) throws PowerAuthEncryptionException { - - if (eciesContext == null) { - logger.debug("Encryption failed"); - throw new PowerAuthEncryptionException(); - } - - // Return a slightly different String containing original data in response - return new DataExchangeResponse("Server successfully decrypted signed data: " + (request == null ? "''" : request.getData()) + ", scope: " + eciesContext.getEciesScope()); - } - - /** - * Sample encrypted data exchange in activation scope. - * - * @param request Data exchange request. - * @param eciesContext ECIES context. - * @return Data exchange response. - * @throws PowerAuthEncryptionException In case encryption or decryption fails. - */ - @RequestMapping(value = "v3/activation", method = RequestMethod.POST) - @PowerAuthEncryption(scope = EciesScope.ACTIVATION_SCOPE) - public DataExchangeResponse exchangeInActivationScope(@EncryptedRequestBody DataExchangeRequest request, - EciesEncryptionContext eciesContext) throws PowerAuthEncryptionException { - - if (eciesContext == null) { - logger.debug("Encryption failed"); - throw new PowerAuthEncryptionException(); - } - - // Return a slightly different String containing original data in response - return new DataExchangeResponse("Server successfully decrypted signed data: " + (request == null ? "''" : request.getData()) + ", scope: " + eciesContext.getEciesScope()); - } - - /** - * Sample signed and encrypted data exchange. - * - * @param request Data exchange request. - * @param eciesContext ECIES context. - * @param auth PowerAuth authentication object. - * @return Data exchange response. - * @throws PowerAuthAuthenticationException In case signature validation fails. - * @throws PowerAuthEncryptionException In case encryption or decryption fails. - */ - @RequestMapping(value = "v3/signed", method = RequestMethod.POST) - @PowerAuth(resourceId = "/exchange/v3/signed") - @PowerAuthEncryption(scope = EciesScope.ACTIVATION_SCOPE) - public DataExchangeResponse exchangeSignedAndEncryptedData(@EncryptedRequestBody DataExchangeRequest request, - EciesEncryptionContext eciesContext, - PowerAuthApiAuthentication auth) throws PowerAuthAuthenticationException, PowerAuthEncryptionException { - - if (auth == null || auth.getUserId() == null) { - logger.debug("Signature validation failed"); - throw new PowerAuthSignatureInvalidException(); - } - - if (eciesContext == null) { - logger.debug("Encryption failed"); - throw new PowerAuthEncryptionException(); - } - - // Return a slightly different String containing original data in response - return new DataExchangeResponse("Server successfully decrypted data and verified signature, request data: " + (request == null ? "''" : request.getData()) + ", user ID: " + auth.getUserId()); - } - - /** - * Sample signed and encrypted data exchange of String data. - * - * @param requestData Request with String data. - * @param eciesContext ECIES context. - * @param auth PowerAuth authentication object. - * @return Data exchange response. - * @throws PowerAuthAuthenticationException In case signature validation fails. - * @throws PowerAuthEncryptionException In case encryption or decryption fails. - */ - @RequestMapping(value = "v3/signed/string", method = RequestMethod.POST) - @PowerAuth(resourceId = "/exchange/v3/signed/string") - @PowerAuthEncryption(scope = EciesScope.ACTIVATION_SCOPE) - public String exchangeSignedAndEncryptedDataString(@EncryptedRequestBody String requestData, - EciesEncryptionContext eciesContext, - PowerAuthApiAuthentication auth) throws PowerAuthAuthenticationException, PowerAuthEncryptionException { - - if (auth == null || auth.getUserId() == null) { - logger.debug("Signature validation failed"); - throw new PowerAuthSignatureInvalidException(); - } - - if (eciesContext == null) { - logger.debug("Encryption failed"); - throw new PowerAuthEncryptionException(); - } - - // Return a slightly different String containing original data in response - return "Server successfully decrypted data and verified signature, request data: " + requestData + ", user ID: " + auth.getUserId(); - } - - /** - * Sample signed and encrypted data exchange of raw data as byte[]. - * - * @param requestData Request with raw byte[] data. - * @param eciesContext ECIES context. - * @param auth PowerAuth authentication object. - * @return Data exchange response. - * @throws PowerAuthAuthenticationException In case signature validation fails. - * @throws PowerAuthEncryptionException In case encryption or decryption fails. - */ - @RequestMapping(value = "v3/signed/raw", method = RequestMethod.POST) - @PowerAuth(resourceId = "/exchange/v3/signed/raw") - @PowerAuthEncryption(scope = EciesScope.ACTIVATION_SCOPE) - public byte[] exchangeSignedAndEncryptedDataRaw(@EncryptedRequestBody byte[] requestData, - EciesEncryptionContext eciesContext, - PowerAuthApiAuthentication auth) throws PowerAuthAuthenticationException, PowerAuthEncryptionException { - - if (auth == null || auth.getUserId() == null) { - logger.debug("Signature validation failed"); - throw new PowerAuthSignatureInvalidException(); - } - - if (eciesContext == null) { - logger.debug("Encryption failed"); - throw new PowerAuthEncryptionException(); - } - - // Return data back for verification - return requestData; - } - -} diff --git a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/errorhandling/DefaultExceptionHandler.java b/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/errorhandling/DefaultExceptionHandler.java deleted file mode 100644 index 66fe3d9a..00000000 --- a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/errorhandling/DefaultExceptionHandler.java +++ /dev/null @@ -1,55 +0,0 @@ -/* - * PowerAuth integration libraries for RESTful API applications, examples and - * related software components - * - * Copyright (C) 2018 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package io.getlime.security.powerauth.app.rest.api.spring.errorhandling; - -import io.getlime.core.rest.model.base.entity.Error; -import io.getlime.core.rest.model.base.response.ErrorResponse; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.http.HttpStatus; -import org.springframework.web.bind.annotation.ControllerAdvice; -import org.springframework.web.bind.annotation.ExceptionHandler; -import org.springframework.web.bind.annotation.ResponseBody; -import org.springframework.web.bind.annotation.ResponseStatus; - -/** - * Implementation of a default exception handler for the demo server. - * - * @author Petr Dvorak, petr@wultra.com - * - */ -@ControllerAdvice -public class DefaultExceptionHandler { - - private static final Logger logger = LoggerFactory.getLogger(DefaultExceptionHandler.class); - - /** - * Handle Exception exceptions. - * @param exception Exception instance. - * @return Error response. - */ - @ExceptionHandler(value = Exception.class) - @ResponseStatus(value = HttpStatus.BAD_REQUEST) - public @ResponseBody ErrorResponse handleException(Exception exception) { - logger.warn(exception.getMessage(), exception); - return new ErrorResponse(Error.Code.ERROR_GENERIC, exception); - } - -} diff --git a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/model/request/DataExchangeRequest.java b/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/model/request/DataExchangeRequest.java deleted file mode 100644 index 9211e3b0..00000000 --- a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/model/request/DataExchangeRequest.java +++ /dev/null @@ -1,41 +0,0 @@ -package io.getlime.security.powerauth.app.rest.api.spring.model.request; - -/** - * Sample model class with request data. - * - * @author Roman Strobl, roman.strobl@wultra.com - */ -public class DataExchangeRequest { - - private String data; - - /** - * Default constructor. - */ - public DataExchangeRequest() { - } - - /** - * Constructor with data. - * @param data Data. - */ - public DataExchangeRequest(String data) { - this.data = data; - } - - /** - * Get data. - * @return Data. - */ - public String getData() { - return data; - } - - /** - * Set data. - * @param data Data. - */ - public void setData(String data) { - this.data = data; - } -} diff --git a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/model/response/DataExchangeResponse.java b/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/model/response/DataExchangeResponse.java deleted file mode 100644 index ca791ae6..00000000 --- a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/model/response/DataExchangeResponse.java +++ /dev/null @@ -1,41 +0,0 @@ -package io.getlime.security.powerauth.app.rest.api.spring.model.response; - -/** - * Sample model class with response data. - * - * @author Roman Strobl, roman.strobl@wultra.com - */ -public class DataExchangeResponse { - - private String data; - - /** - * Default constructor. - */ - public DataExchangeResponse() { - } - - /** - * Constructor with data. - * @param data Data. - */ - public DataExchangeResponse(String data) { - this.data = data; - } - - /** - * Get data. - * @return Data. - */ - public String getData() { - return data; - } - - /** - * Set data. - * @param data Data. - */ - public void setData(String data) { - this.data = data; - } -} diff --git a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/provider/DefaultCustomActivationProvider.java b/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/provider/DefaultCustomActivationProvider.java deleted file mode 100644 index c6e0289f..00000000 --- a/powerauth-restful-server-spring/src/main/java/io/getlime/security/powerauth/app/rest/api/spring/provider/DefaultCustomActivationProvider.java +++ /dev/null @@ -1,73 +0,0 @@ -/* - * PowerAuth integration libraries for RESTful API applications, examples and - * related software components - * - * Copyright (C) 2018 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package io.getlime.security.powerauth.app.rest.api.spring.provider; - -import io.getlime.security.powerauth.rest.api.base.provider.CustomActivationProvider; -import io.getlime.security.powerauth.rest.api.model.entity.ActivationType; -import org.springframework.stereotype.Component; - -import java.util.Collections; -import java.util.HashMap; -import java.util.Map; - -/** - * Default implementation of CustomActivationProvider interface. - * - * @author Roman Strobl, roman.strobl@wultra.com - */ -@Component -public class DefaultCustomActivationProvider implements CustomActivationProvider { - - @Override - public String lookupUserIdForAttributes(Map identityAttributes, Map context) { - return identityAttributes.get("username"); - } - - @Override - public Map processCustomActivationAttributes(Map customAttributes, String activationId, String userId, Long applId, ActivationType activationType, Map context) { - if (customAttributes != null) { - // Copy custom attributes - return new HashMap<>(customAttributes); - } else { - return Collections.emptyMap(); - } - } - - @Override - public boolean shouldAutoCommitActivation(Map identityAttributes, Map customAttributes, String activationId, String userId, Long applId, ActivationType activationType, Map context) { - return true; - } - - @Override - public void activationWasCommitted(Map identityAttributes, Map customAttributes, String activationId, String userId, Long applId, ActivationType activationType, Map context) { - } - - @Override - public Integer getMaxFailedAttemptCount(Map identityAttributes, Map customAttributes, String userId, ActivationType activationType, Map context) { - // Null value means use value configured on PowerAuth server - return null; - } - - @Override - public Long getValidityPeriodDuringActivation(Map identityAttributes, Map customAttributes, String userId, ActivationType activationType, Map context) { - // Null value means use value configured on PowerAuth server - return null; - } -} diff --git a/powerauth-restful-server-spring/src/main/resources/application.properties b/powerauth-restful-server-spring/src/main/resources/application.properties deleted file mode 100644 index 2de95eb4..00000000 --- a/powerauth-restful-server-spring/src/main/resources/application.properties +++ /dev/null @@ -1,28 +0,0 @@ -# -# PowerAuth integration libraries for RESTful API applications, examples and -# related software components -# -# Copyright (C) 2018 Wultra s.r.o. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published -# by the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . -# - -powerauth.service.url=http://localhost:8080/powerauth-java-server/rest -powerauth.service.security.clientToken= -powerauth.service.security.clientSecret= - -# PowerAuth Push Service Configuration -powerauth.integration.service.applicationName=powerauth-restful-server-spring -powerauth.integration.service.applicationDisplayName=PowerAuth Restful Server (Spring) -powerauth.integration.service.applicationEnvironment=