Skip to content

Commit

Permalink
Merge pull request #1671 from /issues/1670-commit-phase
Browse files Browse the repository at this point in the history
  • Loading branch information
@romanstrobl
romanstrobl authored Sep 16, 2024
2 parents 61dbcb2 + c06ad92 commit 6cd6f6f
Show file tree
Hide file tree
Showing 22 changed files with 616 additions and 138 deletions.
9 changes: 8 additions & 1 deletion docs/PowerAuth-Server-1.9.0.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,13 @@ The API now publishes new endpoints related to the temporary key management:
- `POST /rest/v3/keystore/create` - Creates a new temporary key pair
- `POST /rest/v3/keystore/remove` - Removes a temporary key pair

### Deprecated Parameter activationOtpValidation in Init Activation

The parameter `activationOtpValidation` is deprecated.
Use the `activationOtp` parameter during activation init or activation commit to control the OTP check.
Use the `commitPhase` parameter for specifying when the activation should be committed.

### ECDSA Signature Verification in JOSE Format

The method `POST /rest/v3/signature/ecdsa/verify` now supports validation of ECDSA signature in JOSE format, thanks to added `signatureFormat` request attribute (`DER` as a default value, or `JOSE`).
The method `POST /rest/v3/signature/ecdsa/verify` now supports validation of ECDSA signature in JOSE format, thanks to added `signatureFormat` request attribute (`DER` as a default value, or `JOSE`).

74 changes: 40 additions & 34 deletions docs/WebServices-Methods.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -433,7 +433,7 @@ Methods related to activation management.

### Method 'initActivation'

Create (initialize) a new activation for given user and application. If both `activationOtpValidation` and `activationOtp` optional parameters are set, then the same value of activation OTP must be later provided for the confirmation.
Create (initialize) a new activation for given user and application. If the optional `activationOtp` parameter is set, then the same value of activation OTP must be later provided for the confirmation.

After calling this method, a new activation record is created in CREATED state.

Expand All @@ -443,14 +443,15 @@ REST endpoint: `POST /rest/v3/activation/init`

`InitActivationRequest`

| Type | Name | Description |
|---------------------------|------|-------------|
| `String` | `userId` | An identifier of a user |
| `String` | `applicationId` | An identifier of an application |
| `DateTime` | `timestampActivationExpire` | Timestamp after when the activation cannot be completed anymore |
| `Long` | `maxFailureCount` | How many failures are allowed for this activation |
| `ActivationOtpValidation` | `activationOtpValidation` | Optional activation OTP validation mode |
| `String` | `activationOtp` | Optional activation OTP |
| Type | Name | Description |
|---------------------------|-----------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `String` | `userId` | An identifier of a user |
| `String` | `applicationId` | An identifier of an application |
| `DateTime` | `timestampActivationExpire` | Timestamp after when the activation cannot be completed anymore |
| `Long` | `maxFailureCount` | How many failures are allowed for this activation |
| `ActivationOtpValidation` | `activationOtpValidation` | *Deprecated* optional activation OTP validation mode, use the `activationOtp` parameter during activation init or activation commit to control the OTP check. Use the `commitPhase` parameter for specifying when the activation should be committed. |
| `CommitPhase` | `commitPhase` | Optional parameter for for specifying when the activation should be committed. Allowed values: `ON_COMMIT` (default) and `ON_KEY_EXCHANGE`. |
| `String` | `activationOtp` | Optional activation OTP |

#### Response

Expand Down Expand Up @@ -502,7 +503,7 @@ ECIES request should contain following data (as JSON):
- `extras` - Any client side attributes associated with this activation, like a more detailed information about the client, etc.
- `platform` - User device platform, e.g. `ios`, `android`, `hw` and `unknown`.
- `deviceInfo` - Information about user device, e.g. `iPhone12,3`.
- `activationOtp` - Optional activation OTP for confirmation. The value must be provided in case that activation was initialized with `ActivationOtpValidation` set to `ON_KEY_EXCHANGE`.
- `activationOtp` - Optional activation OTP for confirmation.

#### Response

Expand Down Expand Up @@ -680,30 +681,31 @@ REST endpoint: `POST /rest/v3/activation/status`

`GetActivationStatusResponse`

| Type | Name | Description |
|---------------------------|------------------------------|-------------------------------------------------------------------------------------------|
| `String` | `activationId` | An identifier of an activation |
| `ActivationStatus` | `activationStatus` | An activation status |
| `ActivationOtpValidation` | `activationOtpValidation` | An activation OTP validation mode |
| `String` | `blockedReason` | Reason why activation was blocked (default: NOT_SPECIFIED) |
| `String` | `activationName` | An activation name |
| `String` | `userId` | An identifier of a user |
| `String` | `extras` | Any custom attributes |
| `String` | `platform` | User device platform, e.g. `ios`, `android`, `hw` and `unknown` |
| `String` | `deviceInfo` | Information about user device, e.g. `iPhone12,3` |
| `Long` | `failedAttempts` | Information about number of failed attempts. |
| `Long` | `maxFailedAttempts` | Information about maximum number of allowed failed attempts. |
| `String[]` | `activationFlags` | Activation flags |
| `String` | `applicationId` | An identifier fo an application |
| `String[]` | `applicationRoles` | Application roles |
| `DateTime` | `timestampCreated` | A timestamp when the activation was created |
| `DateTime` | `timestampLastUsed` | A timestamp when the activation was last used |
| `DateTime` | `timestampLastChange` | A timestamp of last activation status change |
| `String` | `encryptedStatusBlob` | An encrypted blob with status information |
| Type | Name | Description |
|---------------------------|------------------------------|-----------------------------------------------------------------------------------------|
| `String` | `activationId` | An identifier of an activation |
| `ActivationStatus` | `activationStatus` | An activation status |
| `ActivationOtpValidation` | `activationOtpValidation` | An activation OTP validation mode (*deprecated*) |
| `CommitPhase` | `commitPhase` | Specifies when activation is committed |
| `String` | `blockedReason` | Reason why activation was blocked (default: NOT_SPECIFIED) |
| `String` | `activationName` | An activation name |
| `String` | `userId` | An identifier of a user |
| `String` | `extras` | Any custom attributes |
| `String` | `platform` | User device platform, e.g. `ios`, `android`, `hw` and `unknown` |
| `String` | `deviceInfo` | Information about user device, e.g. `iPhone12,3` |
| `Long` | `failedAttempts` | Information about number of failed attempts. |
| `Long` | `maxFailedAttempts` | Information about maximum number of allowed failed attempts. |
| `String[]` | `activationFlags` | Activation flags |
| `String` | `applicationId` | An identifier fo an application |
| `String[]` | `applicationRoles` | Application roles |
| `DateTime` | `timestampCreated` | A timestamp when the activation was created |
| `DateTime` | `timestampLastUsed` | A timestamp when the activation was last used |
| `DateTime` | `timestampLastChange` | A timestamp of last activation status change |
| `String` | `encryptedStatusBlob` | An encrypted blob with status information |
| `String` | `activationCode` | Activation code which uses 4x5 characters in Base32 encoding separated by a "-" character |
| `String` | `activationSignature` | A signature of the activation data using Master Server Private Key |
| `String` | `devicePublicKeyFingerprint` | Numeric fingerprint of device public key, used during activation for key verification |
| `Long` | `version` | Activation version |
| `String` | `activationSignature` | A signature of the activation data using Master Server Private Key |
| `String` | `devicePublicKeyFingerprint` | Numeric fingerprint of device public key, used during activation for key verification |
| `Long` | `version` | Activation version |

### Method 'removeActivation'

Expand Down Expand Up @@ -2776,11 +2778,15 @@ This chapter lists all enums used by PowerAuth Server services.
- BLOCKED
- REMOVED

- `ActivationOtpValidation` - Represents mode of validation of additional OTP:
- `ActivationOtpValidation` - Represents mode of validation of additional OTP (*deprecated*):
- NONE
- ON_KEY_EXCHANGE
- ON_COMMIT

- `CommitPhase` - Specifies when activation is committed:
- ON_COMMIT (default) - activation is committed in the `PENDING_COMMIT` state
- ON_KEY_EXCHANGE - activation is committed during key exchange

- `SignatureType` - Represents the type of the signature, one of the following values:
- POSSESSION
- KNOWLEDGE
Expand Down
18 changes: 18 additions & 0 deletions docs/db/changelog/changesets/powerauth-java-server/1.9.x/20240910-commit-phase.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
<?xml version="1.0" encoding="UTF-8"?>
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.9.xsd">

<changeSet id="1" logicalFilePath="powerauth-java-server/1.9.x/20240910-commit-phase.xml" author="Roman Strobl">
<preConditions onFail="MARK_RAN">
<not>
<columnExists tableName="pa_activation" columnName="commit_phase"/>
</not>
</preConditions>
<comment>Add commit_phase column to pa_activation table.</comment>
<addColumn tableName="pa_activation">
<column name="commit_phase" type="integer" defaultValue="0"/>
</addColumn>
</changeSet>

</databaseChangeLog>
1 change: 1 addition & 0 deletions docs/db/changelog/changesets/powerauth-java-server/1.9.x/db.changelog-version.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,6 @@
<include file="20240718-add-temporary-keys.xml" relativeToChangelogFile="true" />
<include file="20240723-configuration-encryption.xml" relativeToChangelogFile="true" />
<include file="20240906-configuration-encryption.xml" relativeToChangelogFile="true" />
<include file="20240910-commit-phase.xml" relativeToChangelogFile="true" />

</databaseChangeLog>
5 changes: 5 additions & 0 deletions docs/sql/mssql/migration_1.8.0_1.9.0.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,3 +17,8 @@ GO
-- Add encryption_mode column to pa_application_callback table.
ALTER TABLE pa_application_callback ADD encryption_mode varchar(255) CONSTRAINT DF_pa_application_callback_encryption_mode DEFAULT 'NO_ENCRYPTION' NOT NULL;
GO

-- Changeset powerauth-java-server/1.9.x/20240910-commit-phase.xml::1::Roman Strobl
-- Add commit_phase column to pa_activation table.
ALTER TABLE pa_activation ADD commit_phase int CONSTRAINT DF_pa_activation_commit_phase DEFAULT 0;
GO
4 changes: 4 additions & 0 deletions docs/sql/oracle/migration_1.8.0_1.9.0.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,7 @@ ALTER TABLE pa_application_config ADD encryption_mode VARCHAR2(255) DEFAULT 'NO_
-- Changeset powerauth-java-server/1.9.x/20240906-configuration-encryption.xml::1::Lubos Racansky
-- Add encryption_mode column to pa_application_callback table.
ALTER TABLE pa_application_callback ADD encryption_mode VARCHAR2(255) DEFAULT 'NO_ENCRYPTION' NOT NULL;

-- Changeset powerauth-java-server/1.9.x/20240910-commit-phase.xml::1::Roman Strobl
-- Add commit_phase column to pa_activation table.
ALTER TABLE pa_activation ADD commit_phase INTEGER DEFAULT '0';
4 changes: 4 additions & 0 deletions docs/sql/postgresql/migration_1.8.0_1.9.0.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,7 @@ ALTER TABLE pa_application_config ADD encryption_mode VARCHAR(255) DEFAULT 'NO_E
-- Changeset powerauth-java-server/1.9.x/20240906-configuration-encryption.xml::1::Lubos Racansky
-- Add encryption_mode column to pa_application_callback table.
ALTER TABLE pa_application_callback ADD encryption_mode VARCHAR(255) DEFAULT 'NO_ENCRYPTION' NOT NULL;

-- Changeset powerauth-java-server/1.9.x/20240910-commit-phase.xml::1::Roman Strobl
-- Add commit_phase column to pa_activation table.
ALTER TABLE pa_activation ADD commit_phase INTEGER DEFAULT 0;
Loading

0 comments on commit 6cd6f6f

Please sign in to comment.