Merge pull request #647 from wultra/develop

Prepare release 1.2.0

docs/Configuring-REST-Client-for-Spring.md

@@ -28,31 +28,45 @@ In order to connect to the correct PowerAuth Server, you need to add following c
 
 ```java
 @Configuration
-@ComponentScan(basePackages = {"com.wultra.security.powerauth"})
 public class PowerAuthClientConfiguration {
 
     @Value("${powerauth.rest.url}")
     private String powerAuthRestUrl;
 
     @Bean
     public PowerAuthClient powerAuthRestClient() {
-        return new PowerAuthRestClient(powerAuthRestUrl);
+        try {
+            return new PowerAuthRestClient(powerAuthRestUrl);
+        } catch (PowerAuthClientException ex) {
+            logger.warn(ex.getMessage(), ex);
+        }
     }
 
 }
 ```
 
-In case you need to configure the client, use:
+The `PowerAuthClientException` is thrown only in case the provided base URL is invalid. The error can occur when the URL is constructed dynamically, for correctly specified static URLs you can skip the error handling. 
+
+In case you need to configure the client, use e.g.:
 ```java
     @Bean
     public PowerAuthRestClient powerAuthRestClient() {
         PowerAuthRestClientConfiguration config = new PowerAuthRestClientConfiguration();
+        config.setPowerAuthClientToken(clientToken);
+        config.setPowerAuthClientSecret(clientSecret);
+        config.setAcceptInvalidSslCertificate(acceptInvalidSslCertificate);
         config.setConnectTimeout(3000);
         ...
-        return new PowerAuthRestClient(powerAuthRestUrl, config);
+        try {
+            return new PowerAuthRestClient(powerAuthRestUrl, config);
+        } catch (PowerAuthClientException ex) {
+            logger.warn(ex.getMessage(), ex);
+        }
     }
 ```
 
+The `PowerAuthClientException` is thrown in case the provided URL is invalid or REST client configuration is invalid.
+
 The following REST client options are available:
 
 - `maxMemorySize` - configures maximum memory size per request, default 1 MB

docs/Database-Structure.md

@@ -14,7 +14,7 @@ The drop scripts are available for supported databases:
 - [MySQL - Drop Tables](./sql/mysql/delete_schema.sql)
 - [PostgreSQL - Drop Tables and Sequences](./sql/postgresql/delete_schema.sql)
 
-See the overall database schema in this [MySQL Workbench file](./sql/mysql/mysql-workbench-model.mwb):
+See the overall database schema:
 
 ![Database structure](./images/arch_db_structure.png)
 
@@ -23,7 +23,7 @@ See the overall database schema in this [MySQL Workbench file](./sql/mysql/mysql
 The PowerAuth Server uses ShedLock to synchronize scheduled operations. You need to create appropriate DB table, i.e.:
 
 ```sql
-CREATE TABLE "shedlock" (
+CREATE TABLE shedlock (
     name VARCHAR(64) NOT NULL PRIMARY KEY,
     lock_until TIMESTAMP NOT NULL,
     locked_at TIMESTAMP NOT NULL,

docs/PowerAuth-Server-1.1.0.md

@@ -2,6 +2,26 @@
 
 This guide contains instructions for migration from PowerAuth Server version `1.0.x` to version `1.1.x`.
 
+## Partial Package Name Migration
+
+Our original package name used to start with `io.getlime.*`. In `1.1.x`, we partially migrated our components to a new package name `com.wultra.*`, while some components still use the legacy package name. When autowiring dependencies, make sure to account for both package name if needed:
+
+```java
+@Configuration
+@ComponentScan(basePackages = {"io.getlime.security.powerauth","com.wultra.security.powerauth"})
+public class PowerAuthWebServiceConfiguration {
+}
+```
+
+In case you do not provide the component scan hints mentioned above, you may see issues with autowiring, i.e.:
+
+```
+Parameter 0 of method setAuthenticationProvider in io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthAnnotationInterceptor required a bean of type 'io.getlime.security.powerauth.rest.api.spring.provider.PowerAuthAuthenticationProvider' that could not be found.
+
+Action:
+Consider defining a bean of type 'io.getlime.security.powerauth.rest.api.spring.provider.PowerAuthAuthenticationProvider' in your configuration.
+```
+
 ## Embedded Bouncy Castle Library (Version 1.68)
 
 Bouncy Castle library has been updated to version `1.68` and it is now **included directly in the application bundle (\*.war)**.
@@ -223,7 +243,7 @@ CREATE TABLE shedlock (
 ### Oracle
 
 ```sql
-CREATE TABLE "shedlock" (
+CREATE TABLE shedlock (
     name        VARCHAR(64) NOT NULL PRIMARY KEY,
     lock_until  TIMESTAMP NOT NULL,
     locked_at   TIMESTAMP NOT NULL,

docs/PowerAuth-Server-1.2.0.md

@@ -0,0 +1,25 @@
+# Migration from 1.1.x to 1.2.x
+
+This guide contains instructions for migration from PowerAuth Server version `1.1.x` to version `1.2.x`.
+
+## Database Changes
+
+The `pa_application_callback` table was updated to include request authentication. 
+
+### Oracle
+
+```sql
+ALTER TABLE "PA_APPLICATION_CALLBACK" ADD "AUTHENTICATION" CLOB;
+```
+
+### PostgreSQL
+
+```sql
+ALTER TABLE "pa_application_callback" ADD "authentication" TEXT;
+```
+
+### MySQL
+
+```sql
+ALTER TABLE `pa_application_callback` ADD `authentication` TEXT;
+```

docs/WebServices-Methods.md

@@ -84,7 +84,7 @@ The following `v3` methods are published using the service:
     - [updateActivationFlags](#method-updateactivationflags)
     - [removeActivationFlags](#method-removeactivationflags)
 - Application Roles
-    - [listApplicationRoles](#method-listapplicationoles)
+    - [listApplicationRoles](#method-listapplicationroles)
     - [addApplicationRoles](#method-addapplicationroles)
     - [updateApplicationRoles](#method-updateapplicationroles)
     - [removeApplicationRoles](#method-removeapplicationroles)
@@ -96,7 +96,7 @@ The following `v3` methods are published using the service:
     - [findAllOperationsByExternalId](#method-findalloperationsbyexternalid)
     - [cancelOperation](#method-canceloperation)
     - [approveOperation](#method-approveoperation)
-    - [failApprovalOperation](#method-failapprovaloperation)
+    - [failApprovalOperation](#method-failapproveoperation)
     - [rejectOperation](#method-rejectoperation)
 - Operation Templates
     - [createOperationTemplate](#method-createoperationtemplate)
@@ -1275,6 +1275,7 @@ REST endpoint: `POST /rest/v3/application/callback/create`
 | `String` | `name` | Callback URL name, for visual identification. |
 | `String` | `callbackUrl` | Callback URL that should be notified about activation status updates. |
 | `List<String>` | `attributes` | Attributes which should be sent with the callback. |
+| `String` | `authentication` | Callback HTTP request authentication configuration. |
 
 The `attributes` list can contain following values:
 - `activationId`
@@ -1287,6 +1288,28 @@ The `attributes` list can contain following values:
 - `blockedReason`
 - `applicationId`
 
+The `authentication` parameter contains a JSON-based configuration for client TLS certificate and HTTP basic authentication:
+```json
+{
+  "certificate": {
+    "enabled": false,
+    "useCustomKeyStore": false,
+    "keyStoreLocation": "[keystore resource location]",
+    "keyStorePassword": "[keystore password]",
+    "keyAlias": "[key alias]",
+    "keyPassword": "[key password]",
+    "useCustomTrustStore": false,
+    "trustStoreLocation": "[truststore resource location]", 
+    "trustStorePassword": "[truststore password]"
+  },
+  "httpBasic": {
+    "enabled": false,
+    "username": "[HTTP basic authentication username]",
+    "password": "[HTTP basic authentication password]"
+  }
+}
+```
+
 #### Response
 
 `CreateCallbackUrlResponse`
@@ -1298,6 +1321,7 @@ The `attributes` list can contain following values:
 | `String` | `name` | Callback URL name, for visual identification. |
 | `String` | `callbackUrl` | Callback URL that should be notified about activation status updates. |
 | `List<String>` | `attributes` | Attributes which should be sent with the callback. |
+| `String` | `authentication` | Callback HTTP request authentication configuration. |
 
 ### Method 'updateCallbackUrl'
 
@@ -1315,6 +1339,7 @@ REST endpoint: `POST /rest/v3/application/callback/update`
 | `String` | `name` | Callback URL name, for visual identification. |
 | `String` | `callbackUrl` | Callback URL that should be notified about activation status updates. |
 | `List<String>` | `attributes` | Attributes which should be sent with the callback. |
+| `String` | `authentication` | Callback HTTP request authentication configuration. |
 
 The `attributes` list can contain following values:
 - `activationId`
@@ -1327,6 +1352,29 @@ The `attributes` list can contain following values:
 - `blockedReason`
 - `applicationId`
 
+The `authentication` parameter contains a JSON-based configuration for client TLS certificate and HTTP basic authentication:
+```json
+{
+  "certificate": {
+    "enabled": false,
+    "useCustomKeyStore": false,
+    "keyStoreLocation": "[keystore resource location]",
+    "keyStorePassword": "[keystore password]",
+    "keyAlias": "[key alias]",
+    "keyPassword": "[key password]",
+    "useCustomTrustStore": false,
+    "trustStoreLocation": "[truststore resource location]", 
+    "trustStorePassword": "[truststore password]"
+  },
+  "httpBasic": {
+    "enabled": false,
+    "username": "[HTTP basic authentication username]",
+    "password": "[HTTP basic authentication password]"
+  }
+}
+```
+
+
 #### Response
 
 `UpdateCallbackUrlResponse`
@@ -1338,6 +1386,7 @@ The `attributes` list can contain following values:
 | `String` | `name` | Callback URL name, for visual identification. |
 | `String` | `callbackUrl` | Callback URL that should be notified about activation status updates. |
 | `List<String>` | `attributes` | Attributes which should be sent with the callback. |
+| `String` | `authentication` | Callback HTTP request authentication configuration. |
 
 ### Method 'getCallbackUrlList'
 
@@ -1370,6 +1419,7 @@ REST endpoint: `POST /rest/v3/application/callback/list`
 | `String` | `name` | Callback URL name, for visual identification. |
 | `String` | `callbackUrl` | Callback URL that should be notified about activation status updates. |
 | `List<String>` | `attributes` | Attributes which should be sent with the callback. |
+| `String` | `authentication` | Callback HTTP request authentication configuration. |
 
 ### Method 'removeCallbackUrl'
 

docs/sql/mysql/create_schema.sql

@@ -118,6 +118,7 @@ CREATE TABLE `pa_application_callback` (
   `callback_url` text NOT NULL,
   `type` VARCHAR(64) DEFAULT 'ACTIVATION_STATUS_CHANGE' NOT NULL,
   `attributes` text NOT NULL,
+  `authentication` text,
   PRIMARY KEY (`id`),
   CONSTRAINT `FK_APPLICATION_CALLBACK` FOREIGN KEY (`application_id`) REFERENCES `pa_application` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION
 ) ENGINE=InnoDB CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

docs/sql/oracle/create_schema.sql

@@ -124,7 +124,8 @@ CREATE TABLE "PA_APPLICATION_CALLBACK"
     "NAME"               VARCHAR2(255 CHAR),
     "CALLBACK_URL"       VARCHAR2(1024 CHAR),
     "TYPE"               VARCHAR2(64 CHAR) DEFAULT 'ACTIVATION_STATUS_CHANGE' NOT NULL,
-    "ATTRIBUTES"         VARCHAR2(1024 CHAR)
+    "ATTRIBUTES"         VARCHAR2(1024 CHAR),
+    "AUTHENTICATION"     CLOB
 );
 
 --

docs/sql/postgresql/create_schema.sql

@@ -125,7 +125,8 @@ CREATE TABLE "pa_application_callback"
     "name"               VARCHAR(255),
     "callback_url"       VARCHAR(1024),
     "type"               VARCHAR(64) DEFAULT 'ACTIVATION_STATUS_CHANGE' NOT NULL,
-    "attributes"         VARCHAR(1024)
+    "attributes"         VARCHAR(1024),
+    "authentication"     TEXT
 );
 
 --
@@ -238,7 +239,7 @@ CREATE TABLE "pa_operation_template" (
 --
 -- DDL for Table SHEDLOCK
 --
-CREATE TABLE "shedlock" (
+CREATE TABLE shedlock (
     name VARCHAR(64) NOT NULL PRIMARY KEY,
     lock_until TIMESTAMP NOT NULL,
     locked_at TIMESTAMP NOT NULL,

pom.xml

@@ -26,13 +26,13 @@
 
     <groupId>io.getlime.security</groupId>
     <artifactId>powerauth-server-parent</artifactId>
-    <version>1.1.0</version>
+    <version>1.2.0</version>
     <packaging>pom</packaging>
 
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.4.5</version>
+        <version>2.6.1</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
 
@@ -86,16 +86,16 @@
         <maven.compiler.target>1.8</maven.compiler.target>
         <maven-jar-plugin.version>3.2.0</maven-jar-plugin.version>
         <maven-deploy-plugin.version>3.0.0-M1</maven-deploy-plugin.version>
-        <maven-javadoc-plugin.version>3.2.0</maven-javadoc-plugin.version>
-        <maven-war-plugin.version>3.3.1</maven-war-plugin.version>
+        <maven-javadoc-plugin.version>3.3.1</maven-javadoc-plugin.version>
+        <maven-war-plugin.version>3.3.2</maven-war-plugin.version>
 
         <!-- Spring Dependencies -->
-        <spring-cloud-vault.version>3.0.3</spring-cloud-vault.version>
+        <spring-cloud-vault.version>3.1.0</spring-cloud-vault.version>
 
         <!-- PowerAuth Dependencies -->
-        <powerauth-java-crypto.version>1.1.0</powerauth-java-crypto.version>
-        <powerauth-rest-base.version>1.3.0</powerauth-rest-base.version>
-        <bcprov-jdk15on.version>1.68</bcprov-jdk15on.version>
+        <powerauth-java-crypto.version>1.2.0</powerauth-java-crypto.version>
+        <powerauth-rest-base.version>1.4.0</powerauth-rest-base.version>
+        <bcprov-jdk15on.version>1.69</bcprov-jdk15on.version>
 
         <!-- Java 11 Dependencies -->
         <jaxb-api.version>2.3.1</jaxb-api.version>
@@ -107,17 +107,17 @@
         <saaj-impl.version>1.5.3</saaj-impl.version>
 
         <!-- Documentation Dependencies -->
-        <springdoc-openapi.version>1.5.8</springdoc-openapi.version>
+        <springdoc-openapi.version>1.6.1</springdoc-openapi.version>
 
         <!-- Scheduled Job Dependencies -->
-        <schedlock.version>4.23.0</schedlock.version>
+        <schedlock.version>4.30.0</schedlock.version>
 
         <!-- Test Dependencies -->
-        <junit-jupiter-engine.version>5.7.2</junit-jupiter-engine.version>
+        <junit-jupiter-engine.version>5.8.2</junit-jupiter-engine.version>
         <h2.version>1.4.197</h2.version> <!-- Tests fail in version 1.4.200, upgrade reverted -->
 
         <!-- Other Dependencies -->
-        <axis2.version>1.7.9</axis2.version>
+        <jackson.version>2.13.0</jackson.version>
         <commons-text.version>1.9</commons-text.version>
 
     </properties>
@@ -188,13 +188,11 @@
             <build>
                 <plugins>
                     <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-gpg-plugin</artifactId>
-                        <version>1.6</version>
+                        <groupId>org.kohsuke</groupId>
+                        <artifactId>pgp-maven-plugin</artifactId>
+                        <version>1.1</version>
                         <executions>
                             <execution>
-                                <id>sign-artifacts</id>
-                                <phase>verify</phase>
                                 <goals>
                                     <goal>sign</goal>
                                 </goals>

powerauth-client-model/pom.xml

@@ -22,14 +22,14 @@
     <modelVersion>4.0.0</modelVersion>
 
     <artifactId>powerauth-client-model</artifactId>
-    <version>1.1.0</version>
+    <version>1.2.0</version>
     <name>powerauth-client-model</name>
     <description>PowerAuth Server Client Model</description>
 
     <parent>
         <groupId>io.getlime.security</groupId>
         <artifactId>powerauth-server-parent</artifactId>
-        <version>1.1.0</version>
+        <version>1.2.0</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -42,13 +42,17 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.12.3</version>
+            <version>${jackson.version}</version>
         </dependency>
         <dependency>
             <groupId>javax.xml.bind</groupId>
             <artifactId>jaxb-api</artifactId>
             <version>${jaxb-api.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+        </dependency>
     </dependencies>
 
     <build>