Merge develop to master

.github/workflows/scp-deploy.yml

@@ -0,0 +1,39 @@
+name: Run SCP deploy
+
+on:
+  workflow_dispatch:
+
+jobs:
+  scp-deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: 17
+          distribution: 'temurin'
+          server-id: jfrog-central
+          server-username: INTERNAL_USERNAME
+          server-password: INTERNAL_PASSWORD
+          cache: maven
+      - name: Run Maven Package Step
+        run: |
+          mvn -B -U package -Dmaven.test.skip=true
+        env:
+          INTERNAL_USERNAME: ${{ secrets.JFROG_USERNAME }}
+          INTERNAL_PASSWORD: ${{ secrets.JFROG_PASSWORD }}
+      - name: Set up SSH key
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SCP_CERTIFICATE }}" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan -t rsa ${{ secrets.SCP_HOST }} >> ~/.ssh/known_hosts
+      - name: Deploy powerauth-java-server.war
+        shell: bash
+        run: |
+          scp -i ~/.ssh/id_rsa **/target/powerauth-java-server-*.war ${{ secrets.SCP_USERNAME }}@${{ secrets.SCP_HOST }}:/opt/apache-tomcat/webapps/powerauth-java-server.war
+      - name: Deploy powerauth-admin.war
+        shell: bash
+        run: |
+          scp -i ~/.ssh/id_rsa **/target/powerauth-admin-*.war ${{ secrets.SCP_USERNAME }}@${{ secrets.SCP_HOST }}:/opt/apache-tomcat/webapps/powerauth-admin.war

docs/Configuration-Properties.md

@@ -10,7 +10,6 @@ The PowerAuth Server uses the following public configuration properties:
 | `spring.datasource.username` | `powerauth` | Database JDBC username |
 | `spring.datasource.password` | `_empty_` | Database JDBC password |
 | `spring.datasource.driver-class-name` | `org.postgresql.Driver` | Datasource JDBC class name |
-| `spring.jpa.database-platform` | `org.hibernate.dialect.PostgreSQLDialect` | Database dialect |
 | `spring.jpa.hibernate.ddl-auto` | `none` | Configuration of automatic database schema creation |
 | `spring.jpa.properties.hibernate.connection.characterEncoding` | `utf8` | Character encoding |
 | `spring.jpa.properties.hibernate.connection.useUnicode` | `true` | Character encoding - Unicode support |
@@ -38,7 +37,7 @@ The PowerAuth Server uses the following public configuration properties:
 | `powerauth.service.secureVault.enableBiometricAuthentication`      | `false`   | Whether biometric authentication is enabled when accessing Secure Vault                 |
 | `powerauth.server.db.master.encryption.key`                        | `_empty_` | Master DB encryption key for decryption of server private key in database               |
 | `powerauth.service.proximity-check.otp.length`                     | `8`       | Length of OTP generated for proximity check                                             |
-| `powerauth.service.pagination.default-page-size`                   | `100`     | The default number of records per page when paginated results are requested             |
+| `powerauth.service.pagination.default-page-size`                   | `500`     | The default number of records per page when paginated results are requested             |
 | `powerauth.service.pagination.default-page-number`                 | `0`       | The default page number when paginated results are requested. Page numbers start from 0 |
 
 ## HTTP Configuration

docs/Deploying-PowerAuth-Server.md

@@ -43,7 +43,6 @@ spring.datasource.url=jdbc:postgresql://localhost:5432/powerauth
 spring.datasource.username=powerauth
 spring.datasource.password=
 spring.datasource.driver-class-name=org.postgresql.Driver
-spring.jpa.database-platform=org.hibernate.dialect.PostgreSQLDialect
 spring.jpa.hibernate.ddl-auto=none
 spring.jpa.properties.hibernate.connection.characterEncoding=utf8
 spring.jpa.properties.hibernate.connection.useUnicode=true
@@ -59,7 +58,6 @@ spring.datasource.url=jdbc:oracle:thin:@//[HOST]:[PORT]/[SERVICENAME]
 spring.datasource.username=powerauth
 spring.datasource.password=*********
 spring.datasource.driver-class-name=oracle.jdbc.driver.OracleDriver
-spring.jpa.database-platform=org.hibernate.dialect.PostgreSQLDialect
 spring.jpa.hibernate.ddl-auto=none
 ```
 
@@ -71,7 +69,6 @@ spring.datasource.url=jdbc:postgresql://[HOST]:[PORT]/[DATABASE]
 spring.datasource.username=powerauth
 spring.datasource.password=*********
 spring.datasource.driver-class-name=org.postgresql.Driver
-spring.jpa.database-platform=org.hibernate.dialect.PostgreSQLDialect
 spring.jpa.hibernate.ddl-auto=none
 ```
 
@@ -140,7 +137,6 @@ You can specify the individual properties directly in the server configuration.
     <Parameter name="spring.datasource.username" value="powerauth"/>
     <Parameter name="spring.datasource.password" value=""/>
     <Parameter name="spring.datasource.driver-class-name" value="org.postgresql.Driver"/>
-    <Parameter name="spring.jpa.database-platform" value="org.hibernate.dialect.PostgreSQLDialect"/>
 </Context>
 ```
 
@@ -162,7 +158,6 @@ spring.datasource.url=jdbc:postgresql://localhost:5432/powerauth
 spring.datasource.username=powerauth
 spring.datasource.password=
 spring.datasource.driver-class-name=org.postgresql.Driver
-spring.jpa.database-platform=org.hibernate.dialect.PostgreSQLDialect
 ```
 
 ## Generating Your First Application

docs/Deploying-Wildfly.md

@@ -97,7 +97,6 @@ spring.datasource.url=jdbc:oracle:thin:@//[host]:[port]/[servicename]
 spring.datasource.username=powerauth
 spring.datasource.password=powerauth
 spring.datasource.driver-class-name=oracle.jdbc.driver.OracleDriver
-spring.jpa.database-platform=org.hibernate.dialect.PostgreSQLDialect
 
 # Application Service Configuration
 powerauth.service.applicationEnvironment=TEST

docs/Installing-Bouncy-Castle.md

@@ -1,169 +1,3 @@
 # Installing Bouncy Castle
 
 Since PowerAuth Server in version 1.1.x, installing the Bouncy Castle in OS or Java container is no longer required. The latest version is bundled with the app and cryptographic primitives should work out of the box.
-
-## Legacy: Installing Before 1.1.x
-
-In order to function correctly, PowerAuth software requires Bouncy Castle to be available.
-
-Bouncy Castle library installation depends on Java version and used web container.
-
-PowerAuth server uses dynamic initialization of Bouncy Castle provider, so it is not required to configure security provider statically in the Java Runtime configuration.
-
-You can get the Bouncy Castle provider here:
-https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk18on
-
-### Installing on Java 11
-
-Java 11 no longer provides a library extension mechanism and thus Bouncy Castle library must be installed in the web container.
-
-#### Bouncy Castle on Tomcat
-
-Copy [`bcprov-jdk18on-176.jar`](https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk18on) to your `${CATALINA_HOME}/lib` folder.
-
-<!-- begin box warning -->
-Bouncy Castle library will not work properly in case any war file deployed to Tomcat contains another copy of the Bouncy Castle library, even if the war file is not related to PowerAuth.
-Bouncy Castle library must be only present in the `${CATALINA_HOME}/lib` folder. The `key spec not recognized` error message will appear in Tomcat log in this case.
-<!-- end -->
-
-#### Bouncy Castle on JBoss / Wildfly
-
-PowerAuth server requires a specific version of Bouncy Castle library: `bcprov-jdk18on-176.jar`
-
-In order to make PowerAuth Server work on JBoss / Wildfly, you need to add and enable the external Bouncy Castle module on the server
-by adding the `<global-modules>` element in the `standalone.xml` file:
-
-```xml
-<subsystem xmlns="urn:jboss:domain:ee:4.0">
-    <global-modules>
-        <module name="org.bouncycastle.external" slot="main"/>
-    </global-modules>
-</subsystem>
-```
-
-The module should be defined using a new module XML file in JBoss folder `modules/system/layers/base/org/bouncycastle/external/main`:
-```xml
-<?xml version="1.0" encoding="UTF-8"?>
-<module name="org.bouncycastle.external" xmlns="urn:jboss:module:1.8">
-    <resources>
-        <resource-root path="bcprov-jdk18on-176.jar"/>
-    </resources>
-</module>
-```
-
-Finally, copy the Bouncy Castle library `bcprov-jdk18on-176.jar` into folder  `modules/system/layers/base/org/bouncycastle/external/main` so that it is available for the module.
-
-<!-- begin box warning -->
-Do not reuse Bouncy Castle module `org.bouncycastle` from JBoss, because version of library provided by JBoss may differ from version required by PowerAuth.
-<!-- end -->
-
-#### Testing the Installation
-
-You can test the installation in web container using our simple [bc-check.war application](https://github.com/wultra/powerauth-crypto/releases/download/0.23.0/check-bc.war).
-
-The application performs following checks after startup:
-- Check whether BC provider is correctly installed.
-- Generate an ECSDA keypair.
-- Compute and validate an ECSDA signature.
-
-Once you deploy the application to the web container, you should see following messages in container log:
-```
-BC provider is installed.
-ECSDA signature validation succeeded.
-```
-
-In case of any error or different output, please check the troubleshooting guide below.
-
-### Installing on Java 8
-
-Java 8 provides a library extension mechanism which can be used to installed Bouncy Castle with exception of JBoss / Wildfly which has it's own mechanism for installing Bouncy Castle.  
-
-#### Bouncy Castle on Tomcat
-
-##### Standalone Tomcat
-
-When running a standalone Tomcat instance, all you need to do is to copy [`bcprov-jdk18on-176.jar`](https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk18on) to your `${JDK_HOME}/jre/lib/ext` folder.
-
-##### Embedded Tomcat
-
-In case you are running Spring Boot application with the embedded Tomcat server, you also might need to register the provider in the Java security configuration file. To do this, add a new line to `$JAVA_HOME/jre/lib/security/java.security` and enable Bouncy Castle security provider on a system level:
-
-```
-security.provider.N=org.bouncycastle.jce.provider.BouncyCastleProvider
-```
-
-Make sure to add the provider to the top of the list (ideally, N=2).
-
-#### Bouncy Castle on JBoss / Wildfly
-
-PowerAuth server requires a specific version of Bouncy Castle library: `bcprov-jdk18on-176.jar`
-
-In order to make PowerAuth Server work on JBoss / Wildfly, you need to add and enable the external Bouncy Castle module on the server
-by adding the `<global-modules>` element in the `standalone.xml` file:
-
-```xml
-<subsystem xmlns="urn:jboss:domain:ee:4.0">
-    <global-modules>
-        <module name="org.bouncycastle.external" slot="main"/>
-    </global-modules>
-</subsystem>
-```
-
-The module should be defined using a new module XML file in JBoss folder `modules/system/layers/base/org/bouncycastle/external/main`:
-```xml
-<?xml version="1.0" encoding="UTF-8"?>
-<module name="org.bouncycastle.external" xmlns="urn:jboss:module:1.8">
-    <resources>
-        <resource-root path="bcprov-jdk18on-176.jar"/>
-    </resources>
-</module>
-```
-
-Finally, copy the Bouncy Castle library `bcprov-jdk18on-176.jar` into folder  `modules/system/layers/base/org/bouncycastle/external/main` so that it is available for the module.
-
-<!-- begin box warning -->
-Do not reuse Bouncy Castle module `org.bouncycastle` from JBoss, because version of library provided by JBoss may differ from version required by PowerAuth.
-<!-- end -->
-
-Note that when Bouncy Castle module for JBoss / Wildfly is used, Bouncy Castle should not be present in the `lib/ext` folder of the Java runtime, otherwise the following error can occur: `key spec not recognized` due to clash of Bouncy Castle libraries.
-
-#### Testing the Installation
-
-You can test the installation using our [simple Java utility](./util/check-bc.jar):
-
-```sh
-$ java -jar check-bc.jar
-```
-
-The utility uses following source code to check the provider installation:
-
-```java
-import java.security.Security;
-
-public class SimpleTest
-{
-    public static void main(String[] args)
-    {
-        String name = "BC";
-        if (Security.getProvider(name) == null)
-        {
-            System.out.println("not installed");
-        }
-        else
-        {
-            System.out.println("installed");
-        }
-    }
-}
-```
-
-## Troubleshooting Bouncy Castle Installation Issues
-
-In case you get the following error: `key spec not recognized`, there are possible issues:
-
-- Tomcat on Java 11: Check that Bouncy Castle library is installed in `${CATALINA_HOME}/lib`.
-- Tomcat on Java 8: Check that Bouncy Castle library is installed in `${JDK_HOME}/jre/lib/ext` and it is not present in `${CATALINA_HOME}/lib`.
-- JBoss / Wildfly on Java 11: Check that Bouncy Castle library is installed as a module in JBoss / Wildfly.
-- JBoss / Wildfly on Java 8: Check that Bouncy Castle library is not installed in `${JDK_HOME}/jre/lib/ext` and it is installed as an external module in JBoss / Wildfly.
-- All containers on Java 8/11: Check that none of the deployed war files contains Bouncy Castle library, even if the war file is not related to PowerAuth.
-Another copy of Bouncy Castle library would clash with the globally installed version of the library. This rule applies only for PowerAuth `2019.05` or later.

docs/Migration-Instructions.md

@@ -6,6 +6,7 @@ This page contains PowerAuth Server migration instructions.
 When updating across multiple versions, you need to perform all migration steps additively.
 <!-- end -->
 
+- [PowerAuth Server 1.6.0](./PowerAuth-Server-1.6.0.md)
 - [PowerAuth Server 1.5.0](./PowerAuth-Server-1.5.0.md)
 - [PowerAuth Server 1.4.0](./PowerAuth-Server-1.4.0.md)
 - [PowerAuth Server 1.3.0](./PowerAuth-Server-1.3.0.md)

docs/PowerAuth-Server-0.22.0.md

@@ -36,7 +36,7 @@ Java 11 no longer supports installing Bouncy Castle using library extension mech
 longer contains the Bouncy Castle library in war files to avoid classloader issues in some web containers (e.g. Tomcat).
 
 The Bouncy Castle provider needs to be installed using mechanism supported by the web container.
-See the [Installing Bouncy Castle](./Installing-Bouncy-Castle.md#installing-on-java-11) chapter in documentation.
+See the [Installing Bouncy Castle](./Installing-Bouncy-Castle.md) chapter in documentation.
 
 ### Tomcat on Java 11
 

docs/PowerAuth-Server-1.5.0.md

@@ -27,7 +27,7 @@ This release adds support for PowerAuth protocol version 3.2, which adds several
 
 ### Simplified Configuration of PowerAuth Mobile SDK. 
 
-You can use the `mobileSdkConfig` value from `POST /rest/v3/application/detail`, see [REST API documentation](https://github.com/wultra/powerauth-server/blob/develop/docs/WebServices-Methods.md#method-getapplicationdetail). This value contains encoded master public key, application key and application secret.
+You can use the `mobileSdkConfig` value from `POST /rest/v3/application/detail`, see [REST API documentation](WebServices-Methods.md#method-getapplicationdetail). This value contains encoded master public key, application key and application secret.
 
 Starting with version 1.5.x you can use this single configuration Base-64 encoded string for configuring the PowerAuth mobile SDK instead of using three separated configuration parameters.
 

docs/PowerAuth-Server-1.6.0.md

@@ -0,0 +1,50 @@
+# Migration from 1.5.x to 1.6.0
+
+This guide contains instructions for migration from PowerAuth Server version `1.5.x` to version `1.6.0`.
+
+## Database Changes
+
+### Allow Non-personalized Operations
+
+The column `user_id` in table `pa_operation` is nullable now.
+
+#### PostgreSQL
+
+```sql
+ALTER TABLE pa_operation ALTER COLUMN user_id DROP NOT NULL;
+```
+
+#### Oracle
+
+```sql
+ALTER TABLE pa_operation MODIFY user_id NULL;
+```
+
+
+### Forbid name duplication for operation templates.
+
+Add unique constraint to `templateName` column in `pa_operation_template` table.
+
+Applying this change may fail if there are duplicates in the `pa_operation_template` table. Please make sure there are
+no two records with the same name `templateName`. If necessary, remove any duplicities from the table manually. Consider
+creating a backup before this operation.
+
+### Add foreign key constraints to operations and applications relation.
+
+Add foreign key constraints to relating table `pa_operation_application`.
+
+Applying this change may fail if there is an inconsistency between tables `pa_operation_application`
+and `pa_application` or `pa_operation`. Make sure that `pa_operation_application.application_id` contains references to
+existing `pa_application.id` and `pa_operation_application.operation_id` contains references to
+existing `pa_operation.id`. If necessary, manually remove orphaned records in `pa_operation_application`. Consider
+creating a backup before this operation.
+
+### Add activation_id Column
+
+Add a new column `activation_id` to the `pa_operation` table. This column is a foreign key that references
+the `activation_id` column in the `pa_activation` table. Storing the `activation_id` in the `pa_operation` table
+provides several enhancements:
+
+* It allows the creation of a new operation tied to a specific mobile device, identified by its activation ID.
+* It ensures that the operation can only be approved on that specific mobile device, again identified by its activation ID.
+

docs/System-Requirements.md

@@ -27,10 +27,12 @@ Powerauth Server may run on other Java versions, however we do not perform exten
 
 PowerAuth Server primary installation method is running the WAR package in the Java VM environment. This chapter provides detailed system requirements.
 
-It is suggested to deploy PowerAuth in its own Java Servlet Container. PowerAuth Server is currently tested with following container technologies:
+It is suggested to deploy PowerAuth in its own Java Servlet Container.
+PowerAuth Server is currently tested with following container technologies supporting Jakarta EE 9:
 
-- Apache Tomcat 9.x, or
-- JBoss Wildfly 9 or newer
+- Apache Tomcat 10.x or newer
+- Wildfly 23 or newer
+- JBoss EAP 8 or newer
 
 PowerAuth supports any JPA2 compatible database, and it is tested with: