Example 11 with ObjectResponse
use of io.getlime.core.rest.model.base.response.ObjectResponse in project powerauth-restful-integration by lime-company.
the class SecureVaultController method unlockVault.
/**
* Request the vault unlock key.
* @param signatureHeader PowerAuth signature HTTP header.
* @param request Vault unlock request data.
* @param httpServletRequest HTTP servlet request.
* @return PowerAuth RESTful response with {@link VaultUnlockResponse} payload.
* @throws PowerAuthAuthenticationException In case authentication fails.
* @throws PowerAuthSecureVaultException In case unlocking the vault fails.
*/
@RequestMapping(value = "unlock", method = RequestMethod.POST)
public ObjectResponse<VaultUnlockResponse> unlockVault(@RequestHeader(value = PowerAuthSignatureHttpHeader.HEADER_NAME, defaultValue = "unknown") String signatureHeader, @RequestBody(required = false) ObjectRequest<VaultUnlockRequest> request, HttpServletRequest httpServletRequest) throws PowerAuthAuthenticationException, PowerAuthSecureVaultException {
// Request object is not validated - it is optional for version 2
// Parse the header
PowerAuthSignatureHttpHeader header = new PowerAuthSignatureHttpHeader().fromValue(signatureHeader);
// Validate the header
try {
PowerAuthSignatureHttpHeaderValidator.validate(header);
} catch (InvalidPowerAuthHttpHeaderException ex) {
logger.warn("Signature HTTP header validation failed, error: {}", ex.getMessage());
logger.debug(ex.getMessage(), ex);
throw new PowerAuthSignatureInvalidException();
}
if (!"2.0".equals(header.getVersion()) && !"2.1".equals(header.getVersion())) {
logger.warn("Endpoint does not support PowerAuth protocol version {}", header.getVersion());
throw new PowerAuthInvalidRequestException();
}
VaultUnlockResponse response = secureVaultServiceV2.vaultUnlock(signatureHeader, request.getRequestObject(), httpServletRequest);
return new ObjectResponse<>(response);
}
Also used :
PowerAuthInvalidRequestException(io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException)
PowerAuthSignatureInvalidException(io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureInvalidException)
InvalidPowerAuthHttpHeaderException(io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException)
PowerAuthSignatureHttpHeader(io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader)
VaultUnlockResponse(io.getlime.security.powerauth.rest.api.model.response.v2.VaultUnlockResponse)
ObjectResponse(io.getlime.core.rest.model.base.response.ObjectResponse)
Example 12 with ObjectResponse
use of io.getlime.core.rest.model.base.response.ObjectResponse in project powerauth-restful-integration by lime-company.
the class ActivationController method removeActivation.
/**
* Get activation status.
* @param signatureHeader PowerAuth signature HTTP header.
* @return PowerAuth RESTful response with {@link ActivationRemoveResponse} payload.
* @throws PowerAuthActivationException In case activation access fails.
* @throws PowerAuthAuthenticationException In case the signature validation fails.
*/
@RequestMapping(value = "remove", method = RequestMethod.POST)
@ResponseBody
public ObjectResponse<ActivationRemoveResponse> removeActivation(@RequestHeader(value = PowerAuthSignatureHttpHeader.HEADER_NAME) String signatureHeader) throws PowerAuthActivationException, PowerAuthAuthenticationException {
try {
PowerAuthApiAuthentication apiAuthentication = authenticationProvider.validateRequestSignature("POST", null, "/pa/activation/remove", signatureHeader);
if (apiAuthentication != null && apiAuthentication.getActivationId() != null) {
RemoveActivationResponse soapResponse = powerAuthClient.removeActivation(apiAuthentication.getActivationId());
ActivationRemoveResponse response = new ActivationRemoveResponse();
response.setActivationId(soapResponse.getActivationId());
return new ObjectResponse<>(response);
} else {
throw new PowerAuthAuthenticationException("USER_NOT_AUTHENTICATED");
}
} catch (PowerAuthAuthenticationException ex) {
throw ex;
} catch (Exception ex) {
throw new PowerAuthActivationException();
}
}
Also used :
PowerAuthActivationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthActivationException)
ActivationRemoveResponse(io.getlime.security.powerauth.rest.api.model.response.ActivationRemoveResponse)
PowerAuthAuthenticationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException)
PowerAuthApiAuthentication(io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication)
ObjectResponse(io.getlime.core.rest.model.base.response.ObjectResponse)
RemoveActivationResponse(io.getlime.powerauth.soap.RemoveActivationResponse)
PowerAuthAuthenticationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException)
PowerAuthActivationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthActivationException)
Example 13 with ObjectResponse
use of io.getlime.core.rest.model.base.response.ObjectResponse in project powerauth-restful-integration by lime-company.
the class SecureVaultController method unlockVault.
/**
* Request the vault unlock key.
* @param signatureHeader PowerAuth signature HTTP header.
* @return PowerAuth RESTful response with {@link VaultUnlockResponse} payload.
* @throws PowerAuthAuthenticationException In case authentication fails.
*/
@RequestMapping(value = "unlock", method = RequestMethod.POST)
@ResponseBody
public ObjectResponse<VaultUnlockResponse> unlockVault(@RequestHeader(value = PowerAuthSignatureHttpHeader.HEADER_NAME, defaultValue = "unknown") String signatureHeader, @RequestBody(required = false) ObjectRequest<VaultUnlockRequest> request, HttpServletRequest httpServletRequest) throws PowerAuthAuthenticationException, PowerAuthSecureVaultException {
try {
// Parse the header
PowerAuthSignatureHttpHeader header = new PowerAuthSignatureHttpHeader().fromValue(signatureHeader);
// Validate the header
try {
PowerAuthSignatureHttpHeaderValidator.validate(header);
} catch (InvalidPowerAuthHttpHeaderException e) {
throw new PowerAuthAuthenticationException(e.getMessage());
}
SignatureTypeConverter converter = new SignatureTypeConverter();
String activationId = header.getActivationId();
String applicationId = header.getApplicationKey();
String signature = header.getSignature();
SignatureType signatureType = converter.convertFrom(header.getSignatureType());
String nonce = header.getNonce();
String reason = null;
byte[] requestBodyBytes;
if ("2.0".equals(header.getVersion())) {
// Version 2.0 requires null data in signature for vault unlock.
requestBodyBytes = null;
} else {
// Version 2.1 or higher requires request data in signature (POST request body) for vault unlock.
if (request != null) {
// Send vault unlock reason, in case it is available.
VaultUnlockRequest vaultUnlockRequest = request.getRequestObject();
if (vaultUnlockRequest != null && vaultUnlockRequest.getReason() != null) {
reason = vaultUnlockRequest.getReason();
}
}
// Use POST request body as data for signature.
String requestBodyString = ((String) httpServletRequest.getAttribute(PowerAuthRequestFilterBase.POWERAUTH_SIGNATURE_BASE_STRING));
requestBodyBytes = requestBodyString == null ? null : BaseEncoding.base64().decode(requestBodyString);
}
String data = PowerAuthHttpBody.getSignatureBaseString("POST", "/pa/vault/unlock", BaseEncoding.base64().decode(nonce), requestBodyBytes);
io.getlime.powerauth.soap.VaultUnlockResponse soapResponse = powerAuthClient.unlockVault(activationId, applicationId, data, signature, signatureType, reason);
if (!soapResponse.isSignatureValid()) {
throw new PowerAuthAuthenticationException();
}
VaultUnlockResponse response = new VaultUnlockResponse();
response.setActivationId(soapResponse.getActivationId());
response.setEncryptedVaultEncryptionKey(soapResponse.getEncryptedVaultEncryptionKey());
return new ObjectResponse<>(response);
} catch (Exception ex) {
if (PowerAuthAuthenticationException.class.equals(ex.getClass())) {
throw ex;
} else {
throw new PowerAuthSecureVaultException();
}
}
}
Also used :
VaultUnlockRequest(io.getlime.security.powerauth.rest.api.model.request.VaultUnlockRequest)
InvalidPowerAuthHttpHeaderException(io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException)
PowerAuthAuthenticationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException)
SignatureType(io.getlime.powerauth.soap.SignatureType)
VaultUnlockResponse(io.getlime.security.powerauth.rest.api.model.response.VaultUnlockResponse)
InvalidPowerAuthHttpHeaderException(io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException)
PowerAuthAuthenticationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException)
PowerAuthSecureVaultException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthSecureVaultException)
SignatureTypeConverter(io.getlime.security.powerauth.rest.api.spring.converter.SignatureTypeConverter)
PowerAuthSecureVaultException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthSecureVaultException)
PowerAuthSignatureHttpHeader(io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader)
ObjectResponse(io.getlime.core.rest.model.base.response.ObjectResponse)
Example 14 with ObjectResponse
use of io.getlime.core.rest.model.base.response.ObjectResponse in project powerauth-restful-integration by lime-company.
the class TokenController method createToken.
@RequestMapping(value = "create", method = RequestMethod.POST)
@PowerAuth(resourceId = "/pa/token/create", signatureType = { PowerAuthSignatureTypes.POSSESSION, PowerAuthSignatureTypes.POSSESSION_KNOWLEDGE, PowerAuthSignatureTypes.POSSESSION_BIOMETRY, PowerAuthSignatureTypes.POSSESSION_KNOWLEDGE_BIOMETRY })
@ResponseBody
public ObjectResponse<TokenCreateResponse> createToken(@RequestBody ObjectRequest<TokenCreateRequest> request, PowerAuthApiAuthentication authentication) throws PowerAuthAuthenticationException {
try {
if (authentication != null && authentication.getActivationId() != null) {
// Fetch activation ID and signature type
final String activationId = authentication.getActivationId();
final PowerAuthSignatureTypes signatureFactors = authentication.getSignatureFactors();
// Fetch data from the request
final TokenCreateRequest requestObject = request.getRequestObject();
final String ephemeralPublicKey = requestObject.getEphemeralPublicKey();
// Prepare a signature type converter
SignatureTypeConverter converter = new SignatureTypeConverter();
// Create a token
final CreateTokenResponse token = powerAuthClient.createToken(activationId, ephemeralPublicKey, converter.convertFrom(signatureFactors));
// Prepare a response
final TokenCreateResponse responseObject = new TokenCreateResponse();
responseObject.setMac(token.getMac());
responseObject.setEncryptedData(token.getEncryptedData());
return new ObjectResponse<>(responseObject);
} else {
throw new PowerAuthAuthenticationException();
}
} catch (PowerAuthAuthenticationException ex) {
throw ex;
} catch (Exception ex) {
throw new PowerAuthAuthenticationException(ex.getMessage());
}
}
Also used :
TokenCreateRequest(io.getlime.security.powerauth.rest.api.model.request.TokenCreateRequest)
PowerAuthAuthenticationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException)
CreateTokenResponse(io.getlime.powerauth.soap.CreateTokenResponse)
PowerAuthSignatureTypes(io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes)
ObjectResponse(io.getlime.core.rest.model.base.response.ObjectResponse)
TokenCreateResponse(io.getlime.security.powerauth.rest.api.model.response.TokenCreateResponse)
PowerAuthAuthenticationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException)
SignatureTypeConverter(io.getlime.security.powerauth.rest.api.spring.converter.SignatureTypeConverter)
PowerAuth(io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuth)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
ResponseBody(org.springframework.web.bind.annotation.ResponseBody)
Example 15 with ObjectResponse
use of io.getlime.core.rest.model.base.response.ObjectResponse in project powerauth-restful-integration by lime-company.
the class PowerAuthNonPersonalizedEncryptor method encrypt.
public ObjectResponse<NonPersonalizedEncryptedPayloadModel> encrypt(byte[] originalData) {
if (originalData == null) {
return null;
}
NonPersonalizedEncryptedMessage message = encryptor.encrypt(originalData);
if (message == null) {
// this will happen only in case of an unlikely randomness error, or if keys are corrupted
return null;
}
NonPersonalizedEncryptedPayloadModel responseObject = new NonPersonalizedEncryptedPayloadModel();
responseObject.setApplicationKey(BaseEncoding.base64().encode(message.getApplicationKey()));
responseObject.setEphemeralPublicKey(BaseEncoding.base64().encode(message.getEphemeralPublicKey()));
responseObject.setSessionIndex(BaseEncoding.base64().encode(message.getSessionIndex()));
responseObject.setAdHocIndex(BaseEncoding.base64().encode(message.getAdHocIndex()));
responseObject.setMacIndex(BaseEncoding.base64().encode(message.getMacIndex()));
responseObject.setNonce(BaseEncoding.base64().encode(message.getNonce()));
responseObject.setMac(BaseEncoding.base64().encode(message.getMac()));
responseObject.setEncryptedData(BaseEncoding.base64().encode(message.getEncryptedData()));
return new ObjectResponse<>(responseObject);
}
Also used :
NonPersonalizedEncryptedPayloadModel(io.getlime.security.powerauth.rest.api.model.entity.NonPersonalizedEncryptedPayloadModel)
ObjectResponse(io.getlime.core.rest.model.base.response.ObjectResponse)
NonPersonalizedEncryptedMessage(io.getlime.security.powerauth.crypto.lib.encryptor.model.NonPersonalizedEncryptedMessage)
Aggregations
ObjectResponse (io.getlime.core.rest.model.base.response.ObjectResponse)17
PowerAuthAuthenticationException (io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException)12
PowerAuthActivationException (io.getlime.security.powerauth.rest.api.base.exception.PowerAuthActivationException)6
PowerAuthPortServiceStub (io.getlime.powerauth.soap.PowerAuthPortServiceStub)5
RemoteException (java.rmi.RemoteException)5
PowerAuthApiAuthentication (io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication)4
PowerAuthSignatureHttpHeader (io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader)3
InvalidPowerAuthHttpHeaderException (io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException)3
PowerAuthInvalidRequestException (io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException)3
PowerAuthSignatureInvalidException (io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureInvalidException)3
NonPersonalizedEncryptedMessage (io.getlime.security.powerauth.crypto.lib.encryptor.model.NonPersonalizedEncryptedMessage)2
PowerAuthSignatureTypes (io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes)2
PowerAuthSecureVaultException (io.getlime.security.powerauth.rest.api.base.exception.PowerAuthSecureVaultException)2
SignatureTypeConverter (io.getlime.security.powerauth.rest.api.jaxrs.converter.SignatureTypeConverter)2
NonPersonalizedEncryptedPayloadModel (io.getlime.security.powerauth.rest.api.model.entity.NonPersonalizedEncryptedPayloadModel)2
TokenCreateRequest (io.getlime.security.powerauth.rest.api.model.request.TokenCreateRequest)2
TokenRemoveRequest (io.getlime.security.powerauth.rest.api.model.request.TokenRemoveRequest)2
VaultUnlockRequest (io.getlime.security.powerauth.rest.api.model.request.VaultUnlockRequest)2
ActivationCreateResponse (io.getlime.security.powerauth.rest.api.model.response.ActivationCreateResponse)2
ActivationRemoveResponse (io.getlime.security.powerauth.rest.api.model.response.ActivationRemoveResponse)2
