Examples with PowerAuthSignatureTypes io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes used on opensource projects

Example 1 with PowerAuthSignatureTypes

use of io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes in project powerauth-restful-integration by lime-company.

the class TokenController method createToken.

@POST
@Consumes({ MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_JSON })
@Path("create")
public ObjectResponse<TokenCreateResponse> createToken(ObjectRequest<TokenCreateRequest> request, @HeaderParam(PowerAuthTokenHttpHeader.HEADER_NAME) String tokenHeader) throws RemoteException, PowerAuthAuthenticationException {
    try {
        PowerAuthApiAuthentication authentication = authenticationProvider.validateToken(tokenHeader, Arrays.asList(PowerAuthSignatureTypes.POSSESSION, PowerAuthSignatureTypes.POSSESSION_KNOWLEDGE, PowerAuthSignatureTypes.POSSESSION_BIOMETRY, PowerAuthSignatureTypes.POSSESSION_KNOWLEDGE_BIOMETRY));
        if (authentication != null && authentication.getActivationId() != null) {
            // Fetch activation ID and signature type
            final String activationId = authentication.getActivationId();
            final PowerAuthSignatureTypes signatureFactors = authentication.getSignatureFactors();
            // Fetch data from the request
            final TokenCreateRequest requestObject = request.getRequestObject();
            final String ephemeralPublicKey = requestObject.getEphemeralPublicKey();
            // Prepare a signature type converter
            SignatureTypeConverter converter = new SignatureTypeConverter();
            // Create a token
            final PowerAuthPortServiceStub.CreateTokenResponse token = powerAuthClient.createToken(activationId, ephemeralPublicKey, converter.convertFrom(signatureFactors));
            // Prepare a response
            final TokenCreateResponse responseObject = new TokenCreateResponse();
            responseObject.setMac(token.getMac());
            responseObject.setEncryptedData(token.getEncryptedData());
            return new ObjectResponse<>(responseObject);
        } else {
            throw new PowerAuthAuthenticationException();
        }
    } catch (PowerAuthAuthenticationException ex) {
        throw ex;
    } catch (Exception ex) {
        throw new PowerAuthAuthenticationException(ex.getMessage());
    }
}

Example 2 with PowerAuthSignatureTypes

use of io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes in project powerauth-restful-integration by lime-company.

the class PowerAuthAuthenticationProvider method validateRequestSignature.

/**
 * Validate the signature from the PowerAuth 2.0 HTTP header against the provided HTTP method, request body and URI identifier.
 * Make sure to accept only allowed signatures.
 * @param httpMethod HTTP method (GET, POST, ...)
 * @param httpBody Body of the HTTP request.
 * @param requestUriIdentifier Request URI identifier.
 * @param httpAuthorizationHeader PowerAuth 2.0 HTTP authorization header.
 * @param allowedSignatureTypes Allowed types of the signature.
 * @return Instance of a PowerAuthApiAuthenticationImpl on successful authorization.
 * @throws PowerAuthAuthenticationException In case authorization fails, exception is raised.
 */
public PowerAuthApiAuthentication validateRequestSignature(String httpMethod, byte[] httpBody, String requestUriIdentifier, String httpAuthorizationHeader, List<PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException {
    // Check for HTTP PowerAuth signature header
    if (httpAuthorizationHeader == null || httpAuthorizationHeader.equals("undefined")) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_SIGNATURE_INVALID_EMPTY");
    }
    // Parse HTTP header
    PowerAuthSignatureHttpHeader header = new PowerAuthSignatureHttpHeader().fromValue(httpAuthorizationHeader);
    // Validate the header
    try {
        PowerAuthSignatureHttpHeaderValidator.validate(header);
    } catch (InvalidPowerAuthHttpHeaderException e) {
        throw new PowerAuthAuthenticationException(e.getMessage());
    }
    // Check if the signature type is allowed
    PowerAuthSignatureTypes expectedSignatureType = PowerAuthSignatureTypes.getEnumFromString(header.getSignatureType());
    if (!allowedSignatureTypes.contains(expectedSignatureType)) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_SIGNATURE_TYPE_INVALID");
    }
    // Configure PowerAuth authentication object
    PowerAuthSignatureAuthentication powerAuthAuthentication = new PowerAuthSignatureAuthenticationImpl();
    powerAuthAuthentication.setActivationId(header.getActivationId());
    powerAuthAuthentication.setApplicationKey(header.getApplicationKey());
    powerAuthAuthentication.setNonce(BaseEncoding.base64().decode(header.getNonce()));
    powerAuthAuthentication.setSignatureType(header.getSignatureType());
    powerAuthAuthentication.setSignature(header.getSignature());
    powerAuthAuthentication.setHttpMethod(httpMethod);
    powerAuthAuthentication.setRequestUri(requestUriIdentifier);
    powerAuthAuthentication.setData(httpBody);
    // Call the authentication
    PowerAuthApiAuthentication auth;
    try {
        auth = this.authenticate(powerAuthAuthentication);
    } catch (RemoteException e) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_SIGNATURE_SOAP_ERROR");
    }
    // In case authentication is null, throw PowerAuth exception
    if (auth == null) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_SIGNATURE_INVALID_VALUE");
    }
    return auth;
}

Example 3 with PowerAuthSignatureTypes

use of io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes in project powerauth-restful-integration by lime-company.

the class TokenService method createToken.

/**
 * Create token.
 * @param request Create token request.
 * @param authentication PowerAuth API authentication.
 * @return Create token response.
 * @throws PowerAuthAuthenticationException In case token could not be created.
 */
public TokenCreateResponse createToken(TokenCreateRequest request, PowerAuthApiAuthentication authentication) throws PowerAuthAuthenticationException {
    try {
        // Fetch activation ID and signature type
        final String activationId = authentication.getActivationContext().getActivationId();
        final PowerAuthSignatureTypes signatureFactors = authentication.getAuthenticationContext().getSignatureType();
        // Fetch data from the request
        final String ephemeralPublicKey = request.getEphemeralPublicKey();
        // Prepare a signature type converter
        SignatureTypeConverter converter = new SignatureTypeConverter();
        // Create a token
        final CreateTokenResponse token = powerAuthClient.v2().createToken(activationId, ephemeralPublicKey, converter.convertFrom(signatureFactors));
        // Prepare a response
        final TokenCreateResponse response = new TokenCreateResponse();
        response.setMac(token.getMac());
        response.setEncryptedData(token.getEncryptedData());
        return response;
    } catch (Exception ex) {
        logger.warn("Creating PowerAuth token failed, error: {}", ex.getMessage());
        logger.debug(ex.getMessage(), ex);
        throw new PowerAuthTokenErrorException();
    }
}

Example 4 with PowerAuthSignatureTypes

use of io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes in project powerauth-restful-integration by lime-company.

the class PowerAuthAuthenticationProvider method validateRequestSignatureWithActivationDetails.

@Override
@Nonnull
public PowerAuthApiAuthentication validateRequestSignatureWithActivationDetails(@Nonnull String httpMethod, @Nullable byte[] httpBody, @Nonnull String requestUriIdentifier, @Nonnull String httpAuthorizationHeader, @Nonnull List<PowerAuthSignatureTypes> allowedSignatureTypes, @Nullable Integer forcedSignatureVersion) throws PowerAuthAuthenticationException {
    // Check for HTTP PowerAuth signature header
    if (httpAuthorizationHeader.equals("undefined")) {
        logger.warn("Signature HTTP header is missing");
        throw new PowerAuthHeaderMissingException();
    }
    // Parse HTTP header
    final PowerAuthSignatureHttpHeader header = new PowerAuthSignatureHttpHeader().fromValue(httpAuthorizationHeader);
    // Validate the header
    try {
        PowerAuthSignatureHttpHeaderValidator.validate(header);
    } catch (InvalidPowerAuthHttpHeaderException ex) {
        logger.warn("Signature HTTP header validation failed, error: {}", ex.getMessage());
        logger.debug(ex.getMessage(), ex);
        throw new PowerAuthSignatureInvalidException();
    }
    // Check if the signature type is allowed
    final PowerAuthSignatureTypes expectedSignatureType = PowerAuthSignatureTypes.getEnumFromString(header.getSignatureType());
    if (expectedSignatureType == null || !allowedSignatureTypes.contains(expectedSignatureType)) {
        logger.warn("Invalid signature type: {}", expectedSignatureType);
        throw new PowerAuthSignatureTypeInvalidException();
    }
    // Configure PowerAuth authentication object
    final PowerAuthSignatureAuthenticationImpl powerAuthAuthentication = new PowerAuthSignatureAuthenticationImpl();
    powerAuthAuthentication.setActivationId(header.getActivationId());
    powerAuthAuthentication.setApplicationKey(header.getApplicationKey());
    powerAuthAuthentication.setNonce(BaseEncoding.base64().decode(header.getNonce()));
    powerAuthAuthentication.setSignatureType(header.getSignatureType());
    powerAuthAuthentication.setSignature(header.getSignature());
    powerAuthAuthentication.setHttpMethod(httpMethod);
    powerAuthAuthentication.setRequestUri(requestUriIdentifier);
    powerAuthAuthentication.setData(httpBody);
    powerAuthAuthentication.setVersion(header.getVersion());
    powerAuthAuthentication.setHttpHeader(header);
    powerAuthAuthentication.setForcedSignatureVersion(forcedSignatureVersion);
    // Call the authentication based on signature authentication object
    final PowerAuthApiAuthentication auth = (PowerAuthApiAuthentication) this.authenticate(powerAuthAuthentication);
    // In case authentication is null, throw PowerAuth exception
    if (auth == null) {
        logger.debug("Signature validation failed");
        throw new PowerAuthSignatureInvalidException();
    }
    return auth;
}

Example 5 with PowerAuthSignatureTypes

use of io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes in project powerauth-restful-integration by lime-company.

the class UpgradeService method upgradeCommit.

/**
 * Commit upgrade of activation to version 3.
 * @param signatureHeader PowerAuth signature HTTP header.
 * @param httpServletRequest HTTP servlet request.
 * @return Commit upgrade response.
 * @throws PowerAuthAuthenticationException in case authentication fails.
 * @throws PowerAuthUpgradeException In case upgrade commit fails.
 */
public Response upgradeCommit(String signatureHeader, HttpServletRequest httpServletRequest) throws PowerAuthAuthenticationException, PowerAuthUpgradeException {
    try {
        // Extract request body
        final byte[] requestBodyBytes = authenticationProvider.extractRequestBodyBytes(httpServletRequest);
        if (requestBodyBytes == null || requestBodyBytes.length == 0) {
            // Expected request body is {}, do not accept empty body
            logger.warn("Empty request body");
            throw new PowerAuthInvalidRequestException();
        }
        // Verify signature, force signature version during upgrade to version 3
        final List<PowerAuthSignatureTypes> allowedSignatureTypes = Collections.singletonList(PowerAuthSignatureTypes.POSSESSION);
        final PowerAuthApiAuthentication authentication = authenticationProvider.validateRequestSignatureWithActivationDetails("POST", requestBodyBytes, "/pa/upgrade/commit", signatureHeader, allowedSignatureTypes, 3);
        // In case signature verification fails, upgrade fails, too
        if (!authentication.getAuthenticationContext().isValid() || authentication.getActivationContext().getActivationId() == null) {
            logger.debug("Signature validation failed");
            throw new PowerAuthSignatureInvalidException();
        }
        // Get signature HTTP headers
        final String activationId = authentication.getActivationContext().getActivationId();
        final PowerAuthSignatureHttpHeader httpHeader = (PowerAuthSignatureHttpHeader) authentication.getHttpHeader();
        final String applicationKey = httpHeader.getApplicationKey();
        // Commit upgrade on PowerAuth server
        final CommitUpgradeResponse upgradeResponse = powerAuthClient.commitUpgrade(activationId, applicationKey);
        if (upgradeResponse.isCommitted()) {
            return new Response();
        } else {
            logger.debug("Upgrade commit failed");
            throw new PowerAuthUpgradeException();
        }
    } catch (PowerAuthAuthenticationException ex) {
        throw ex;
    } catch (Exception ex) {
        logger.warn("PowerAuth upgrade commit failed, error: {}", ex.getMessage());
        logger.debug(ex.getMessage(), ex);
        throw new PowerAuthUpgradeException();
    }
}