Examples with PowerAuthSignatureTypes io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes used on opensource projects

Example 6 with PowerAuthSignatureTypes

use of io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes in project powerauth-restful-integration by lime-company.

the class PowerAuthAnnotationInterceptor method preHandle.

@Override
public boolean preHandle(@NonNull HttpServletRequest request, @NonNull HttpServletResponse response, @NonNull Object handler) {
    // requests before the actual requests.
    if (handler instanceof HandlerMethod) {
        final HandlerMethod handlerMethod = (HandlerMethod) handler;
        // Obtain annotations
        PowerAuth powerAuthSignatureAnnotation = handlerMethod.getMethodAnnotation(PowerAuth.class);
        PowerAuthToken powerAuthTokenAnnotation = handlerMethod.getMethodAnnotation(PowerAuthToken.class);
        PowerAuthEncryption powerAuthEncryptionAnnotation = handlerMethod.getMethodAnnotation(PowerAuthEncryption.class);
        // Check that either signature or token annotation is active
        if (powerAuthSignatureAnnotation != null && powerAuthTokenAnnotation != null) {
            logger.warn("You cannot use both @PowerAuth and @PowerAuthToken on same handler method. We are removing both.");
            powerAuthSignatureAnnotation = null;
            powerAuthTokenAnnotation = null;
        }
        // sign-then-encrypt sequence in case both authorization and encryption are used.
        if (powerAuthEncryptionAnnotation != null) {
            final Type requestType = resolveGenericParameterTypeForEcies(handlerMethod);
            try {
                encryptionProvider.decryptRequest(request, requestType, powerAuthEncryptionAnnotation.scope());
            // Encryption object is saved in HTTP servlet request by encryption provider, so that it is available for Spring
            } catch (PowerAuthEncryptionException ex) {
                logger.warn("Decryption failed, error: {}", ex.getMessage());
                logger.debug("Error details", ex);
            }
        }
        // Resolve @PowerAuth annotation
        if (powerAuthSignatureAnnotation != null) {
            try {
                final String resourceId = expandResourceId(powerAuthSignatureAnnotation.resourceId(), request, handlerMethod);
                final String header = request.getHeader(PowerAuthSignatureHttpHeader.HEADER_NAME);
                final List<PowerAuthSignatureTypes> signatureTypes = Arrays.asList(powerAuthSignatureAnnotation.signatureType());
                final PowerAuthApiAuthentication authentication = authenticationProvider.validateRequestSignatureWithActivationDetails(request, resourceId, header, signatureTypes);
                request.setAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT, authentication);
            } catch (PowerAuthAuthenticationException ex) {
                logger.warn("Invalid request signature, authentication object was removed");
                request.setAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT, null);
            }
        }
        // Resolve @PowerAuthToken annotation
        if (powerAuthTokenAnnotation != null) {
            try {
                final String header = request.getHeader(PowerAuthTokenHttpHeader.HEADER_NAME);
                final List<PowerAuthSignatureTypes> signatureTypes = Arrays.asList(powerAuthTokenAnnotation.signatureType());
                final PowerAuthApiAuthentication authentication = authenticationProvider.validateTokenWithActivationDetails(header, signatureTypes);
                request.setAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT, authentication);
            } catch (PowerAuthAuthenticationException ex) {
                logger.warn("Invalid token, authentication object was removed");
                request.setAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT, null);
            }
        }
    }
    return true;
}

Example 7 with PowerAuthSignatureTypes

use of io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes in project powerauth-restful-integration by lime-company.

the class PowerAuthAuthenticationProvider method validateTokenWithActivationDetails.

@Nonnull
@Override
public PowerAuthApiAuthentication validateTokenWithActivationDetails(@Nonnull String tokenHeader, @Nonnull List<PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException {
    // Check for HTTP PowerAuth signature header
    if (tokenHeader.equals("undefined")) {
        logger.warn("Token HTTP header is missing");
        throw new PowerAuthHeaderMissingException();
    }
    // Parse HTTP header
    final PowerAuthTokenHttpHeader header = new PowerAuthTokenHttpHeader().fromValue(tokenHeader);
    // Validate the header
    try {
        PowerAuthTokenHttpHeaderValidator.validate(header);
    } catch (InvalidPowerAuthHttpHeaderException ex) {
        logger.warn("Token validation failed, error: {}", ex.getMessage());
        logger.debug(ex.getMessage(), ex);
        throw new PowerAuthTokenInvalidException();
    }
    // Prepare authentication object
    final PowerAuthTokenAuthenticationImpl powerAuthTokenAuthentication = new PowerAuthTokenAuthenticationImpl();
    powerAuthTokenAuthentication.setTokenId(header.getTokenId());
    powerAuthTokenAuthentication.setTokenDigest(header.getTokenDigest());
    powerAuthTokenAuthentication.setNonce(header.getNonce());
    powerAuthTokenAuthentication.setTimestamp(header.getTimestamp());
    powerAuthTokenAuthentication.setVersion(header.getVersion());
    powerAuthTokenAuthentication.setHttpHeader(header);
    // Call the authentication based on token authentication object
    final PowerAuthApiAuthentication auth = (PowerAuthApiAuthentication) this.authenticate(powerAuthTokenAuthentication);
    // In case authentication is null, throw PowerAuth exception
    if (auth == null) {
        logger.debug("Invalid token value");
        throw new PowerAuthTokenInvalidException();
    }
    // Check if the signature type is allowed
    final PowerAuthSignatureTypes expectedSignatureType = auth.getAuthenticationContext().getSignatureType();
    if (expectedSignatureType == null || !allowedSignatureTypes.contains(expectedSignatureType)) {
        logger.warn("Invalid signature type in token validation: {}", expectedSignatureType);
        throw new PowerAuthSignatureTypeInvalidException();
    }
    return auth;
}

Example 8 with PowerAuthSignatureTypes

use of io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes in project powerauth-restful-integration by lime-company.

the class TokenService method createToken.

/**
 * Create token.
 *
 * @param request        ECIES encrypted create token request.
 * @param authentication PowerAuth API authentication object.
 * @return ECIES encrypted create token response.
 * @throws PowerAuthAuthenticationException In case token could not be created.
 */
public EciesEncryptedResponse createToken(EciesEncryptedRequest request, PowerAuthApiAuthentication authentication) throws PowerAuthAuthenticationException {
    try {
        // Fetch activation ID and signature type
        final PowerAuthSignatureTypes signatureFactors = authentication.getAuthenticationContext().getSignatureType();
        // Fetch data from the request
        final String ephemeralPublicKey = request.getEphemeralPublicKey();
        final String encryptedData = request.getEncryptedData();
        final String mac = request.getMac();
        final String nonce = request.getNonce();
        // Prepare a signature type converter
        final SignatureTypeConverter converter = new SignatureTypeConverter();
        final SignatureType signatureType = converter.convertFrom(signatureFactors);
        if (signatureType == null) {
            logger.warn("Invalid signature type: {}", signatureFactors);
            throw new PowerAuthSignatureTypeInvalidException();
        }
        // Get ECIES headers
        final String activationId = authentication.getActivationContext().getActivationId();
        final PowerAuthSignatureHttpHeader httpHeader = (PowerAuthSignatureHttpHeader) authentication.getHttpHeader();
        final String applicationKey = httpHeader.getApplicationKey();
        // Create a token
        final CreateTokenResponse token = powerAuthClient.createToken(activationId, applicationKey, ephemeralPublicKey, encryptedData, mac, nonce, signatureType);
        // Prepare a response
        final EciesEncryptedResponse response = new EciesEncryptedResponse();
        response.setMac(token.getMac());
        response.setEncryptedData(token.getEncryptedData());
        return response;
    } catch (Exception ex) {
        logger.warn("Creating PowerAuth token failed, error: {}", ex.getMessage());
        logger.debug(ex.getMessage(), ex);
        throw new PowerAuthTokenErrorException();
    }
}

Example 9 with PowerAuthSignatureTypes

use of io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes in project powerauth-restful-integration by lime-company.

the class TokenController method createToken.

@RequestMapping(value = "create", method = RequestMethod.POST)
@PowerAuth(resourceId = "/pa/token/create", signatureType = { PowerAuthSignatureTypes.POSSESSION, PowerAuthSignatureTypes.POSSESSION_KNOWLEDGE, PowerAuthSignatureTypes.POSSESSION_BIOMETRY, PowerAuthSignatureTypes.POSSESSION_KNOWLEDGE_BIOMETRY })
@ResponseBody
public ObjectResponse<TokenCreateResponse> createToken(@RequestBody ObjectRequest<TokenCreateRequest> request, PowerAuthApiAuthentication authentication) throws PowerAuthAuthenticationException {
    try {
        if (authentication != null && authentication.getActivationId() != null) {
            // Fetch activation ID and signature type
            final String activationId = authentication.getActivationId();
            final PowerAuthSignatureTypes signatureFactors = authentication.getSignatureFactors();
            // Fetch data from the request
            final TokenCreateRequest requestObject = request.getRequestObject();
            final String ephemeralPublicKey = requestObject.getEphemeralPublicKey();
            // Prepare a signature type converter
            SignatureTypeConverter converter = new SignatureTypeConverter();
            // Create a token
            final CreateTokenResponse token = powerAuthClient.createToken(activationId, ephemeralPublicKey, converter.convertFrom(signatureFactors));
            // Prepare a response
            final TokenCreateResponse responseObject = new TokenCreateResponse();
            responseObject.setMac(token.getMac());
            responseObject.setEncryptedData(token.getEncryptedData());
            return new ObjectResponse<>(responseObject);
        } else {
            throw new PowerAuthAuthenticationException();
        }
    } catch (PowerAuthAuthenticationException ex) {
        throw ex;
    } catch (Exception ex) {
        throw new PowerAuthAuthenticationException(ex.getMessage());
    }
}

Example 10 with PowerAuthSignatureTypes

use of io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes in project powerauth-restful-integration by lime-company.

the class PowerAuthAuthenticationProvider method validateToken.

public PowerAuthApiAuthentication validateToken(String tokenHeader, List<PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException {
    // Check for HTTP PowerAuth signature header
    if (tokenHeader == null || tokenHeader.equals("undefined")) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_INVALID_EMPTY");
    }
    // Parse HTTP header
    PowerAuthTokenHttpHeader header = new PowerAuthTokenHttpHeader().fromValue(tokenHeader);
    // Validate the header
    try {
        PowerAuthTokenHttpHeaderValidator.validate(header);
    } catch (InvalidPowerAuthHttpHeaderException e) {
        Logger.getLogger(this.getClass().getName()).log(Level.SEVERE, e.getMessage(), e);
        throw new PowerAuthAuthenticationException(e.getMessage());
    }
    // Prepare authentication object
    PowerAuthTokenAuthenticationImpl powerAuthTokenAuthentication = new PowerAuthTokenAuthenticationImpl();
    powerAuthTokenAuthentication.setTokenId(header.getTokenId());
    powerAuthTokenAuthentication.setTokenDigest(header.getTokenDigest());
    powerAuthTokenAuthentication.setNonce(header.getNonce());
    powerAuthTokenAuthentication.setTimestamp(header.getTimestamp());
    // Call the authentication based on token authentication object
    final PowerAuthApiAuthentication auth = (PowerAuthApiAuthentication) this.authenticate(powerAuthTokenAuthentication);
    // In case authentication is null, throw PowerAuth exception
    if (auth == null) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_INVALID_VALUE");
    }
    // Check if the signature type is allowed
    PowerAuthSignatureTypes expectedSignatureType = auth.getSignatureFactors();
    if (!allowedSignatureTypes.contains(expectedSignatureType)) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_SIGNATURE_TYPE_INVALID");
    }
    return auth;
}