Example 1 with PowerAuthEncryptionHttpHeader
use of io.getlime.security.powerauth.http.PowerAuthEncryptionHttpHeader in project powerauth-restful-integration by lime-company.
the class PowerAuthEncryptionProviderBase method extractEciesEncryptionContext.
/**
* Extract context required for ECIES encryption from either encryption or signature HTTP header.
*
* @param request HTTP servlet request.
* @return Context for ECIES encryption.
* @throws PowerAuthEncryptionException Thrown when HTTP header with ECIES data is invalid.
*/
private EciesEncryptionContext extractEciesEncryptionContext(HttpServletRequest request) throws PowerAuthEncryptionException {
final String encryptionHttpHeader = request.getHeader(PowerAuthEncryptionHttpHeader.HEADER_NAME);
final String signatureHttpHeader = request.getHeader(PowerAuthSignatureHttpHeader.HEADER_NAME);
// Check that at least one PowerAuth HTTP header with parameters for ECIES is present
if (encryptionHttpHeader == null && signatureHttpHeader == null) {
logger.warn("Neither signature nor encryption HTTP header is present");
throw new PowerAuthEncryptionException();
}
// In case the PowerAuth signature HTTP header is present, use it for ECIES
if (signatureHttpHeader != null) {
// Parse signature HTTP header
final PowerAuthSignatureHttpHeader header = new PowerAuthSignatureHttpHeader().fromValue(signatureHttpHeader);
// Validate the signature HTTP header
try {
PowerAuthSignatureHttpHeaderValidator.validate(header);
} catch (InvalidPowerAuthHttpHeaderException ex) {
logger.warn("Signature HTTP header validation failed, error: {}", ex.getMessage());
logger.debug(ex.getMessage(), ex);
throw new PowerAuthEncryptionException();
}
// Construct encryption parameters object
final String applicationKey = header.getApplicationKey();
final String activationId = header.getActivationId();
final String version = header.getVersion();
return new EciesEncryptionContext(applicationKey, activationId, version, header);
} else {
// Parse encryption HTTP header
final PowerAuthEncryptionHttpHeader header = new PowerAuthEncryptionHttpHeader().fromValue(encryptionHttpHeader);
// Validate the encryption HTTP header
try {
PowerAuthEncryptionHttpHeaderValidator.validate(header);
} catch (InvalidPowerAuthHttpHeaderException ex) {
logger.warn("Encryption validation failed, error: {}", ex.getMessage());
logger.debug(ex.getMessage(), ex);
throw new PowerAuthEncryptionException();
}
// Construct encryption parameters object
final String applicationKey = header.getApplicationKey();
final String activationId = header.getActivationId();
final String version = header.getVersion();
return new EciesEncryptionContext(applicationKey, activationId, version, header);
}
}
Also used :
PowerAuthEncryptionException(io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthEncryptionException)
InvalidPowerAuthHttpHeaderException(io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException)
PowerAuthSignatureHttpHeader(io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader)
PowerAuthEncryptionHttpHeader(io.getlime.security.powerauth.http.PowerAuthEncryptionHttpHeader)
EciesEncryptionContext(io.getlime.security.powerauth.rest.api.spring.encryption.EciesEncryptionContext)
Aggregations
PowerAuthEncryptionHttpHeader (io.getlime.security.powerauth.http.PowerAuthEncryptionHttpHeader)1
PowerAuthSignatureHttpHeader (io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader)1
InvalidPowerAuthHttpHeaderException (io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException)1
EciesEncryptionContext (io.getlime.security.powerauth.rest.api.spring.encryption.EciesEncryptionContext)1
PowerAuthEncryptionException (io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthEncryptionException)1
