Examples with PowerAuthApiAuthentication io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication used on opensource projects

Example 1 with PowerAuthApiAuthentication

use of io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication in project powerauth-restful-integration by lime-company.

the class TokenController method createToken.

@POST
@Consumes({ MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_JSON })
@Path("create")
public ObjectResponse<TokenCreateResponse> createToken(ObjectRequest<TokenCreateRequest> request, @HeaderParam(PowerAuthTokenHttpHeader.HEADER_NAME) String tokenHeader) throws RemoteException, PowerAuthAuthenticationException {
    try {
        PowerAuthApiAuthentication authentication = authenticationProvider.validateToken(tokenHeader, Arrays.asList(PowerAuthSignatureTypes.POSSESSION, PowerAuthSignatureTypes.POSSESSION_KNOWLEDGE, PowerAuthSignatureTypes.POSSESSION_BIOMETRY, PowerAuthSignatureTypes.POSSESSION_KNOWLEDGE_BIOMETRY));
        if (authentication != null && authentication.getActivationId() != null) {
            // Fetch activation ID and signature type
            final String activationId = authentication.getActivationId();
            final PowerAuthSignatureTypes signatureFactors = authentication.getSignatureFactors();
            // Fetch data from the request
            final TokenCreateRequest requestObject = request.getRequestObject();
            final String ephemeralPublicKey = requestObject.getEphemeralPublicKey();
            // Prepare a signature type converter
            SignatureTypeConverter converter = new SignatureTypeConverter();
            // Create a token
            final PowerAuthPortServiceStub.CreateTokenResponse token = powerAuthClient.createToken(activationId, ephemeralPublicKey, converter.convertFrom(signatureFactors));
            // Prepare a response
            final TokenCreateResponse responseObject = new TokenCreateResponse();
            responseObject.setMac(token.getMac());
            responseObject.setEncryptedData(token.getEncryptedData());
            return new ObjectResponse<>(responseObject);
        } else {
            throw new PowerAuthAuthenticationException();
        }
    } catch (PowerAuthAuthenticationException ex) {
        throw ex;
    } catch (Exception ex) {
        throw new PowerAuthAuthenticationException(ex.getMessage());
    }
}

Example 2 with PowerAuthApiAuthentication

use of io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication in project powerauth-restful-integration by lime-company.

the class TokenController method removeToken.

@POST
@Consumes({ MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_JSON })
@Path("remove")
public ObjectResponse<TokenRemoveResponse> removeToken(ObjectRequest<TokenRemoveRequest> request, @HeaderParam(PowerAuthTokenHttpHeader.HEADER_NAME) String tokenHeader) throws RemoteException, PowerAuthAuthenticationException {
    try {
        PowerAuthApiAuthentication authentication = authenticationProvider.validateToken(tokenHeader, Arrays.asList(PowerAuthSignatureTypes.POSSESSION, PowerAuthSignatureTypes.POSSESSION_KNOWLEDGE, PowerAuthSignatureTypes.POSSESSION_BIOMETRY, PowerAuthSignatureTypes.POSSESSION_KNOWLEDGE_BIOMETRY));
        if (authentication != null && authentication.getActivationId() != null) {
            // Fetch activation ID
            final String activationId = authentication.getActivationId();
            // Fetch token ID from the request
            final TokenRemoveRequest requestObject = request.getRequestObject();
            final String tokenId = requestObject.getTokenId();
            // Remove a token, ignore response, since the endpoint should quietly return
            powerAuthClient.removeToken(tokenId, activationId);
            // Prepare a response
            final TokenRemoveResponse responseObject = new TokenRemoveResponse();
            responseObject.setTokenId(requestObject.getTokenId());
            return new ObjectResponse<>(responseObject);
        } else {
            throw new PowerAuthAuthenticationException();
        }
    } catch (PowerAuthAuthenticationException ex) {
        throw ex;
    } catch (Exception ex) {
        throw new PowerAuthAuthenticationException(ex.getMessage());
    }
}

Example 3 with PowerAuthApiAuthentication

use of io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication in project powerauth-restful-integration by lime-company.

the class PowerAuthAuthenticationProvider method copyAuthenticationAttributes.

/**
 * Prepare API initialized authentication object with provided authentication attributes.
 *
 * @param activationId Activation ID.
 * @param userId User ID.
 * @param applicationId Application ID.
 * @param signatureType Signature Type.
 * @return Initialized instance of API authentication.
 */
private PowerAuthApiAuthentication copyAuthenticationAttributes(String activationId, String userId, Long applicationId, PowerAuthSignatureTypes signatureType) {
    PowerAuthApiAuthentication apiAuthentication = new PowerAuthApiAuthenticationImpl();
    apiAuthentication.setActivationId(activationId);
    apiAuthentication.setUserId(userId);
    apiAuthentication.setApplicationId(applicationId);
    apiAuthentication.setSignatureFactors(signatureType);
    return apiAuthentication;
}

Example 4 with PowerAuthApiAuthentication

use of io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication in project powerauth-restful-integration by lime-company.

the class PowerAuthAuthenticationProvider method validateRequestSignature.

/**
 * Validate the signature from the PowerAuth 2.0 HTTP header against the provided HTTP method, request body and URI identifier.
 * Make sure to accept only allowed signatures.
 * @param httpMethod HTTP method (GET, POST, ...)
 * @param httpBody Body of the HTTP request.
 * @param requestUriIdentifier Request URI identifier.
 * @param httpAuthorizationHeader PowerAuth 2.0 HTTP authorization header.
 * @param allowedSignatureTypes Allowed types of the signature.
 * @return Instance of a PowerAuthApiAuthenticationImpl on successful authorization.
 * @throws PowerAuthAuthenticationException In case authorization fails, exception is raised.
 */
public PowerAuthApiAuthentication validateRequestSignature(String httpMethod, byte[] httpBody, String requestUriIdentifier, String httpAuthorizationHeader, List<PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException {
    // Check for HTTP PowerAuth signature header
    if (httpAuthorizationHeader == null || httpAuthorizationHeader.equals("undefined")) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_SIGNATURE_INVALID_EMPTY");
    }
    // Parse HTTP header
    PowerAuthSignatureHttpHeader header = new PowerAuthSignatureHttpHeader().fromValue(httpAuthorizationHeader);
    // Validate the header
    try {
        PowerAuthSignatureHttpHeaderValidator.validate(header);
    } catch (InvalidPowerAuthHttpHeaderException e) {
        throw new PowerAuthAuthenticationException(e.getMessage());
    }
    // Check if the signature type is allowed
    PowerAuthSignatureTypes expectedSignatureType = PowerAuthSignatureTypes.getEnumFromString(header.getSignatureType());
    if (!allowedSignatureTypes.contains(expectedSignatureType)) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_SIGNATURE_TYPE_INVALID");
    }
    // Configure PowerAuth authentication object
    PowerAuthSignatureAuthentication powerAuthAuthentication = new PowerAuthSignatureAuthenticationImpl();
    powerAuthAuthentication.setActivationId(header.getActivationId());
    powerAuthAuthentication.setApplicationKey(header.getApplicationKey());
    powerAuthAuthentication.setNonce(BaseEncoding.base64().decode(header.getNonce()));
    powerAuthAuthentication.setSignatureType(header.getSignatureType());
    powerAuthAuthentication.setSignature(header.getSignature());
    powerAuthAuthentication.setHttpMethod(httpMethod);
    powerAuthAuthentication.setRequestUri(requestUriIdentifier);
    powerAuthAuthentication.setData(httpBody);
    // Call the authentication
    PowerAuthApiAuthentication auth;
    try {
        auth = this.authenticate(powerAuthAuthentication);
    } catch (RemoteException e) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_SIGNATURE_SOAP_ERROR");
    }
    // In case authentication is null, throw PowerAuth exception
    if (auth == null) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_SIGNATURE_INVALID_VALUE");
    }
    return auth;
}

Example 5 with PowerAuthApiAuthentication

use of io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication in project powerauth-restful-integration by lime-company.

the class PowerAuthAuthenticationProvider method validateSignatureAuthentication.

/**
 * Validate signature based authentication.
 *
 * @param authentication Signature based authentication object.
 * @return API authentication object in case of successful authentication, null otherwise.
 */
private PowerAuthApiAuthentication validateSignatureAuthentication(PowerAuthSignatureAuthentication authentication) throws RemoteException {
    if (authentication.getSignatureType() != null) {
        SignatureTypeConverter converter = new SignatureTypeConverter();
        final PowerAuthPortServiceStub.SignatureType signatureType = converter.convertFrom(authentication.getSignatureType());
        PowerAuthPortServiceStub.VerifySignatureRequest soapRequest = new PowerAuthPortServiceStub.VerifySignatureRequest();
        soapRequest.setActivationId(authentication.getActivationId());
        soapRequest.setApplicationKey(authentication.getApplicationKey());
        soapRequest.setSignature(authentication.getSignature());
        soapRequest.setSignatureType(signatureType);
        soapRequest.setData(PowerAuthHttpBody.getSignatureBaseString(authentication.getHttpMethod(), authentication.getRequestUri(), authentication.getNonce(), authentication.getData()));
        PowerAuthPortServiceStub.VerifySignatureResponse soapResponse = powerAuthClient.verifySignature(soapRequest);
        if (soapResponse.getSignatureValid()) {
            PowerAuthApiAuthentication apiAuthentication = new PowerAuthApiAuthenticationImpl();
            apiAuthentication.setActivationId(soapResponse.getActivationId());
            apiAuthentication.setUserId(soapResponse.getUserId());
            apiAuthentication.setApplicationId(soapResponse.getApplicationId());
            apiAuthentication.setSignatureFactors(PowerAuthSignatureTypes.getEnumFromString(soapResponse.getSignatureType().getValue()));
            return apiAuthentication;
        } else {
            return null;
        }
    } else {
        return null;
    }
}