Search in sources :

Example 11 with PowerAuthAuthenticationException

use of io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException in project powerauth-restful-integration by lime-company.

the class PowerAuthAuthenticationProvider method validateToken.

public PowerAuthApiAuthentication validateToken(String tokenHeader, List<PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException {
    // Check for HTTP PowerAuth signature header
    if (tokenHeader == null || tokenHeader.equals("undefined")) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_INVALID_EMPTY");
    }
    // Parse HTTP header
    PowerAuthTokenHttpHeader header = new PowerAuthTokenHttpHeader().fromValue(tokenHeader);
    // Validate the header
    try {
        PowerAuthTokenHttpHeaderValidator.validate(header);
    } catch (InvalidPowerAuthHttpHeaderException e) {
        Logger.getLogger(this.getClass().getName()).log(Level.SEVERE, e.getMessage(), e);
        throw new PowerAuthAuthenticationException(e.getMessage());
    }
    // Prepare authentication object
    PowerAuthTokenAuthenticationImpl powerAuthTokenAuthentication = new PowerAuthTokenAuthenticationImpl();
    powerAuthTokenAuthentication.setTokenId(header.getTokenId());
    powerAuthTokenAuthentication.setTokenDigest(header.getTokenDigest());
    powerAuthTokenAuthentication.setNonce(header.getNonce());
    powerAuthTokenAuthentication.setTimestamp(header.getTimestamp());
    // Call the authentication based on token authentication object
    final PowerAuthApiAuthentication auth = (PowerAuthApiAuthentication) this.authenticate(powerAuthTokenAuthentication);
    // In case authentication is null, throw PowerAuth exception
    if (auth == null) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_INVALID_VALUE");
    }
    // Check if the signature type is allowed
    PowerAuthSignatureTypes expectedSignatureType = auth.getSignatureFactors();
    if (!allowedSignatureTypes.contains(expectedSignatureType)) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_SIGNATURE_TYPE_INVALID");
    }
    return auth;
}
Also used : PowerAuthTokenAuthenticationImpl(io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthTokenAuthenticationImpl) InvalidPowerAuthHttpHeaderException(io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException) PowerAuthAuthenticationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException) PowerAuthTokenHttpHeader(io.getlime.security.powerauth.http.PowerAuthTokenHttpHeader) PowerAuthApiAuthentication(io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication) PowerAuthSignatureTypes(io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes)

Example 12 with PowerAuthAuthenticationException

use of io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException in project powerauth-restful-integration by lime-company.

the class PowerAuthAuthenticationProvider method validateRequestSignature.

/**
 * Validate the signature from the PowerAuth 2.0 HTTP header against the provided HTTP method, request body and URI identifier.
 * Make sure to accept only allowed signatures.
 * @param httpMethod HTTP method (GET, POST, ...)
 * @param httpBody Body of the HTTP request.
 * @param requestUriIdentifier Request URI identifier.
 * @param httpAuthorizationHeader PowerAuth 2.0 HTTP authorization header.
 * @param allowedSignatureTypes Allowed types of the signature.
 * @return Instance of a PowerAuthApiAuthenticationImpl on successful authorization.
 * @throws PowerAuthAuthenticationException In case authorization fails, exception is raised.
 */
public PowerAuthApiAuthentication validateRequestSignature(String httpMethod, byte[] httpBody, String requestUriIdentifier, String httpAuthorizationHeader, List<PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException {
    // Check for HTTP PowerAuth signature header
    if (httpAuthorizationHeader == null || httpAuthorizationHeader.equals("undefined")) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_SIGNATURE_INVALID_EMPTY");
    }
    // Parse HTTP header
    PowerAuthSignatureHttpHeader header = new PowerAuthSignatureHttpHeader().fromValue(httpAuthorizationHeader);
    // Validate the header
    try {
        PowerAuthSignatureHttpHeaderValidator.validate(header);
    } catch (InvalidPowerAuthHttpHeaderException e) {
        Logger.getLogger(this.getClass().getName()).log(Level.SEVERE, e.getMessage(), e);
        throw new PowerAuthAuthenticationException(e.getMessage());
    }
    // Check if the application is allowed, "true" is the default behavior
    if (applicationConfiguration != null) {
        boolean isApplicationAllowed = applicationConfiguration.isAllowedApplicationKey(header.getApplicationKey());
        if (!isApplicationAllowed) {
            throw new PowerAuthAuthenticationException("POWER_AUTH_SIGNATURE_INVALID_APPLICATION_ID");
        }
    }
    // Check if the signature type is allowed
    PowerAuthSignatureTypes expectedSignatureType = PowerAuthSignatureTypes.getEnumFromString(header.getSignatureType());
    if (!allowedSignatureTypes.contains(expectedSignatureType)) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_SIGNATURE_TYPE_INVALID");
    }
    // Configure PowerAuth authentication object
    PowerAuthSignatureAuthenticationImpl powerAuthAuthentication = new PowerAuthSignatureAuthenticationImpl();
    powerAuthAuthentication.setActivationId(header.getActivationId());
    powerAuthAuthentication.setApplicationKey(header.getApplicationKey());
    powerAuthAuthentication.setNonce(BaseEncoding.base64().decode(header.getNonce()));
    powerAuthAuthentication.setSignatureType(header.getSignatureType());
    powerAuthAuthentication.setSignature(header.getSignature());
    powerAuthAuthentication.setHttpMethod(httpMethod);
    powerAuthAuthentication.setRequestUri(requestUriIdentifier);
    powerAuthAuthentication.setData(httpBody);
    // Call the authentication based on signature authentication object
    PowerAuthApiAuthentication auth = (PowerAuthApiAuthentication) this.authenticate(powerAuthAuthentication);
    // In case authentication is null, throw PowerAuth exception
    if (auth == null) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_SIGNATURE_INVALID_VALUE");
    }
    return auth;
}
Also used : PowerAuthSignatureAuthenticationImpl(io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthSignatureAuthenticationImpl) InvalidPowerAuthHttpHeaderException(io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException) PowerAuthAuthenticationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException) PowerAuthSignatureHttpHeader(io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader) PowerAuthSignatureTypes(io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes) PowerAuthApiAuthentication(io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication)

Example 13 with PowerAuthAuthenticationException

use of io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException in project powerauth-restful-integration by lime-company.

the class ActivationController method removeActivation.

/**
 * Get activation status.
 * @param signatureHeader PowerAuth signature HTTP header.
 * @return PowerAuth RESTful response with {@link ActivationRemoveResponse} payload.
 * @throws PowerAuthAuthenticationException In case the signature validation fails.
 * @throws RemoteException In case SOAP communication fails
 */
@POST
@Consumes({ MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_JSON })
@Path("remove")
public ObjectResponse<ActivationRemoveResponse> removeActivation(@HeaderParam(PowerAuthSignatureHttpHeader.HEADER_NAME) String signatureHeader) throws PowerAuthAuthenticationException, PowerAuthActivationException {
    try {
        PowerAuthApiAuthentication apiAuthentication = authenticationProvider.validateRequestSignature("POST", null, "/pa/activation/remove", signatureHeader);
        if (apiAuthentication != null && apiAuthentication.getActivationId() != null) {
            PowerAuthPortServiceStub.RemoveActivationResponse soapResponse = powerAuthClient.removeActivation(apiAuthentication.getActivationId());
            ActivationRemoveResponse response = new ActivationRemoveResponse();
            response.setActivationId(soapResponse.getActivationId());
            return new ObjectResponse<>(response);
        } else {
            throw new PowerAuthAuthenticationException("USER_NOT_AUTHENTICATED");
        }
    } catch (PowerAuthAuthenticationException ex) {
        throw ex;
    } catch (Exception ex) {
        throw new PowerAuthActivationException();
    }
}
Also used : PowerAuthActivationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthActivationException) ActivationRemoveResponse(io.getlime.security.powerauth.rest.api.model.response.ActivationRemoveResponse) PowerAuthAuthenticationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException) PowerAuthApiAuthentication(io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication) PowerAuthPortServiceStub(io.getlime.powerauth.soap.PowerAuthPortServiceStub) ObjectResponse(io.getlime.core.rest.model.base.response.ObjectResponse) PowerAuthAuthenticationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException) RemoteException(java.rmi.RemoteException) PowerAuthActivationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthActivationException)

Example 14 with PowerAuthAuthenticationException

use of io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException in project powerauth-restful-integration by lime-company.

the class PowerAuthAuthenticationProvider method validateToken.

@Override
public PowerAuthApiAuthentication validateToken(String tokenHeader, List<PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException {
    // Check for HTTP PowerAuth signature header
    if (tokenHeader == null || tokenHeader.equals("undefined")) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_INVALID_EMPTY");
    }
    // Parse HTTP header
    PowerAuthTokenHttpHeader header = new PowerAuthTokenHttpHeader().fromValue(tokenHeader);
    // Validate the header
    try {
        PowerAuthTokenHttpHeaderValidator.validate(header);
    } catch (InvalidPowerAuthHttpHeaderException e) {
        throw new PowerAuthAuthenticationException(e.getMessage());
    }
    // Prepare authentication object
    PowerAuthTokenAuthentication powerAuthTokenAuthentication = new PowerAuthTokenAuthenticationImpl();
    powerAuthTokenAuthentication.setTokenId(header.getTokenId());
    powerAuthTokenAuthentication.setTokenDigest(header.getTokenDigest());
    powerAuthTokenAuthentication.setNonce(header.getNonce());
    powerAuthTokenAuthentication.setTimestamp(header.getTimestamp());
    // Call the authentication based on token authentication object
    final PowerAuthApiAuthentication auth;
    try {
        auth = this.authenticate(powerAuthTokenAuthentication);
    } catch (RemoteException e) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_SOAP_ERROR");
    }
    // In case authentication is null, throw PowerAuth exception
    if (auth == null) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_INVALID_VALUE");
    }
    // Check if the signature type is allowed
    PowerAuthSignatureTypes expectedSignatureType = auth.getSignatureFactors();
    if (!allowedSignatureTypes.contains(expectedSignatureType)) {
        throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_SIGNATURE_TYPE_INVALID");
    }
    return auth;
}
Also used : PowerAuthTokenAuthenticationImpl(io.getlime.security.powerauth.rest.api.jaxrs.authentication.PowerAuthTokenAuthenticationImpl) InvalidPowerAuthHttpHeaderException(io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException) PowerAuthAuthenticationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException) PowerAuthTokenAuthentication(io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthTokenAuthentication) PowerAuthTokenHttpHeader(io.getlime.security.powerauth.http.PowerAuthTokenHttpHeader) RemoteException(java.rmi.RemoteException) PowerAuthApiAuthentication(io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication) PowerAuthSignatureTypes(io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes)

Aggregations

PowerAuthAuthenticationException (io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException)14 PowerAuthApiAuthentication (io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication)9 ObjectResponse (io.getlime.core.rest.model.base.response.ObjectResponse)8 PowerAuthSignatureTypes (io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes)6 InvalidPowerAuthHttpHeaderException (io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException)6 RemoteException (java.rmi.RemoteException)5 PowerAuthSignatureHttpHeader (io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader)4 PowerAuthPortServiceStub (io.getlime.powerauth.soap.PowerAuthPortServiceStub)3 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)3 PowerAuthTokenHttpHeader (io.getlime.security.powerauth.http.PowerAuthTokenHttpHeader)2 PowerAuthActivationException (io.getlime.security.powerauth.rest.api.base.exception.PowerAuthActivationException)2 PowerAuthSecureVaultException (io.getlime.security.powerauth.rest.api.base.exception.PowerAuthSecureVaultException)2 SignatureTypeConverter (io.getlime.security.powerauth.rest.api.jaxrs.converter.SignatureTypeConverter)2 TokenCreateRequest (io.getlime.security.powerauth.rest.api.model.request.TokenCreateRequest)2 TokenRemoveRequest (io.getlime.security.powerauth.rest.api.model.request.TokenRemoveRequest)2 VaultUnlockRequest (io.getlime.security.powerauth.rest.api.model.request.VaultUnlockRequest)2 ActivationRemoveResponse (io.getlime.security.powerauth.rest.api.model.response.ActivationRemoveResponse)2 TokenCreateResponse (io.getlime.security.powerauth.rest.api.model.response.TokenCreateResponse)2 TokenRemoveResponse (io.getlime.security.powerauth.rest.api.model.response.TokenRemoveResponse)2 VaultUnlockResponse (io.getlime.security.powerauth.rest.api.model.response.VaultUnlockResponse)2