use of io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException in project powerauth-restful-integration by lime-company.
the class PowerAuthAuthenticationProvider method validateToken.
public PowerAuthApiAuthentication validateToken(String tokenHeader, List<PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException {
// Check for HTTP PowerAuth signature header
if (tokenHeader == null || tokenHeader.equals("undefined")) {
throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_INVALID_EMPTY");
}
// Parse HTTP header
PowerAuthTokenHttpHeader header = new PowerAuthTokenHttpHeader().fromValue(tokenHeader);
// Validate the header
try {
PowerAuthTokenHttpHeaderValidator.validate(header);
} catch (InvalidPowerAuthHttpHeaderException e) {
Logger.getLogger(this.getClass().getName()).log(Level.SEVERE, e.getMessage(), e);
throw new PowerAuthAuthenticationException(e.getMessage());
}
// Prepare authentication object
PowerAuthTokenAuthenticationImpl powerAuthTokenAuthentication = new PowerAuthTokenAuthenticationImpl();
powerAuthTokenAuthentication.setTokenId(header.getTokenId());
powerAuthTokenAuthentication.setTokenDigest(header.getTokenDigest());
powerAuthTokenAuthentication.setNonce(header.getNonce());
powerAuthTokenAuthentication.setTimestamp(header.getTimestamp());
// Call the authentication based on token authentication object
final PowerAuthApiAuthentication auth = (PowerAuthApiAuthentication) this.authenticate(powerAuthTokenAuthentication);
// In case authentication is null, throw PowerAuth exception
if (auth == null) {
throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_INVALID_VALUE");
}
// Check if the signature type is allowed
PowerAuthSignatureTypes expectedSignatureType = auth.getSignatureFactors();
if (!allowedSignatureTypes.contains(expectedSignatureType)) {
throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_SIGNATURE_TYPE_INVALID");
}
return auth;
}
use of io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException in project powerauth-restful-integration by lime-company.
the class PowerAuthAuthenticationProvider method validateRequestSignature.
/**
* Validate the signature from the PowerAuth 2.0 HTTP header against the provided HTTP method, request body and URI identifier.
* Make sure to accept only allowed signatures.
* @param httpMethod HTTP method (GET, POST, ...)
* @param httpBody Body of the HTTP request.
* @param requestUriIdentifier Request URI identifier.
* @param httpAuthorizationHeader PowerAuth 2.0 HTTP authorization header.
* @param allowedSignatureTypes Allowed types of the signature.
* @return Instance of a PowerAuthApiAuthenticationImpl on successful authorization.
* @throws PowerAuthAuthenticationException In case authorization fails, exception is raised.
*/
public PowerAuthApiAuthentication validateRequestSignature(String httpMethod, byte[] httpBody, String requestUriIdentifier, String httpAuthorizationHeader, List<PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException {
// Check for HTTP PowerAuth signature header
if (httpAuthorizationHeader == null || httpAuthorizationHeader.equals("undefined")) {
throw new PowerAuthAuthenticationException("POWER_AUTH_SIGNATURE_INVALID_EMPTY");
}
// Parse HTTP header
PowerAuthSignatureHttpHeader header = new PowerAuthSignatureHttpHeader().fromValue(httpAuthorizationHeader);
// Validate the header
try {
PowerAuthSignatureHttpHeaderValidator.validate(header);
} catch (InvalidPowerAuthHttpHeaderException e) {
Logger.getLogger(this.getClass().getName()).log(Level.SEVERE, e.getMessage(), e);
throw new PowerAuthAuthenticationException(e.getMessage());
}
// Check if the application is allowed, "true" is the default behavior
if (applicationConfiguration != null) {
boolean isApplicationAllowed = applicationConfiguration.isAllowedApplicationKey(header.getApplicationKey());
if (!isApplicationAllowed) {
throw new PowerAuthAuthenticationException("POWER_AUTH_SIGNATURE_INVALID_APPLICATION_ID");
}
}
// Check if the signature type is allowed
PowerAuthSignatureTypes expectedSignatureType = PowerAuthSignatureTypes.getEnumFromString(header.getSignatureType());
if (!allowedSignatureTypes.contains(expectedSignatureType)) {
throw new PowerAuthAuthenticationException("POWER_AUTH_SIGNATURE_TYPE_INVALID");
}
// Configure PowerAuth authentication object
PowerAuthSignatureAuthenticationImpl powerAuthAuthentication = new PowerAuthSignatureAuthenticationImpl();
powerAuthAuthentication.setActivationId(header.getActivationId());
powerAuthAuthentication.setApplicationKey(header.getApplicationKey());
powerAuthAuthentication.setNonce(BaseEncoding.base64().decode(header.getNonce()));
powerAuthAuthentication.setSignatureType(header.getSignatureType());
powerAuthAuthentication.setSignature(header.getSignature());
powerAuthAuthentication.setHttpMethod(httpMethod);
powerAuthAuthentication.setRequestUri(requestUriIdentifier);
powerAuthAuthentication.setData(httpBody);
// Call the authentication based on signature authentication object
PowerAuthApiAuthentication auth = (PowerAuthApiAuthentication) this.authenticate(powerAuthAuthentication);
// In case authentication is null, throw PowerAuth exception
if (auth == null) {
throw new PowerAuthAuthenticationException("POWER_AUTH_SIGNATURE_INVALID_VALUE");
}
return auth;
}
use of io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException in project powerauth-restful-integration by lime-company.
the class ActivationController method removeActivation.
/**
* Get activation status.
* @param signatureHeader PowerAuth signature HTTP header.
* @return PowerAuth RESTful response with {@link ActivationRemoveResponse} payload.
* @throws PowerAuthAuthenticationException In case the signature validation fails.
* @throws RemoteException In case SOAP communication fails
*/
@POST
@Consumes({ MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_JSON })
@Path("remove")
public ObjectResponse<ActivationRemoveResponse> removeActivation(@HeaderParam(PowerAuthSignatureHttpHeader.HEADER_NAME) String signatureHeader) throws PowerAuthAuthenticationException, PowerAuthActivationException {
try {
PowerAuthApiAuthentication apiAuthentication = authenticationProvider.validateRequestSignature("POST", null, "/pa/activation/remove", signatureHeader);
if (apiAuthentication != null && apiAuthentication.getActivationId() != null) {
PowerAuthPortServiceStub.RemoveActivationResponse soapResponse = powerAuthClient.removeActivation(apiAuthentication.getActivationId());
ActivationRemoveResponse response = new ActivationRemoveResponse();
response.setActivationId(soapResponse.getActivationId());
return new ObjectResponse<>(response);
} else {
throw new PowerAuthAuthenticationException("USER_NOT_AUTHENTICATED");
}
} catch (PowerAuthAuthenticationException ex) {
throw ex;
} catch (Exception ex) {
throw new PowerAuthActivationException();
}
}
use of io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException in project powerauth-restful-integration by lime-company.
the class PowerAuthAuthenticationProvider method validateToken.
@Override
public PowerAuthApiAuthentication validateToken(String tokenHeader, List<PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException {
// Check for HTTP PowerAuth signature header
if (tokenHeader == null || tokenHeader.equals("undefined")) {
throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_INVALID_EMPTY");
}
// Parse HTTP header
PowerAuthTokenHttpHeader header = new PowerAuthTokenHttpHeader().fromValue(tokenHeader);
// Validate the header
try {
PowerAuthTokenHttpHeaderValidator.validate(header);
} catch (InvalidPowerAuthHttpHeaderException e) {
throw new PowerAuthAuthenticationException(e.getMessage());
}
// Prepare authentication object
PowerAuthTokenAuthentication powerAuthTokenAuthentication = new PowerAuthTokenAuthenticationImpl();
powerAuthTokenAuthentication.setTokenId(header.getTokenId());
powerAuthTokenAuthentication.setTokenDigest(header.getTokenDigest());
powerAuthTokenAuthentication.setNonce(header.getNonce());
powerAuthTokenAuthentication.setTimestamp(header.getTimestamp());
// Call the authentication based on token authentication object
final PowerAuthApiAuthentication auth;
try {
auth = this.authenticate(powerAuthTokenAuthentication);
} catch (RemoteException e) {
throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_SOAP_ERROR");
}
// In case authentication is null, throw PowerAuth exception
if (auth == null) {
throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_INVALID_VALUE");
}
// Check if the signature type is allowed
PowerAuthSignatureTypes expectedSignatureType = auth.getSignatureFactors();
if (!allowedSignatureTypes.contains(expectedSignatureType)) {
throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_SIGNATURE_TYPE_INVALID");
}
return auth;
}
Aggregations