Search in sources :

Example 1 with VaultUnlockRequest

use of io.getlime.security.powerauth.rest.api.model.request.VaultUnlockRequest in project powerauth-restful-integration by lime-company.

the class SecureVaultController method unlockVault.

/**
 * Request the vault unlock key.
 * @param signatureHeader PowerAuth signature HTTP header.
 * @return PowerAuth RESTful response with {@link VaultUnlockResponse} payload.
 * @throws PowerAuthAuthenticationException In case authentication fails.
 */
@POST
@Consumes({ MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_JSON })
@Path("unlock")
public ObjectResponse<VaultUnlockResponse> unlockVault(@HeaderParam(PowerAuthSignatureHttpHeader.HEADER_NAME) String signatureHeader, ObjectRequest<VaultUnlockRequest> request, @Context HttpServletRequest httpServletRequest) throws PowerAuthAuthenticationException, PowerAuthSecureVaultException {
    try {
        PowerAuthSignatureHttpHeader header = new PowerAuthSignatureHttpHeader().fromValue(signatureHeader);
        try {
            PowerAuthSignatureHttpHeaderValidator.validate(header);
        } catch (InvalidPowerAuthHttpHeaderException e) {
            throw new PowerAuthAuthenticationException(e.getMessage());
        }
        SignatureTypeConverter converter = new SignatureTypeConverter();
        String activationId = header.getActivationId();
        String applicationId = header.getApplicationKey();
        String signature = header.getSignature();
        PowerAuthPortServiceStub.SignatureType signatureType = converter.convertFrom(header.getSignatureType());
        String nonce = header.getNonce();
        String reason = null;
        if (request != null) {
            VaultUnlockRequest vaultUnlockRequest = request.getRequestObject();
            if (vaultUnlockRequest != null && vaultUnlockRequest.getReason() != null) {
                reason = vaultUnlockRequest.getReason();
            }
        }
        String requestBodyString = ((String) httpServletRequest.getAttribute(PowerAuthRequestFilterBase.POWERAUTH_SIGNATURE_BASE_STRING));
        byte[] requestBodyBytes = requestBodyString == null ? null : BaseEncoding.base64().decode(requestBodyString);
        String data = PowerAuthHttpBody.getSignatureBaseString("POST", "/pa/vault/unlock", BaseEncoding.base64().decode(nonce), requestBodyBytes);
        PowerAuthPortServiceStub.VaultUnlockResponse soapResponse = powerAuthClient.unlockVault(activationId, applicationId, data, signature, signatureType, reason);
        if (!soapResponse.getSignatureValid()) {
            throw new PowerAuthAuthenticationException();
        }
        VaultUnlockResponse response = new VaultUnlockResponse();
        response.setActivationId(soapResponse.getActivationId());
        response.setEncryptedVaultEncryptionKey(soapResponse.getEncryptedVaultEncryptionKey());
        return new ObjectResponse<>(response);
    } catch (PowerAuthAuthenticationException ex) {
        throw ex;
    } catch (Exception ex) {
        throw new PowerAuthSecureVaultException();
    }
}
Also used : VaultUnlockRequest(io.getlime.security.powerauth.rest.api.model.request.VaultUnlockRequest) InvalidPowerAuthHttpHeaderException(io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException) PowerAuthAuthenticationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException) VaultUnlockResponse(io.getlime.security.powerauth.rest.api.model.response.VaultUnlockResponse) InvalidPowerAuthHttpHeaderException(io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException) PowerAuthAuthenticationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException) PowerAuthSecureVaultException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthSecureVaultException) SignatureTypeConverter(io.getlime.security.powerauth.rest.api.jaxrs.converter.SignatureTypeConverter) PowerAuthSecureVaultException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthSecureVaultException) PowerAuthSignatureHttpHeader(io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader) PowerAuthPortServiceStub(io.getlime.powerauth.soap.PowerAuthPortServiceStub) ObjectResponse(io.getlime.core.rest.model.base.response.ObjectResponse)

Example 2 with VaultUnlockRequest

use of io.getlime.security.powerauth.rest.api.model.request.VaultUnlockRequest in project powerauth-restful-integration by lime-company.

the class SecureVaultController method unlockVault.

/**
 * Request the vault unlock key.
 * @param signatureHeader PowerAuth signature HTTP header.
 * @return PowerAuth RESTful response with {@link VaultUnlockResponse} payload.
 * @throws PowerAuthAuthenticationException In case authentication fails.
 */
@RequestMapping(value = "unlock", method = RequestMethod.POST)
@ResponseBody
public ObjectResponse<VaultUnlockResponse> unlockVault(@RequestHeader(value = PowerAuthSignatureHttpHeader.HEADER_NAME, defaultValue = "unknown") String signatureHeader, @RequestBody(required = false) ObjectRequest<VaultUnlockRequest> request, HttpServletRequest httpServletRequest) throws PowerAuthAuthenticationException, PowerAuthSecureVaultException {
    try {
        // Parse the header
        PowerAuthSignatureHttpHeader header = new PowerAuthSignatureHttpHeader().fromValue(signatureHeader);
        // Validate the header
        try {
            PowerAuthSignatureHttpHeaderValidator.validate(header);
        } catch (InvalidPowerAuthHttpHeaderException e) {
            throw new PowerAuthAuthenticationException(e.getMessage());
        }
        SignatureTypeConverter converter = new SignatureTypeConverter();
        String activationId = header.getActivationId();
        String applicationId = header.getApplicationKey();
        String signature = header.getSignature();
        SignatureType signatureType = converter.convertFrom(header.getSignatureType());
        String nonce = header.getNonce();
        String reason = null;
        byte[] requestBodyBytes;
        if ("2.0".equals(header.getVersion())) {
            // Version 2.0 requires null data in signature for vault unlock.
            requestBodyBytes = null;
        } else {
            // Version 2.1 or higher requires request data in signature (POST request body) for vault unlock.
            if (request != null) {
                // Send vault unlock reason, in case it is available.
                VaultUnlockRequest vaultUnlockRequest = request.getRequestObject();
                if (vaultUnlockRequest != null && vaultUnlockRequest.getReason() != null) {
                    reason = vaultUnlockRequest.getReason();
                }
            }
            // Use POST request body as data for signature.
            String requestBodyString = ((String) httpServletRequest.getAttribute(PowerAuthRequestFilterBase.POWERAUTH_SIGNATURE_BASE_STRING));
            requestBodyBytes = requestBodyString == null ? null : BaseEncoding.base64().decode(requestBodyString);
        }
        String data = PowerAuthHttpBody.getSignatureBaseString("POST", "/pa/vault/unlock", BaseEncoding.base64().decode(nonce), requestBodyBytes);
        io.getlime.powerauth.soap.VaultUnlockResponse soapResponse = powerAuthClient.unlockVault(activationId, applicationId, data, signature, signatureType, reason);
        if (!soapResponse.isSignatureValid()) {
            throw new PowerAuthAuthenticationException();
        }
        VaultUnlockResponse response = new VaultUnlockResponse();
        response.setActivationId(soapResponse.getActivationId());
        response.setEncryptedVaultEncryptionKey(soapResponse.getEncryptedVaultEncryptionKey());
        return new ObjectResponse<>(response);
    } catch (Exception ex) {
        if (PowerAuthAuthenticationException.class.equals(ex.getClass())) {
            throw ex;
        } else {
            throw new PowerAuthSecureVaultException();
        }
    }
}
Also used : VaultUnlockRequest(io.getlime.security.powerauth.rest.api.model.request.VaultUnlockRequest) InvalidPowerAuthHttpHeaderException(io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException) PowerAuthAuthenticationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException) SignatureType(io.getlime.powerauth.soap.SignatureType) VaultUnlockResponse(io.getlime.security.powerauth.rest.api.model.response.VaultUnlockResponse) InvalidPowerAuthHttpHeaderException(io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException) PowerAuthAuthenticationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException) PowerAuthSecureVaultException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthSecureVaultException) SignatureTypeConverter(io.getlime.security.powerauth.rest.api.spring.converter.SignatureTypeConverter) PowerAuthSecureVaultException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthSecureVaultException) PowerAuthSignatureHttpHeader(io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader) ObjectResponse(io.getlime.core.rest.model.base.response.ObjectResponse)

Aggregations

ObjectResponse (io.getlime.core.rest.model.base.response.ObjectResponse)2 PowerAuthSignatureHttpHeader (io.getlime.security.powerauth.http.PowerAuthSignatureHttpHeader)2 InvalidPowerAuthHttpHeaderException (io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException)2 PowerAuthAuthenticationException (io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException)2 PowerAuthSecureVaultException (io.getlime.security.powerauth.rest.api.base.exception.PowerAuthSecureVaultException)2 VaultUnlockRequest (io.getlime.security.powerauth.rest.api.model.request.VaultUnlockRequest)2 VaultUnlockResponse (io.getlime.security.powerauth.rest.api.model.response.VaultUnlockResponse)2 PowerAuthPortServiceStub (io.getlime.powerauth.soap.PowerAuthPortServiceStub)1 SignatureType (io.getlime.powerauth.soap.SignatureType)1 SignatureTypeConverter (io.getlime.security.powerauth.rest.api.jaxrs.converter.SignatureTypeConverter)1 SignatureTypeConverter (io.getlime.security.powerauth.rest.api.spring.converter.SignatureTypeConverter)1