use of io.getlime.security.powerauth.rest.api.model.response.VaultUnlockResponse in project powerauth-restful-integration by lime-company.
the class SecureVaultController method unlockVault.
/**
* Request the vault unlock key.
* @param signatureHeader PowerAuth signature HTTP header.
* @return PowerAuth RESTful response with {@link VaultUnlockResponse} payload.
* @throws PowerAuthAuthenticationException In case authentication fails.
*/
@POST
@Consumes({ MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_JSON })
@Path("unlock")
public ObjectResponse<VaultUnlockResponse> unlockVault(@HeaderParam(PowerAuthSignatureHttpHeader.HEADER_NAME) String signatureHeader, ObjectRequest<VaultUnlockRequest> request, @Context HttpServletRequest httpServletRequest) throws PowerAuthAuthenticationException, PowerAuthSecureVaultException {
try {
PowerAuthSignatureHttpHeader header = new PowerAuthSignatureHttpHeader().fromValue(signatureHeader);
try {
PowerAuthSignatureHttpHeaderValidator.validate(header);
} catch (InvalidPowerAuthHttpHeaderException e) {
throw new PowerAuthAuthenticationException(e.getMessage());
}
SignatureTypeConverter converter = new SignatureTypeConverter();
String activationId = header.getActivationId();
String applicationId = header.getApplicationKey();
String signature = header.getSignature();
PowerAuthPortServiceStub.SignatureType signatureType = converter.convertFrom(header.getSignatureType());
String nonce = header.getNonce();
String reason = null;
if (request != null) {
VaultUnlockRequest vaultUnlockRequest = request.getRequestObject();
if (vaultUnlockRequest != null && vaultUnlockRequest.getReason() != null) {
reason = vaultUnlockRequest.getReason();
}
}
String requestBodyString = ((String) httpServletRequest.getAttribute(PowerAuthRequestFilterBase.POWERAUTH_SIGNATURE_BASE_STRING));
byte[] requestBodyBytes = requestBodyString == null ? null : BaseEncoding.base64().decode(requestBodyString);
String data = PowerAuthHttpBody.getSignatureBaseString("POST", "/pa/vault/unlock", BaseEncoding.base64().decode(nonce), requestBodyBytes);
PowerAuthPortServiceStub.VaultUnlockResponse soapResponse = powerAuthClient.unlockVault(activationId, applicationId, data, signature, signatureType, reason);
if (!soapResponse.getSignatureValid()) {
throw new PowerAuthAuthenticationException();
}
VaultUnlockResponse response = new VaultUnlockResponse();
response.setActivationId(soapResponse.getActivationId());
response.setEncryptedVaultEncryptionKey(soapResponse.getEncryptedVaultEncryptionKey());
return new ObjectResponse<>(response);
} catch (PowerAuthAuthenticationException ex) {
throw ex;
} catch (Exception ex) {
throw new PowerAuthSecureVaultException();
}
}
use of io.getlime.security.powerauth.rest.api.model.response.VaultUnlockResponse in project powerauth-restful-integration by lime-company.
the class SecureVaultController method unlockVault.
/**
* Request the vault unlock key.
* @param signatureHeader PowerAuth signature HTTP header.
* @return PowerAuth RESTful response with {@link VaultUnlockResponse} payload.
* @throws PowerAuthAuthenticationException In case authentication fails.
*/
@RequestMapping(value = "unlock", method = RequestMethod.POST)
@ResponseBody
public ObjectResponse<VaultUnlockResponse> unlockVault(@RequestHeader(value = PowerAuthSignatureHttpHeader.HEADER_NAME, defaultValue = "unknown") String signatureHeader, @RequestBody(required = false) ObjectRequest<VaultUnlockRequest> request, HttpServletRequest httpServletRequest) throws PowerAuthAuthenticationException, PowerAuthSecureVaultException {
try {
// Parse the header
PowerAuthSignatureHttpHeader header = new PowerAuthSignatureHttpHeader().fromValue(signatureHeader);
// Validate the header
try {
PowerAuthSignatureHttpHeaderValidator.validate(header);
} catch (InvalidPowerAuthHttpHeaderException e) {
throw new PowerAuthAuthenticationException(e.getMessage());
}
SignatureTypeConverter converter = new SignatureTypeConverter();
String activationId = header.getActivationId();
String applicationId = header.getApplicationKey();
String signature = header.getSignature();
SignatureType signatureType = converter.convertFrom(header.getSignatureType());
String nonce = header.getNonce();
String reason = null;
byte[] requestBodyBytes;
if ("2.0".equals(header.getVersion())) {
// Version 2.0 requires null data in signature for vault unlock.
requestBodyBytes = null;
} else {
// Version 2.1 or higher requires request data in signature (POST request body) for vault unlock.
if (request != null) {
// Send vault unlock reason, in case it is available.
VaultUnlockRequest vaultUnlockRequest = request.getRequestObject();
if (vaultUnlockRequest != null && vaultUnlockRequest.getReason() != null) {
reason = vaultUnlockRequest.getReason();
}
}
// Use POST request body as data for signature.
String requestBodyString = ((String) httpServletRequest.getAttribute(PowerAuthRequestFilterBase.POWERAUTH_SIGNATURE_BASE_STRING));
requestBodyBytes = requestBodyString == null ? null : BaseEncoding.base64().decode(requestBodyString);
}
String data = PowerAuthHttpBody.getSignatureBaseString("POST", "/pa/vault/unlock", BaseEncoding.base64().decode(nonce), requestBodyBytes);
io.getlime.powerauth.soap.VaultUnlockResponse soapResponse = powerAuthClient.unlockVault(activationId, applicationId, data, signature, signatureType, reason);
if (!soapResponse.isSignatureValid()) {
throw new PowerAuthAuthenticationException();
}
VaultUnlockResponse response = new VaultUnlockResponse();
response.setActivationId(soapResponse.getActivationId());
response.setEncryptedVaultEncryptionKey(soapResponse.getEncryptedVaultEncryptionKey());
return new ObjectResponse<>(response);
} catch (Exception ex) {
if (PowerAuthAuthenticationException.class.equals(ex.getClass())) {
throw ex;
} else {
throw new PowerAuthSecureVaultException();
}
}
}
Aggregations