Examples with EciesEncryptedResponse io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse used on opensource projects

Example 6 with EciesEncryptedResponse

use of io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse in project powerauth-restful-integration by lime-company.

the class EncryptionResponseBodyAdvice method beforeBodyWrite.

/**
 * Encrypt response before writing body.
 *
 * @param response Response object.
 * @param methodParameter Method parameter.
 * @param mediaType Selected HTTP response media type.
 * @param converterClass Selected HTTP message converter class.
 * @param serverHttpRequest HTTP request.
 * @param serverHttpResponse HTTP response.
 * @return ECIES cryptogram.
 */
@Override
public Object beforeBodyWrite(Object response, @NonNull MethodParameter methodParameter, @NonNull MediaType mediaType, @NonNull Class<? extends HttpMessageConverter<?>> converterClass, @NonNull ServerHttpRequest serverHttpRequest, @NonNull ServerHttpResponse serverHttpResponse) {
    if (response == null) {
        return null;
    }
    // Extract ECIES encryption object from HTTP request
    final HttpServletRequest httpServletRequest = ((ServletServerHttpRequest) serverHttpRequest).getServletRequest();
    final PowerAuthEciesEncryption eciesEncryption = (PowerAuthEciesEncryption) httpServletRequest.getAttribute(PowerAuthRequestObjects.ENCRYPTION_OBJECT);
    if (eciesEncryption == null) {
        return null;
    }
    // Convert response to JSON
    try {
        byte[] responseBytes = serializeResponseObject(response);
        // Encrypt response using decryptor and return ECIES cryptogram
        final EciesDecryptor eciesDecryptor = eciesEncryption.getEciesDecryptor();
        final EciesCryptogram cryptogram = eciesDecryptor.encryptResponse(responseBytes);
        final String encryptedDataBase64 = BaseEncoding.base64().encode(cryptogram.getEncryptedData());
        final String macBase64 = BaseEncoding.base64().encode(cryptogram.getMac());
        // Return encrypted response with type given by converter class
        final EciesEncryptedResponse encryptedResponse = new EciesEncryptedResponse(encryptedDataBase64, macBase64);
        if (converterClass.isAssignableFrom(MappingJackson2HttpMessageConverter.class)) {
            // Object conversion is done automatically using MappingJackson2HttpMessageConverter
            return encryptedResponse;
        } else if (converterClass.isAssignableFrom(StringHttpMessageConverter.class)) {
            // Conversion to byte[] is done using first applicable configured HTTP message converter, corresponding String is returned
            return new String(convertEncryptedResponse(encryptedResponse, mediaType), StandardCharsets.UTF_8);
        } else {
            // Conversion to byte[] is done using first applicable configured HTTP message converter
            return convertEncryptedResponse(encryptedResponse, mediaType);
        }
    } catch (Exception ex) {
        logger.warn("Encryption failed, error: {}", ex.getMessage());
        logger.debug("Error details", ex);
        return null;
    }
}

Example 7 with EciesEncryptedResponse

use of io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse in project powerauth-restful-integration by lime-company.

the class RecoveryService method confirmRecoveryCode.

/**
 * Confirm recovery code.
 * @param request ECIES encrypted request.
 * @param authentication PowerAuth API authentication object.
 * @return ECIES encrypted response.
 * @throws PowerAuthAuthenticationException In case confirm recovery fails.
 */
public EciesEncryptedResponse confirmRecoveryCode(EciesEncryptedRequest request, PowerAuthApiAuthentication authentication) throws PowerAuthAuthenticationException {
    try {
        final String activationId = authentication.getActivationContext().getActivationId();
        final PowerAuthSignatureHttpHeader httpHeader = (PowerAuthSignatureHttpHeader) authentication.getHttpHeader();
        final String applicationKey = httpHeader.getApplicationKey();
        if (activationId == null || applicationKey == null || request.getEphemeralPublicKey() == null || request.getEncryptedData() == null || request.getMac() == null) {
            logger.warn("PowerAuth confirm recovery failed because of invalid request");
            throw new PowerAuthInvalidRequestException();
        }
        final ConfirmRecoveryCodeResponse paResponse = powerAuthClient.confirmRecoveryCode(activationId, applicationKey, request.getEphemeralPublicKey(), request.getEncryptedData(), request.getMac(), request.getNonce());
        if (!paResponse.getActivationId().equals(activationId)) {
            logger.warn("PowerAuth confirm recovery failed because of invalid activation ID in response");
            throw new PowerAuthInvalidRequestException();
        }
        return new EciesEncryptedResponse(paResponse.getEncryptedData(), paResponse.getMac());
    } catch (Exception ex) {
        logger.warn("PowerAuth confirm recovery failed, error: {}", ex.getMessage());
        logger.debug(ex.getMessage(), ex);
        throw new PowerAuthRecoveryConfirmationException();
    }
}

Example 8 with EciesEncryptedResponse

use of io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse in project powerauth-restful-integration by lime-company.

the class TokenService method createToken.

/**
 * Create token.
 *
 * @param request        ECIES encrypted create token request.
 * @param authentication PowerAuth API authentication object.
 * @return ECIES encrypted create token response.
 * @throws PowerAuthAuthenticationException In case token could not be created.
 */
public EciesEncryptedResponse createToken(EciesEncryptedRequest request, PowerAuthApiAuthentication authentication) throws PowerAuthAuthenticationException {
    try {
        // Fetch activation ID and signature type
        final PowerAuthSignatureTypes signatureFactors = authentication.getAuthenticationContext().getSignatureType();
        // Fetch data from the request
        final String ephemeralPublicKey = request.getEphemeralPublicKey();
        final String encryptedData = request.getEncryptedData();
        final String mac = request.getMac();
        final String nonce = request.getNonce();
        // Prepare a signature type converter
        final SignatureTypeConverter converter = new SignatureTypeConverter();
        final SignatureType signatureType = converter.convertFrom(signatureFactors);
        if (signatureType == null) {
            logger.warn("Invalid signature type: {}", signatureFactors);
            throw new PowerAuthSignatureTypeInvalidException();
        }
        // Get ECIES headers
        final String activationId = authentication.getActivationContext().getActivationId();
        final PowerAuthSignatureHttpHeader httpHeader = (PowerAuthSignatureHttpHeader) authentication.getHttpHeader();
        final String applicationKey = httpHeader.getApplicationKey();
        // Create a token
        final CreateTokenResponse token = powerAuthClient.createToken(activationId, applicationKey, ephemeralPublicKey, encryptedData, mac, nonce, signatureType);
        // Prepare a response
        final EciesEncryptedResponse response = new EciesEncryptedResponse();
        response.setMac(token.getMac());
        response.setEncryptedData(token.getEncryptedData());
        return response;
    } catch (Exception ex) {
        logger.warn("Creating PowerAuth token failed, error: {}", ex.getMessage());
        logger.debug(ex.getMessage(), ex);
        throw new PowerAuthTokenErrorException();
    }
}