Example 1 with PowerAuthTokenAuthenticationImpl
use of io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthTokenAuthenticationImpl in project powerauth-restful-integration by lime-company.
the class PowerAuthAuthenticationProvider method validateToken.
public PowerAuthApiAuthentication validateToken(String tokenHeader, List<PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException {
// Check for HTTP PowerAuth signature header
if (tokenHeader == null || tokenHeader.equals("undefined")) {
throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_INVALID_EMPTY");
}
// Parse HTTP header
PowerAuthTokenHttpHeader header = new PowerAuthTokenHttpHeader().fromValue(tokenHeader);
// Validate the header
try {
PowerAuthTokenHttpHeaderValidator.validate(header);
} catch (InvalidPowerAuthHttpHeaderException e) {
Logger.getLogger(this.getClass().getName()).log(Level.SEVERE, e.getMessage(), e);
throw new PowerAuthAuthenticationException(e.getMessage());
}
// Prepare authentication object
PowerAuthTokenAuthenticationImpl powerAuthTokenAuthentication = new PowerAuthTokenAuthenticationImpl();
powerAuthTokenAuthentication.setTokenId(header.getTokenId());
powerAuthTokenAuthentication.setTokenDigest(header.getTokenDigest());
powerAuthTokenAuthentication.setNonce(header.getNonce());
powerAuthTokenAuthentication.setTimestamp(header.getTimestamp());
// Call the authentication based on token authentication object
final PowerAuthApiAuthentication auth = (PowerAuthApiAuthentication) this.authenticate(powerAuthTokenAuthentication);
// In case authentication is null, throw PowerAuth exception
if (auth == null) {
throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_INVALID_VALUE");
}
// Check if the signature type is allowed
PowerAuthSignatureTypes expectedSignatureType = auth.getSignatureFactors();
if (!allowedSignatureTypes.contains(expectedSignatureType)) {
throw new PowerAuthAuthenticationException("POWER_AUTH_TOKEN_SIGNATURE_TYPE_INVALID");
}
return auth;
}
Also used :
PowerAuthTokenAuthenticationImpl(io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthTokenAuthenticationImpl)
InvalidPowerAuthHttpHeaderException(io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException)
PowerAuthAuthenticationException(io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException)
PowerAuthTokenHttpHeader(io.getlime.security.powerauth.http.PowerAuthTokenHttpHeader)
PowerAuthApiAuthentication(io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication)
PowerAuthSignatureTypes(io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes)
Aggregations
PowerAuthSignatureTypes (io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes)1
PowerAuthTokenHttpHeader (io.getlime.security.powerauth.http.PowerAuthTokenHttpHeader)1
InvalidPowerAuthHttpHeaderException (io.getlime.security.powerauth.http.validator.InvalidPowerAuthHttpHeaderException)1
PowerAuthApiAuthentication (io.getlime.security.powerauth.rest.api.base.authentication.PowerAuthApiAuthentication)1
PowerAuthAuthenticationException (io.getlime.security.powerauth.rest.api.base.exception.PowerAuthAuthenticationException)1
PowerAuthTokenAuthenticationImpl (io.getlime.security.powerauth.rest.api.spring.authentication.PowerAuthTokenAuthenticationImpl)1
