Example 1 with PowerAuthActivationException
use of io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthActivationException in project powerauth-restful-integration by lime-company.
the class ActivationService method createActivation.
/**
* Create activation.
* @param request Create activation request.
* @return Create activation response.
* @throws PowerAuthActivationException In case create activation fails.
*/
public ActivationCreateResponse createActivation(ActivationCreateRequest request) throws PowerAuthActivationException {
try {
final String activationIDShort = request.getActivationIdShort();
final String activationNonce = request.getActivationNonce();
final String cDevicePublicKey = request.getEncryptedDevicePublicKey();
final String activationName = request.getActivationName();
final String extras = request.getExtras();
final String applicationKey = request.getApplicationKey();
final String applicationSignature = request.getApplicationSignature();
final String clientEphemeralKey = request.getEphemeralPublicKey();
final PrepareActivationResponse paResponse = powerAuthClient.v2().prepareActivation(activationIDShort, activationName, activationNonce, clientEphemeralKey, cDevicePublicKey, extras, applicationKey, applicationSignature);
final ActivationCreateResponse response = new ActivationCreateResponse();
response.setActivationId(paResponse.getActivationId());
response.setActivationNonce(paResponse.getActivationNonce());
response.setEncryptedServerPublicKey(paResponse.getEncryptedServerPublicKey());
response.setEncryptedServerPublicKeySignature(paResponse.getEncryptedServerPublicKeySignature());
response.setEphemeralPublicKey(paResponse.getEphemeralPublicKey());
return response;
} catch (Exception ex) {
logger.warn("Creating PowerAuth activation failed, error: {}", ex.getMessage());
logger.debug(ex.getMessage(), ex);
throw new PowerAuthActivationException();
}
}
Also used :
PrepareActivationResponse(com.wultra.security.powerauth.client.v2.PrepareActivationResponse)
PowerAuthActivationException(io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthActivationException)
ActivationCreateResponse(io.getlime.security.powerauth.rest.api.model.response.v2.ActivationCreateResponse)
PowerAuthActivationException(io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthActivationException)
Example 2 with PowerAuthActivationException
use of io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthActivationException in project powerauth-restful-integration by lime-company.
the class ActivationService method createActivation.
/**
* Create activation.
*
* @param request Create activation layer 1 request.
* @param eciesContext PowerAuth ECIES encryption context.
* @return Create activation layer 1 response.
* @throws PowerAuthActivationException In case create activation fails.
* @throws PowerAuthRecoveryException In case activation recovery fails.
*/
public ActivationLayer1Response createActivation(ActivationLayer1Request request, EciesEncryptionContext eciesContext) throws PowerAuthActivationException, PowerAuthRecoveryException {
try {
final String applicationKey = eciesContext.getApplicationKey();
final EciesEncryptedRequest activationData = request.getActivationData();
final String ephemeralPublicKey = activationData.getEphemeralPublicKey();
final String encryptedData = activationData.getEncryptedData();
final String mac = activationData.getMac();
final String nonce = activationData.getNonce();
final Map<String, String> identity = request.getIdentityAttributes();
final Map<String, Object> customAttributes = (request.getCustomAttributes() != null) ? request.getCustomAttributes() : new HashMap<>();
// Validate inner encryption
if (nonce == null && !"3.0".equals(eciesContext.getVersion())) {
logger.warn("Missing nonce for protocol version: {}", eciesContext.getVersion());
throw new PowerAuthActivationException();
}
switch(request.getType()) {
// Regular activation which uses "code" identity attribute
case CODE:
{
// Check if identity attributes are present
if (identity == null || identity.isEmpty()) {
logger.warn("Identity attributes are missing for code activation");
throw new PowerAuthActivationException();
}
// Extract data from request and encryption object
final String activationCode = identity.get("code");
if (activationCode == null || activationCode.isEmpty()) {
logger.warn("Activation code is missing");
throw new PowerAuthActivationException();
}
// Call PrepareActivation method on PA server
final PrepareActivationResponse response = powerAuthClient.prepareActivation(activationCode, applicationKey, ephemeralPublicKey, encryptedData, mac, nonce);
// Create context for passing parameters between activation provider calls
final Map<String, Object> context = new LinkedHashMap<>();
Map<String, Object> processedCustomAttributes = customAttributes;
// In case a custom activation provider is enabled, process custom attributes and save any flags
if (activationProvider != null) {
processedCustomAttributes = activationProvider.processCustomActivationAttributes(customAttributes, response.getActivationId(), response.getUserId(), response.getApplicationId(), ActivationType.CODE, context);
List<String> activationFlags = activationProvider.getActivationFlags(identity, processedCustomAttributes, response.getActivationId(), response.getUserId(), response.getApplicationId(), ActivationType.CODE, context);
if (activationFlags != null && !activationFlags.isEmpty()) {
powerAuthClient.addActivationFlags(response.getActivationId(), activationFlags);
}
}
boolean notifyActivationCommit = false;
if (response.getActivationStatus() == ActivationStatus.ACTIVE) {
// Activation was committed instantly due to presence of Activation OTP.
notifyActivationCommit = true;
} else {
// Otherwise check if activation should be committed instantly and if yes, perform commit.
if (activationProvider != null && activationProvider.shouldAutoCommitActivation(identity, customAttributes, response.getActivationId(), response.getUserId(), response.getApplicationId(), ActivationType.CODE, context)) {
CommitActivationResponse commitResponse = powerAuthClient.commitActivation(response.getActivationId(), null);
notifyActivationCommit = commitResponse.isActivated();
}
}
// Notify activation provider about an activation commit.
if (activationProvider != null && notifyActivationCommit) {
activationProvider.activationWasCommitted(identity, customAttributes, response.getActivationId(), response.getUserId(), response.getApplicationId(), ActivationType.CODE, context);
}
// Prepare and return encrypted response
return prepareEncryptedResponse(response.getEncryptedData(), response.getMac(), processedCustomAttributes);
}
// Custom activation
case CUSTOM:
{
// Check if there is a custom activation provider available, return an error in case it is not available
if (activationProvider == null) {
logger.warn("Activation provider is not available");
throw new PowerAuthActivationException();
}
// Check if identity attributes are present
if (identity == null || identity.isEmpty()) {
logger.warn("Identity attributes are missing for custom activation");
throw new PowerAuthActivationException();
}
// Create context for passing parameters between activation provider calls
final Map<String, Object> context = new LinkedHashMap<>();
// Lookup user ID using a provided identity attributes
final String userId = activationProvider.lookupUserIdForAttributes(identity, context);
// If no user was found or user ID is invalid, return an error
if (userId == null || userId.equals("") || userId.length() > 255) {
logger.warn("Invalid user ID: {}", userId);
throw new PowerAuthActivationException();
}
// Resolve maxFailedCount and activationExpireTimestamp parameters, null value means use value configured on PowerAuth server
final Integer maxFailed = activationProvider.getMaxFailedAttemptCount(identity, customAttributes, userId, ActivationType.CUSTOM, context);
final Long maxFailedCount = maxFailed == null ? null : maxFailed.longValue();
final Long activationValidityPeriod = activationProvider.getValidityPeriodDuringActivation(identity, customAttributes, userId, ActivationType.CUSTOM, context);
Date activationExpireTimestamp = null;
if (activationValidityPeriod != null) {
Instant now = Instant.now();
Instant expiration = now.plusMillis(activationValidityPeriod);
activationExpireTimestamp = Date.from(expiration);
}
// Create activation for a looked up user and application related to the given application key
final CreateActivationResponse response = powerAuthClient.createActivation(userId, activationExpireTimestamp, maxFailedCount, applicationKey, ephemeralPublicKey, encryptedData, mac, nonce);
// Process custom attributes using a custom logic
final Map<String, Object> processedCustomAttributes = activationProvider.processCustomActivationAttributes(customAttributes, response.getActivationId(), userId, response.getApplicationId(), ActivationType.CUSTOM, context);
// Save activation flags in case the provider specified any flags
final List<String> activationFlags = activationProvider.getActivationFlags(identity, processedCustomAttributes, response.getActivationId(), userId, response.getApplicationId(), ActivationType.CUSTOM, context);
if (activationFlags != null && !activationFlags.isEmpty()) {
powerAuthClient.addActivationFlags(response.getActivationId(), activationFlags);
}
// Check if activation should be committed instantly and if yes, perform commit
if (activationProvider.shouldAutoCommitActivation(identity, customAttributes, response.getActivationId(), userId, response.getApplicationId(), ActivationType.CUSTOM, context)) {
final CommitActivationResponse commitResponse = powerAuthClient.commitActivation(response.getActivationId(), null);
if (commitResponse.isActivated()) {
activationProvider.activationWasCommitted(identity, customAttributes, response.getActivationId(), userId, response.getApplicationId(), ActivationType.CUSTOM, context);
}
}
// Prepare encrypted activation data
final EciesEncryptedResponse encryptedActivationData = new EciesEncryptedResponse(response.getEncryptedData(), response.getMac());
// Prepare the created activation response data
final ActivationLayer1Response responseL1 = new ActivationLayer1Response();
responseL1.setCustomAttributes(processedCustomAttributes);
responseL1.setActivationData(encryptedActivationData);
// Return response
return responseL1;
}
// Activation using recovery code
case RECOVERY:
{
// Check if identity attributes are present
if (identity == null || identity.isEmpty()) {
logger.warn("Identity attributes are missing for activation recovery");
throw new PowerAuthActivationException();
}
// Extract data from request and encryption object
final String recoveryCode = identity.get("recoveryCode");
final String recoveryPuk = identity.get("puk");
if (recoveryCode == null || recoveryCode.isEmpty()) {
logger.warn("Recovery code is missing");
throw new PowerAuthActivationException();
}
if (recoveryPuk == null || recoveryPuk.isEmpty()) {
logger.warn("Recovery PUK is missing");
throw new PowerAuthActivationException();
}
// Create context for passing parameters between activation provider calls
final Map<String, Object> context = new LinkedHashMap<>();
// Resolve maxFailedCount, user ID is not known
Long maxFailedCount = null;
if (activationProvider != null) {
final Integer maxFailed = activationProvider.getMaxFailedAttemptCount(identity, customAttributes, null, ActivationType.RECOVERY, context);
maxFailedCount = maxFailed == null ? null : maxFailed.longValue();
}
// Call RecoveryCodeActivation method on PA server
final RecoveryCodeActivationResponse response = powerAuthClient.createActivationUsingRecoveryCode(recoveryCode, recoveryPuk, applicationKey, maxFailedCount, ephemeralPublicKey, encryptedData, mac, nonce);
Map<String, Object> processedCustomAttributes = customAttributes;
// In case a custom activation provider is enabled, process custom attributes and save any flags
if (activationProvider != null) {
processedCustomAttributes = activationProvider.processCustomActivationAttributes(customAttributes, response.getActivationId(), response.getUserId(), response.getApplicationId(), ActivationType.RECOVERY, context);
final List<String> activationFlags = activationProvider.getActivationFlags(identity, processedCustomAttributes, response.getActivationId(), response.getUserId(), response.getApplicationId(), ActivationType.RECOVERY, context);
if (activationFlags != null && !activationFlags.isEmpty()) {
powerAuthClient.addActivationFlags(response.getActivationId(), activationFlags);
}
}
// Automatically commit activation by default, the optional activation provider can override automatic commit
if (activationProvider == null || activationProvider.shouldAutoCommitActivation(identity, customAttributes, response.getActivationId(), response.getUserId(), response.getApplicationId(), ActivationType.RECOVERY, context)) {
final CommitActivationResponse commitResponse = powerAuthClient.commitActivation(response.getActivationId(), null);
if (activationProvider != null && commitResponse.isActivated()) {
activationProvider.activationWasCommitted(identity, customAttributes, response.getActivationId(), response.getUserId(), response.getApplicationId(), ActivationType.RECOVERY, context);
}
}
// Prepare and return encrypted response
return prepareEncryptedResponse(response.getEncryptedData(), response.getMac(), processedCustomAttributes);
}
default:
logger.warn("Invalid activation request");
throw new PowerAuthInvalidRequestException();
}
} catch (PowerAuthClientException ex) {
if (ex.getPowerAuthError() instanceof PowerAuthErrorRecovery) {
final PowerAuthErrorRecovery errorRecovery = (PowerAuthErrorRecovery) ex.getPowerAuthError();
logger.debug("Invalid recovery code, current PUK index: {}", errorRecovery.getCurrentRecoveryPukIndex());
throw new PowerAuthRecoveryException(ex.getMessage(), "INVALID_RECOVERY_CODE", errorRecovery.getCurrentRecoveryPukIndex());
}
logger.warn("Creating PowerAuth activation failed, error: {}", ex.getMessage());
logger.debug(ex.getMessage(), ex);
throw new PowerAuthActivationException();
} catch (PowerAuthActivationException ex) {
// Do not swallow PowerAuthActivationException for custom activations.
// See: https://github.com/wultra/powerauth-restful-integration/issues/199
logger.warn("Creating PowerAuth activation failed, error: {}", ex.getMessage());
throw ex;
} catch (Exception ex) {
logger.warn("Creating PowerAuth activation failed, error: {}", ex.getMessage());
logger.debug(ex.getMessage(), ex);
throw new PowerAuthActivationException();
}
}
Also used :
PowerAuthClientException(com.wultra.security.powerauth.client.model.error.PowerAuthClientException)
PowerAuthInvalidRequestException(io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException)
ActivationLayer1Response(io.getlime.security.powerauth.rest.api.model.response.v3.ActivationLayer1Response)
Instant(java.time.Instant)
EciesEncryptedRequest(io.getlime.security.powerauth.rest.api.model.request.v3.EciesEncryptedRequest)
PowerAuthActivationException(io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthActivationException)
PowerAuthInvalidRequestException(io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException)
PowerAuthClientException(com.wultra.security.powerauth.client.model.error.PowerAuthClientException)
PowerAuthRecoveryException(io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthRecoveryException)
PowerAuthActivationException(io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthActivationException)
PowerAuthRecoveryException(io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthRecoveryException)
PowerAuthErrorRecovery(com.wultra.security.powerauth.client.model.error.PowerAuthErrorRecovery)
EciesEncryptedResponse(io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse)
Example 3 with PowerAuthActivationException
use of io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthActivationException in project powerauth-restful-integration by lime-company.
the class ActivationService method removeActivation.
/**
* Remove activation.
*
* @param apiAuthentication PowerAuth API authentication object.
* @return Activation remove response.
* @throws PowerAuthActivationException In case remove activation fails.
*/
public ActivationRemoveResponse removeActivation(PowerAuthApiAuthentication apiAuthentication) throws PowerAuthActivationException {
try {
// Fetch context information
final String activationId = apiAuthentication.getActivationContext().getActivationId();
final String userId = apiAuthentication.getUserId();
final Long applicationId = apiAuthentication.getApplicationId();
// Call other application specific cleanup logic
final RemoveActivationResponse paResponse;
if (activationProvider != null) {
final boolean revokeCodes = activationProvider.shouldRevokeRecoveryCodeOnRemove(activationId, userId, applicationId);
paResponse = powerAuthClient.removeActivation(activationId, null, revokeCodes);
activationProvider.activationWasRemoved(activationId, userId, applicationId);
} else {
// do not revoke recovery codes
paResponse = powerAuthClient.removeActivation(activationId, null);
}
// Prepare and return the response
final ActivationRemoveResponse response = new ActivationRemoveResponse();
response.setActivationId(paResponse.getActivationId());
return response;
} catch (Exception ex) {
logger.warn("PowerAuth activation removal failed, error: {}", ex.getMessage());
logger.debug(ex.getMessage(), ex);
throw new PowerAuthActivationException();
}
}
Also used :
PowerAuthActivationException(io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthActivationException)
ActivationRemoveResponse(io.getlime.security.powerauth.rest.api.model.response.v3.ActivationRemoveResponse)
PowerAuthActivationException(io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthActivationException)
PowerAuthInvalidRequestException(io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException)
PowerAuthClientException(com.wultra.security.powerauth.client.model.error.PowerAuthClientException)
PowerAuthRecoveryException(io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthRecoveryException)
Example 4 with PowerAuthActivationException
use of io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthActivationException in project powerauth-restful-integration by lime-company.
the class ActivationService method getActivationStatus.
/**
* Get activation status.
*
* @param request Activation status request.
* @return Activation status response.
* @throws PowerAuthActivationException In case retrieving activation status fails.
*/
public ActivationStatusResponse getActivationStatus(ActivationStatusRequest request) throws PowerAuthActivationException {
try {
final String activationId = request.getActivationId();
final String challenge = request.getChallenge();
final GetActivationStatusResponse paResponse = powerAuthClient.getActivationStatusWithEncryptedStatusBlob(activationId, challenge);
final ActivationStatusResponse response = new ActivationStatusResponse();
response.setActivationId(paResponse.getActivationId());
response.setEncryptedStatusBlob(paResponse.getEncryptedStatusBlob());
response.setNonce(paResponse.getEncryptedStatusBlobNonce());
if (applicationConfiguration != null) {
final ActivationContext activationContext = activationContextConverter.fromActivationDetailResponse(paResponse);
response.setCustomObject(applicationConfiguration.statusServiceCustomObject(activationContext));
}
return response;
} catch (Exception ex) {
logger.warn("PowerAuth activation status check failed, error: {}", ex.getMessage());
logger.debug(ex.getMessage(), ex);
throw new PowerAuthActivationException();
}
}
Also used :
PowerAuthActivationException(io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthActivationException)
ActivationContext(io.getlime.security.powerauth.rest.api.spring.model.ActivationContext)
PowerAuthActivationException(io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthActivationException)
PowerAuthInvalidRequestException(io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException)
PowerAuthClientException(com.wultra.security.powerauth.client.model.error.PowerAuthClientException)
PowerAuthRecoveryException(io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthRecoveryException)
ActivationStatusResponse(io.getlime.security.powerauth.rest.api.model.response.v3.ActivationStatusResponse)
Aggregations
PowerAuthActivationException (io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthActivationException)4
PowerAuthClientException (com.wultra.security.powerauth.client.model.error.PowerAuthClientException)3
PowerAuthRecoveryException (io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthRecoveryException)3
PowerAuthInvalidRequestException (io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthInvalidRequestException)3
PowerAuthErrorRecovery (com.wultra.security.powerauth.client.model.error.PowerAuthErrorRecovery)1
PrepareActivationResponse (com.wultra.security.powerauth.client.v2.PrepareActivationResponse)1
EciesEncryptedRequest (io.getlime.security.powerauth.rest.api.model.request.v3.EciesEncryptedRequest)1
ActivationCreateResponse (io.getlime.security.powerauth.rest.api.model.response.v2.ActivationCreateResponse)1
ActivationLayer1Response (io.getlime.security.powerauth.rest.api.model.response.v3.ActivationLayer1Response)1
ActivationRemoveResponse (io.getlime.security.powerauth.rest.api.model.response.v3.ActivationRemoveResponse)1
ActivationStatusResponse (io.getlime.security.powerauth.rest.api.model.response.v3.ActivationStatusResponse)1
EciesEncryptedResponse (io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse)1
ActivationContext (io.getlime.security.powerauth.rest.api.spring.model.ActivationContext)1
Instant (java.time.Instant)1
