Examples with PowerAuthAuthenticationException io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException used on opensource projects

Example 1 with PowerAuthAuthenticationException

use of io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException in project powerauth-restful-integration by lime-company.

the class TokenService method createToken.

/**
 * Create token.
 * @param request Create token request.
 * @param authentication PowerAuth API authentication.
 * @return Create token response.
 * @throws PowerAuthAuthenticationException In case token could not be created.
 */
public TokenCreateResponse createToken(TokenCreateRequest request, PowerAuthApiAuthentication authentication) throws PowerAuthAuthenticationException {
    try {
        // Fetch activation ID and signature type
        final String activationId = authentication.getActivationContext().getActivationId();
        final PowerAuthSignatureTypes signatureFactors = authentication.getAuthenticationContext().getSignatureType();
        // Fetch data from the request
        final String ephemeralPublicKey = request.getEphemeralPublicKey();
        // Prepare a signature type converter
        SignatureTypeConverter converter = new SignatureTypeConverter();
        // Create a token
        final CreateTokenResponse token = powerAuthClient.v2().createToken(activationId, ephemeralPublicKey, converter.convertFrom(signatureFactors));
        // Prepare a response
        final TokenCreateResponse response = new TokenCreateResponse();
        response.setMac(token.getMac());
        response.setEncryptedData(token.getEncryptedData());
        return response;
    } catch (Exception ex) {
        logger.warn("Creating PowerAuth token failed, error: {}", ex.getMessage());
        logger.debug(ex.getMessage(), ex);
        throw new PowerAuthTokenErrorException();
    }
}

Example 2 with PowerAuthAuthenticationException

use of io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException in project powerauth-restful-integration by lime-company.

the class UpgradeService method upgradeCommit.

/**
 * Commit upgrade of activation to version 3.
 * @param signatureHeader PowerAuth signature HTTP header.
 * @param httpServletRequest HTTP servlet request.
 * @return Commit upgrade response.
 * @throws PowerAuthAuthenticationException in case authentication fails.
 * @throws PowerAuthUpgradeException In case upgrade commit fails.
 */
public Response upgradeCommit(String signatureHeader, HttpServletRequest httpServletRequest) throws PowerAuthAuthenticationException, PowerAuthUpgradeException {
    try {
        // Extract request body
        final byte[] requestBodyBytes = authenticationProvider.extractRequestBodyBytes(httpServletRequest);
        if (requestBodyBytes == null || requestBodyBytes.length == 0) {
            // Expected request body is {}, do not accept empty body
            logger.warn("Empty request body");
            throw new PowerAuthInvalidRequestException();
        }
        // Verify signature, force signature version during upgrade to version 3
        final List<PowerAuthSignatureTypes> allowedSignatureTypes = Collections.singletonList(PowerAuthSignatureTypes.POSSESSION);
        final PowerAuthApiAuthentication authentication = authenticationProvider.validateRequestSignatureWithActivationDetails("POST", requestBodyBytes, "/pa/upgrade/commit", signatureHeader, allowedSignatureTypes, 3);
        // In case signature verification fails, upgrade fails, too
        if (!authentication.getAuthenticationContext().isValid() || authentication.getActivationContext().getActivationId() == null) {
            logger.debug("Signature validation failed");
            throw new PowerAuthSignatureInvalidException();
        }
        // Get signature HTTP headers
        final String activationId = authentication.getActivationContext().getActivationId();
        final PowerAuthSignatureHttpHeader httpHeader = (PowerAuthSignatureHttpHeader) authentication.getHttpHeader();
        final String applicationKey = httpHeader.getApplicationKey();
        // Commit upgrade on PowerAuth server
        final CommitUpgradeResponse upgradeResponse = powerAuthClient.commitUpgrade(activationId, applicationKey);
        if (upgradeResponse.isCommitted()) {
            return new Response();
        } else {
            logger.debug("Upgrade commit failed");
            throw new PowerAuthUpgradeException();
        }
    } catch (PowerAuthAuthenticationException ex) {
        throw ex;
    } catch (Exception ex) {
        logger.warn("PowerAuth upgrade commit failed, error: {}", ex.getMessage());
        logger.debug(ex.getMessage(), ex);
        throw new PowerAuthUpgradeException();
    }
}

Example 3 with PowerAuthAuthenticationException

use of io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException in project powerauth-restful-integration by lime-company.

the class PowerAuthAnnotationInterceptor method preHandle.

@Override
public boolean preHandle(@NonNull HttpServletRequest request, @NonNull HttpServletResponse response, @NonNull Object handler) {
    // requests before the actual requests.
    if (handler instanceof HandlerMethod) {
        final HandlerMethod handlerMethod = (HandlerMethod) handler;
        // Obtain annotations
        PowerAuth powerAuthSignatureAnnotation = handlerMethod.getMethodAnnotation(PowerAuth.class);
        PowerAuthToken powerAuthTokenAnnotation = handlerMethod.getMethodAnnotation(PowerAuthToken.class);
        PowerAuthEncryption powerAuthEncryptionAnnotation = handlerMethod.getMethodAnnotation(PowerAuthEncryption.class);
        // Check that either signature or token annotation is active
        if (powerAuthSignatureAnnotation != null && powerAuthTokenAnnotation != null) {
            logger.warn("You cannot use both @PowerAuth and @PowerAuthToken on same handler method. We are removing both.");
            powerAuthSignatureAnnotation = null;
            powerAuthTokenAnnotation = null;
        }
        // sign-then-encrypt sequence in case both authorization and encryption are used.
        if (powerAuthEncryptionAnnotation != null) {
            final Type requestType = resolveGenericParameterTypeForEcies(handlerMethod);
            try {
                encryptionProvider.decryptRequest(request, requestType, powerAuthEncryptionAnnotation.scope());
            // Encryption object is saved in HTTP servlet request by encryption provider, so that it is available for Spring
            } catch (PowerAuthEncryptionException ex) {
                logger.warn("Decryption failed, error: {}", ex.getMessage());
                logger.debug("Error details", ex);
            }
        }
        // Resolve @PowerAuth annotation
        if (powerAuthSignatureAnnotation != null) {
            try {
                final String resourceId = expandResourceId(powerAuthSignatureAnnotation.resourceId(), request, handlerMethod);
                final String header = request.getHeader(PowerAuthSignatureHttpHeader.HEADER_NAME);
                final List<PowerAuthSignatureTypes> signatureTypes = Arrays.asList(powerAuthSignatureAnnotation.signatureType());
                final PowerAuthApiAuthentication authentication = authenticationProvider.validateRequestSignatureWithActivationDetails(request, resourceId, header, signatureTypes);
                request.setAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT, authentication);
            } catch (PowerAuthAuthenticationException ex) {
                logger.warn("Invalid request signature, authentication object was removed");
                request.setAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT, null);
            }
        }
        // Resolve @PowerAuthToken annotation
        if (powerAuthTokenAnnotation != null) {
            try {
                final String header = request.getHeader(PowerAuthTokenHttpHeader.HEADER_NAME);
                final List<PowerAuthSignatureTypes> signatureTypes = Arrays.asList(powerAuthTokenAnnotation.signatureType());
                final PowerAuthApiAuthentication authentication = authenticationProvider.validateTokenWithActivationDetails(header, signatureTypes);
                request.setAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT, authentication);
            } catch (PowerAuthAuthenticationException ex) {
                logger.warn("Invalid token, authentication object was removed");
                request.setAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT, null);
            }
        }
    }
    return true;
}

Example 4 with PowerAuthAuthenticationException

use of io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException in project powerauth-restful-integration by lime-company.

the class SecureVaultService method vaultUnlock.

/**
 * Unlock secure vault.
 * @param signatureHeader PowerAuth signature HTTP header.
 * @param request Vault unlock request.
 * @param httpServletRequest HTTP servlet request.
 * @return Vault unlock response.
 * @throws PowerAuthSecureVaultException In case vault unlock fails.
 * @throws PowerAuthAuthenticationException In case authentication fails.
 */
public VaultUnlockResponse vaultUnlock(String signatureHeader, VaultUnlockRequest request, HttpServletRequest httpServletRequest) throws PowerAuthSecureVaultException, PowerAuthAuthenticationException {
    try {
        // Parse the header
        final PowerAuthSignatureHttpHeader header = new PowerAuthSignatureHttpHeader().fromValue(signatureHeader);
        // Validate the header
        try {
            PowerAuthSignatureHttpHeaderValidator.validate(header);
        } catch (InvalidPowerAuthHttpHeaderException ex) {
            logger.warn("Signature HTTP header validation failed, error: {}", ex.getMessage());
            logger.debug(ex.getMessage(), ex);
            throw new PowerAuthSignatureTypeInvalidException();
        }
        final SignatureTypeConverter converter = new SignatureTypeConverter();
        final String activationId = header.getActivationId();
        final String applicationId = header.getApplicationKey();
        final String signature = header.getSignature();
        final SignatureType signatureType = converter.convertFrom(header.getSignatureType());
        if (signatureType == null) {
            logger.warn("Invalid signature type: {}", header.getSignatureType());
            throw new PowerAuthSignatureTypeInvalidException();
        }
        final String nonce = header.getNonce();
        String reason = null;
        byte[] requestBodyBytes;
        if ("2.0".equals(header.getVersion())) {
            // Version 2.0 requires null data in signature for vault unlock.
            requestBodyBytes = null;
        } else if ("2.1".equals(header.getVersion())) {
            // Version 2.1 or higher requires request data in signature (POST request body) for vault unlock.
            if (request != null) {
                // Send vault unlock reason, in case it is available.
                if (request.getReason() != null) {
                    reason = request.getReason();
                }
            }
            // Use POST request body as data for signature.
            requestBodyBytes = authenticationProvider.extractRequestBodyBytes(httpServletRequest);
        } else {
            logger.warn("Invalid protocol version in secure vault: {}", header.getVersion());
            throw new PowerAuthSecureVaultException();
        }
        final String data = PowerAuthHttpBody.getSignatureBaseString("POST", "/pa/vault/unlock", BaseEncoding.base64().decode(nonce), requestBodyBytes);
        final com.wultra.security.powerauth.client.v2.VaultUnlockResponse paResponse = powerAuthClient.v2().unlockVault(activationId, applicationId, data, signature, signatureType, reason);
        if (!paResponse.isSignatureValid()) {
            logger.debug("Signature validation failed");
            throw new PowerAuthSignatureInvalidException();
        }
        final VaultUnlockResponse response = new VaultUnlockResponse();
        response.setActivationId(paResponse.getActivationId());
        response.setEncryptedVaultEncryptionKey(paResponse.getEncryptedVaultEncryptionKey());
        return response;
    } catch (PowerAuthAuthenticationException ex) {
        throw ex;
    } catch (Exception ex) {
        logger.warn("PowerAuth vault unlock failed, error: {}", ex.getMessage());
        logger.debug(ex.getMessage(), ex);
        throw new PowerAuthSecureVaultException();
    }
}

Example 5 with PowerAuthAuthenticationException

use of io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException in project powerauth-restful-integration by lime-company.

the class SecureVaultService method vaultUnlock.

/**
 * Unlock secure vault.
 * @param header PowerAuth signature HTTP header.
 * @param request ECIES encrypted vault unlock request.
 * @param httpServletRequest HTTP servlet request.
 * @return ECIES encrypted vault unlock response.
 * @throws PowerAuthSecureVaultException In case vault unlock request fails.
 * @throws PowerAuthAuthenticationException In case authentication fails.
 */
public EciesEncryptedResponse vaultUnlock(PowerAuthSignatureHttpHeader header, EciesEncryptedRequest request, HttpServletRequest httpServletRequest) throws PowerAuthSecureVaultException, PowerAuthAuthenticationException {
    try {
        final SignatureTypeConverter converter = new SignatureTypeConverter();
        final String activationId = header.getActivationId();
        final String applicationKey = header.getApplicationKey();
        final String signature = header.getSignature();
        final SignatureType signatureType = converter.convertFrom(header.getSignatureType());
        if (signatureType == null) {
            logger.warn("Invalid signature type: {}", header.getSignatureType());
            throw new PowerAuthSignatureTypeInvalidException();
        }
        final String signatureVersion = header.getVersion();
        final String nonce = header.getNonce();
        // Fetch data from the request
        final String ephemeralPublicKey = request.getEphemeralPublicKey();
        final String encryptedData = request.getEncryptedData();
        final String mac = request.getMac();
        final String eciesNonce = request.getNonce();
        // Prepare data for signature to allow signature verification on PowerAuth server
        final byte[] requestBodyBytes = authenticationProvider.extractRequestBodyBytes(httpServletRequest);
        final String data = PowerAuthHttpBody.getSignatureBaseString("POST", "/pa/vault/unlock", BaseEncoding.base64().decode(nonce), requestBodyBytes);
        // Verify signature and get encrypted vault encryption key from PowerAuth server
        final VaultUnlockResponse paResponse = powerAuthClient.unlockVault(activationId, applicationKey, signature, signatureType, signatureVersion, data, ephemeralPublicKey, encryptedData, mac, eciesNonce);
        if (!paResponse.isSignatureValid()) {
            logger.debug("Signature validation failed");
            throw new PowerAuthSignatureInvalidException();
        }
        return new EciesEncryptedResponse(paResponse.getEncryptedData(), paResponse.getMac());
    } catch (PowerAuthAuthenticationException ex) {
        throw ex;
    } catch (Exception ex) {
        logger.warn("PowerAuth vault unlock failed, error: {}", ex.getMessage());
        logger.debug(ex.getMessage(), ex);
        throw new PowerAuthSecureVaultException();
    }
}