Examples with PowerAuthHeaderMissingException io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthHeaderMissingException used on opensource projects

Example 1 with PowerAuthHeaderMissingException

use of io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthHeaderMissingException in project powerauth-restful-integration by lime-company.

the class PowerAuthAuthenticationProvider method validateRequestSignatureWithActivationDetails.

@Override
@Nonnull
public PowerAuthApiAuthentication validateRequestSignatureWithActivationDetails(@Nonnull String httpMethod, @Nullable byte[] httpBody, @Nonnull String requestUriIdentifier, @Nonnull String httpAuthorizationHeader, @Nonnull List<PowerAuthSignatureTypes> allowedSignatureTypes, @Nullable Integer forcedSignatureVersion) throws PowerAuthAuthenticationException {
    // Check for HTTP PowerAuth signature header
    if (httpAuthorizationHeader.equals("undefined")) {
        logger.warn("Signature HTTP header is missing");
        throw new PowerAuthHeaderMissingException();
    }
    // Parse HTTP header
    final PowerAuthSignatureHttpHeader header = new PowerAuthSignatureHttpHeader().fromValue(httpAuthorizationHeader);
    // Validate the header
    try {
        PowerAuthSignatureHttpHeaderValidator.validate(header);
    } catch (InvalidPowerAuthHttpHeaderException ex) {
        logger.warn("Signature HTTP header validation failed, error: {}", ex.getMessage());
        logger.debug(ex.getMessage(), ex);
        throw new PowerAuthSignatureInvalidException();
    }
    // Check if the signature type is allowed
    final PowerAuthSignatureTypes expectedSignatureType = PowerAuthSignatureTypes.getEnumFromString(header.getSignatureType());
    if (expectedSignatureType == null || !allowedSignatureTypes.contains(expectedSignatureType)) {
        logger.warn("Invalid signature type: {}", expectedSignatureType);
        throw new PowerAuthSignatureTypeInvalidException();
    }
    // Configure PowerAuth authentication object
    final PowerAuthSignatureAuthenticationImpl powerAuthAuthentication = new PowerAuthSignatureAuthenticationImpl();
    powerAuthAuthentication.setActivationId(header.getActivationId());
    powerAuthAuthentication.setApplicationKey(header.getApplicationKey());
    powerAuthAuthentication.setNonce(BaseEncoding.base64().decode(header.getNonce()));
    powerAuthAuthentication.setSignatureType(header.getSignatureType());
    powerAuthAuthentication.setSignature(header.getSignature());
    powerAuthAuthentication.setHttpMethod(httpMethod);
    powerAuthAuthentication.setRequestUri(requestUriIdentifier);
    powerAuthAuthentication.setData(httpBody);
    powerAuthAuthentication.setVersion(header.getVersion());
    powerAuthAuthentication.setHttpHeader(header);
    powerAuthAuthentication.setForcedSignatureVersion(forcedSignatureVersion);
    // Call the authentication based on signature authentication object
    final PowerAuthApiAuthentication auth = (PowerAuthApiAuthentication) this.authenticate(powerAuthAuthentication);
    // In case authentication is null, throw PowerAuth exception
    if (auth == null) {
        logger.debug("Signature validation failed");
        throw new PowerAuthSignatureInvalidException();
    }
    return auth;
}

Example 2 with PowerAuthHeaderMissingException

use of io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthHeaderMissingException in project powerauth-restful-integration by lime-company.

the class PowerAuthAuthenticationProvider method validateTokenWithActivationDetails.

@Nonnull
@Override
public PowerAuthApiAuthentication validateTokenWithActivationDetails(@Nonnull String tokenHeader, @Nonnull List<PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException {
    // Check for HTTP PowerAuth signature header
    if (tokenHeader.equals("undefined")) {
        logger.warn("Token HTTP header is missing");
        throw new PowerAuthHeaderMissingException();
    }
    // Parse HTTP header
    final PowerAuthTokenHttpHeader header = new PowerAuthTokenHttpHeader().fromValue(tokenHeader);
    // Validate the header
    try {
        PowerAuthTokenHttpHeaderValidator.validate(header);
    } catch (InvalidPowerAuthHttpHeaderException ex) {
        logger.warn("Token validation failed, error: {}", ex.getMessage());
        logger.debug(ex.getMessage(), ex);
        throw new PowerAuthTokenInvalidException();
    }
    // Prepare authentication object
    final PowerAuthTokenAuthenticationImpl powerAuthTokenAuthentication = new PowerAuthTokenAuthenticationImpl();
    powerAuthTokenAuthentication.setTokenId(header.getTokenId());
    powerAuthTokenAuthentication.setTokenDigest(header.getTokenDigest());
    powerAuthTokenAuthentication.setNonce(header.getNonce());
    powerAuthTokenAuthentication.setTimestamp(header.getTimestamp());
    powerAuthTokenAuthentication.setVersion(header.getVersion());
    powerAuthTokenAuthentication.setHttpHeader(header);
    // Call the authentication based on token authentication object
    final PowerAuthApiAuthentication auth = (PowerAuthApiAuthentication) this.authenticate(powerAuthTokenAuthentication);
    // In case authentication is null, throw PowerAuth exception
    if (auth == null) {
        logger.debug("Invalid token value");
        throw new PowerAuthTokenInvalidException();
    }
    // Check if the signature type is allowed
    final PowerAuthSignatureTypes expectedSignatureType = auth.getAuthenticationContext().getSignatureType();
    if (expectedSignatureType == null || !allowedSignatureTypes.contains(expectedSignatureType)) {
        logger.warn("Invalid signature type in token validation: {}", expectedSignatureType);
        throw new PowerAuthSignatureTypeInvalidException();
    }
    return auth;
}