Examples with PowerAuthSignatureInvalidException io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureInvalidException used on opensource projects

Example 6 with PowerAuthSignatureInvalidException

use of io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureInvalidException in project powerauth-restful-integration by lime-company.

the class SecureVaultService method vaultUnlock.

/**
 * Unlock secure vault.
 * @param header PowerAuth signature HTTP header.
 * @param request ECIES encrypted vault unlock request.
 * @param httpServletRequest HTTP servlet request.
 * @return ECIES encrypted vault unlock response.
 * @throws PowerAuthSecureVaultException In case vault unlock request fails.
 * @throws PowerAuthAuthenticationException In case authentication fails.
 */
public EciesEncryptedResponse vaultUnlock(PowerAuthSignatureHttpHeader header, EciesEncryptedRequest request, HttpServletRequest httpServletRequest) throws PowerAuthSecureVaultException, PowerAuthAuthenticationException {
    try {
        final SignatureTypeConverter converter = new SignatureTypeConverter();
        final String activationId = header.getActivationId();
        final String applicationKey = header.getApplicationKey();
        final String signature = header.getSignature();
        final SignatureType signatureType = converter.convertFrom(header.getSignatureType());
        if (signatureType == null) {
            logger.warn("Invalid signature type: {}", header.getSignatureType());
            throw new PowerAuthSignatureTypeInvalidException();
        }
        final String signatureVersion = header.getVersion();
        final String nonce = header.getNonce();
        // Fetch data from the request
        final String ephemeralPublicKey = request.getEphemeralPublicKey();
        final String encryptedData = request.getEncryptedData();
        final String mac = request.getMac();
        final String eciesNonce = request.getNonce();
        // Prepare data for signature to allow signature verification on PowerAuth server
        final byte[] requestBodyBytes = authenticationProvider.extractRequestBodyBytes(httpServletRequest);
        final String data = PowerAuthHttpBody.getSignatureBaseString("POST", "/pa/vault/unlock", BaseEncoding.base64().decode(nonce), requestBodyBytes);
        // Verify signature and get encrypted vault encryption key from PowerAuth server
        final VaultUnlockResponse paResponse = powerAuthClient.unlockVault(activationId, applicationKey, signature, signatureType, signatureVersion, data, ephemeralPublicKey, encryptedData, mac, eciesNonce);
        if (!paResponse.isSignatureValid()) {
            logger.debug("Signature validation failed");
            throw new PowerAuthSignatureInvalidException();
        }
        return new EciesEncryptedResponse(paResponse.getEncryptedData(), paResponse.getMac());
    } catch (PowerAuthAuthenticationException ex) {
        throw ex;
    } catch (Exception ex) {
        logger.warn("PowerAuth vault unlock failed, error: {}", ex.getMessage());
        logger.debug(ex.getMessage(), ex);
        throw new PowerAuthSecureVaultException();
    }
}

Example 7 with PowerAuthSignatureInvalidException

use of io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthSignatureInvalidException in project powerauth-restful-integration by lime-company.

the class SecureVaultController method unlockVault.

/**
 * Request the vault unlock key.
 * @param signatureHeader PowerAuth signature HTTP header.
 * @param request Vault unlock request data.
 * @param httpServletRequest HTTP servlet request.
 * @return PowerAuth RESTful response with {@link VaultUnlockResponse} payload.
 * @throws PowerAuthAuthenticationException In case authentication fails.
 * @throws PowerAuthSecureVaultException In case unlocking the vault fails.
 */
@RequestMapping(value = "unlock", method = RequestMethod.POST)
public ObjectResponse<VaultUnlockResponse> unlockVault(@RequestHeader(value = PowerAuthSignatureHttpHeader.HEADER_NAME, defaultValue = "unknown") String signatureHeader, @RequestBody(required = false) ObjectRequest<VaultUnlockRequest> request, HttpServletRequest httpServletRequest) throws PowerAuthAuthenticationException, PowerAuthSecureVaultException {
    // Request object is not validated - it is optional for version 2
    // Parse the header
    PowerAuthSignatureHttpHeader header = new PowerAuthSignatureHttpHeader().fromValue(signatureHeader);
    // Validate the header
    try {
        PowerAuthSignatureHttpHeaderValidator.validate(header);
    } catch (InvalidPowerAuthHttpHeaderException ex) {
        logger.warn("Signature HTTP header validation failed, error: {}", ex.getMessage());
        logger.debug(ex.getMessage(), ex);
        throw new PowerAuthSignatureInvalidException();
    }
    if (!"2.0".equals(header.getVersion()) && !"2.1".equals(header.getVersion())) {
        logger.warn("Endpoint does not support PowerAuth protocol version {}", header.getVersion());
        throw new PowerAuthInvalidRequestException();
    }
    VaultUnlockResponse response = secureVaultServiceV2.vaultUnlock(signatureHeader, request.getRequestObject(), httpServletRequest);
    return new ObjectResponse<>(response);
}